From a21b399f508f4c32fd1703520d4ff298521a6616 Mon Sep 17 00:00:00 2001 From: Vinay Pamnani <37223378+vinaypamnani-msft@users.noreply.github.com> Date: Wed, 14 Sep 2022 17:30:40 -0400 Subject: [PATCH 001/258] first draft of schema changes in win1122h2 --- .../mdm/assignedaccess-csp.md | 422 +++++++++++++----- 1 file changed, 305 insertions(+), 117 deletions(-) diff --git a/windows/client-management/mdm/assignedaccess-csp.md b/windows/client-management/mdm/assignedaccess-csp.md index c0085b11e0..dd419902db 100644 --- a/windows/client-management/mdm/assignedaccess-csp.md +++ b/windows/client-management/mdm/assignedaccess-csp.md @@ -1,7 +1,7 @@ --- title: AssignedAccess CSP description: The AssignedAccess configuration service provider (CSP) is used set the device to run in kiosk mode. -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: vinpa ms.topic: article @@ -26,18 +26,17 @@ The table below shows the applicability of Windows: The AssignedAccess configuration service provider (CSP) is used to set the device to run in kiosk mode. Once the CSP has been executed, the next user login that is associated with the kiosk mode puts the device into the kiosk mode running the application specified in the CSP configuration. -For a step-by-step guide for setting up devices to run in kiosk mode, see [Set up a kiosk on Windows 10 Pro, Enterprise, or Education.](/windows/configuration/kiosk-single-app) +For a step-by-step guide for setting up devices to run in kiosk mode, see [Set up a single-app kiosk on Windows 10/11.](/windows/configuration/kiosk-single-app) -In Windows 10, version 1709, the AssignedAccess configuration service provider (CSP) has been expanded to make it easy for administrators to create kiosks that run more than one app. You can configure multi-app kiosks using a provisioning package. For a step-by-step guide, see [Create a Windows 10 kiosk that runs multiple apps](/windows/configuration/lock-down-windows-10-to-specific-apps). +In Windows 10, version 1709, the AssignedAccess configuration service provider (CSP) was expanded to make it easy for administrators to create kiosks that run more than one app. You can configure multi-app kiosks using a provisioning package. For a step-by-step guide, see [Set up a multi-app kiosk on Windows 10 devices](/windows/configuration/lock-down-windows-10-to-specific-apps). -> [!Warning] +> [!WARNING] > You can only assign one single app kiosk profile to an individual user account on a device. The single app profile does not support domain groups. -> [!Note] -> If the application calls `KeyCredentialManager.IsSupportedAsync` when it is running in assigned access mode and it returns false on the first run, invoke the settings screen and select an appropriate PIN to use with Windows Hello. This is the settings screen that is hidden by the application running in assigned access mode. You can only use Windows Hello if you first leave assigned access mode, select your convenience pin, and then go back into assigned access mode again. - -> [!Note] -> The AssignedAccess CSP is supported in Windows 10 Enterprise and Windows 10 Education. Starting from Windows 10, version 1709, it is supported in Windows 10 Pro and Windows 10 S. Starting from Windows 10, version 1803, it is also supported in Windows Holographic for Business edition. +> [!NOTE] +> +> - If the application calls `KeyCredentialManager.IsSupportedAsync` when it is running in assigned access mode and it returns false on the first run, invoke the settings screen and select an appropriate PIN to use with Windows Hello. This is the settings screen that is hidden by the application running in assigned access mode. You can only use Windows Hello if you first leave assigned access mode, select your convenience pin, and then go back into assigned access mode again. +> - The AssignedAccess CSP is supported in Windows 10 Enterprise and Windows 10 Education. Starting from Windows 10, version 1709, it is supported in Windows 10 Pro and Windows 10 S. Starting from Windows 10, version 1803, it is also supported in Windows Holographic for Business edition. The following example shows the AssignedAccess configuration service provider in tree format @@ -45,7 +44,7 @@ The following example shows the AssignedAccess configuration service provider in ./Vendor/MSFT AssignedAccess ----KioskModeApp -----Configuration (Added in Windows 10, version 1709) +----Configuration (Added in Windows 10, version 1709) ----Status (Added in Windows 10, version 1803) ----ShellLauncher (Added in Windows 10, version 1803) ----StatusConfiguration (Added in Windows 10, version 1803) @@ -55,63 +54,65 @@ AssignedAccess Root node for the CSP. **./Device/Vendor/MSFT/AssignedAccess/KioskModeApp** -A JSON string that contains the user account name and Application User Model ID (AUMID) of the Kiosk mode app. For more information about how to get the AUMID, see [Find the Application User Model ID of an installed app](/windows/configuration/find-the-application-user-model-id-of-an-installed-app). +A JSON string that contains the user account name and Application User Model ID (AUMID) of the Kiosk mode app. For more information about how to get the AUMID, see [Find the Application User Model ID of an installed app](/windows/configuration/find-the-application-user-model-id-of-an-installed-app). For more information, see [Set up a single-app kiosk on Windows 10/11.](/windows/configuration/kiosk-single-app) -For more information, see [Set up a kiosk on Windows 10 Pro, Enterprise, or Education.](/windows/configuration/kiosk-single-app) - -> [!Note] -> In Windows 10, version 1803, the Configuration node introduces single app kiosk profile to replace KioskModeApp CSP node. KioskModeApp node will be deprecated soon, so you should use the single app kiosk profile in config xml for Configuration node to configure public-facing single app Kiosk. +> [!NOTE] > -> Starting in Windows 10, version 1803, the KioskModeApp node becomes No-Op if Configuration node is configured on the device. That Add/Replace/Delete command on KioskModeApp node always returns SUCCESS to the MDM server if Configuration node is set, but the data of KioskModeApp will not take any effect on the device. Get command on KioskModeApp will return the configured JSON string even it’s not effective. +> - In Windows 10, version 1803, the Configuration node introduces single app kiosk profile to replace KioskModeApp CSP node. KioskModeApp node will be deprecated soon, so you should use the single app kiosk profile in config xml for Configuration node to configure public-facing single app Kiosk. +> - Starting in Windows 10, version 1803, the KioskModeApp node becomes No-Op if Configuration node is configured on the device. Add/Replace/Delete commands on KioskModeApp node always returns SUCCESS to the MDM server if Configuration node is set, but the data of KioskModeApp will not take any effect on the device. Get command on KioskModeApp will return the configured JSON string even it's not effective. +> - You can't set both KioskModeApp and ShellLauncher at the same time on the device. -> [!Note] -> You can't set both KioskModeApp and ShellLauncher at the same time on the device. - -Starting in Windows 10, version 1607, you can use a provisioned app to configure the kiosk mode. For more information about how to remotely provision an app, see [Enterprise app management](enterprise-app-management.md). +Starting in Windows 10, version 1607, you can use a provisioned app to configure the kiosk mode. For more information about how to remotely provision an app, see [Enterprise app management](enterprise-app-management.md). Here's an example: ```json -{"Account":"contoso\\kioskuser","AUMID":"Microsoft.Windows.Contoso_cw5n1h2txyewy!Microsoft.ContosoApp.ContosoApp"} +{ + "Account": "contoso\\kioskuser", + "AUMID": "Microsoft.Windows.Contoso_cw5n1h2txyewy!Microsoft.ContosoApp.ContosoApp" +} ``` -> [!Tip] +> [!TIP] > In this example the double \\\ is required because it's in JSON and JSON escapes \ into \\\\. If an MDM server uses JSON parser\composer, they should ask customers to type only one \\, which will be \\\ in the JSON. If user types \\\\, it'll become \\\\\\\ in JSON, which will cause erroneous results. For the same reason, domain\account used in Configuration xml does not need \\\ but only one \\, because xml does not (need to) escape \\. > > This applies to both domain\account, AzureAD\someone@contoso.onmicrosoft.com, i.e. as long as a \ used in JSON string. When the kiosk mode app is being configured, the account name will be used to find the target user. The account name includes domain name and user name. -> [!Note] -> The domain name can be optional, if the user name is unique across the system. +> [!TIP] +> The domain name can be optional, if the user name is unique across the system. For a local account, the domain name should be the device name. When Get is executed on this node, the domain name is always returned in the output. The supported operations are Add, Delete, Get and Replace. When there's no configuration, the Get and Delete methods fail. When there's already a configuration for kiosk mode app, the Add method fails. The data pattern for Add and Replace is the same. **./Device/Vendor/MSFT/AssignedAccess/Configuration** -Added in Windows 10, version 1709. Specifies the settings that you can configure in the kiosk or device. This node accepts an AssignedAccessConfiguration xml as input to configure the device experience. For more information about the configuration settings in the XML, see [Create a Windows 10 kiosk that runs multiple apps](/windows/configuration/lock-down-windows-10-to-specific-apps). For more information on the schema, see [AssignedAccessConfiguration](#assignedaccessconfiguration-xsd). -Updated in Windows 10, version 1909. Added Microsoft Edge kiosk mode support. This allows Microsoft Edge to be the specified kiosk application. For details about configuring Microsoft Edge kiosk mode, see [Configure a Windows 10 kiosk that runs Microsoft Edge](/DeployEdge/microsoft-edge-configure-kiosk-mode). Windows 10, version 1909 also allows for configuration of the breakout sequence. The breakout sequence specifies the keyboard shortcut that returns a kiosk session to the lock screen. The breakout sequence is defined with the format modifiers + keys. An example breakout sequence would look something like "shift+alt+a", where "shift" and "alt" are the modifiers and "a" is the key. - -> [!Note] -> In Windows 10, version 1803 the Configuration node introduces single app kiosk profile to replace KioskModeApp CSP node. KioskModeApp node will be deprecated soon, so you should use the single app kiosk profile in config xml for Configuration node to configure public-facing single app Kiosk. -> -> Starting in Windows 10, version 1803 the KioskModeApp node becomes No-Op if Configuration node is configured on the device. That Add/Replace/Delete command on KioskModeApp node always returns SUCCESS to the MDM server if Configuration node is set, but the data of KioskModeApp will not take any effect on the device. Get command on KioskModeApp will return the configured JSON string even it’s not effective. - -Enterprises can use this to easily configure and manage the curated lockdown experience. +Added in Windows 10, version 1709. Specifies the settings that you can configure in the kiosk or device. This node accepts an AssignedAccessConfiguration xml as input to configure the device experience. For more information about the configuration settings in the XML, see [Set up a multi-app kiosk on Windows 10 devices](/windows/configuration/lock-down-windows-10-to-specific-apps). For more information on the schema, see [AssignedAccessConfiguration XSD](#assignedaccessconfiguration-xsd). Enterprises can use this to easily configure and manage the curated lockdown experience. Supported operations are Add, Get, Delete, and Replace. -Deleting the multi-app configuration will remove the assigned access lockdown profiles associated with the users, but it can't revert all the enforced policies back (for example, Start Layout). +In Windows 10, version 1803 the Configuration node introduces single app kiosk profile to replace KioskModeApp CSP node. KioskModeApp node will be deprecated soon, so you should use the single app kiosk profile in config xml for Configuration node to configure public-facing single app Kiosk. + +In Windows 10, version 1909, Microsoft Edge kiosk mode support was added. This allows Microsoft Edge to be the specified kiosk application. For details about configuring Microsoft Edge kiosk mode, see [Configure a Windows 10 kiosk that runs Microsoft Edge](/DeployEdge/microsoft-edge-configure-kiosk-mode). Windows 10, version 1909 also allows for configuration of the breakout sequence. The breakout sequence specifies the keyboard shortcut that returns a kiosk session to the lock screen. The breakout sequence is defined with the format modifiers + keys. An example breakout sequence would look something like "shift+alt+a", where "shift" and "alt" are the modifiers and "a" is the key. + +In Windows 11, version 22H2, AssignedAccessConfiguration schema was updated to add StartPins and TaskbarLayout nodes to support pinning apps to the Start Menu and Taskbar respectively. + +- For more information about the configuration settings in the XML, see [TODO](/windows/configuration/). +- For more information on the schema, see [AssignedAccessConfiguration XSD](#assignedaccessconfiguration-xsd). +- For an example, see [Example AssignedAccessConfiguration XML](#example-assignedaccessconfiguration-xml). + +> [!NOTE] +> Deleting the multi-app configuration will remove the assigned access lockdown profiles associated with the users, but it can't revert all the enforced policies back (for example, Start Layout). **./Device/Vendor/MSFT/AssignedAccess/Status** -Added in Windows 10, version 1803. This read only polling node allows MDM server to query the current KioskModeAppRuntimeStatus as long as the StatusConfiguration node is set to “On” or “OnWithAlerts”. If the StatusConfiguration is “Off”, a node not found error will be reported to the MDM server. Click [link](#status-example) to see an example SyncML. [Here](#assignedaccessalert-xsd) is the schema for the Status payload. +Added in Windows 10, version 1803. This read only polling node allows MDM server to query the current KioskModeAppRuntimeStatus as long as the StatusConfiguration node is set to "On" or "OnWithAlerts". If the StatusConfiguration is "Off", a node not found error will be reported to the MDM server. Click [link](#status-example) to see an example SyncML. [Here](#assignedaccessalert-xsd) is the schema for the Status payload. In Windows 10, version 1803, Assigned Access runtime status only supports monitoring single app kiosk mode. Here are the possible statuses available for single app kiosk mode. -|Status |Description | -|---------|---------|---------| +| Status | Description | +|--|--|--| | KioskModeAppRunning | This status means the kiosk app is running normally. | | KioskModeAppNotFound | This state occurs when the kiosk app isn't deployed to the machine. | | KioskModeAppActivationFailure | This state occurs when the assigned access controller detects the process terminated unexpectedly after exceeding the max retry. | @@ -119,11 +120,11 @@ In Windows 10, version 1803, Assigned Access runtime status only supports monito > [!NOTE] > Status codes available in the Status payload correspond to a specific KioskModeAppRuntimeStatus. -|Status code | KioskModeAppRuntimeStatus | -|---------|---------| -| 1 | KioskModeAppRunning | -| 2 | KioskModeAppNotFound | -| 3 | KioskModeAppActivationFailure | +| Status code | KioskModeAppRuntimeStatus | +|--|--| +| 1 | KioskModeAppRunning | +| 2 | KioskModeAppNotFound | +| 3 | KioskModeAppActivationFailure | Additionally, the status payload includes a profileId that can be used by the MDM server to correlate as to which kiosk app caused the error. @@ -156,7 +157,7 @@ Supported operation is Get. **./Device/Vendor/MSFT/AssignedAccess/ShellLauncher** Added in Windows 10, version 1803. This node accepts a ShellLauncherConfiguration xml as input. Click [link](#shelllauncherconfiguration-xsd) to see the schema. Shell Launcher V2 is introduced in Windows 10, version 1903 to support both UWP and Win32 apps as the custom shell. For more information, see [Shell Launcher](/windows/configuration/kiosk-shelllauncher). -> [!Note] +> [!NOTE] > You can't set both ShellLauncher and KioskModeApp at the same time on the device. > > Configuring Shell Launcher using the ShellLauncher node automatically enables the Shell Launcher feature, if it is available within the SKU. I. Shell Launcher as a feature and the ShellLauncher node both require Windows Enterprise or Windows Education to function. @@ -172,16 +173,15 @@ Optionally, the MDM server can opt in to the MDM alert so that an MDM alert will This MDM alert header is defined as follows: -- MDMAlertMark: Critical -- MDMAlertType: "com.microsoft.mdm.assignedaccess.status" -- MDMAlertDataType: String -- Source: "./Vendor/MSFT/AssignedAccess" -- Target: N/A +- MDMAlertMark: Critical +- MDMAlertType: "com.microsoft.mdm.assignedaccess.status" +- MDMAlertDataType: String +- Source: "./Vendor/MSFT/AssignedAccess" +- Target: N/A -> [!Note] +> [!NOTE] > MDM alert will only be sent for errors. - ## KioskModeApp examples KioskModeApp Add @@ -266,7 +266,9 @@ KioskModeApp Replace ## AssignedAccessConfiguration XSD -The schema below is for AssignedAccess Configuration up to Windows 10 20H2 release. +
+
+ Schema for AssignedAccess Configuration. ```xml @@ -278,6 +280,7 @@ The schema below is for AssignedAccess Configuration up to Windows 10 20H2 relea xmlns:rs5="http://schemas.microsoft.com/AssignedAccess/201810/config" xmlns:v3="http://schemas.microsoft.com/AssignedAccess/2020/config" xmlns:v4="http://schemas.microsoft.com/AssignedAccess/2021/config" + xmlns:v5="http://schemas.microsoft.com/AssignedAccess/2022/config" targetNamespace="http://schemas.microsoft.com/AssignedAccess/2017/config" > @@ -306,8 +309,10 @@ The schema below is for AssignedAccess Configuration up to Windows 10 20H2 relea - + + + @@ -358,7 +363,7 @@ The schema below is for AssignedAccess Configuration up to Windows 10 20H2 relea - + @@ -464,7 +469,41 @@ The schema below is for AssignedAccess Configuration up to Windows 10 20H2 relea ); ``` -Here's the schema for new features introduced in Windows 10 1809 release: +
+ +
+
+ Schema for features introduced in Windows 10, version 1909 which added support for Microsoft Edge kiosk mode and breakout key sequence customization. + +```xml + + + + + + + + + + + + + +``` + +
+ +
+
+ Schema for new features introduced in Windows 10 1809 release. ```xml @@ -510,7 +549,11 @@ Here's the schema for new features introduced in Windows 10 1809 release: ``` -Schema for Windows 10 prerelease +
+ +
+
+ Schema for Windows 10 prerelease. ```xml @@ -533,7 +576,7 @@ Schema for Windows 10 prerelease - + @@ -541,48 +584,113 @@ Schema for Windows 10 prerelease ``` -The schema below is for features introduced in Windows 10, version 1909 which has added support for Microsoft Edge kiosk mode and breakout key sequence customization. -```xml - - - - - - - - - - - - - -``` - -To authorize a compatible configuration XML that includes 1809 or prerelease elements and attributes, always include the namespace of these add-on schemas, and decorate the attributes and elements accordingly with the namespace alias. For example, to configure the auto-launch feature that's added in the 1809 release, use the below sample. Notice an alias r1809 is given to the 201810 namespace for the 1809 release, and the alias is tagged on AutoLaunch and AutoLaunchArguments inline. - -```xml - - - - - - -``` +
## Example AssignedAccessConfiguration XML -Example XML configuration for a multi-app kiosk: + +
+
+ Example XML configuration for a multi-app kiosk for Windows 11. + +> [!NOTE] +> This example demonstrates the use of StartPins and TaskbarLayout elements. For more information, see [](). +> - StartPins element is used to pin apps to the Start menu and uses the [pinnedList JSON](/windows/configuration/customize-start-menu-layout-windows-11#get-the-pinnedlist-json) format. +> - TaskbarLayout element is used to pin apps to the taskbar and uses the [TaskbarLayoutModification XML](/windows-hardware/customize/desktop/customize-the-windows-11-taskbar#author-a-taskbarlayoutmodificationxml-file) format. + +```xml + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + ]]> + + + + + + + + + + + + + + + + ]]> + + + + + + MultiAppKioskUser + + + + +``` + +
+ +
+
+ Example XML configuration for a multi-app kiosk for Windows 10. + ```xml @@ -634,7 +742,12 @@ Example XML configuration for a multi-app kiosk: ``` -Example XML configuration for a Microsoft Edge kiosk. This Microsoft Edge kiosk is configured to launch www.bing.com on startup in a public browsing mode. +
+ +
+
+ Example XML configuration for a Microsoft Edge kiosk. This Microsoft Edge kiosk is configured to launch www.bing.com on startup in a public browsing mode. + ```xml ``` -Example XML configuration for setting a breakout sequence to be Ctrl+A on a Microsoft Edge kiosk. +
+ +
+
+ Example XML configuration for setting a breakout sequence to be Ctrl+A on a Microsoft Edge kiosk. + > [!NOTE] > **BreakoutSequence** can be applied to any kiosk type, not just an Edge kiosk. + ```xml ``` +
+ +> [!NOTE] +> To authorize a compatible configuration XML that includes 1809 or prerelease elements and attributes, always include the namespace of these add-on schemas, and decorate the attributes and elements accordingly with the namespace alias. For example, to configure the auto-launch feature that's added in the 1809 release, use the below sample. Notice an alias `r1809` is given to the 201810 namespace for the 1809 release, and the alias is tagged on AutoLaunch and AutoLaunchArguments inline. +> +> ```xml +> xmlns="http://schemas.microsoft.com/AssignedAccess/2017/config" +> xmlns:r1809="http://schemas.microsoft.com/AssignedAccess/201810/config" +> > +> +> +> +> +> +> ``` + ## Configuration examples XML encoding (escaped) and CDATA of the XML in the Data node will both ensure that DM client can properly interpret the SyncML and send the configuration xml as string (in original format, unescaped) to AssignedAccess CSP to handle. Similarly, the StartLayout xml inside the configuration xml is using the same format, xml inside xml as string. In the sample Configuration xml provided above, CDATA is used to embed the StartLayout xml. If you use CDATA to embed configuration xml in SyncML as well, you’ll have nested CDATA, so pay attention to how CDATA is used in the provided CDATA sample. With that being said, when the Configuration xml is being constructed, MDM server can either escape start layout xml or put startlayout xml inside CDATA, when MDM server puts configuration xml inside SyncML, MDM server can also either escape it or wrap with CDATA. -Escape and CDATA are mechanisms used when handling xml in xml. Consider that it’s a transportation channel to send the configuration xml as payload from server to client. It’s transparent to both, the end user who configures the CSP and to our CSP. Both the customer on the server side and our CSP must only see the original configuration XML. +Escape and CDATA are mechanisms used when handling xml in xml. Consider that it's a transportation channel to send the configuration xml as payload from server to client. It's transparent to both, the end user who configures the CSP and to our CSP. Both the customer on the server side and our CSP must only see the original configuration XML. -This example shows escaped XML of the Data node. +
+
+ This example shows escaped XML of the Data node. ```xml @@ -761,7 +899,11 @@ This example shows escaped XML of the Data node. ``` -This example shows escaped XML of the Data node. +
+ +
+
+ This example shows escaped XML of the Data node. ```xml @@ -833,7 +975,11 @@ This example shows escaped XML of the Data node. ``` -This example uses CData for the XML. +
+ +
+
+ This example uses CData for the XML. ```xml @@ -905,7 +1051,11 @@ This example uses CData for the XML. ``` -Example of Get command that returns the configuration in the device. +
+ +
+
+ Example of Get command that returns the configuration in the device. ```xml @@ -923,7 +1073,11 @@ Example of Get command that returns the configuration in the device. ``` -Example of the Delete command. +
+ +
+
+ Example of the Delete command. ```xml @@ -941,6 +1095,8 @@ Example of the Delete command. ``` +
+ ## StatusConfiguration XSD ```xml @@ -974,7 +1130,7 @@ Example of the Delete command. ## StatusConfiguration example -StatusConfiguration Add OnWithAlerts +StatusConfiguration Add ```xml @@ -1039,7 +1195,7 @@ StatusConfiguration Get ``` -StatusConfiguration Replace On +StatusConfiguration Replace ```xml @@ -1090,7 +1246,9 @@ Status Get ## ShellLauncherConfiguration XSD -Shell Launcher V2 uses a separate XSD and namespace for backward compatibility. The original V1 XSD has a reference to the V2 XSD. +
+
+ Shell Launcher V2 uses a separate XSD and namespace for backward compatibility. The original V1 XSD has a reference to the V2 XSD. ```xml @@ -1247,6 +1405,8 @@ Shell Launcher V2 uses a separate XSD and namespace for backward compatibility. ``` +
+ ### Shell Launcher V2 XSD ```xml @@ -1275,7 +1435,9 @@ Shell Launcher V2 uses a separate XSD and namespace for backward compatibility. ## ShellLauncherConfiguration examples -ShellLauncherConfiguration Add +
+
+ ShellLauncherConfiguration Add ```xml @@ -1345,11 +1507,15 @@ ShellLauncherConfiguration Add ``` -ShellLauncherConfiguration Add AutoLogon +
+ +
+
+ ShellLauncherConfiguration Add AutoLogon This function creates an autologon account on your behalf. It's a standard user with no password. The autologon account is managed by AssignedAccessCSP, so the account name isn't exposed. -> [!Note] +> [!NOTE] > The autologon function is designed to be used after OOBE with provisioning packages. ```xml @@ -1399,7 +1565,11 @@ This function creates an autologon account on your behalf. It's a standard user ``` -ShellLauncher V2 Add +
+ +
+
+ ShellLauncher V2 Add ```xml @@ -1420,12 +1590,12 @@ ShellLauncher V2 Add - - - - - - + + + + + + @@ -1455,7 +1625,11 @@ xmlns:V2="http://schemas.microsoft.com/ShellLauncher/2019/Configuration"> ``` -ShellLauncherConfiguration Get +
+ +
+
+ ShellLauncherConfiguration Get ```xml @@ -1473,8 +1647,14 @@ ShellLauncherConfiguration Get ``` +
+ ## AssignedAccessAlert XSD +
+
+ Expand this section to see the schema XML + ```xml ``` +
+ ## Windows Holographic for Business edition example This example configures the following apps: Skype, Learning, Feedback Hub, and Calibration, for first line workers. Use this XML in a provisioning package using Windows Configuration Designer. For instructions, see [Configure HoloLens using a provisioning package](/hololens/hololens-provisioning). +
+
+ Expand this section to see the example XML + ```xml The RemoteWipe configuration service provider can be used by mobile operators DM server or enterprise management server to remotely reset a device. The RemoteWipe configuration service provider can make the data stored in memory and hard disks difficult to recover if the device is remotely reset after being lost or stolen. Enterprise IT Professionals can update these settings by using the Exchange Server. + +[!INCLUDE [remote-wipe](../../../includes/licensing/remote-wipe.md)] From 1a230785bea3eec92024df37404ee223710088fa Mon Sep 17 00:00:00 2001 From: Vinay Pamnani <37223378+vinaypamnani-msft@users.noreply.github.com> Date: Wed, 3 May 2023 10:23:15 -0400 Subject: [PATCH 088/258] Update windowsdefenderapplicationguard-csp.md --- .../mdm/windowsdefenderapplicationguard-csp.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md b/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md index a92d9f018f..811d36e770 100644 --- a/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md +++ b/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md @@ -19,6 +19,8 @@ ms.topic: reference The WindowsDefenderApplicationGuard configuration service provider (CSP) is used by the enterprise to configure the settings in Microsoft Defender Application Guard. This CSP was added in Windows 10, version 1709. + +[!INCLUDE [microsoft-defender-application-guard-mdag-configure-via-mdm](../../../includes/licensing/microsoft-defender-application-guard-mdag-configure-via-mdm.md)] From f383191a67b8322e5b95b991d71ee89313fc6d2b Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Wed, 3 May 2023 16:39:15 -0400 Subject: [PATCH 089/258] updates for sharedPC --- education/windows/federated-sign-in.md | 35 +++++++++++++++----------- 1 file changed, 20 insertions(+), 15 deletions(-) diff --git a/education/windows/federated-sign-in.md b/education/windows/federated-sign-in.md index e83bf97ea8..0aab0b96e7 100644 --- a/education/windows/federated-sign-in.md +++ b/education/windows/federated-sign-in.md @@ -35,8 +35,8 @@ To implement federated sign-in, the following prerequisites must be met: - For a step-by-step guide on how to configure **Google Workspace** as an identity provider for Azure AD, see [Configure federation between Google Workspace and Azure AD](configure-aad-google-trust.md) - For a step-by-step guide on how to configure **Clever** as an identity provider for Azure AD, see [Setup guide for Badges into Windows and Azure AD][EXT-1] -1. Individual IdP accounts created: each user will require an account defined in the third-party IdP platform -1. Individual Azure AD accounts created: each user will require a matching account defined in Azure AD. These accounts are commonly created through automated solutions, for example: +1. Individual IdP accounts created: each user requires an account defined in the third-party IdP platform +1. Individual Azure AD accounts created: each user requires a matching account defined in Azure AD. These accounts are commonly created through automated solutions, for example: - [School Data Sync (SDS)][SDS-1] - [Azure AD Connect sync][AZ-3] for environment with on-premises AD DS - PowerShell scripts that call the [Microsoft Graph API][GRAPH-1] @@ -46,7 +46,7 @@ To implement federated sign-in, the following prerequisites must be met: 1. Licenses assigned to the Azure AD user accounts. It's recommended to assign licenses to a dynamic group: when new users are provisioned in Azure AD, the licenses are automatically assigned. For more information, see [Assign licenses to users by group membership in Azure Active Directory][AZ-2] 1. Enable federated sign-in on the Windows devices -To use federated sign-in, the devices must have Internet access. This feature won't work without it, as the authentication is done over the Internet. +To use federated sign-in, the devices must have Internet access. This feature doesn't work without it, as the authentication is done over the Internet. > [!IMPORTANT] > WS-Fed is the only supported federated protocol to join a device to Azure AD. If you have a SAML 2.0 IdP, it's recommended to complete the Azure AD join process using one of the following methods: @@ -73,7 +73,7 @@ The configuration is different for each scenario, and is described in the follow ### Configure federated sign-in for student assigned (1:1) devices -To use web sign-in with a federated identity provider, your devices must be configured with different policies. Follow the instructions below to configure your devices using either Microsoft Intune or a provisioning package (PPKG). +To use web sign-in with a federated identity provider, your devices must be configured with different policies. Review the following instructions to configure your devices using either Microsoft Intune or a provisioning package (PPKG). #### [:::image type="icon" source="images/icons/intune.svg"::: **Intune**](#tab/intune) @@ -115,7 +115,7 @@ Apply the provisioning package to the single-user devices that require federated ### Configure federated sign-in for student shared devices -To use web sign-in with a federated identity provider, your devices must be configured with different policies. Follow the instructions below to configure your shared devices using either Microsoft Intune or a provisioning package (PPKG). +To use web sign-in with a federated identity provider, your devices must be configured with different policies. Review the following instructions to configure your shared devices using either Microsoft Intune or a provisioning package (PPKG). #### [:::image type="icon" source="images/icons/intune.svg"::: **Intune**](#tab/intune) @@ -157,12 +157,13 @@ Apply the provisioning package to the shared devices that require federated sign Once the devices are configured, a new sign-in experience becomes available. -As the end users enter their username, they'll be redirected to the identity provider sign-in page. Once the Idp authenticates the users, they'll be signed-in. In the following animation, you can see how the first sign-in process works: +As users enter their username, they're redirected to the identity provider sign-in page. Once the Idp authenticates the users, they're signed-in. In the following animation, you can observe how the first sign-in process works for a student assigned (1:1) device: -:::image type="content" source="./images/win-11-se-federated-sign-in.gif" alt-text="Windows 11 SE sign-in using federated sign-in through Clever and QR code badge." border="false"::: +:::image type="content" source="./images/win-11-se-federated-sign-in.gif" alt-text="Windows 11 SE sign-in using federated sign-in through Clever and QR code badge, in a student assigned (1:1) device." border="false"::: > [!IMPORTANT] -> Once the policy is enabled, the first user to sign-in to the device will also set the disambiguation page to the identity provider domain on the device. This means that the device will be defaulting to that IdP. The user can exit the federated sign-in flow by pressing Ctrl+Alt+Delete to get back to the standard Windows sign-in screen. +> For student assigned (1:1) devices, once the policy is enabled, the first user who sign-in to the device will also set the disambiguation page to the identity provider domain on the device. This means that the device will be defaulting to that IdP. The user can exit the federated sign-in flow by pressing Ctrl+Alt+Delete to get back to the standard Windows sign-in screen. +> The behavior is different for student shared devices, where the disambiguation page is always shown, unless preferred Azure AD tenant name is configured. ## Important considerations @@ -172,22 +173,25 @@ Federated sign-in for student assigned (1:1) devices doesn't work with the follo - **EnableSharedPCMode** or **EnableSharedPCModeWithOneDriveSync**, which are part of the [SharedPC CSP][WIN-1] - **Interactive logon: do not display last signed in**, which is a security policy part of the [Policy CSP][WIN-2] -- **Take a Test**, since it uses the security policy above +- **Take a Test** in kiosk mode, since it uses the security policy above ### Known issues affecting student shared devices The following issues are known to affect student shared devices: - Non-federated users can't sign-in to the devices, including local accounts -- **Interactive logon: do not display last signed in**, which is a security policy part of the [Policy CSP][WIN-2] -- **Take a Test**, since it uses the security policy above +- **Take a Test** in kiosk mode, since it uses a local guest account to sign in + +### Account management + +For student shared devices, it's recommended to configure the account management policies to automatically delete the user profiles after a certain period of inactivity or disk levels. For more information, see [Set up a shared or guest Windows device][WIN-3]. ### Preferred Azure AD tenant name To improve the user experience, you can configure the *preferred Azure AD tenant name* feature.\ -When using preferred AAD tenant name, the users will bypass the disambiguation page and will be redirected to the identity provider sign-in page. +When using preferred AAD tenant name, the users bypass the disambiguation page and are redirected to the identity provider sign-in page. This configuration can be especially useful for student shared devices, where the disambiguation page is always shown. -For more information about preferred tenant name, see [Authentication CSP - PreferredAadTenantDomainName][WIN-3]. +For more information about preferred tenant name, see [Authentication CSP - PreferredAadTenantDomainName][WIN-4]. ### Identity matching in Azure AD @@ -197,7 +201,7 @@ After the token sent by the IdP is validated, Azure AD searches for a matching u > [!NOTE] > The ImmutableId is a string value that **must be unique** for each user in the tenant, and it shouldn't change over time. For example, the ImmutableId could be the student ID or SIS ID. The ImmutableId value should be based on the federation setup and configuration with your IdP, so confirm with your IdP before setting it. -If the matching object is found, the user is signed-in. If not, the user is presented with an error message. The following picture shows that a user with the ImmutableId *260051* can't be found: +If the matching object is found, the user is signed-in. Otherwise, the user is presented with an error message. The following picture shows that a user with the ImmutableId *260051* can't be found: :::image type="content" source="images/federation/user-match-lookup-failure.png" alt-text="Azure AD sign-in error: a user with a matching ImmutableId can't be found in the tenant." lightbox="images/federation/user-match-lookup-failure.png"::: @@ -252,4 +256,5 @@ Update-MgUser -UserId alton@example.onmicrosoft.com -UserPrincipalName alton@exa [WIN-1]: /windows/client-management/mdm/sharedpc-csp [WIN-2]: /windows/client-management/mdm/policy-csp-localpoliciessecurityoptions#localpoliciessecurityoptions-interactivelogon-donotdisplaylastsignedin -[WIN-3]: /windows/client-management/mdm/policy-csp-authentication#preferredaadtenantdomainname \ No newline at end of file +[WIN-3]: /windows/configuration/set-up-shared-or-guest-pc +[WIN-4]: /windows/client-management/mdm/policy-csp-authentication#preferredaadtenantdomainname \ No newline at end of file From d7d694b8a4890edbbd68a3fa408bd34133ae4cd9 Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Thu, 4 May 2023 09:19:21 -0400 Subject: [PATCH 090/258] updated links --- windows/security/identity-protection/toc.yml | 4 + windows/whats-new/windows-licensing.md | 124 +++++++++++-------- 2 files changed, 79 insertions(+), 49 deletions(-) diff --git a/windows/security/identity-protection/toc.yml b/windows/security/identity-protection/toc.yml index c4b3478397..c90f5b2316 100644 --- a/windows/security/identity-protection/toc.yml +++ b/windows/security/identity-protection/toc.yml @@ -19,6 +19,7 @@ items: href: smart-cards/toc.yml - name: Virtual smart cards href: virtual-smart-cards/toc.yml + displayName: VSC - name: Enterprise Certificate Pinning href: enterprise-certificate-pinning.md - name: Advanced credential protection @@ -28,13 +29,16 @@ items: - name: Technical support policy for lost or forgotten passwords href: password-support-policy.md - name: Windows LAPS (Local Administrator Password Solution) 🔗 + displayName: LAPS href: /windows-server/identity/laps/laps-overview - name: Enhanced Phishing Protection in Microsoft Defender SmartScreen href: ../threat-protection/microsoft-defender-smartscreen/phishing-protection-microsoft-defender-smartscreen.md + displayName: EPP - name: Access Control items: - name: Overview href: access-control/access-control.md + displayName: ACL - name: Local Accounts href: access-control/local-accounts.md - name: Security policy settings 🔗 diff --git a/windows/whats-new/windows-licensing.md b/windows/whats-new/windows-licensing.md index e45dbf9886..212d022557 100644 --- a/windows/whats-new/windows-licensing.md +++ b/windows/whats-new/windows-licensing.md @@ -8,7 +8,7 @@ manager: aaroncz ms.collection: - tier2 ms.topic: conceptual -ms.date: 04/24/2023 +ms.date: 05/04/2023 appliesto: - ✅ Windows 11 ms.technology: itpro-security @@ -19,7 +19,7 @@ ms.technology: itpro-security This document provides an overview of the products and use rights available through Microsoft Commercial Licensing, information about the products that are eligible for upgrades, and the key choices you have for using Windows in your organization. > [!NOTE] -> The content of this article doesn't replace or override other licensing documentation, such as the Windows 11 End User License Agreement or [Commercial Licensing Product Terms](https://www.microsoft.com/licensing/product-licensing/products.aspx). +> The content of this article doesn't replace or override other licensing documentation, such as the Windows 11 End User License Agreement or [Commercial Licensing Product Terms][EXT-4]. ## Windows 11 editions @@ -31,7 +31,7 @@ The following table lists the editions of Windows 11 available through each Micr ## Windows desktop offerings available through Commercial Licensing -The following offerings are available for purchase through [Microsoft Commercial Licensing](https://www.microsoft.com/licensing): +The following offerings are available for purchase through [Microsoft Commercial Licensing][EXT-5]: |Product|Description|Availability| |-|-|-| @@ -67,13 +67,13 @@ The following table describes the unique Windows Enterprise edition features: | OS-based feature | Description | |-|-| -|**[Windows Defender Credential Guard](/windows/security/identity-protection/credential-guard/credential-guard-requirements)**|Protects against user credential harvesting and pass-the-hash attacks or pass the token attacks.| -|**[Managed Microsoft Defender Application Guard for Microsoft Edge](/deployedge/microsoft-edge-security-windows-defender-application-guard)**| Isolates enterprise-defined untrusted sites with virtualization-based security from Windows, protecting your organization while users browse the Internet.| -|**[Modern BitLocker Management](/windows/security/information-protection/bitlocker/bitlocker-overview)** | Allows you to eliminate on-premises tools to monitor and support BitLocker recovery scenarios. | -|**[Personal Data Encryption](/windows/security/information-protection/personal-data-encryption/overview-pde)**|Encrypts individual's content using Windows Hello for Business to link the encryption keys to user credentials.| -|**[Direct Access](/windows-server/remote/remote-access/directaccess/directaccess)**|Connect remote users to the organization network without the need for traditional VPN connections.| -|**[Always-On VPN device tunnel](/windows-server/remote/remote-access/vpn/always-on-vpn/)**|Advanced security capabilities to restrict the type of traffic and which applications can use the VPN connection.| -|**[Windows Experience customization](/windows/client-management/mdm/policy-csp-experience)**|Settings to lock down the user experience of corporate desktops and Shell Launcher with Unified Write Filter for frontline workers devices or public kiosks.| +|**[Windows Defender Credential Guard][WIN-1]**|Protects against user credential harvesting and pass-the-hash attacks or pass the token attacks.| +|**[Managed Microsoft Defender Application Guard for Microsoft Edge][EDGE-1]**| Isolates enterprise-defined untrusted sites with virtualization-based security from Windows, protecting your organization while users browse the Internet.| +|**[Modern BitLocker Management][WIN-2]** | Allows you to eliminate on-premises tools to monitor and support BitLocker recovery scenarios. | +|**[Personal Data Encryption][WIN-3]**|Encrypts individual's content using Windows Hello for Business to link the encryption keys to user credentials.| +|**[Direct Access][WINS-1]**|Connect remote users to the organization network without the need for traditional VPN connections.| +|**[Always-On VPN device tunnel][WINS-2]**|Advanced security capabilities to restrict the type of traffic and which applications can use the VPN connection.| +|**[Windows Experience customization][WIN-4]**|Settings to lock down the user experience of corporate desktops and Shell Launcher with Unified Write Filter for frontline workers devices or public kiosks.| #### Windows 11 Enterprise cloud-based capabilities @@ -81,13 +81,13 @@ The following table describes the unique Windows Enterprise cloud-based features |Cloud-based feature | Description | |-|-| -|**[Windows subscription activation](/windows/deployment/windows-10-subscription-activation)**|Enables you to *step-up* from **Windows Pro edition** to **Enterprise edition**. You can eliminate license key management and the deployment of Enterprise edition images.| -|**[Windows Autopatch](/windows/deployment/windows-autopatch/overview/windows-autopatch-overview)**|Cloud service that puts Microsoft in control of automating updates to Windows, Microsoft 365 Apps for enterprise, Microsoft Edge, and Microsoft Teams.| -|**[Windows Update For Business deployment service](/windows/deployment/update/deployment-service-overview)**|This cloud service gives you the control over the approval, scheduling, and safeguarding of quality, feature upgrades, and driver updates delivered from Windows Update.| -|**[Universal Print](/universal-print/)**|Removes the need for on-premises print servers and enables any endpoint to print to cloud registered printers.| -|**[Microsoft Connected Cache](/windows/deployment/do/waas-delivery-optimization)**|A software solution that caches app and OS updates on the local network to save Internet bandwidth in locations with limited connectivity.| -|**[Endpoint analytics proactive remediation](/mem/analytics/proactive-remediations)**|Helps you fix common support issues before end-users notice them.| -|**[Organizational messages](/mem/intune/remote-actions/organizational-messages-overview)**|Keeps employees informed with organizational messages directly inserted in Windows UI surfaces.| +|**[Windows subscription activation][WIN-5]**|Enables you to *step-up* from **Windows Pro edition** to **Enterprise edition**. You can eliminate license key management and the deployment of Enterprise edition images.| +|**[Windows Autopatch][WIN-6]**|Cloud service that puts Microsoft in control of automating updates to Windows, Microsoft 365 Apps for enterprise, Microsoft Edge, and Microsoft Teams.| +|**[Windows Update For Business deployment service][WIN-7]**|This cloud service gives you the control over the approval, scheduling, and safeguarding of quality, feature upgrades, and driver updates delivered from Windows Update.| +|**[Universal Print][UP-1]**|Removes the need for on-premises print servers and enables any endpoint to print to cloud registered printers.| +|**[Microsoft Connected Cache][WIN-8]**|A software solution that caches app and OS updates on the local network to save Internet bandwidth in locations with limited connectivity.| +|**[Endpoint analytics proactive remediation][MEM-1]**|Helps you fix common support issues before end-users notice them.| +|**[Organizational messages][MEM-2]**|Keeps employees informed with organizational messages directly inserted in Windows UI surfaces.| #### Windows 11 Enterprise licensing use rights @@ -95,17 +95,17 @@ The following table describes the Windows Enterprise licensing use rights: |Licensing use rights|Description| |-|-| -|**[Five Windows instances per licensed user](https://www.microsoft.com/licensing/terms/productoffering/WindowsDesktopOperatingSystem/EAEAS)**|Allows your employees to simultaneously use a Windows laptop, a cloud PC and a specialized device with Windows LTSC, and more.| -|**[36 months (3 years) support on annual feature releases](/windows/release-health/supported-versions-windows-client#enterprise-and-iot-enterprise-ltsbltsc-editions)**|Get extra time to deploy feature releases.| -|**[Azure Virtual Desktop, Windows 365 Enterprise and Virtual Desktop Access](/azure/virtual-desktop/prerequisites#operating-systems-and-licenses)**|Empower flexible work styles and smarter work with the included virtualization access rights. Includes FSLogix for a consistent experience of +|**[Five Windows instances per licensed user][EXT-1]**|Allows your employees to simultaneously use a Windows laptop, a cloud PC and a specialized device with Windows LTSC, and more.| +|**[36 months (3 years) support on annual feature releases][WIN-9]**|Get extra time to deploy feature releases.| +|**[Azure Virtual Desktop, Windows 365 Enterprise and Virtual Desktop Access][AZ-1]**|Empower flexible work styles and smarter work with the included virtualization access rights. Includes FSLogix for a consistent experience of Windows user profiles in virtual desktop environments.| -|**[Windows release health in the Microsoft 365 admin center](https://aka.ms/WindowsReleaseHealthinM365)**|Gives you essential information about monthly quality and feature updates in the Microsoft 365 admin center.| -|**[Windows feature update device readiness report](/mem/intune/protect/windows-update-compatibility-reports)**|Provides per-device information about compatibility risks that are associated with an upgrade or update to a chosen version of Windows.| -|**[Windows feature update compatibility risks reports](/mem/intune/protect/windows-update-compatibility-reports)**|Provides a summary view of the top compatibility risks, so you understand which compatibility risks impact the greatest number of devices in your organization.| -|**[Windows LTSC Enterprise](/windows/whats-new/ltsc/)**|Intended for highly specialized devices that require limited changes due to regulations and certification| -|**[Microsoft Desktop Optimization Pack (MDOP) ](/microsoft-desktop-optimization-pack)**|Help improve compatibility and management, reduce support costs, improve asset management, and improve policy control.| +|**[Windows release health in the Microsoft 365 admin center][EXT-2]**|Gives you essential information about monthly quality and feature updates in the Microsoft 365 admin center.| +|**[Windows feature update device readiness report][MEM-3]**|Provides per-device information about compatibility risks that are associated with an upgrade or update to a chosen version of Windows.| +|**[Windows feature update compatibility risks reports][MEM-3]**|Provides a summary view of the top compatibility risks, so you understand which compatibility risks impact the greatest number of devices in your organization.| +|**[Windows LTSC Enterprise][WIN-10]**|Intended for highly specialized devices that require limited changes due to regulations and certification| +|**[Microsoft Desktop Optimization Pack (MDOP) ][MDOP-1]**|Help improve compatibility and management, reduce support costs, improve asset management, and improve policy control.| -Learn more about [Windows 11 Enterprise E3](https://windows.com/enterprise). +Learn more about [Windows 11 Enterprise E3][EXT-3]. ### Windows 11 Enterprise E5 @@ -141,42 +141,42 @@ The following table lists the Windows 11 Enterprise features and their Windows e | OS-based feature |Windows Pro|Windows Enterprise| |-|-|-| -|**[Windows Defender Credential Guard](/windows/security/identity-protection/credential-guard/credential-guard)**|❌|Yes| -|**[Microsoft Defender Application Guard (MDAG) for Microsoft Edge](/deployedge/microsoft-edge-security-windows-defender-application-guard)**|Yes|Yes| -|**[Modern BitLocker Management](/windows/security/information-protection/bitlocker/bitlocker-overview)**|Yes|Yes| -|**[Personal data encryption (PDE)](/windows/security/information-protection/personal-data-encryption/overview-pde)**|❌|Yes| -|**[Direct Access](/windows-server/remote/remote-access/directaccess/directaccess)**|Yes|Yes| -|**[Always On VPN](/windows-server/remote/remote-access/vpn/always-on-vpn/)**|Yes|Yes| -|**[Windows Experience customization](/windows/client-management/mdm/policy-csp-experience)**|❌|Yes| +|**[Windows Defender Credential Guard][WIN-1]**|❌|Yes| +|**[Microsoft Defender Application Guard (MDAG) for Microsoft Edge][EDGE-1]**|Yes|Yes| +|**[Modern BitLocker Management][WIN-2]**|Yes|Yes| +|**[Personal data encryption (PDE)][WIN-3]**|❌|Yes| +|**[Direct Access][WINS-1]**|Yes|Yes| +|**[Always On VPN][WINS-2]**|Yes|Yes| +|**[Windows Experience customization][WIN-4]**|❌|Yes| The following table lists the Windows 11 Enterprise cloud-based features and their Windows edition requirements: | Cloud-based feature |Windows Pro|Windows Enterprise| |-|-|-| -|**[Windows subscription activation](/windows/deployment/windows-10-subscription-activation)**|Yes|Yes| -|**[Windows Autopatch](/windows/deployment/windows-autopatch/)**|Yes|Yes| -|**[Windows Update For Business deployment service](/windows/deployment/update/deployment-service-overview)**|Yes|Yes| -|**[Universal Print](/universal-print/)**|Yes|Yes| -|**[Microsoft Connected Cache](/windows/deployment/do/waas-microsoft-connected-cache)**|Yes|Yes| -|**[Endpoint analytics proactive remediation](/mem/analytics/overview)**|Yes|Yes| -|**[Organizational messages](/mem/intune/remote-actions/organizational-messages-overview)**|❌|Yes| +|**[Windows subscription activation][WIN-5]**|Yes|Yes| +|**[Windows Autopatch][WIN-6]**|Yes|Yes| +|**[Windows Update For Business deployment service][WIN-7]**|Yes|Yes| +|**[Universal Print][UP-1]**|Yes|Yes| +|**[Microsoft Connected Cache][WIN-8]**|Yes|Yes| +|**[Endpoint analytics proactive remediation][MEM-1]**|Yes|Yes| +|**[Organizational messages][MEM-2]**|❌|Yes| The following table lists the Windows 11 Enterprise E3 licensing use rights and their Windows edition requirements: |Licensing use rights|Windows Pro|Windows Enterprise| |-|-|-| -|**[Five Windows instances per licensed user](https://www.microsoft.com/licensing/terms/productoffering/WindowsDesktopOperatingSystem/EAEAS)**|n/a|n/a| -|**[36 months (3 years) support on annual feature releases](/windows/release-health/supported-versions-windows-client#enterprise-and-iot-enterprise-ltsbltsc-editions)**|❌|Yes| -|**[Azure Virtual Desktop, Windows 365 Enterprise and Virtual Desktop Access](/azure/virtual-desktop/prerequisites#operating-systems-and-licenses)**|n/a|n/a| -|**[Windows release health in the Microsoft 365 admin center](https://aka.ms/WindowsReleaseHealthinM365)**|n/a|n/a| -|**[Windows feature update device readiness report](/mem/intune/protect/windows-update-compatibility-reports)**|Yes|Yes| -|**[Windows feature update compatibility risks reports](/mem/intune/protect/windows-update-compatibility-reports)**|Yes|Yes| -|**[Windows LTSC Enterprise](/windows/whats-new/ltsc/)**|n/a|n/a| -|**[Microsoft Desktop Optimization Pack (MDOP) ](/microsoft-desktop-optimization-pack)**|Yes|Yes| +|**[Five Windows instances per licensed user][EXT-1]**|n/a|n/a| +|**[36 months (3 years) support on annual feature releases][WIN-9]**|❌|Yes| +|**[Azure Virtual Desktop, Windows 365 Enterprise and Virtual Desktop Access][AZ-1]**|n/a|n/a| +|**[Windows release health in the Microsoft 365 admin center][EXT-2]**|n/a|n/a| +|**[Windows feature update device readiness report][MEM-3]**|Yes|Yes| +|**[Windows feature update compatibility risks reports][MEM-3]**|Yes|Yes| +|**[Windows LTSC Enterprise][WIN-10]**|n/a|n/a| +|**[Microsoft Desktop Optimization Pack (MDOP)][MDOP-1]**|Yes|Yes| ## Next steps -To learn more about Windows 11 Enterprise E3 and E5 licensing, download the [Windows 11 licensing guide](https://aka.ms/WindowsLicensingGuide). The guide provides additional information to complement the information in this article, including: +To learn more about Windows 11 Enterprise E3 and E5 licensing, download the [Windows 11 licensing guide][EXT-6]. The guide provides additional information to complement the information in this article, including: - Description of qualifying operating systems - Availability of Windows desktop operating system products in licensing programs @@ -184,3 +184,29 @@ To learn more about Windows 11 Enterprise E3 and E5 licensing, download the [Win - Windows 11 downgrade rights - Volume license activation methods - How to acquire licenses through Commercial Licensing + +[AZ-1]: /azure/virtual-desktop/prerequisites#operating-systems-and-licenses +[EDGE-1]: /deployedge/microsoft-edge-security-windows-defender-application-guard +[EXT-1]: https://www.microsoft.com/licensing/terms/productoffering/WindowsDesktopOperatingSystem/EAEAS +[EXT-2]: https://techcommunity.microsoft.com/t5/windows-it-pro-blog/windows-release-health-now-available-in-the-microsoft-365-admin/ba-p/2235908 +[EXT-3]: https://windows.com/enterprise +[EXT-4]: https://www.microsoft.com/licensing/product-licensing/products.aspx +[EXT-5]: https://www.microsoft.com/licensing +[EXT-6]: https://aka.ms/WindowsLicensingGuide +[MDOP-1]: /microsoft-desktop-optimization-pack +[MEM-1]: /mem/analytics/proactive-remediations +[MEM-2]: /mem/intune/remote-actions/organizational-messages-overview +[MEM-3]: /mem/intune/protect/windows-update-compatibility-reports +[UP-1]: /universal-print/ +[WIN-1]: /windows/security/identity-protection/credential-guard/credential-guard +[WIN-2]: /windows/security/information-protection/bitlocker/bitlocker-overview +[WIN-3]: /windows/security/information-protection/personal-data-encryption/overview-pde +[WIN-4]: /windows/client-management/mdm/policy-csp-experience +[WIN-5]: /windows/deployment/windows-10-subscription-activation +[WIN-6]: /windows/deployment/windows-autopatch +[WIN-7]: /windows/deployment/update/deployment-service-overview +[WIN-8]: /windows/deployment/do/waas-microsoft-connected-cache +[WIN-9]: /windows/release-health/supported-versions-windows-client#enterprise-and-iot-enterprise-ltsbltsc-editions +[WIN-10]: /windows/whats-new/ltsc/ +[WINS-1]: /windows-server/remote/remote-access/directaccess/directaccess +[WINS-2]: /windows-server/remote/remote-access/vpn/always-on-vpn/ From 1bdd74ccc0f54c6dbd765ceaea3c0b29152758c9 Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Thu, 4 May 2023 11:02:24 -0400 Subject: [PATCH 091/258] updates --- .../identity-protection/remote-credential-guard.md | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/windows/security/identity-protection/remote-credential-guard.md b/windows/security/identity-protection/remote-credential-guard.md index b0e29cd0e4..c492d78079 100644 --- a/windows/security/identity-protection/remote-credential-guard.md +++ b/windows/security/identity-protection/remote-credential-guard.md @@ -20,9 +20,7 @@ Introduced in Windows 10, version 1607, Windows Defender Remote Credential Guard Administrator credentials are highly privileged and must be protected. By using Windows Defender Remote Credential Guard to connect during Remote Desktop sessions, if the target device is compromised, your credentials are not exposed because both credential and credential derivatives are never passed over the network to the target device. > [!IMPORTANT] -> For information on Remote Desktop connection scenarios involving helpdesk support, see [Remote Desktop connections and helpdesk support scenarios](#helpdesk) in this article. - - +> For information on Remote Desktop connection scenarios involving helpdesk support, see [Remote Desktop connections and helpdesk support scenarios](#remote-desktop-connections-and-helpdesk-support-scenarios) in this article. ## Comparing Windows Defender Remote Credential Guard with other Remote Desktop connection options @@ -126,10 +124,10 @@ Beginning with Windows 10 version 1703, you can enable Windows Defender Remote C > [!NOTE] > Neither Windows Defender Remote Credential Guard nor Restricted Admin mode will send credentials in clear text to the Remote Desktop server. - > When **Restrict Credential Delegation** is enabled, the /restrictedAdmin switch will be ignored. Windows will enforce the policy configuration instead and will use Windows Defender Remote Credential Guard. + > When **Restrict Credential Delegation** is enabled, the /restrictedAdmin switch will be ignored. Windows will enforce the policy configuration instead and will use Windows Defender Remote Credential Guard. - - If you want to require Windows Defender Remote Credential Guard, choose **Require Remote Credential Guard**. With this setting, a Remote Desktop connection will succeed only if the remote computer meets the [requirements](#reqs) listed earlier in this topic. - - If you want to require Restricted Admin mode, choose **Require Restricted Admin**. For information about Restricted Admin mode, see the table in [Comparing Windows Defender Remote Credential Guard with other Remote Desktop connection options](#comparing-remote-credential-guard-with-other-remote-desktop-connection-options), earlier in this topic. + - If you want to require Windows Defender Remote Credential Guard, choose **Require Remote Credential Guard**. With this setting, a Remote Desktop connection will succeed only if the remote computer meets the [requirements](#remote-credential-guard-requirements) listed earlier in this topic. + - If you want to require Restricted Admin mode, choose **Require Restricted Admin**. For information about Restricted Admin mode, see the table in [Comparing Windows Defender Remote Credential Guard with other Remote Desktop connection options](#comparing-windows-defender-remote-credential-guard-with-other-remote-desktop-connection-options), earlier in this topic. 1. Click **OK** 1. Close the Group Policy Management Console From 4c12435368ca5875d6c8e296019f5484afecab50 Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Thu, 4 May 2023 14:51:07 -0400 Subject: [PATCH 092/258] update intro articles --- .../licensing/36-months-support-period.md | 22 +++ includes/licensing/_edition-requirements.md | 19 ++- includes/licensing/_licensing-requirements.md | 157 ++++++++++-------- .../licensing/access-control-aclsscals.md | 4 +- includes/licensing/account-lockout-policy.md | 4 +- .../licensing/always-on-vpn-device-tunnel.md | 4 +- includes/licensing/applocker.md | 22 +++ .../licensing/assigned-access-kiosk-mode.md | 4 +- .../licensing/attack-surface-reduction-asr.md | 4 +- ...d-azure-ad-join-with-single-sign-on-sso.md | 4 +- includes/licensing/bitlocker.md | 4 +- ...tooth-pairing-and-connection-protection.md | 4 +- .../common-criteria-certifications.md | 4 +- .../licensing/controlled-folder-access.md | 4 +- .../device-health-attestation-service.md | 4 +- ...pdate-compatibility-reports-with-intune.md | 22 +++ includes/licensing/direct-access.md | 4 +- includes/licensing/email-encryption-smime.md | 4 +- includes/licensing/encrypted-hard-drive.md | 4 +- includes/licensing/endpoint-analytics.md | 22 +++ ...ed-phishing-protection-with-smartscreen.md | 4 +- includes/licensing/exploit-protection.md | 4 +- ...fast-identity-online-fido2-security-key.md | 4 +- ...processing-standard-fips-140-validation.md | 4 +- includes/licensing/federated-sign-in.md | 6 +- .../hardware-enforced-stack-protection.md | 4 +- ...ypervisor-protected-code-integrity-hvci.md | 4 +- ...nel-direct-memory-access-dma-protection.md | 4 +- ...local-security-authority-lsa-protection.md | 4 +- ...-device-management-mdm-and-group-policy.md | 4 +- includes/licensing/measured-boot.md | 4 +- .../microsoft-connected-cache-mcc.md | 22 +++ .../licensing/microsoft-defender-antivirus.md | 4 +- ...pplication-guard-mdag-configure-via-mdm.md | 4 +- ...terprise-mode-and-enterprise-management.md | 4 +- ...ion-guard-mdag-for-edge-standalone-mode.md | 4 +- ...ication-guard-mdag-for-microsoft-office.md | 4 +- ...nder-application-guard-mdag-public-apis.md | 4 +- .../microsoft-defender-for-endpoint.md | 4 +- .../microsoft-defender-smartscreen.md | 4 +- ...icrosoft-desktop-optimization-pack-mdop.md | 22 +++ .../microsoft-pluton-security-processor.md | 4 +- .../microsoft-vulnerable-driver-blocklist.md | 4 +- .../opportunistic-wireless-encryption-owe.md | 4 +- .../organizational-messages-with-intune.md | 22 +++ .../licensing/personal-data-encryption-pde.md | 4 +- includes/licensing/privacy-resource-usage.md | 4 +- .../privacy-transparency-and-controls.md | 4 +- includes/licensing/remote-wipe.md | 4 +- .../licensing/secure-boot-and-trusted-boot.md | 4 +- .../secured-core-configuration-lock.md | 4 +- includes/licensing/secured-core-pc.md | 4 +- includes/licensing/security-baselines.md | 4 +- .../server-message-block-direct-smb-direct.md | 4 +- .../server-message-block-smb-file-service.md | 4 +- includes/licensing/smart-app-control.md | 4 +- .../smart-cards-for-windows-service.md | 4 +- includes/licensing/start-menu-and-taskbar.md | 22 +++ .../tamper-protection-settings-for-mde.md | 4 +- .../licensing/transport-layer-security-tls.md | 4 +- .../trusted-platform-module-tpm-20.md | 4 +- includes/licensing/universal-print.md | 4 +- .../licensing/user-account-control-uac.md | 4 +- .../licensing/virtual-private-network-vpn.md | 4 +- .../virtualization-based-security-vbs.md | 4 +- .../virtualization-rights-vda-avd-and-w365.md | 22 +++ includes/licensing/wifi-security.md | 4 +- includes/licensing/windows-autopatch.md | 4 +- includes/licensing/windows-autopilot.md | 4 +- includes/licensing/windows-containers.md | 4 +- ...ndows-defender-application-control-wdac.md | 4 +- .../windows-defender-credential-guard.md | 4 +- ...indows-defender-remote-credential-guard.md | 4 +- .../windows-defender-system-guard.md | 4 +- ...eature-and-expedite-updates-with-intune.md | 22 +++ includes/licensing/windows-firewall.md | 4 +- ...-business-enhanced-security-sign-in-ess.md | 4 +- .../licensing/windows-hello-for-business.md | 4 +- includes/licensing/windows-laps.md | 4 +- .../licensing/windows-presence-sensing.md | 4 +- includes/licensing/windows-sandbox.md | 4 +- ...s-security-policy-settings-and-auditing.md | 4 +- .../windows-subscription-activation.md | 22 +++ ...-update-for-business-deployment-service.md | 22 +++ .../licensing/windows-update-for-business.md | 22 +++ windows/security/TOC.yml | 4 +- windows/security/introduction/index.md | 41 +++-- .../security-features-edition-requirements.md | 15 +- ...ecurity-features-licensing-requirements.md | 14 +- 89 files changed, 570 insertions(+), 248 deletions(-) create mode 100644 includes/licensing/36-months-support-period.md create mode 100644 includes/licensing/applocker.md create mode 100644 includes/licensing/device-readiness-and-update-compatibility-reports-with-intune.md create mode 100644 includes/licensing/endpoint-analytics.md create mode 100644 includes/licensing/microsoft-connected-cache-mcc.md create mode 100644 includes/licensing/microsoft-desktop-optimization-pack-mdop.md create mode 100644 includes/licensing/organizational-messages-with-intune.md create mode 100644 includes/licensing/start-menu-and-taskbar.md create mode 100644 includes/licensing/virtualization-rights-vda-avd-and-w365.md create mode 100644 includes/licensing/windows-feature-and-expedite-updates-with-intune.md create mode 100644 includes/licensing/windows-subscription-activation.md create mode 100644 includes/licensing/windows-update-for-business-deployment-service.md create mode 100644 includes/licensing/windows-update-for-business.md diff --git a/includes/licensing/36-months-support-period.md b/includes/licensing/36-months-support-period.md new file mode 100644 index 0000000000..4208a1cc6c --- /dev/null +++ b/includes/licensing/36-months-support-period.md @@ -0,0 +1,22 @@ +--- +author: paolomatarazzo +ms.author: paoloma +ms.date: 05/04/2023 +ms.topic: include +--- + +## Windows edition and licensing requirements + +The following table lists the Windows editions that support 36 months support period: + +|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education| +|:---:|:---:|:---:|:---:| +|No|Yes|No|Yes| + +36 months support period license entitlements are granted by the following licenses: + +|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| +|:---:|:---:|:---:|:---:|:---:| +||Yes|Yes|Yes|Yes| + +For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/_edition-requirements.md b/includes/licensing/_edition-requirements.md index ba1ba8a093..2471a1b7f5 100644 --- a/includes/licensing/_edition-requirements.md +++ b/includes/licensing/_edition-requirements.md @@ -1,17 +1,17 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/02/2023 +ms.date: 05/04/2023 ms.topic: include --- -The following table lists the security features that are available in Windows, and the Windows editions that support them: - | Feature name | Windows Pro | Windows Enterprise | Windows Pro Education/SE | Windows Education | |:---|:---:|:---:|:---:|:---:| +|**[36 months support period](/lifecycle/products/windows-11-enterprise-and-education)**|❌|Yes|❌|Yes| |**[Access Control (ACLs/SCALS)](/windows/security/identity-protection/access-control/access-control)**|Yes|Yes|Yes|Yes| |**[Account Lockout Policy](/windows/security/threat-protection/security-policy-settings/account-lockout-policy)**|Yes|Yes|Yes|Yes| |**[Always On VPN (device tunnel)](/windows-server/remote/remote-access/vpn/always-on-vpn/)**|❌|Yes|❌|Yes| +|**[AppLocker](/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview)**|Yes|Yes|Yes|Yes| |**[Assigned Access (kiosk mode)](/windows/configuration/kiosk-methods)**|Yes|Yes|Yes|Yes| |**[Attack surface reduction (ASR)](/microsoft-365/security/defender-endpoint/overview-attack-surface-reduction)**|Yes|Yes|Yes|Yes| |**[Azure AD join, Active Directory domain join, and Hybrid Azure AD join with single sign-on (SSO)](/azure/active-directory/devices/concept-azure-ad-join)**|Yes|Yes|Yes|Yes| @@ -20,9 +20,11 @@ The following table lists the security features that are available in Windows, a |**[Common Criteria certifications](/windows/security/threat-protection/windows-platform-common-criteria)**|Yes|Yes|Yes|Yes| |**[Controlled folder access](/microsoft-365/security/defender-endpoint/controlled-folders)**|Yes|Yes|Yes|Yes| |**[Device health attestation service](/windows/security/threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices)**|Yes|Yes|Yes|Yes| +|**[Device readiness and update compatibility reports with Intune](/mem/intune/protect/windows-update-compatibility-reports)**|Yes|Yes|Yes|Yes| |**[Direct Access](/windows-server/remote/remote-access/directaccess/directaccess)**|❌|Yes|❌|Yes| |**[Email Encryption (S/MIME)](/windows/security/identity-protection/configure-s-mime)**|Yes|Yes|Yes|Yes| |**[Encrypted hard drive](/windows/security/information-protection/encrypted-hard-drive)**|Yes|Yes|Yes|Yes| +|**[Endpoint Analytics](/mem/analytics/overview)**|Yes|Yes|Yes|Yes| |**[Enhanced phishing protection with SmartScreen](/windows/security/threat-protection/microsoft-defender-smartscreen/phishing-protection-microsoft-defender-smartscreen)**|Yes|Yes|Yes|Yes| |**[Exploit protection](/microsoft-365/security/defender-endpoint/exploit-protection)**|Yes|Yes|Yes|Yes| |**[Fast Identity Online (FIDO2) security key](/azure/active-directory/authentication/howto-authentication-passwordless-security-key)**|Yes|Yes|Yes|Yes| @@ -32,8 +34,9 @@ The following table lists the security features that are available in Windows, a |**[Hypervisor-protected Code Integrity (HVCI)](/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity)**|Yes|Yes|Yes|Yes| |**[Kernel Direct Memory Access (DMA) protection](/windows/security/information-protection/kernel-dma-protection-for-thunderbolt)**|Yes|Yes|Yes|Yes| |**Local Security Authority (LSA) Protection**|Yes|Yes|Yes|Yes| -|**[Manage by Mobile Device Management (MDM) and group policy](/windows/client-management/mdm/mdm-overview)**|Yes|Yes|Yes|Yes| +|**[Manage by Mobile Device Management (MDM) and group policy](/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines)**|Yes|Yes|Yes|Yes| |**[Measured boot](/windows/compatibility/measured-boot)**|Yes|Yes|Yes|Yes| +|**[Microsoft Connected Cache (MCC)](/windows/deployment/do/mcc-enterprise-prerequisites)**|❌|❌|❌|❌| |**[Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows)**|Yes|Yes|Yes|Yes| |**[Microsoft Defender Application Guard (MDAG) configure via MDM](/windows/client-management/mdm/windowsdefenderapplicationguard-csp)**|❌|Yes|❌|Yes| |**[Microsoft Defender Application Guard (MDAG) for Edge enterprise mode and enterprise management](/deployedge/microsoft-edge-security-windows-defender-application-guard)**|❌|Yes|❌|Yes| @@ -42,9 +45,11 @@ The following table lists the security features that are available in Windows, a |**Microsoft Defender Application Guard (MDAG) public APIs**|❌|Yes|❌|Yes| |**[Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint)**|Yes|Yes|Yes|Yes| |**[Microsoft Defender SmartScreen](/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview)**|Yes|Yes|Yes|Yes| +|**[Microsoft Desktop Optimization Pack (MDOP)](/microsoft-desktop-optimization-pack)**|Yes|Yes|Yes|Yes| |**[Microsoft Pluton security processor](/windows/security/information-protection/pluton/microsoft-pluton-security-processor)**|Yes|Yes|Yes|Yes| |**[Microsoft Vulnerable Driver Blocklist](/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules)**|Yes|Yes|Yes|Yes| |**Opportunistic Wireless Encryption (OWE)**|Yes|Yes|Yes|Yes| +|**[Organizational messages with Intune](/mem/intune/remote-actions/organizational-messages-overview)**|❌|Yes|❌|Yes| |**[Personal data encryption (PDE)](/windows/security/information-protection/personal-data-encryption/overview-pde)**|❌|Yes|❌|Yes| |**Privacy Resource Usage**|Yes|Yes|Yes|Yes| |**Privacy Transparency and Controls**|Yes|Yes|Yes|Yes| @@ -57,12 +62,14 @@ The following table lists the security features that are available in Windows, a |**[Server Message Block Direct (SMB Direct)](/windows-server/storage/file-server/smb-direct)**|Yes|Yes|Yes|Yes| |**[Smart App Control](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control)**|Yes|Yes|Yes|Yes| |**[Smart Cards for Windows Service](/windows/security/identity-protection/smart-cards/smart-card-smart-cards-for-windows-service)**|Yes|Yes|Yes|Yes| +|**Start menu and taskbar**|Yes|Yes|Yes|Yes| |**[Tamper protection settings for MDE](/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection)**|Yes|Yes|Yes|Yes| |**[Transport layer security (TLS)](/windows-server/security/tls/tls-ssl-schannel-ssp-overview)**|Yes|Yes|Yes|Yes| |**[Trusted Platform Module (TPM) 2.0](/windows/security/information-protection/tpm/trusted-platform-module-overview)**|Yes|Yes|Yes|Yes| |**[Universal Print](/universal-print/)**|Yes|Yes|Yes|Yes| |**[User Account Control (UAC)](/windows/security/identity-protection/user-account-control/user-account-control-overview)**|Yes|Yes|Yes|Yes| |**[Virtual Private Network (VPN)](/windows/security/identity-protection/vpn/vpn-guide)**|Yes|Yes|Yes|Yes| +|**[Virtualization rights (VDA, AVD and W365)](/azure/virtual-desktop/prerequisites%23operating-systems-and-licenses)**|❌|Yes|❌|Yes| |**[Virtualization-based security (VBS)](/windows-hardware/design/device-experiences/oem-vbs)**|Yes|Yes|Yes|Yes| |**[WiFi Security](https://support.microsoft.com/windows/faster-and-more-secure-wi-fi-in-windows-26177a28-38ed-1a8e-7eca-66f24dc63f09)**|Yes|Yes|Yes|Yes| |**[Windows Autopatch](/windows/deployment/windows-autopatch/)**|❌|Yes|❌|Yes| @@ -72,6 +79,7 @@ The following table lists the security features that are available in Windows, a |**[Windows Defender Credential Guard](/windows/security/identity-protection/credential-guard/credential-guard)**|❌|Yes|❌|Yes| |**[Windows Defender Remote Credential Guard](/windows/security/identity-protection/remote-credential-guard)**|Yes|Yes|Yes|Yes| |**[Windows Defender System Guard](/windows/security/threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows)**|Yes|Yes|Yes|Yes| +|**[Windows feature and expedite updates with Intune](/mem/intune/protect/windows-10-feature-updates)**|Yes|Yes|Yes|Yes| |**[Windows Firewall](/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security)**|Yes|Yes|Yes|Yes| |**[Windows Hello for Business](/windows/security/identity-protection/hello-for-business)**|Yes|Yes|Yes|Yes| |**[Windows Hello for Business Enhanced Security Sign-in (ESS)](/windows-hardware/design/device-experiences/windows-hello-enhanced-sign-in-security)**|Yes|Yes|Yes|Yes| @@ -79,3 +87,6 @@ The following table lists the security features that are available in Windows, a |**[Windows presence sensing](https://support.microsoft.com/windows/wake-your-windows-11-pc-when-you-approach-82285c93-440c-4e15-9081-c9e38c1290bb)**|Yes|Yes|Yes|Yes| |**[Windows Sandbox](/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview)**|Yes|Yes|Yes|Yes| |**[Windows Security policy settings and auditing](/windows/security/threat-protection/security-policy-settings/security-policy-settings)**|Yes|Yes|Yes|Yes| +|**[Windows subscription activation](/windows/deployment/windows-10-subscription-activation)**|Yes|Yes|Yes|Yes| +|**[Windows Update for Business](/windows/deployment/update/waas-manage-updates-wufb)**|Yes|Yes|Yes|Yes| +|**[Windows Update for Business deployment service](/windows/deployment/update/deployment-service-overview)**|Yes|Yes|Yes|Yes| diff --git a/includes/licensing/_licensing-requirements.md b/includes/licensing/_licensing-requirements.md index afa913f660..6035077e87 100644 --- a/includes/licensing/_licensing-requirements.md +++ b/includes/licensing/_licensing-requirements.md @@ -1,81 +1,92 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/02/2023 +ms.date: 05/04/2023 ms.topic: include --- -The following table lists the security features that are available in Windows, and the licensing requirements to use them: - |Feature name|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---|:---:|:---:|:---:|:---:|:---:| -|**[Access Control (ACLs/SCALS)](/windows/security/identity-protection/access-control/access-control)**|Yes|Yes|Yes|Yes|Yes| -|**[Account Lockout Policy](/windows/security/threat-protection/security-policy-settings/account-lockout-policy)**|Yes|Yes|Yes|Yes|Yes| -|**[Always On VPN (device tunnel)](/windows-server/remote/remote-access/vpn/always-on-vpn/)**|❌|Yes|Yes|Yes|Yes| -|**[Assigned Access (kiosk mode)](/windows/configuration/kiosk-methods)**|Yes|Yes|Yes|Yes|Yes| -|**[Attack surface reduction (ASR)](/microsoft-365/security/defender-endpoint/overview-attack-surface-reduction)**|Yes|Yes|Yes|Yes|Yes| -|**[Azure AD join, Active Directory domain join, and Hybrid Azure AD join with single sign-on (SSO)](/azure/active-directory/devices/concept-azure-ad-join)**|Yes|Yes|Yes|Yes|Yes| -|**[BitLocker](/windows/security/information-protection/bitlocker/bitlocker-overview)**|Yes|Yes|Yes|Yes|Yes| -|**Bluetooth pairing and connection protection**|Yes|Yes|Yes|Yes|Yes| -|**[Common Criteria certifications](/windows/security/threat-protection/windows-platform-common-criteria)**|Yes|Yes|Yes|Yes|Yes| -|**[Controlled folder access](/microsoft-365/security/defender-endpoint/controlled-folders)**|Yes|Yes|Yes|Yes|Yes| -|**[Device health attestation service](/windows/security/threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices)**|Yes|Yes|Yes|Yes|Yes| -|**[Direct Access](/windows-server/remote/remote-access/directaccess/directaccess)**|❌|Yes|Yes|Yes|Yes| -|**[Email Encryption (S/MIME)](/windows/security/identity-protection/configure-s-mime)**|Yes|Yes|Yes|Yes|Yes| -|**[Encrypted hard drive](/windows/security/information-protection/encrypted-hard-drive)**|Yes|Yes|Yes|Yes|Yes| -|**[Enhanced phishing protection with SmartScreen](/windows/security/threat-protection/microsoft-defender-smartscreen/phishing-protection-microsoft-defender-smartscreen)**|Yes|Yes|Yes|Yes|Yes| -|**[Exploit protection](/microsoft-365/security/defender-endpoint/exploit-protection)**|Yes|Yes|Yes|Yes|Yes| -|**[Fast Identity Online (FIDO2) security key](/azure/active-directory/authentication/howto-authentication-passwordless-security-key)**|Yes|Yes|Yes|Yes|Yes| -|**[Federal Information Processing Standard (FIPS) 140 validation](/windows/security/threat-protection/fips-140-validation)**|Yes|Yes|Yes|Yes|Yes| -|**[Federated sign-in](/education/windows/federated-sign-in)**|❌|❌|❌|Yes|Yes| -|**[Hardware-enforced stack protection](https://techcommunity.microsoft.com/t5/windows-os-platform-blog/understanding-hardware-enforced-stack-protection/ba-p/1247815)**|Yes|Yes|Yes|Yes|Yes| -|**[Hypervisor-protected Code Integrity (HVCI)](/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity)**|Yes|Yes|Yes|Yes|Yes| -|**[Kernel Direct Memory Access (DMA) protection](/windows/security/information-protection/kernel-dma-protection-for-thunderbolt)**|Yes|Yes|Yes|Yes|Yes| -|**Local Security Authority (LSA) Protection**|Yes|Yes|Yes|Yes|Yes| -|**[Manage by Mobile Device Management (MDM) and group policy](/windows/client-management/mdm/mdm-overview)**|Yes|Yes|Yes|Yes|Yes| -|**[Measured boot](/windows/compatibility/measured-boot)**|Yes|Yes|Yes|Yes|Yes| -|**[Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows)**|Yes|Yes|Yes|Yes|Yes| -|**[Microsoft Defender Application Guard (MDAG) configure via MDM](/windows/client-management/mdm/windowsdefenderapplicationguard-csp)**|❌|Yes|Yes|Yes|Yes| -|**[Microsoft Defender Application Guard (MDAG) for Edge enterprise mode and enterprise management](/deployedge/microsoft-edge-security-windows-defender-application-guard)**|❌|Yes|Yes|Yes|Yes| -|**[Microsoft Defender Application Guard (MDAG) for Edge standalone mode](/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview)**|Yes|Yes|Yes|Yes|Yes| -|**[Microsoft Defender Application Guard (MDAG) for Microsoft Office](https://support.microsoft.com/office/application-guard-for-office-9e0fb9c2-ffad-43bf-8ba3-78f785fdba46)**|❌|❌|❌|❌|❌| -|**Microsoft Defender Application Guard (MDAG) public APIs**|❌|Yes|Yes|Yes|Yes| -|**[Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint)**|❌|❌|Yes|❌|Yes| -|**[Microsoft Defender SmartScreen](/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview)**|Yes|Yes|Yes|Yes|Yes| -|**[Microsoft Pluton security processor](/windows/security/information-protection/pluton/microsoft-pluton-security-processor)**|Yes|Yes|Yes|Yes|Yes| -|**[Microsoft Vulnerable Driver Blocklist](/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules)**|Yes|Yes|Yes|Yes|Yes| -|**Opportunistic Wireless Encryption (OWE)**|Yes|Yes|Yes|Yes|Yes| -|**[Personal data encryption (PDE)](/windows/security/information-protection/personal-data-encryption/overview-pde)**|❌|Yes|Yes|Yes|Yes| -|**Privacy Resource Usage**|Yes|Yes|Yes|Yes|Yes| -|**Privacy Transparency and Controls**|Yes|Yes|Yes|Yes|Yes| -|**[Remote wipe](/windows/client-management/mdm/remotewipe-csp)**|Yes|Yes|Yes|Yes|Yes| -|**[Secure Boot and Trusted Boot](/windows/security/trusted-boot)**|Yes|Yes|Yes|Yes|Yes| -|**[Secured-core configuration lock](/windows/client-management/config-lock)**|Yes|Yes|Yes|Yes|Yes| -|**[Secured-core PC](/windows-hardware/design/device-experiences/oem-highly-secure-11)**|Yes|Yes|Yes|Yes|Yes| -|**[Security baselines](/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines)**|Yes|Yes|Yes|Yes|Yes| -|**[Server Message Block (SMB) file service](/windows-server/storage/file-server/file-server-smb-overview)**|Yes|Yes|Yes|Yes|Yes| -|**[Server Message Block Direct (SMB Direct)](/windows-server/storage/file-server/smb-direct)**|Yes|Yes|Yes|Yes|Yes| -|**[Smart App Control](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control)**|Yes|Yes|Yes|Yes|Yes| -|**[Smart Cards for Windows Service](/windows/security/identity-protection/smart-cards/smart-card-smart-cards-for-windows-service)**|Yes|Yes|Yes|Yes|Yes| -|**[Tamper protection settings for MDE](/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection)**|Yes|Yes|Yes|Yes|Yes| -|**[Transport layer security (TLS)](/windows-server/security/tls/tls-ssl-schannel-ssp-overview)**|Yes|Yes|Yes|Yes|Yes| -|**[Trusted Platform Module (TPM) 2.0](/windows/security/information-protection/tpm/trusted-platform-module-overview)**|Yes|Yes|Yes|Yes|Yes| -|**[Universal Print](/universal-print/)**|❌|Yes|Yes|Yes|Yes| -|**[User Account Control (UAC)](/windows/security/identity-protection/user-account-control/user-account-control-overview)**|Yes|Yes|Yes|Yes|Yes| -|**[Virtual Private Network (VPN)](/windows/security/identity-protection/vpn/vpn-guide)**|Yes|Yes|Yes|Yes|Yes| -|**[Virtualization-based security (VBS)](/windows-hardware/design/device-experiences/oem-vbs)**|Yes|Yes|Yes|Yes|Yes| -|**[WiFi Security](https://support.microsoft.com/windows/faster-and-more-secure-wi-fi-in-windows-26177a28-38ed-1a8e-7eca-66f24dc63f09)**|Yes|Yes|Yes|Yes|Yes| -|**[Windows Autopatch](/windows/deployment/windows-autopatch/)**|❌|Yes|Yes|❌|❌| -|**[Windows Autopilot](/windows/deployment/windows-autopilot)**|Yes|Yes|Yes|Yes|Yes| -|**[Windows containers](/virtualization/windowscontainers/about/)**|Yes|Yes|Yes|Yes|Yes| -|**[Windows Defender Application Control (WDAC)](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control)**|Yes|Yes|Yes|Yes|Yes| -|**[Windows Defender Credential Guard](/windows/security/identity-protection/credential-guard/credential-guard)**|❌|Yes|Yes|Yes|Yes| -|**[Windows Defender Remote Credential Guard](/windows/security/identity-protection/remote-credential-guard)**|Yes|Yes|Yes|Yes|Yes| -|**[Windows Defender System Guard](/windows/security/threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows)**|Yes|Yes|Yes|Yes|Yes| -|**[Windows Firewall](/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security)**|Yes|Yes|Yes|Yes|Yes| -|**[Windows Hello for Business](/windows/security/identity-protection/hello-for-business)**|Yes|Yes|Yes|Yes|Yes| -|**[Windows Hello for Business Enhanced Security Sign-in (ESS)](/windows-hardware/design/device-experiences/windows-hello-enhanced-sign-in-security)**|Yes|Yes|Yes|Yes|Yes| -|**[Windows LAPS](/windows-server/identity/laps/laps-overview)**|Yes|Yes|Yes|Yes|Yes| -|**[Windows presence sensing](https://support.microsoft.com/windows/wake-your-windows-11-pc-when-you-approach-82285c93-440c-4e15-9081-c9e38c1290bb)**|Yes|Yes|Yes|Yes|Yes| -|**[Windows Sandbox](/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview)**|Yes|Yes|Yes|Yes|Yes| -|**[Windows Security policy settings and auditing](/windows/security/threat-protection/security-policy-settings/security-policy-settings)**|Yes|Yes|Yes|Yes|Yes| +|**[36 months support period](/lifecycle/products/windows-11-enterprise-and-education)**||Yes|Yes|Yes|Yes| +|**[Access Control (ACLs/SCALS)](/windows/security/identity-protection/access-control/access-control)**||Yes|Yes|Yes|Yes| +|**[Account Lockout Policy](/windows/security/threat-protection/security-policy-settings/account-lockout-policy)**||Yes|Yes|Yes|Yes| +|**[Always On VPN (device tunnel)](/windows-server/remote/remote-access/vpn/always-on-vpn/)**||Yes|Yes|Yes|Yes| +|**[AppLocker](/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview)**||Yes|Yes|Yes|Yes| +|**[Assigned Access (kiosk mode)](/windows/configuration/kiosk-methods)**||Yes|Yes|Yes|Yes| +|**[Attack surface reduction (ASR)](/microsoft-365/security/defender-endpoint/overview-attack-surface-reduction)**||Yes|Yes|Yes|Yes| +|**[Azure AD join, Active Directory domain join, and Hybrid Azure AD join with single sign-on (SSO)](/azure/active-directory/devices/concept-azure-ad-join)**||Yes|Yes|Yes|Yes| +|**[BitLocker](/windows/security/information-protection/bitlocker/bitlocker-overview)**||Yes|Yes|Yes|Yes| +|**Bluetooth pairing and connection protection**||Yes|Yes|Yes|Yes| +|**[Common Criteria certifications](/windows/security/threat-protection/windows-platform-common-criteria)**||Yes|Yes|Yes|Yes| +|**[Controlled folder access](/microsoft-365/security/defender-endpoint/controlled-folders)**||Yes|Yes|Yes|Yes| +|**[Device health attestation service](/windows/security/threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices)**||Yes|Yes|Yes|Yes| +|**[Device readiness and update compatibility reports with Intune](/mem/intune/protect/windows-update-compatibility-reports)**||Yes|Yes|Yes|Yes| +|**[Direct Access](/windows-server/remote/remote-access/directaccess/directaccess)**||Yes|Yes|Yes|Yes| +|**[Email Encryption (S/MIME)](/windows/security/identity-protection/configure-s-mime)**||Yes|Yes|Yes|Yes| +|**[Encrypted hard drive](/windows/security/information-protection/encrypted-hard-drive)**||Yes|Yes|Yes|Yes| +|**[Endpoint Analytics](/mem/analytics/overview)**||Yes|Yes|Yes|Yes| +|**[Enhanced phishing protection with SmartScreen](/windows/security/threat-protection/microsoft-defender-smartscreen/phishing-protection-microsoft-defender-smartscreen)**||Yes|Yes|Yes|Yes| +|**[Exploit protection](/microsoft-365/security/defender-endpoint/exploit-protection)**||Yes|Yes|Yes|Yes| +|**[Fast Identity Online (FIDO2) security key](/azure/active-directory/authentication/howto-authentication-passwordless-security-key)**||Yes|Yes|Yes|Yes| +|**[Federal Information Processing Standard (FIPS) 140 validation](/windows/security/threat-protection/fips-140-validation)**||Yes|Yes|Yes|Yes| +|**[Federated sign-in](/education/windows/federated-sign-in)**||❌|❌|Yes|Yes| +|**[Hardware-enforced stack protection](https://techcommunity.microsoft.com/t5/windows-os-platform-blog/understanding-hardware-enforced-stack-protection/ba-p/1247815)**||Yes|Yes|Yes|Yes| +|**[Hypervisor-protected Code Integrity (HVCI)](/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity)**||Yes|Yes|Yes|Yes| +|**[Kernel Direct Memory Access (DMA) protection](/windows/security/information-protection/kernel-dma-protection-for-thunderbolt)**||Yes|Yes|Yes|Yes| +|**Local Security Authority (LSA) Protection**||Yes|Yes|Yes|Yes| +|**[Manage by Mobile Device Management (MDM) and group policy](/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines)**||Yes|Yes|Yes|Yes| +|**[Measured boot](/windows/compatibility/measured-boot)**||Yes|Yes|Yes|Yes| +|**[Microsoft Connected Cache (MCC)](/windows/deployment/do/mcc-enterprise-prerequisites)**||❌|❌|❌|❌| +|**[Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows)**||Yes|Yes|Yes|Yes| +|**[Microsoft Defender Application Guard (MDAG) configure via MDM](/windows/client-management/mdm/windowsdefenderapplicationguard-csp)**||Yes|Yes|Yes|Yes| +|**[Microsoft Defender Application Guard (MDAG) for Edge enterprise mode and enterprise management](/deployedge/microsoft-edge-security-windows-defender-application-guard)**||Yes|Yes|Yes|Yes| +|**[Microsoft Defender Application Guard (MDAG) for Edge standalone mode](/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview)**||Yes|Yes|Yes|Yes| +|**[Microsoft Defender Application Guard (MDAG) for Microsoft Office](https://support.microsoft.com/office/application-guard-for-office-9e0fb9c2-ffad-43bf-8ba3-78f785fdba46)**||❌|❌|❌|❌| +|**Microsoft Defender Application Guard (MDAG) public APIs**||Yes|Yes|Yes|Yes| +|**[Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint)**||❌|Yes|❌|Yes| +|**[Microsoft Defender SmartScreen](/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview)**||Yes|Yes|Yes|Yes| +|**[Microsoft Desktop Optimization Pack (MDOP)](/microsoft-desktop-optimization-pack)**||Yes|Yes|Yes|Yes| +|**[Microsoft Pluton security processor](/windows/security/information-protection/pluton/microsoft-pluton-security-processor)**||Yes|Yes|Yes|Yes| +|**[Microsoft Vulnerable Driver Blocklist](/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules)**||Yes|Yes|Yes|Yes| +|**Opportunistic Wireless Encryption (OWE)**||Yes|Yes|Yes|Yes| +|**[Organizational messages with Intune](/mem/intune/remote-actions/organizational-messages-overview)**||Yes|Yes|Yes|Yes| +|**[Personal data encryption (PDE)](/windows/security/information-protection/personal-data-encryption/overview-pde)**||Yes|Yes|Yes|Yes| +|**Privacy Resource Usage**||Yes|Yes|Yes|Yes| +|**Privacy Transparency and Controls**||Yes|Yes|Yes|Yes| +|**[Remote wipe](/windows/client-management/mdm/remotewipe-csp)**||Yes|Yes|Yes|Yes| +|**[Secure Boot and Trusted Boot](/windows/security/trusted-boot)**||Yes|Yes|Yes|Yes| +|**[Secured-core configuration lock](/windows/client-management/config-lock)**||Yes|Yes|Yes|Yes| +|**[Secured-core PC](/windows-hardware/design/device-experiences/oem-highly-secure-11)**||Yes|Yes|Yes|Yes| +|**[Security baselines](/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines)**||Yes|Yes|Yes|Yes| +|**[Server Message Block (SMB) file service](/windows-server/storage/file-server/file-server-smb-overview)**||Yes|Yes|Yes|Yes| +|**[Server Message Block Direct (SMB Direct)](/windows-server/storage/file-server/smb-direct)**||Yes|Yes|Yes|Yes| +|**[Smart App Control](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control)**||Yes|Yes|Yes|Yes| +|**[Smart Cards for Windows Service](/windows/security/identity-protection/smart-cards/smart-card-smart-cards-for-windows-service)**||Yes|Yes|Yes|Yes| +|**Start menu and taskbar**||Yes|Yes|Yes|Yes| +|**[Tamper protection settings for MDE](/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection)**||Yes|Yes|Yes|Yes| +|**[Transport layer security (TLS)](/windows-server/security/tls/tls-ssl-schannel-ssp-overview)**||Yes|Yes|Yes|Yes| +|**[Trusted Platform Module (TPM) 2.0](/windows/security/information-protection/tpm/trusted-platform-module-overview)**||Yes|Yes|Yes|Yes| +|**[Universal Print](/universal-print/)**||Yes|Yes|Yes|Yes| +|**[User Account Control (UAC)](/windows/security/identity-protection/user-account-control/user-account-control-overview)**||Yes|Yes|Yes|Yes| +|**[Virtual Private Network (VPN)](/windows/security/identity-protection/vpn/vpn-guide)**||Yes|Yes|Yes|Yes| +|**[Virtualization rights (VDA, AVD and W365)](/azure/virtual-desktop/prerequisites%23operating-systems-and-licenses)**||Yes|Yes|Yes|Yes| +|**[Virtualization-based security (VBS)](/windows-hardware/design/device-experiences/oem-vbs)**||Yes|Yes|Yes|Yes| +|**[WiFi Security](https://support.microsoft.com/windows/faster-and-more-secure-wi-fi-in-windows-26177a28-38ed-1a8e-7eca-66f24dc63f09)**||Yes|Yes|Yes|Yes| +|**[Windows Autopatch](/windows/deployment/windows-autopatch/)**||Yes|Yes|❌|❌| +|**[Windows Autopilot](/windows/deployment/windows-autopilot)**||Yes|Yes|Yes|Yes| +|**[Windows containers](/virtualization/windowscontainers/about/)**||Yes|Yes|Yes|Yes| +|**[Windows Defender Application Control (WDAC)](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control)**||Yes|Yes|Yes|Yes| +|**[Windows Defender Credential Guard](/windows/security/identity-protection/credential-guard/credential-guard)**||Yes|Yes|Yes|Yes| +|**[Windows Defender Remote Credential Guard](/windows/security/identity-protection/remote-credential-guard)**||Yes|Yes|Yes|Yes| +|**[Windows Defender System Guard](/windows/security/threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows)**||Yes|Yes|Yes|Yes| +|**[Windows feature and expedite updates with Intune](/mem/intune/protect/windows-10-feature-updates)**||Yes|Yes|Yes|Yes| +|**[Windows Firewall](/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security)**||Yes|Yes|Yes|Yes| +|**[Windows Hello for Business](/windows/security/identity-protection/hello-for-business)**||Yes|Yes|Yes|Yes| +|**[Windows Hello for Business Enhanced Security Sign-in (ESS)](/windows-hardware/design/device-experiences/windows-hello-enhanced-sign-in-security)**||Yes|Yes|Yes|Yes| +|**[Windows LAPS](/windows-server/identity/laps/laps-overview)**||Yes|Yes|Yes|Yes| +|**[Windows presence sensing](https://support.microsoft.com/windows/wake-your-windows-11-pc-when-you-approach-82285c93-440c-4e15-9081-c9e38c1290bb)**||Yes|Yes|Yes|Yes| +|**[Windows Sandbox](/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview)**||Yes|Yes|Yes|Yes| +|**[Windows Security policy settings and auditing](/windows/security/threat-protection/security-policy-settings/security-policy-settings)**||Yes|Yes|Yes|Yes| +|**[Windows subscription activation](/windows/deployment/windows-10-subscription-activation)**||Yes|Yes|Yes|Yes| +|**[Windows Update for Business](/windows/deployment/update/waas-manage-updates-wufb)**||Yes|Yes|Yes|Yes| +|**[Windows Update for Business deployment service](/windows/deployment/update/deployment-service-overview)**||Yes|Yes|Yes|Yes| diff --git a/includes/licensing/access-control-aclsscals.md b/includes/licensing/access-control-aclsscals.md index fee9b83dd3..f339bd84c4 100644 --- a/includes/licensing/access-control-aclsscals.md +++ b/includes/licensing/access-control-aclsscals.md @@ -1,7 +1,7 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/02/2023 +ms.date: 05/04/2023 ms.topic: include --- @@ -17,6 +17,6 @@ Access Control (ACLs/SCALS) license entitlements are granted by the following li |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -|Yes|Yes|Yes|Yes|Yes| +||Yes|Yes|Yes|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/account-lockout-policy.md b/includes/licensing/account-lockout-policy.md index 31328de6f2..c7bb6241a7 100644 --- a/includes/licensing/account-lockout-policy.md +++ b/includes/licensing/account-lockout-policy.md @@ -1,7 +1,7 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/02/2023 +ms.date: 05/04/2023 ms.topic: include --- @@ -17,6 +17,6 @@ Account Lockout Policy license entitlements are granted by the following license |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -|Yes|Yes|Yes|Yes|Yes| +||Yes|Yes|Yes|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/always-on-vpn-device-tunnel.md b/includes/licensing/always-on-vpn-device-tunnel.md index 5b43ce08c3..a379e7ad79 100644 --- a/includes/licensing/always-on-vpn-device-tunnel.md +++ b/includes/licensing/always-on-vpn-device-tunnel.md @@ -1,7 +1,7 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/02/2023 +ms.date: 05/04/2023 ms.topic: include --- @@ -17,6 +17,6 @@ Always On VPN (device tunnel) license entitlements are granted by the following |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -|No|Yes|Yes|Yes|Yes| +||Yes|Yes|Yes|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/applocker.md b/includes/licensing/applocker.md new file mode 100644 index 0000000000..69bd446158 --- /dev/null +++ b/includes/licensing/applocker.md @@ -0,0 +1,22 @@ +--- +author: paolomatarazzo +ms.author: paoloma +ms.date: 05/04/2023 +ms.topic: include +--- + +## Windows edition and licensing requirements + +The following table lists the Windows editions that support AppLocker: + +|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education| +|:---:|:---:|:---:|:---:| +|Yes|Yes|Yes|Yes| + +AppLocker license entitlements are granted by the following licenses: + +|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| +|:---:|:---:|:---:|:---:|:---:| +||Yes|Yes|Yes|Yes| + +For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/assigned-access-kiosk-mode.md b/includes/licensing/assigned-access-kiosk-mode.md index bfc00c4cc6..aba7ff37fe 100644 --- a/includes/licensing/assigned-access-kiosk-mode.md +++ b/includes/licensing/assigned-access-kiosk-mode.md @@ -1,7 +1,7 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/02/2023 +ms.date: 05/04/2023 ms.topic: include --- @@ -17,6 +17,6 @@ Assigned Access (kiosk mode) license entitlements are granted by the following l |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -|Yes|Yes|Yes|Yes|Yes| +||Yes|Yes|Yes|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/attack-surface-reduction-asr.md b/includes/licensing/attack-surface-reduction-asr.md index e2c046e4dd..f3213322c4 100644 --- a/includes/licensing/attack-surface-reduction-asr.md +++ b/includes/licensing/attack-surface-reduction-asr.md @@ -1,7 +1,7 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/02/2023 +ms.date: 05/04/2023 ms.topic: include --- @@ -17,6 +17,6 @@ Attack surface reduction (ASR) license entitlements are granted by the following |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -|Yes|Yes|Yes|Yes|Yes| +||Yes|Yes|Yes|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/azure-ad-join-active-directory-domain-join-and-hybrid-azure-ad-join-with-single-sign-on-sso.md b/includes/licensing/azure-ad-join-active-directory-domain-join-and-hybrid-azure-ad-join-with-single-sign-on-sso.md index 87edf7eca7..f2d9aa6ebf 100644 --- a/includes/licensing/azure-ad-join-active-directory-domain-join-and-hybrid-azure-ad-join-with-single-sign-on-sso.md +++ b/includes/licensing/azure-ad-join-active-directory-domain-join-and-hybrid-azure-ad-join-with-single-sign-on-sso.md @@ -1,7 +1,7 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/02/2023 +ms.date: 05/04/2023 ms.topic: include --- @@ -17,6 +17,6 @@ Azure AD join, Active Directory domain join, and Hybrid Azure AD join with singl |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -|Yes|Yes|Yes|Yes|Yes| +||Yes|Yes|Yes|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/bitlocker.md b/includes/licensing/bitlocker.md index 38e2b82e71..cc4b2e43bf 100644 --- a/includes/licensing/bitlocker.md +++ b/includes/licensing/bitlocker.md @@ -1,7 +1,7 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/02/2023 +ms.date: 05/04/2023 ms.topic: include --- @@ -17,6 +17,6 @@ BitLocker license entitlements are granted by the following licenses: |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -|Yes|Yes|Yes|Yes|Yes| +||Yes|Yes|Yes|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/bluetooth-pairing-and-connection-protection.md b/includes/licensing/bluetooth-pairing-and-connection-protection.md index 616dd12ead..34d7ec09fb 100644 --- a/includes/licensing/bluetooth-pairing-and-connection-protection.md +++ b/includes/licensing/bluetooth-pairing-and-connection-protection.md @@ -1,7 +1,7 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/02/2023 +ms.date: 05/04/2023 ms.topic: include --- @@ -17,6 +17,6 @@ Bluetooth pairing and connection protection license entitlements are granted by |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -|Yes|Yes|Yes|Yes|Yes| +||Yes|Yes|Yes|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/common-criteria-certifications.md b/includes/licensing/common-criteria-certifications.md index 53c559c7d6..024213280f 100644 --- a/includes/licensing/common-criteria-certifications.md +++ b/includes/licensing/common-criteria-certifications.md @@ -1,7 +1,7 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/02/2023 +ms.date: 05/04/2023 ms.topic: include --- @@ -17,6 +17,6 @@ Common Criteria certifications license entitlements are granted by the following |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -|Yes|Yes|Yes|Yes|Yes| +||Yes|Yes|Yes|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/controlled-folder-access.md b/includes/licensing/controlled-folder-access.md index 936de372ba..8897700279 100644 --- a/includes/licensing/controlled-folder-access.md +++ b/includes/licensing/controlled-folder-access.md @@ -1,7 +1,7 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/02/2023 +ms.date: 05/04/2023 ms.topic: include --- @@ -17,6 +17,6 @@ Controlled folder access license entitlements are granted by the following licen |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -|Yes|Yes|Yes|Yes|Yes| +||Yes|Yes|Yes|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/device-health-attestation-service.md b/includes/licensing/device-health-attestation-service.md index cf90b200ad..4eeedc00df 100644 --- a/includes/licensing/device-health-attestation-service.md +++ b/includes/licensing/device-health-attestation-service.md @@ -1,7 +1,7 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/02/2023 +ms.date: 05/04/2023 ms.topic: include --- @@ -17,6 +17,6 @@ Device health attestation service license entitlements are granted by the follow |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -|Yes|Yes|Yes|Yes|Yes| +||Yes|Yes|Yes|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/device-readiness-and-update-compatibility-reports-with-intune.md b/includes/licensing/device-readiness-and-update-compatibility-reports-with-intune.md new file mode 100644 index 0000000000..83dad5c4f9 --- /dev/null +++ b/includes/licensing/device-readiness-and-update-compatibility-reports-with-intune.md @@ -0,0 +1,22 @@ +--- +author: paolomatarazzo +ms.author: paoloma +ms.date: 05/04/2023 +ms.topic: include +--- + +## Windows edition and licensing requirements + +The following table lists the Windows editions that support Device readiness and update compatibility reports with Intune: + +|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education| +|:---:|:---:|:---:|:---:| +|Yes|Yes|Yes|Yes| + +Device readiness and update compatibility reports with Intune license entitlements are granted by the following licenses: + +|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| +|:---:|:---:|:---:|:---:|:---:| +||Yes|Yes|Yes|Yes| + +For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/direct-access.md b/includes/licensing/direct-access.md index d51c6033ed..bd55346388 100644 --- a/includes/licensing/direct-access.md +++ b/includes/licensing/direct-access.md @@ -1,7 +1,7 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/02/2023 +ms.date: 05/04/2023 ms.topic: include --- @@ -17,6 +17,6 @@ Direct Access license entitlements are granted by the following licenses: |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -|No|Yes|Yes|Yes|Yes| +||Yes|Yes|Yes|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/email-encryption-smime.md b/includes/licensing/email-encryption-smime.md index 14711602db..dc22baf095 100644 --- a/includes/licensing/email-encryption-smime.md +++ b/includes/licensing/email-encryption-smime.md @@ -1,7 +1,7 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/02/2023 +ms.date: 05/04/2023 ms.topic: include --- @@ -17,6 +17,6 @@ Email Encryption (S/MIME) license entitlements are granted by the following lice |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -|Yes|Yes|Yes|Yes|Yes| +||Yes|Yes|Yes|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/encrypted-hard-drive.md b/includes/licensing/encrypted-hard-drive.md index f88b491816..c9860962a4 100644 --- a/includes/licensing/encrypted-hard-drive.md +++ b/includes/licensing/encrypted-hard-drive.md @@ -1,7 +1,7 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/02/2023 +ms.date: 05/04/2023 ms.topic: include --- @@ -17,6 +17,6 @@ Encrypted hard drive license entitlements are granted by the following licenses: |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -|Yes|Yes|Yes|Yes|Yes| +||Yes|Yes|Yes|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/endpoint-analytics.md b/includes/licensing/endpoint-analytics.md new file mode 100644 index 0000000000..497d3030d9 --- /dev/null +++ b/includes/licensing/endpoint-analytics.md @@ -0,0 +1,22 @@ +--- +author: paolomatarazzo +ms.author: paoloma +ms.date: 05/04/2023 +ms.topic: include +--- + +## Windows edition and licensing requirements + +The following table lists the Windows editions that support Endpoint Analytics: + +|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education| +|:---:|:---:|:---:|:---:| +|Yes|Yes|Yes|Yes| + +Endpoint Analytics license entitlements are granted by the following licenses: + +|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| +|:---:|:---:|:---:|:---:|:---:| +||Yes|Yes|Yes|Yes| + +For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/enhanced-phishing-protection-with-smartscreen.md b/includes/licensing/enhanced-phishing-protection-with-smartscreen.md index a06a3d4d8a..90585b908b 100644 --- a/includes/licensing/enhanced-phishing-protection-with-smartscreen.md +++ b/includes/licensing/enhanced-phishing-protection-with-smartscreen.md @@ -1,7 +1,7 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/02/2023 +ms.date: 05/04/2023 ms.topic: include --- @@ -17,6 +17,6 @@ Enhanced phishing protection with SmartScreen license entitlements are granted b |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -|Yes|Yes|Yes|Yes|Yes| +||Yes|Yes|Yes|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/exploit-protection.md b/includes/licensing/exploit-protection.md index b5ace06b04..194f986b4f 100644 --- a/includes/licensing/exploit-protection.md +++ b/includes/licensing/exploit-protection.md @@ -1,7 +1,7 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/02/2023 +ms.date: 05/04/2023 ms.topic: include --- @@ -17,6 +17,6 @@ Exploit protection license entitlements are granted by the following licenses: |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -|Yes|Yes|Yes|Yes|Yes| +||Yes|Yes|Yes|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/fast-identity-online-fido2-security-key.md b/includes/licensing/fast-identity-online-fido2-security-key.md index 6376058af8..5a3e06df91 100644 --- a/includes/licensing/fast-identity-online-fido2-security-key.md +++ b/includes/licensing/fast-identity-online-fido2-security-key.md @@ -1,7 +1,7 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/02/2023 +ms.date: 05/04/2023 ms.topic: include --- @@ -17,6 +17,6 @@ Fast Identity Online (FIDO2) security key license entitlements are granted by th |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -|Yes|Yes|Yes|Yes|Yes| +||Yes|Yes|Yes|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/federal-information-processing-standard-fips-140-validation.md b/includes/licensing/federal-information-processing-standard-fips-140-validation.md index cba61d9588..40e47fb3c8 100644 --- a/includes/licensing/federal-information-processing-standard-fips-140-validation.md +++ b/includes/licensing/federal-information-processing-standard-fips-140-validation.md @@ -1,7 +1,7 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/02/2023 +ms.date: 05/04/2023 ms.topic: include --- @@ -17,6 +17,6 @@ Federal Information Processing Standard (FIPS) 140 validation license entitlemen |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -|Yes|Yes|Yes|Yes|Yes| +||Yes|Yes|Yes|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/federated-sign-in.md b/includes/licensing/federated-sign-in.md index 7fbe9537a2..7ee5966b53 100644 --- a/includes/licensing/federated-sign-in.md +++ b/includes/licensing/federated-sign-in.md @@ -1,7 +1,7 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/02/2023 +ms.date: 05/04/2023 ms.topic: include --- @@ -15,8 +15,8 @@ The following table lists the Windows editions that support Federated sign-in: Federated sign-in license entitlements are granted by the following licenses: -|Windows Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| +|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -|No|No|No|Yes|Yes| +||No|No|Yes|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/hardware-enforced-stack-protection.md b/includes/licensing/hardware-enforced-stack-protection.md index 289501a6a5..a51f0a3c14 100644 --- a/includes/licensing/hardware-enforced-stack-protection.md +++ b/includes/licensing/hardware-enforced-stack-protection.md @@ -1,7 +1,7 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/02/2023 +ms.date: 05/04/2023 ms.topic: include --- @@ -17,6 +17,6 @@ Hardware-enforced stack protection license entitlements are granted by the follo |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -|Yes|Yes|Yes|Yes|Yes| +||Yes|Yes|Yes|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/hypervisor-protected-code-integrity-hvci.md b/includes/licensing/hypervisor-protected-code-integrity-hvci.md index ba0cf1484b..1026304f72 100644 --- a/includes/licensing/hypervisor-protected-code-integrity-hvci.md +++ b/includes/licensing/hypervisor-protected-code-integrity-hvci.md @@ -1,7 +1,7 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/02/2023 +ms.date: 05/04/2023 ms.topic: include --- @@ -17,6 +17,6 @@ Hypervisor-protected Code Integrity (HVCI) license entitlements are granted by t |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -|Yes|Yes|Yes|Yes|Yes| +||Yes|Yes|Yes|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/kernel-direct-memory-access-dma-protection.md b/includes/licensing/kernel-direct-memory-access-dma-protection.md index a171311457..e274721eba 100644 --- a/includes/licensing/kernel-direct-memory-access-dma-protection.md +++ b/includes/licensing/kernel-direct-memory-access-dma-protection.md @@ -1,7 +1,7 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/02/2023 +ms.date: 05/04/2023 ms.topic: include --- @@ -17,6 +17,6 @@ Kernel Direct Memory Access (DMA) protection license entitlements are granted by |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -|Yes|Yes|Yes|Yes|Yes| +||Yes|Yes|Yes|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/local-security-authority-lsa-protection.md b/includes/licensing/local-security-authority-lsa-protection.md index ac5cd05741..52bc417812 100644 --- a/includes/licensing/local-security-authority-lsa-protection.md +++ b/includes/licensing/local-security-authority-lsa-protection.md @@ -1,7 +1,7 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/02/2023 +ms.date: 05/04/2023 ms.topic: include --- @@ -17,6 +17,6 @@ Local Security Authority (LSA) Protection license entitlements are granted by th |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -|Yes|Yes|Yes|Yes|Yes| +||Yes|Yes|Yes|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/manage-by-mobile-device-management-mdm-and-group-policy.md b/includes/licensing/manage-by-mobile-device-management-mdm-and-group-policy.md index b852cf0a2a..39e45deb89 100644 --- a/includes/licensing/manage-by-mobile-device-management-mdm-and-group-policy.md +++ b/includes/licensing/manage-by-mobile-device-management-mdm-and-group-policy.md @@ -1,7 +1,7 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/02/2023 +ms.date: 05/04/2023 ms.topic: include --- @@ -17,6 +17,6 @@ Manage by Mobile Device Management (MDM) and group policy license entitlements a |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -|Yes|Yes|Yes|Yes|Yes| +||Yes|Yes|Yes|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/measured-boot.md b/includes/licensing/measured-boot.md index 95c9ef12a9..b52c825259 100644 --- a/includes/licensing/measured-boot.md +++ b/includes/licensing/measured-boot.md @@ -1,7 +1,7 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/02/2023 +ms.date: 05/04/2023 ms.topic: include --- @@ -17,6 +17,6 @@ Measured boot license entitlements are granted by the following licenses: |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -|Yes|Yes|Yes|Yes|Yes| +||Yes|Yes|Yes|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/microsoft-connected-cache-mcc.md b/includes/licensing/microsoft-connected-cache-mcc.md new file mode 100644 index 0000000000..d45efe86e0 --- /dev/null +++ b/includes/licensing/microsoft-connected-cache-mcc.md @@ -0,0 +1,22 @@ +--- +author: paolomatarazzo +ms.author: paoloma +ms.date: 05/04/2023 +ms.topic: include +--- + +## Windows edition and licensing requirements + +The following table lists the Windows editions that support Microsoft Connected Cache (MCC): + +|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education| +|:---:|:---:|:---:|:---:| +|No|No|No|No| + +Microsoft Connected Cache (MCC) license entitlements are granted by the following licenses: + +|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| +|:---:|:---:|:---:|:---:|:---:| +||No|No|No|No| + +For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/microsoft-defender-antivirus.md b/includes/licensing/microsoft-defender-antivirus.md index 8fc1f42bb6..39b0dec8a8 100644 --- a/includes/licensing/microsoft-defender-antivirus.md +++ b/includes/licensing/microsoft-defender-antivirus.md @@ -1,7 +1,7 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/02/2023 +ms.date: 05/04/2023 ms.topic: include --- @@ -17,6 +17,6 @@ Microsoft Defender Antivirus license entitlements are granted by the following l |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -|Yes|Yes|Yes|Yes|Yes| +||Yes|Yes|Yes|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/microsoft-defender-application-guard-mdag-configure-via-mdm.md b/includes/licensing/microsoft-defender-application-guard-mdag-configure-via-mdm.md index fb9dae35ef..950ee7e5c7 100644 --- a/includes/licensing/microsoft-defender-application-guard-mdag-configure-via-mdm.md +++ b/includes/licensing/microsoft-defender-application-guard-mdag-configure-via-mdm.md @@ -1,7 +1,7 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/02/2023 +ms.date: 05/04/2023 ms.topic: include --- @@ -17,6 +17,6 @@ Microsoft Defender Application Guard (MDAG) configure via MDM license entitlemen |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -|No|Yes|Yes|Yes|Yes| +||Yes|Yes|Yes|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/microsoft-defender-application-guard-mdag-for-edge-enterprise-mode-and-enterprise-management.md b/includes/licensing/microsoft-defender-application-guard-mdag-for-edge-enterprise-mode-and-enterprise-management.md index 0090aef8d1..ff3b4081cf 100644 --- a/includes/licensing/microsoft-defender-application-guard-mdag-for-edge-enterprise-mode-and-enterprise-management.md +++ b/includes/licensing/microsoft-defender-application-guard-mdag-for-edge-enterprise-mode-and-enterprise-management.md @@ -1,7 +1,7 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/02/2023 +ms.date: 05/04/2023 ms.topic: include --- @@ -17,6 +17,6 @@ Microsoft Defender Application Guard (MDAG) for Edge enterprise mode and enterpr |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -|No|Yes|Yes|Yes|Yes| +||Yes|Yes|Yes|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/microsoft-defender-application-guard-mdag-for-edge-standalone-mode.md b/includes/licensing/microsoft-defender-application-guard-mdag-for-edge-standalone-mode.md index a87ab98c51..ec4f9aa4cb 100644 --- a/includes/licensing/microsoft-defender-application-guard-mdag-for-edge-standalone-mode.md +++ b/includes/licensing/microsoft-defender-application-guard-mdag-for-edge-standalone-mode.md @@ -1,7 +1,7 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/02/2023 +ms.date: 05/04/2023 ms.topic: include --- @@ -17,6 +17,6 @@ Microsoft Defender Application Guard (MDAG) for Edge standalone mode license ent |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -|Yes|Yes|Yes|Yes|Yes| +||Yes|Yes|Yes|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/microsoft-defender-application-guard-mdag-for-microsoft-office.md b/includes/licensing/microsoft-defender-application-guard-mdag-for-microsoft-office.md index 8b646454f9..7fd3537173 100644 --- a/includes/licensing/microsoft-defender-application-guard-mdag-for-microsoft-office.md +++ b/includes/licensing/microsoft-defender-application-guard-mdag-for-microsoft-office.md @@ -1,7 +1,7 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/02/2023 +ms.date: 05/04/2023 ms.topic: include --- @@ -17,6 +17,6 @@ Microsoft Defender Application Guard (MDAG) for Microsoft Office license entitle |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -|No|No|No|No|No| +||No|No|No|No| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/microsoft-defender-application-guard-mdag-public-apis.md b/includes/licensing/microsoft-defender-application-guard-mdag-public-apis.md index 61f06b5748..83dfb73504 100644 --- a/includes/licensing/microsoft-defender-application-guard-mdag-public-apis.md +++ b/includes/licensing/microsoft-defender-application-guard-mdag-public-apis.md @@ -1,7 +1,7 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/02/2023 +ms.date: 05/04/2023 ms.topic: include --- @@ -17,6 +17,6 @@ Microsoft Defender Application Guard (MDAG) public APIs license entitlements are |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -|No|Yes|Yes|Yes|Yes| +||Yes|Yes|Yes|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/microsoft-defender-for-endpoint.md b/includes/licensing/microsoft-defender-for-endpoint.md index a730169279..aa22c56bbe 100644 --- a/includes/licensing/microsoft-defender-for-endpoint.md +++ b/includes/licensing/microsoft-defender-for-endpoint.md @@ -1,7 +1,7 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/02/2023 +ms.date: 05/04/2023 ms.topic: include --- @@ -17,6 +17,6 @@ Microsoft Defender for Endpoint license entitlements are granted by the followin |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -|No|No|Yes|No|Yes| +||No|Yes|No|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/microsoft-defender-smartscreen.md b/includes/licensing/microsoft-defender-smartscreen.md index 1f1233e529..8e39f1f189 100644 --- a/includes/licensing/microsoft-defender-smartscreen.md +++ b/includes/licensing/microsoft-defender-smartscreen.md @@ -1,7 +1,7 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/02/2023 +ms.date: 05/04/2023 ms.topic: include --- @@ -17,6 +17,6 @@ Microsoft Defender SmartScreen license entitlements are granted by the following |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -|Yes|Yes|Yes|Yes|Yes| +||Yes|Yes|Yes|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/microsoft-desktop-optimization-pack-mdop.md b/includes/licensing/microsoft-desktop-optimization-pack-mdop.md new file mode 100644 index 0000000000..13f935839a --- /dev/null +++ b/includes/licensing/microsoft-desktop-optimization-pack-mdop.md @@ -0,0 +1,22 @@ +--- +author: paolomatarazzo +ms.author: paoloma +ms.date: 05/04/2023 +ms.topic: include +--- + +## Windows edition and licensing requirements + +The following table lists the Windows editions that support Microsoft Desktop Optimization Pack (MDOP): + +|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education| +|:---:|:---:|:---:|:---:| +|Yes|Yes|Yes|Yes| + +Microsoft Desktop Optimization Pack (MDOP) license entitlements are granted by the following licenses: + +|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| +|:---:|:---:|:---:|:---:|:---:| +||Yes|Yes|Yes|Yes| + +For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/microsoft-pluton-security-processor.md b/includes/licensing/microsoft-pluton-security-processor.md index fef0a04f28..0ca863f6f4 100644 --- a/includes/licensing/microsoft-pluton-security-processor.md +++ b/includes/licensing/microsoft-pluton-security-processor.md @@ -1,7 +1,7 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/02/2023 +ms.date: 05/04/2023 ms.topic: include --- @@ -17,6 +17,6 @@ Microsoft Pluton security processor license entitlements are granted by the foll |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -|Yes|Yes|Yes|Yes|Yes| +||Yes|Yes|Yes|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/microsoft-vulnerable-driver-blocklist.md b/includes/licensing/microsoft-vulnerable-driver-blocklist.md index 2e0d09d51c..0d12fd38dc 100644 --- a/includes/licensing/microsoft-vulnerable-driver-blocklist.md +++ b/includes/licensing/microsoft-vulnerable-driver-blocklist.md @@ -1,7 +1,7 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/02/2023 +ms.date: 05/04/2023 ms.topic: include --- @@ -17,6 +17,6 @@ Microsoft Vulnerable Driver Blocklist license entitlements are granted by the fo |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -|Yes|Yes|Yes|Yes|Yes| +||Yes|Yes|Yes|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/opportunistic-wireless-encryption-owe.md b/includes/licensing/opportunistic-wireless-encryption-owe.md index c2db27f073..b75f017ad3 100644 --- a/includes/licensing/opportunistic-wireless-encryption-owe.md +++ b/includes/licensing/opportunistic-wireless-encryption-owe.md @@ -1,7 +1,7 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/02/2023 +ms.date: 05/04/2023 ms.topic: include --- @@ -17,6 +17,6 @@ Opportunistic Wireless Encryption (OWE) license entitlements are granted by the |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -|Yes|Yes|Yes|Yes|Yes| +||Yes|Yes|Yes|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/organizational-messages-with-intune.md b/includes/licensing/organizational-messages-with-intune.md new file mode 100644 index 0000000000..b1883a1e1f --- /dev/null +++ b/includes/licensing/organizational-messages-with-intune.md @@ -0,0 +1,22 @@ +--- +author: paolomatarazzo +ms.author: paoloma +ms.date: 05/04/2023 +ms.topic: include +--- + +## Windows edition and licensing requirements + +The following table lists the Windows editions that support Organizational messages with Intune: + +|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education| +|:---:|:---:|:---:|:---:| +|No|Yes|No|Yes| + +Organizational messages with Intune license entitlements are granted by the following licenses: + +|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| +|:---:|:---:|:---:|:---:|:---:| +||Yes|Yes|Yes|Yes| + +For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/personal-data-encryption-pde.md b/includes/licensing/personal-data-encryption-pde.md index e55327fa5a..c4c97923df 100644 --- a/includes/licensing/personal-data-encryption-pde.md +++ b/includes/licensing/personal-data-encryption-pde.md @@ -1,7 +1,7 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/02/2023 +ms.date: 05/04/2023 ms.topic: include --- @@ -17,6 +17,6 @@ Personal data encryption (PDE) license entitlements are granted by the following |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -|No|Yes|Yes|Yes|Yes| +||Yes|Yes|Yes|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/privacy-resource-usage.md b/includes/licensing/privacy-resource-usage.md index 2726b9940a..a80a71ce3a 100644 --- a/includes/licensing/privacy-resource-usage.md +++ b/includes/licensing/privacy-resource-usage.md @@ -1,7 +1,7 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/02/2023 +ms.date: 05/04/2023 ms.topic: include --- @@ -17,6 +17,6 @@ Privacy Resource Usage license entitlements are granted by the following license |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -|Yes|Yes|Yes|Yes|Yes| +||Yes|Yes|Yes|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/privacy-transparency-and-controls.md b/includes/licensing/privacy-transparency-and-controls.md index 45c5829016..621683c547 100644 --- a/includes/licensing/privacy-transparency-and-controls.md +++ b/includes/licensing/privacy-transparency-and-controls.md @@ -1,7 +1,7 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/02/2023 +ms.date: 05/04/2023 ms.topic: include --- @@ -17,6 +17,6 @@ Privacy Transparency and Controls license entitlements are granted by the follow |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -|Yes|Yes|Yes|Yes|Yes| +||Yes|Yes|Yes|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/remote-wipe.md b/includes/licensing/remote-wipe.md index f9f9cb9973..7bc335c922 100644 --- a/includes/licensing/remote-wipe.md +++ b/includes/licensing/remote-wipe.md @@ -1,7 +1,7 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/02/2023 +ms.date: 05/04/2023 ms.topic: include --- @@ -17,6 +17,6 @@ Remote wipe license entitlements are granted by the following licenses: |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -|Yes|Yes|Yes|Yes|Yes| +||Yes|Yes|Yes|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/secure-boot-and-trusted-boot.md b/includes/licensing/secure-boot-and-trusted-boot.md index eb8e3f243b..74d7936d3b 100644 --- a/includes/licensing/secure-boot-and-trusted-boot.md +++ b/includes/licensing/secure-boot-and-trusted-boot.md @@ -1,7 +1,7 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/02/2023 +ms.date: 05/04/2023 ms.topic: include --- @@ -17,6 +17,6 @@ Secure Boot and Trusted Boot license entitlements are granted by the following l |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -|Yes|Yes|Yes|Yes|Yes| +||Yes|Yes|Yes|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/secured-core-configuration-lock.md b/includes/licensing/secured-core-configuration-lock.md index 4fca24c0c8..642cd73671 100644 --- a/includes/licensing/secured-core-configuration-lock.md +++ b/includes/licensing/secured-core-configuration-lock.md @@ -1,7 +1,7 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/02/2023 +ms.date: 05/04/2023 ms.topic: include --- @@ -17,6 +17,6 @@ Secured-core configuration lock license entitlements are granted by the followin |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -|Yes|Yes|Yes|Yes|Yes| +||Yes|Yes|Yes|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/secured-core-pc.md b/includes/licensing/secured-core-pc.md index 4b939c510e..4845670fc5 100644 --- a/includes/licensing/secured-core-pc.md +++ b/includes/licensing/secured-core-pc.md @@ -1,7 +1,7 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/02/2023 +ms.date: 05/04/2023 ms.topic: include --- @@ -17,6 +17,6 @@ Secured-core PC license entitlements are granted by the following licenses: |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -|Yes|Yes|Yes|Yes|Yes| +||Yes|Yes|Yes|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/security-baselines.md b/includes/licensing/security-baselines.md index eece64a0d4..9facaa08ac 100644 --- a/includes/licensing/security-baselines.md +++ b/includes/licensing/security-baselines.md @@ -1,7 +1,7 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/02/2023 +ms.date: 05/04/2023 ms.topic: include --- @@ -17,6 +17,6 @@ Security baselines license entitlements are granted by the following licenses: |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -|Yes|Yes|Yes|Yes|Yes| +||Yes|Yes|Yes|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/server-message-block-direct-smb-direct.md b/includes/licensing/server-message-block-direct-smb-direct.md index 08fcde873f..47d6f0d881 100644 --- a/includes/licensing/server-message-block-direct-smb-direct.md +++ b/includes/licensing/server-message-block-direct-smb-direct.md @@ -1,7 +1,7 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/02/2023 +ms.date: 05/04/2023 ms.topic: include --- @@ -17,6 +17,6 @@ Server Message Block Direct (SMB Direct) license entitlements are granted by the |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -|Yes|Yes|Yes|Yes|Yes| +||Yes|Yes|Yes|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/server-message-block-smb-file-service.md b/includes/licensing/server-message-block-smb-file-service.md index badab98137..762477d727 100644 --- a/includes/licensing/server-message-block-smb-file-service.md +++ b/includes/licensing/server-message-block-smb-file-service.md @@ -1,7 +1,7 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/02/2023 +ms.date: 05/04/2023 ms.topic: include --- @@ -17,6 +17,6 @@ Server Message Block (SMB) file service license entitlements are granted by the |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -|Yes|Yes|Yes|Yes|Yes| +||Yes|Yes|Yes|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/smart-app-control.md b/includes/licensing/smart-app-control.md index 92cf1df0fb..7dcc3b0b32 100644 --- a/includes/licensing/smart-app-control.md +++ b/includes/licensing/smart-app-control.md @@ -1,7 +1,7 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/02/2023 +ms.date: 05/04/2023 ms.topic: include --- @@ -17,6 +17,6 @@ Smart App Control license entitlements are granted by the following licenses: |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -|Yes|Yes|Yes|Yes|Yes| +||Yes|Yes|Yes|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/smart-cards-for-windows-service.md b/includes/licensing/smart-cards-for-windows-service.md index e3631ecafc..29be818b02 100644 --- a/includes/licensing/smart-cards-for-windows-service.md +++ b/includes/licensing/smart-cards-for-windows-service.md @@ -1,7 +1,7 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/02/2023 +ms.date: 05/04/2023 ms.topic: include --- @@ -17,6 +17,6 @@ Smart Cards for Windows Service license entitlements are granted by the followin |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -|Yes|Yes|Yes|Yes|Yes| +||Yes|Yes|Yes|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/start-menu-and-taskbar.md b/includes/licensing/start-menu-and-taskbar.md new file mode 100644 index 0000000000..147c942553 --- /dev/null +++ b/includes/licensing/start-menu-and-taskbar.md @@ -0,0 +1,22 @@ +--- +author: paolomatarazzo +ms.author: paoloma +ms.date: 05/04/2023 +ms.topic: include +--- + +## Windows edition and licensing requirements + +The following table lists the Windows editions that support Start menu and taskbar: + +|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education| +|:---:|:---:|:---:|:---:| +|Yes|Yes|Yes|Yes| + +Start menu and taskbar license entitlements are granted by the following licenses: + +|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| +|:---:|:---:|:---:|:---:|:---:| +||Yes|Yes|Yes|Yes| + +For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/tamper-protection-settings-for-mde.md b/includes/licensing/tamper-protection-settings-for-mde.md index 4a347eb0ad..b4c744071b 100644 --- a/includes/licensing/tamper-protection-settings-for-mde.md +++ b/includes/licensing/tamper-protection-settings-for-mde.md @@ -1,7 +1,7 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/02/2023 +ms.date: 05/04/2023 ms.topic: include --- @@ -17,6 +17,6 @@ Tamper protection settings for MDE license entitlements are granted by the follo |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -|Yes|Yes|Yes|Yes|Yes| +||Yes|Yes|Yes|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/transport-layer-security-tls.md b/includes/licensing/transport-layer-security-tls.md index 0827acbdda..8cfd78e987 100644 --- a/includes/licensing/transport-layer-security-tls.md +++ b/includes/licensing/transport-layer-security-tls.md @@ -1,7 +1,7 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/02/2023 +ms.date: 05/04/2023 ms.topic: include --- @@ -17,6 +17,6 @@ Transport layer security (TLS) license entitlements are granted by the following |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -|Yes|Yes|Yes|Yes|Yes| +||Yes|Yes|Yes|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/trusted-platform-module-tpm-20.md b/includes/licensing/trusted-platform-module-tpm-20.md index 507e3a42d3..37892f588b 100644 --- a/includes/licensing/trusted-platform-module-tpm-20.md +++ b/includes/licensing/trusted-platform-module-tpm-20.md @@ -1,7 +1,7 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/02/2023 +ms.date: 05/04/2023 ms.topic: include --- @@ -17,6 +17,6 @@ Trusted Platform Module (TPM) 2.0 license entitlements are granted by the follow |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -|Yes|Yes|Yes|Yes|Yes| +||Yes|Yes|Yes|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/universal-print.md b/includes/licensing/universal-print.md index 42112d1a59..1e2f1f7384 100644 --- a/includes/licensing/universal-print.md +++ b/includes/licensing/universal-print.md @@ -1,7 +1,7 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/02/2023 +ms.date: 05/04/2023 ms.topic: include --- @@ -17,6 +17,6 @@ Universal Print license entitlements are granted by the following licenses: |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -|No|Yes|Yes|Yes|Yes| +||Yes|Yes|Yes|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/user-account-control-uac.md b/includes/licensing/user-account-control-uac.md index 152ee532fe..54bd71e9bd 100644 --- a/includes/licensing/user-account-control-uac.md +++ b/includes/licensing/user-account-control-uac.md @@ -1,7 +1,7 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/02/2023 +ms.date: 05/04/2023 ms.topic: include --- @@ -17,6 +17,6 @@ User Account Control (UAC) license entitlements are granted by the following lic |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -|Yes|Yes|Yes|Yes|Yes| +||Yes|Yes|Yes|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/virtual-private-network-vpn.md b/includes/licensing/virtual-private-network-vpn.md index 0749a1c128..644adf2b91 100644 --- a/includes/licensing/virtual-private-network-vpn.md +++ b/includes/licensing/virtual-private-network-vpn.md @@ -1,7 +1,7 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/02/2023 +ms.date: 05/04/2023 ms.topic: include --- @@ -17,6 +17,6 @@ Virtual Private Network (VPN) license entitlements are granted by the following |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -|Yes|Yes|Yes|Yes|Yes| +||Yes|Yes|Yes|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/virtualization-based-security-vbs.md b/includes/licensing/virtualization-based-security-vbs.md index 65478e19ff..8b0d6a2a01 100644 --- a/includes/licensing/virtualization-based-security-vbs.md +++ b/includes/licensing/virtualization-based-security-vbs.md @@ -1,7 +1,7 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/02/2023 +ms.date: 05/04/2023 ms.topic: include --- @@ -17,6 +17,6 @@ Virtualization-based security (VBS) license entitlements are granted by the foll |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -|Yes|Yes|Yes|Yes|Yes| +||Yes|Yes|Yes|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/virtualization-rights-vda-avd-and-w365.md b/includes/licensing/virtualization-rights-vda-avd-and-w365.md new file mode 100644 index 0000000000..8c77bfd575 --- /dev/null +++ b/includes/licensing/virtualization-rights-vda-avd-and-w365.md @@ -0,0 +1,22 @@ +--- +author: paolomatarazzo +ms.author: paoloma +ms.date: 05/04/2023 +ms.topic: include +--- + +## Windows edition and licensing requirements + +The following table lists the Windows editions that support Virtualization rights (VDA, AVD and W365): + +|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education| +|:---:|:---:|:---:|:---:| +|No|Yes|No|Yes| + +Virtualization rights (VDA, AVD and W365) license entitlements are granted by the following licenses: + +|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| +|:---:|:---:|:---:|:---:|:---:| +||Yes|Yes|Yes|Yes| + +For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/wifi-security.md b/includes/licensing/wifi-security.md index b48b88988a..19a752b6b6 100644 --- a/includes/licensing/wifi-security.md +++ b/includes/licensing/wifi-security.md @@ -1,7 +1,7 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/02/2023 +ms.date: 05/04/2023 ms.topic: include --- @@ -17,6 +17,6 @@ WiFi Security license entitlements are granted by the following licenses: |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -|Yes|Yes|Yes|Yes|Yes| +||Yes|Yes|Yes|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/windows-autopatch.md b/includes/licensing/windows-autopatch.md index 40aa73aa2e..ebcfd239a8 100644 --- a/includes/licensing/windows-autopatch.md +++ b/includes/licensing/windows-autopatch.md @@ -1,7 +1,7 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/02/2023 +ms.date: 05/04/2023 ms.topic: include --- @@ -17,6 +17,6 @@ Windows Autopatch license entitlements are granted by the following licenses: |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -|No|Yes|Yes|No|No| +||Yes|Yes|No|No| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/windows-autopilot.md b/includes/licensing/windows-autopilot.md index e0817f4ba8..da890b8533 100644 --- a/includes/licensing/windows-autopilot.md +++ b/includes/licensing/windows-autopilot.md @@ -1,7 +1,7 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/02/2023 +ms.date: 05/04/2023 ms.topic: include --- @@ -17,6 +17,6 @@ Windows Autopilot license entitlements are granted by the following licenses: |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -|Yes|Yes|Yes|Yes|Yes| +||Yes|Yes|Yes|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/windows-containers.md b/includes/licensing/windows-containers.md index bcf079d6d5..e0e32758d0 100644 --- a/includes/licensing/windows-containers.md +++ b/includes/licensing/windows-containers.md @@ -1,7 +1,7 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/02/2023 +ms.date: 05/04/2023 ms.topic: include --- @@ -17,6 +17,6 @@ Windows containers license entitlements are granted by the following licenses: |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -|Yes|Yes|Yes|Yes|Yes| +||Yes|Yes|Yes|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/windows-defender-application-control-wdac.md b/includes/licensing/windows-defender-application-control-wdac.md index b773a00934..d86996d2bc 100644 --- a/includes/licensing/windows-defender-application-control-wdac.md +++ b/includes/licensing/windows-defender-application-control-wdac.md @@ -1,7 +1,7 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/02/2023 +ms.date: 05/04/2023 ms.topic: include --- @@ -17,6 +17,6 @@ Windows Defender Application Control (WDAC) license entitlements are granted by |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -|Yes|Yes|Yes|Yes|Yes| +||Yes|Yes|Yes|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/windows-defender-credential-guard.md b/includes/licensing/windows-defender-credential-guard.md index 5acd060ced..e2af27fbf1 100644 --- a/includes/licensing/windows-defender-credential-guard.md +++ b/includes/licensing/windows-defender-credential-guard.md @@ -1,7 +1,7 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/02/2023 +ms.date: 05/04/2023 ms.topic: include --- @@ -17,6 +17,6 @@ Windows Defender Credential Guard license entitlements are granted by the follow |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -|No|Yes|Yes|Yes|Yes| +||Yes|Yes|Yes|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/windows-defender-remote-credential-guard.md b/includes/licensing/windows-defender-remote-credential-guard.md index afdb6dbff1..e9753d8390 100644 --- a/includes/licensing/windows-defender-remote-credential-guard.md +++ b/includes/licensing/windows-defender-remote-credential-guard.md @@ -1,7 +1,7 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/02/2023 +ms.date: 05/04/2023 ms.topic: include --- @@ -17,6 +17,6 @@ Windows Defender Remote Credential Guard license entitlements are granted by the |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -|Yes|Yes|Yes|Yes|Yes| +||Yes|Yes|Yes|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/windows-defender-system-guard.md b/includes/licensing/windows-defender-system-guard.md index c57688c93f..bce6a705d1 100644 --- a/includes/licensing/windows-defender-system-guard.md +++ b/includes/licensing/windows-defender-system-guard.md @@ -1,7 +1,7 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/02/2023 +ms.date: 05/04/2023 ms.topic: include --- @@ -17,6 +17,6 @@ Windows Defender System Guard license entitlements are granted by the following |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -|Yes|Yes|Yes|Yes|Yes| +||Yes|Yes|Yes|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/windows-feature-and-expedite-updates-with-intune.md b/includes/licensing/windows-feature-and-expedite-updates-with-intune.md new file mode 100644 index 0000000000..1eea90833f --- /dev/null +++ b/includes/licensing/windows-feature-and-expedite-updates-with-intune.md @@ -0,0 +1,22 @@ +--- +author: paolomatarazzo +ms.author: paoloma +ms.date: 05/04/2023 +ms.topic: include +--- + +## Windows edition and licensing requirements + +The following table lists the Windows editions that support Windows feature and expedite updates with Intune: + +|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education| +|:---:|:---:|:---:|:---:| +|Yes|Yes|Yes|Yes| + +Windows feature and expedite updates with Intune license entitlements are granted by the following licenses: + +|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| +|:---:|:---:|:---:|:---:|:---:| +||Yes|Yes|Yes|Yes| + +For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/windows-firewall.md b/includes/licensing/windows-firewall.md index 4527a2042d..e806dc33b2 100644 --- a/includes/licensing/windows-firewall.md +++ b/includes/licensing/windows-firewall.md @@ -1,7 +1,7 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/02/2023 +ms.date: 05/04/2023 ms.topic: include --- @@ -17,6 +17,6 @@ Windows Firewall license entitlements are granted by the following licenses: |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -|Yes|Yes|Yes|Yes|Yes| +||Yes|Yes|Yes|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/windows-hello-for-business-enhanced-security-sign-in-ess.md b/includes/licensing/windows-hello-for-business-enhanced-security-sign-in-ess.md index 76395b418b..344372a9d1 100644 --- a/includes/licensing/windows-hello-for-business-enhanced-security-sign-in-ess.md +++ b/includes/licensing/windows-hello-for-business-enhanced-security-sign-in-ess.md @@ -1,7 +1,7 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/02/2023 +ms.date: 05/04/2023 ms.topic: include --- @@ -17,6 +17,6 @@ Windows Hello for Business Enhanced Security Sign-in (ESS) license entitlements |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -|Yes|Yes|Yes|Yes|Yes| +||Yes|Yes|Yes|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/windows-hello-for-business.md b/includes/licensing/windows-hello-for-business.md index 7f8dafb43e..ca1a459066 100644 --- a/includes/licensing/windows-hello-for-business.md +++ b/includes/licensing/windows-hello-for-business.md @@ -1,7 +1,7 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/02/2023 +ms.date: 05/04/2023 ms.topic: include --- @@ -17,6 +17,6 @@ Windows Hello for Business license entitlements are granted by the following lic |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -|Yes|Yes|Yes|Yes|Yes| +||Yes|Yes|Yes|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/windows-laps.md b/includes/licensing/windows-laps.md index 2bc6001b15..df4788787b 100644 --- a/includes/licensing/windows-laps.md +++ b/includes/licensing/windows-laps.md @@ -1,7 +1,7 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/02/2023 +ms.date: 05/04/2023 ms.topic: include --- @@ -17,6 +17,6 @@ Windows LAPS license entitlements are granted by the following licenses: |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -|Yes|Yes|Yes|Yes|Yes| +||Yes|Yes|Yes|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/windows-presence-sensing.md b/includes/licensing/windows-presence-sensing.md index 7f941aa6ff..03a854f909 100644 --- a/includes/licensing/windows-presence-sensing.md +++ b/includes/licensing/windows-presence-sensing.md @@ -1,7 +1,7 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/02/2023 +ms.date: 05/04/2023 ms.topic: include --- @@ -17,6 +17,6 @@ Windows presence sensing license entitlements are granted by the following licen |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -|Yes|Yes|Yes|Yes|Yes| +||Yes|Yes|Yes|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/windows-sandbox.md b/includes/licensing/windows-sandbox.md index bf4a39123f..2551168b7e 100644 --- a/includes/licensing/windows-sandbox.md +++ b/includes/licensing/windows-sandbox.md @@ -1,7 +1,7 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/02/2023 +ms.date: 05/04/2023 ms.topic: include --- @@ -17,6 +17,6 @@ Windows Sandbox license entitlements are granted by the following licenses: |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -|Yes|Yes|Yes|Yes|Yes| +||Yes|Yes|Yes|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/windows-security-policy-settings-and-auditing.md b/includes/licensing/windows-security-policy-settings-and-auditing.md index 7582a2d315..762f1fb6c2 100644 --- a/includes/licensing/windows-security-policy-settings-and-auditing.md +++ b/includes/licensing/windows-security-policy-settings-and-auditing.md @@ -1,7 +1,7 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/02/2023 +ms.date: 05/04/2023 ms.topic: include --- @@ -17,6 +17,6 @@ Windows Security policy settings and auditing license entitlements are granted b |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -|Yes|Yes|Yes|Yes|Yes| +||Yes|Yes|Yes|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/windows-subscription-activation.md b/includes/licensing/windows-subscription-activation.md new file mode 100644 index 0000000000..3b049618a9 --- /dev/null +++ b/includes/licensing/windows-subscription-activation.md @@ -0,0 +1,22 @@ +--- +author: paolomatarazzo +ms.author: paoloma +ms.date: 05/04/2023 +ms.topic: include +--- + +## Windows edition and licensing requirements + +The following table lists the Windows editions that support Windows subscription activation: + +|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education| +|:---:|:---:|:---:|:---:| +|Yes|Yes|Yes|Yes| + +Windows subscription activation license entitlements are granted by the following licenses: + +|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| +|:---:|:---:|:---:|:---:|:---:| +||Yes|Yes|Yes|Yes| + +For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/windows-update-for-business-deployment-service.md b/includes/licensing/windows-update-for-business-deployment-service.md new file mode 100644 index 0000000000..1a7d673606 --- /dev/null +++ b/includes/licensing/windows-update-for-business-deployment-service.md @@ -0,0 +1,22 @@ +--- +author: paolomatarazzo +ms.author: paoloma +ms.date: 05/04/2023 +ms.topic: include +--- + +## Windows edition and licensing requirements + +The following table lists the Windows editions that support Windows Update for Business deployment service: + +|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education| +|:---:|:---:|:---:|:---:| +|Yes|Yes|Yes|Yes| + +Windows Update for Business deployment service license entitlements are granted by the following licenses: + +|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| +|:---:|:---:|:---:|:---:|:---:| +||Yes|Yes|Yes|Yes| + +For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/windows-update-for-business.md b/includes/licensing/windows-update-for-business.md new file mode 100644 index 0000000000..9f1b4ad742 --- /dev/null +++ b/includes/licensing/windows-update-for-business.md @@ -0,0 +1,22 @@ +--- +author: paolomatarazzo +ms.author: paoloma +ms.date: 05/04/2023 +ms.topic: include +--- + +## Windows edition and licensing requirements + +The following table lists the Windows editions that support Windows Update for Business: + +|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education| +|:---:|:---:|:---:|:---:| +|Yes|Yes|Yes|Yes| + +Windows Update for Business license entitlements are granted by the following licenses: + +|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| +|:---:|:---:|:---:|:---:|:---:| +||Yes|Yes|Yes|Yes| + +For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/windows/security/TOC.yml b/windows/security/TOC.yml index fb69d549ce..7803cbdd73 100644 --- a/windows/security/TOC.yml +++ b/windows/security/TOC.yml @@ -8,9 +8,9 @@ href: zero-trust-windows-device-health.md - name: Windows security overview href: introduction/index.md - - name: Security features edition requirements + - name: Security features and edition requirements href: introduction/security-features-edition-requirements.md - - name: Security features licensing requirements + - name: Security features and licensing requirements href: introduction/security-features-licensing-requirements.md - name: Hardware security href: hardware-security/toc.yml diff --git a/windows/security/introduction/index.md b/windows/security/introduction/index.md index 913a477cf1..5ce4587626 100644 --- a/windows/security/introduction/index.md +++ b/windows/security/introduction/index.md @@ -11,47 +11,46 @@ appliesto: # Introduction to Windows security -The acceleration of digital transformation and the expansion of both remote and hybrid workplaces brings new opportunities to organizations, communities, and individuals. Our work styles have transformed. And now more than ever, employees need simple, intuitive user experiences to collaborate and stay productive, wherever work happens. But the expansion of access and ability to work anywhere has also introduced new threats and risks. According to data from the Microsoft commissioned Security Signals report, 75% of security decision-makers at the vice-president level and above feel the move to hybrid work leaves their organization more vulnerable to security threats. And [Microsoft's 2022 Work Trend Index](https://www.microsoft.com/security/blog/2022/04/05/new-security-features-for-windows-11-will-help-protect-hybrid-work/) shows "cybersecurity issues and risks" are top concerns for business decisions makers, who worry about issues like malware, stolen credentials, devices that lack security updates, and physical attacks on lost or stolen devices. +The acceleration of digital transformation and the expansion of both remote and hybrid work brings new opportunities to organizations, communities, and individuals. This expansion introduces new threats and risks. + +Organizations worldwide are adopting a **zero-trust** security model based on the premise that no person or device anywhere can have access until safety and integrity is proven. Windows 11 is built on zero-trust principles to enable hybrid productivity and new experiences anywhere without compromising security. Windows 11 raises the security baselines with new requirements for advanced hardware and software protection that extends from chip to cloud. ## How Windows 11 enables zero-trust protection A zero-trust security model gives the right people the right access at the right time. Zero-trust security is based on three principles: 1. Reduce risk by explicitly verifying data points such as user identity, location, and device health for every access request, without exception -2. When verified, give people and devices access to only necessary resources for the necessary amount of time -3. Use continuous analytics to drive threat detection and improve defenses +1. When verified, give people and devices access to only necessary resources for the necessary amount of time +1. Use continuous analytics to drive threat detection and improve defenses -You should continue to strengthen your zero-trust posture as well. To improve threat detection and defenses, verify end-to-end encryption and use analytics to gain visibility. +For Windows 11, the zero-trust principle of *verify explicitly* applies to risks introduced by both devices and people. Windows 11 provides chip-to-cloud security, enabling IT administrators to implement strong authorization and authentication processes with features like Windows Hello for Business. IT administrators also gain attestation and measurements for determining if a device meets requirements and can be trusted. In addition, Windows 11 works out-of-the-box with Microsoft Intune and Azure Active Directory, which enable timely and seamless access decisions. Furthermore, IT administrators can easily customize Windows to meet specific user and policy requirements for access, privacy, compliance, and more. -For Windows 11, the zero-trust principle of *verify explicitly* applies to risks introduced by both devices and people. Windows 11 provides chip-to-cloud security, enabling IT administrators to implement strong authorization and authentication processes with tools such as our premier solution Windows Hello for Business. IT administrators also gain attestation and measurements for determining if a device meets requirements and can be trusted. In addition, Windows 11 works out-of-the-box with Microsoft Endpoint Manager and Azure Active Directory, so access decisions and enforcement are seamless. Plus, IT administrators can easily customize Windows 11 to meet specific user and policy requirements for access, privacy, compliance, and more. +## Overview of Windows 11 security priorities -Individual users also benefit from powerful safeguards including new standards for hardware-based security and passwordless protection that help safeguard data and privacy. +### Security, by default -## Security, by default +Windows 11 is a natural evolution of its predecessor, Windows 10. We have collaborated with our manufacturer and silicon partners to incorporate additional hardware security measures that address the increasingly complex security threats of today. These measures not only enable the hybrid work and learning that many organizations now embrace but also help bolster our already strong foundation and resilience against attacks. -Nearly 90% of security decision makers surveyed say outdated hardware leaves organizations more open to attacks and using modern hardware would help protect against future threats. Building on the innovations of Windows 10, we've worked with our manufacturer and silicon partners to provide additional hardware security capabilities to meet the evolving threat landscape and enable hybrid work and learning. The new set of hardware security requirements that comes with Windows 11 supports new ways of working with a foundation that is even stronger and more resilient to attacks. - -## Enhanced hardware and operating system security +### Enhanced hardware and operating system security With hardware-based isolation security that begins at the chip, Windows 11 stores sensitive data behind additional barriers separated from the operating system. As a result, information including encryption keys and user credentials are protected from unauthorized access and tampering. -In Windows 11, hardware and software work together to protect the operating system. For example, new devices come with virtualization-based security (VBS) and Secure Boot built-in and enabled by default to contain and limit malware exploits. [\[1\]](#note1) +In Windows 11, hardware and software work together to protect the operating system. For example, new devices come with virtualization-based security (VBS) and Secure Boot built-in and enabled by default to contain and limit malware exploits. -## Robust application security and privacy controls +### Robust application security and privacy controls To help keep personal and business information protected and private, Windows 11 has multiple layers of application security that safeguard critical data and code integrity. Application isolation and controls, code integrity, privacy controls, and least-privilege principles enable developers to build in security and privacy from the ground up. This integrated security protects against breaches and malware, helps keep data private, and gives IT administrators the controls they need. -In Windows 11, [Microsoft Defender Application Guard](/windows-hardware/design/device-experiences/oem-app-guard) [\[2\]](#note2) uses Hyper-V virtualization technology to isolate untrusted websites and Microsoft Office files in containers, separate from and unable to access the host operating system and enterprise data. To protect privacy, Windows 11 also provides more controls over which apps and features can collect and use data such as the device's location, or access resources like camera and microphone. +In Windows 11, [Microsoft Defender Application Guard](/windows-hardware/design/device-experiences/oem-app-guard) uses Hyper-V virtualization technology to isolate untrusted websites and Microsoft Office files in containers, separate from and unable to access the host operating system and enterprise data. To protect privacy, Windows 11 also provides more controls over which apps and features can collect and use data such as the device's location, or access resources like camera and microphone. -## Secured identities +### Secured identities -Passwords have been an important part of digital security for a long time, and they're also a top target for cybercriminals. Windows 11 provides powerful protection against credential theft with chip-level hardware security. Credentials are protected by layers of hardware and software security such as TPM 2.0, VBS, and/or Windows Defender Credential Guard, making it harder for attackers to steal credentials from a device. And with Windows Hello, users can quickly sign in with face, fingerprint, or PIN for passwordless protection. [\[3\]](#note3) +Passwords have been an important part of digital security for a long time, and they're also a top target for cybercriminals. Windows 11 provides powerful protection against credential theft with chip-level hardware security. Credentials are protected by layers of hardware and software security such as TPM 2.0, VBS, and/or Windows Defender Credential Guard, making it harder for attackers to steal credentials from a device. With Windows Hello for Business, users can quickly sign in with face, fingerprint, or PIN for passwordless protection. Windows 11 also supports FIDO2 security keys for passwordless authentication. -## Connecting to cloud services +### Connecting to cloud services -Microsoft offers comprehensive cloud services for identity, storage, and access management in addition to the tools needed to attest that Windows 11 devices connecting to your network are trustworthy. You can also enforce compliance and conditional access with a modern device management (MDM) service such as Microsoft Endpoint Manager, which works with Azure Active Directory and Microsoft Azure Attestation to control access to applications and data through the cloud. [\[4\]](#note4) +Microsoft offers comprehensive cloud services for identity, storage, and access management in addition to the tools needed to attest that Windows devices connecting to your network are trustworthy. You can also enforce compliance and conditional access with a modern device management (MDM) service such as Microsoft Intune, which works with Azure Active Directory and Microsoft Azure Attestation to control access to applications and data through the cloud. -[1] Hypervisor-protected coder integrity, which activates virtualization-based security, is enabled by default on clean installations only.\ -[2] Windows 10 Pro and above support Application Guard protection for Microsoft Edge. Microsoft Defender Application Guard for Office requires Windows 10 Enterprise, and Microsoft 365 E5 or Microsoft 365 E5 Security.\ -[3] Windows Hello supports multi-factor authentication including facial recognition, fingerprint, and PIN. Requires specialized hardware such as fingerprint reader, illuminated IT sensor or other biometric sensors and capable devices.\ -[4] Microsoft Endpoint Manager and Microsoft Azure Active Directory subscriptions sold separately.\ +## Next steps + +To learn more about the security features included in Windows 11, download the [Windows 11 Security Book: Powerful security from chip to cloud](https://aka.ms/Windows11SecurityBook). diff --git a/windows/security/introduction/security-features-edition-requirements.md b/windows/security/introduction/security-features-edition-requirements.md index 78f752d813..06c6a401ba 100644 --- a/windows/security/introduction/security-features-edition-requirements.md +++ b/windows/security/introduction/security-features-edition-requirements.md @@ -1,5 +1,5 @@ --- -title: Windows edition requirements +title: Windows security features and edition requirements description: Learn about Windows edition requirements for the feature included in Windows. ms.prod: windows-client author: paolomatarazzo @@ -8,12 +8,19 @@ manager: aaroncz ms.collection: - tier3 ms.topic: conceptual -ms.date: 04/03/2023 +ms.date: 05/04/2023 appliesto: - ✅ Windows 11 ms.technology: itpro-security --- -# Security features Windows edition requirements +# Windows security features and edition requirements -[!INCLUDE [_edition-requirements](../../../includes/licensing/_edition-requirements.md)] \ No newline at end of file +This article lists the security features that are available in Windows, and the Windows editions that support them. + +> [!NOTE] +> The **Windows edition requirements** listed in the following table may be different from the **licensing requirements**. If you're looking for licensing requirements, see [Windows security features and licensing requirements](security-features-licensing-requirements.md). + +[!INCLUDE [_edition-requirements](../../../includes/licensing/_edition-requirements.md)] + +For more information about Windows licensing, see [Windows Commercial Licensing overview](../../whats-new/windows-licensing.md). diff --git a/windows/security/introduction/security-features-licensing-requirements.md b/windows/security/introduction/security-features-licensing-requirements.md index d75b32a689..59a037f15c 100644 --- a/windows/security/introduction/security-features-licensing-requirements.md +++ b/windows/security/introduction/security-features-licensing-requirements.md @@ -1,5 +1,5 @@ --- -title: Windows security licensing requirements +title: Windows security features and licensing requirements description: Learn about Windows features and licensing requirements for the feature included in Windows. ms.prod: windows-client author: paolomatarazzo @@ -14,6 +14,14 @@ appliesto: ms.technology: itpro-security --- -# Windows security licensing requirements +# Windows security features and licensing requirements -[!INCLUDE [_licensing-requirements](../../../includes/licensing/_licensing-requirements.md)] \ No newline at end of file + +This article lists the security features that are available in Windows, and the licensing requirements to use them. + +> [!NOTE] +> The **licensing requirements** listed in the following table may be different from the **Windows edition requirements**. If you're looking for Windows edition requirements, see [Windows security features and edition requirements](security-features-edition-requirements.md). + +[!INCLUDE [_licensing-requirements](../../../includes/licensing/_licensing-requirements.md)] + +For more information about Windows licensing, see [Windows Commercial Licensing overview](../../whats-new/windows-licensing.md). From 16385a77e99fbb18ac406a2dd5fff07bd24d5c76 Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Thu, 4 May 2023 14:57:37 -0400 Subject: [PATCH 093/258] link update --- .../introduction/security-features-edition-requirements.md | 2 +- .../introduction/security-features-licensing-requirements.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/introduction/security-features-edition-requirements.md b/windows/security/introduction/security-features-edition-requirements.md index 06c6a401ba..45b71f66b6 100644 --- a/windows/security/introduction/security-features-edition-requirements.md +++ b/windows/security/introduction/security-features-edition-requirements.md @@ -23,4 +23,4 @@ This article lists the security features that are available in Windows, and the [!INCLUDE [_edition-requirements](../../../includes/licensing/_edition-requirements.md)] -For more information about Windows licensing, see [Windows Commercial Licensing overview](../../whats-new/windows-licensing.md). +For more information about Windows licensing, see [Windows Commercial Licensing overview](/windows/whats-new/windows-licensing.md). diff --git a/windows/security/introduction/security-features-licensing-requirements.md b/windows/security/introduction/security-features-licensing-requirements.md index 59a037f15c..be59b0a473 100644 --- a/windows/security/introduction/security-features-licensing-requirements.md +++ b/windows/security/introduction/security-features-licensing-requirements.md @@ -24,4 +24,4 @@ This article lists the security features that are available in Windows, and the [!INCLUDE [_licensing-requirements](../../../includes/licensing/_licensing-requirements.md)] -For more information about Windows licensing, see [Windows Commercial Licensing overview](../../whats-new/windows-licensing.md). +For more information about Windows licensing, see [Windows Commercial Licensing overview](/windows/whats-new/windows-licensing.md). From 3dd1b8cab340881fb73548d0379d701485e9e4c7 Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Thu, 4 May 2023 15:18:06 -0400 Subject: [PATCH 094/258] refreshed include files --- .../licensing/36-months-support-period.md | 22 --- includes/licensing/_edition-requirements.md | 13 -- includes/licensing/_licensing-requirements.md | 153 ++++++++---------- .../licensing/access-control-aclsscals.md | 2 +- includes/licensing/account-lockout-policy.md | 2 +- .../licensing/always-on-vpn-device-tunnel.md | 2 +- includes/licensing/applocker.md | 22 --- .../licensing/assigned-access-kiosk-mode.md | 2 +- .../licensing/attack-surface-reduction-asr.md | 2 +- ...d-azure-ad-join-with-single-sign-on-sso.md | 2 +- includes/licensing/bitlocker.md | 2 +- ...tooth-pairing-and-connection-protection.md | 2 +- .../common-criteria-certifications.md | 2 +- .../licensing/controlled-folder-access.md | 2 +- .../device-health-attestation-service.md | 2 +- ...pdate-compatibility-reports-with-intune.md | 22 --- includes/licensing/direct-access.md | 2 +- includes/licensing/email-encryption-smime.md | 2 +- includes/licensing/encrypted-hard-drive.md | 2 +- includes/licensing/endpoint-analytics.md | 22 --- ...ed-phishing-protection-with-smartscreen.md | 2 +- includes/licensing/exploit-protection.md | 2 +- ...fast-identity-online-fido2-security-key.md | 2 +- ...processing-standard-fips-140-validation.md | 2 +- includes/licensing/federated-sign-in.md | 2 +- .../hardware-enforced-stack-protection.md | 2 +- ...ypervisor-protected-code-integrity-hvci.md | 2 +- ...nel-direct-memory-access-dma-protection.md | 2 +- ...local-security-authority-lsa-protection.md | 2 +- ...-device-management-mdm-and-group-policy.md | 2 +- includes/licensing/measured-boot.md | 2 +- .../microsoft-connected-cache-mcc.md | 22 --- .../licensing/microsoft-defender-antivirus.md | 2 +- ...pplication-guard-mdag-configure-via-mdm.md | 2 +- ...terprise-mode-and-enterprise-management.md | 2 +- ...ion-guard-mdag-for-edge-standalone-mode.md | 2 +- ...ication-guard-mdag-for-microsoft-office.md | 2 +- ...nder-application-guard-mdag-public-apis.md | 2 +- .../microsoft-defender-for-endpoint.md | 2 +- .../microsoft-defender-smartscreen.md | 2 +- ...icrosoft-desktop-optimization-pack-mdop.md | 22 --- .../microsoft-pluton-security-processor.md | 2 +- .../microsoft-vulnerable-driver-blocklist.md | 2 +- .../opportunistic-wireless-encryption-owe.md | 2 +- .../organizational-messages-with-intune.md | 22 --- .../licensing/personal-data-encryption-pde.md | 2 +- includes/licensing/privacy-resource-usage.md | 2 +- .../privacy-transparency-and-controls.md | 2 +- includes/licensing/remote-wipe.md | 2 +- .../licensing/secure-boot-and-trusted-boot.md | 2 +- .../secured-core-configuration-lock.md | 2 +- includes/licensing/secured-core-pc.md | 2 +- includes/licensing/security-baselines.md | 2 +- .../server-message-block-direct-smb-direct.md | 2 +- .../server-message-block-smb-file-service.md | 2 +- includes/licensing/smart-app-control.md | 2 +- .../smart-cards-for-windows-service.md | 2 +- includes/licensing/start-menu-and-taskbar.md | 22 --- .../tamper-protection-settings-for-mde.md | 2 +- .../licensing/transport-layer-security-tls.md | 2 +- .../trusted-platform-module-tpm-20.md | 2 +- includes/licensing/universal-print.md | 2 +- .../licensing/user-account-control-uac.md | 2 +- .../licensing/virtual-private-network-vpn.md | 2 +- .../virtualization-based-security-vbs.md | 2 +- .../virtualization-rights-vda-avd-and-w365.md | 22 --- includes/licensing/wifi-security.md | 2 +- includes/licensing/windows-autopatch.md | 2 +- includes/licensing/windows-autopilot.md | 2 +- includes/licensing/windows-containers.md | 2 +- ...ndows-defender-application-control-wdac.md | 2 +- .../windows-defender-credential-guard.md | 2 +- ...indows-defender-remote-credential-guard.md | 2 +- .../windows-defender-system-guard.md | 2 +- ...eature-and-expedite-updates-with-intune.md | 22 --- includes/licensing/windows-firewall.md | 2 +- ...-business-enhanced-security-sign-in-ess.md | 2 +- .../licensing/windows-hello-for-business.md | 2 +- includes/licensing/windows-laps.md | 2 +- .../licensing/windows-presence-sensing.md | 2 +- includes/licensing/windows-sandbox.md | 2 +- ...s-security-policy-settings-and-auditing.md | 2 +- .../windows-subscription-activation.md | 22 --- ...-update-for-business-deployment-service.md | 22 --- .../licensing/windows-update-for-business.md | 22 --- 85 files changed, 140 insertions(+), 452 deletions(-) delete mode 100644 includes/licensing/36-months-support-period.md delete mode 100644 includes/licensing/applocker.md delete mode 100644 includes/licensing/device-readiness-and-update-compatibility-reports-with-intune.md delete mode 100644 includes/licensing/endpoint-analytics.md delete mode 100644 includes/licensing/microsoft-connected-cache-mcc.md delete mode 100644 includes/licensing/microsoft-desktop-optimization-pack-mdop.md delete mode 100644 includes/licensing/organizational-messages-with-intune.md delete mode 100644 includes/licensing/start-menu-and-taskbar.md delete mode 100644 includes/licensing/virtualization-rights-vda-avd-and-w365.md delete mode 100644 includes/licensing/windows-feature-and-expedite-updates-with-intune.md delete mode 100644 includes/licensing/windows-subscription-activation.md delete mode 100644 includes/licensing/windows-update-for-business-deployment-service.md delete mode 100644 includes/licensing/windows-update-for-business.md diff --git a/includes/licensing/36-months-support-period.md b/includes/licensing/36-months-support-period.md deleted file mode 100644 index 4208a1cc6c..0000000000 --- a/includes/licensing/36-months-support-period.md +++ /dev/null @@ -1,22 +0,0 @@ ---- -author: paolomatarazzo -ms.author: paoloma -ms.date: 05/04/2023 -ms.topic: include ---- - -## Windows edition and licensing requirements - -The following table lists the Windows editions that support 36 months support period: - -|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education| -|:---:|:---:|:---:|:---:| -|No|Yes|No|Yes| - -36 months support period license entitlements are granted by the following licenses: - -|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| -|:---:|:---:|:---:|:---:|:---:| -||Yes|Yes|Yes|Yes| - -For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/_edition-requirements.md b/includes/licensing/_edition-requirements.md index 2471a1b7f5..207141f3e5 100644 --- a/includes/licensing/_edition-requirements.md +++ b/includes/licensing/_edition-requirements.md @@ -7,11 +7,9 @@ ms.topic: include | Feature name | Windows Pro | Windows Enterprise | Windows Pro Education/SE | Windows Education | |:---|:---:|:---:|:---:|:---:| -|**[36 months support period](/lifecycle/products/windows-11-enterprise-and-education)**|❌|Yes|❌|Yes| |**[Access Control (ACLs/SCALS)](/windows/security/identity-protection/access-control/access-control)**|Yes|Yes|Yes|Yes| |**[Account Lockout Policy](/windows/security/threat-protection/security-policy-settings/account-lockout-policy)**|Yes|Yes|Yes|Yes| |**[Always On VPN (device tunnel)](/windows-server/remote/remote-access/vpn/always-on-vpn/)**|❌|Yes|❌|Yes| -|**[AppLocker](/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview)**|Yes|Yes|Yes|Yes| |**[Assigned Access (kiosk mode)](/windows/configuration/kiosk-methods)**|Yes|Yes|Yes|Yes| |**[Attack surface reduction (ASR)](/microsoft-365/security/defender-endpoint/overview-attack-surface-reduction)**|Yes|Yes|Yes|Yes| |**[Azure AD join, Active Directory domain join, and Hybrid Azure AD join with single sign-on (SSO)](/azure/active-directory/devices/concept-azure-ad-join)**|Yes|Yes|Yes|Yes| @@ -20,11 +18,9 @@ ms.topic: include |**[Common Criteria certifications](/windows/security/threat-protection/windows-platform-common-criteria)**|Yes|Yes|Yes|Yes| |**[Controlled folder access](/microsoft-365/security/defender-endpoint/controlled-folders)**|Yes|Yes|Yes|Yes| |**[Device health attestation service](/windows/security/threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices)**|Yes|Yes|Yes|Yes| -|**[Device readiness and update compatibility reports with Intune](/mem/intune/protect/windows-update-compatibility-reports)**|Yes|Yes|Yes|Yes| |**[Direct Access](/windows-server/remote/remote-access/directaccess/directaccess)**|❌|Yes|❌|Yes| |**[Email Encryption (S/MIME)](/windows/security/identity-protection/configure-s-mime)**|Yes|Yes|Yes|Yes| |**[Encrypted hard drive](/windows/security/information-protection/encrypted-hard-drive)**|Yes|Yes|Yes|Yes| -|**[Endpoint Analytics](/mem/analytics/overview)**|Yes|Yes|Yes|Yes| |**[Enhanced phishing protection with SmartScreen](/windows/security/threat-protection/microsoft-defender-smartscreen/phishing-protection-microsoft-defender-smartscreen)**|Yes|Yes|Yes|Yes| |**[Exploit protection](/microsoft-365/security/defender-endpoint/exploit-protection)**|Yes|Yes|Yes|Yes| |**[Fast Identity Online (FIDO2) security key](/azure/active-directory/authentication/howto-authentication-passwordless-security-key)**|Yes|Yes|Yes|Yes| @@ -36,7 +32,6 @@ ms.topic: include |**Local Security Authority (LSA) Protection**|Yes|Yes|Yes|Yes| |**[Manage by Mobile Device Management (MDM) and group policy](/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines)**|Yes|Yes|Yes|Yes| |**[Measured boot](/windows/compatibility/measured-boot)**|Yes|Yes|Yes|Yes| -|**[Microsoft Connected Cache (MCC)](/windows/deployment/do/mcc-enterprise-prerequisites)**|❌|❌|❌|❌| |**[Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows)**|Yes|Yes|Yes|Yes| |**[Microsoft Defender Application Guard (MDAG) configure via MDM](/windows/client-management/mdm/windowsdefenderapplicationguard-csp)**|❌|Yes|❌|Yes| |**[Microsoft Defender Application Guard (MDAG) for Edge enterprise mode and enterprise management](/deployedge/microsoft-edge-security-windows-defender-application-guard)**|❌|Yes|❌|Yes| @@ -45,11 +40,9 @@ ms.topic: include |**Microsoft Defender Application Guard (MDAG) public APIs**|❌|Yes|❌|Yes| |**[Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint)**|Yes|Yes|Yes|Yes| |**[Microsoft Defender SmartScreen](/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview)**|Yes|Yes|Yes|Yes| -|**[Microsoft Desktop Optimization Pack (MDOP)](/microsoft-desktop-optimization-pack)**|Yes|Yes|Yes|Yes| |**[Microsoft Pluton security processor](/windows/security/information-protection/pluton/microsoft-pluton-security-processor)**|Yes|Yes|Yes|Yes| |**[Microsoft Vulnerable Driver Blocklist](/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules)**|Yes|Yes|Yes|Yes| |**Opportunistic Wireless Encryption (OWE)**|Yes|Yes|Yes|Yes| -|**[Organizational messages with Intune](/mem/intune/remote-actions/organizational-messages-overview)**|❌|Yes|❌|Yes| |**[Personal data encryption (PDE)](/windows/security/information-protection/personal-data-encryption/overview-pde)**|❌|Yes|❌|Yes| |**Privacy Resource Usage**|Yes|Yes|Yes|Yes| |**Privacy Transparency and Controls**|Yes|Yes|Yes|Yes| @@ -62,14 +55,12 @@ ms.topic: include |**[Server Message Block Direct (SMB Direct)](/windows-server/storage/file-server/smb-direct)**|Yes|Yes|Yes|Yes| |**[Smart App Control](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control)**|Yes|Yes|Yes|Yes| |**[Smart Cards for Windows Service](/windows/security/identity-protection/smart-cards/smart-card-smart-cards-for-windows-service)**|Yes|Yes|Yes|Yes| -|**Start menu and taskbar**|Yes|Yes|Yes|Yes| |**[Tamper protection settings for MDE](/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection)**|Yes|Yes|Yes|Yes| |**[Transport layer security (TLS)](/windows-server/security/tls/tls-ssl-schannel-ssp-overview)**|Yes|Yes|Yes|Yes| |**[Trusted Platform Module (TPM) 2.0](/windows/security/information-protection/tpm/trusted-platform-module-overview)**|Yes|Yes|Yes|Yes| |**[Universal Print](/universal-print/)**|Yes|Yes|Yes|Yes| |**[User Account Control (UAC)](/windows/security/identity-protection/user-account-control/user-account-control-overview)**|Yes|Yes|Yes|Yes| |**[Virtual Private Network (VPN)](/windows/security/identity-protection/vpn/vpn-guide)**|Yes|Yes|Yes|Yes| -|**[Virtualization rights (VDA, AVD and W365)](/azure/virtual-desktop/prerequisites%23operating-systems-and-licenses)**|❌|Yes|❌|Yes| |**[Virtualization-based security (VBS)](/windows-hardware/design/device-experiences/oem-vbs)**|Yes|Yes|Yes|Yes| |**[WiFi Security](https://support.microsoft.com/windows/faster-and-more-secure-wi-fi-in-windows-26177a28-38ed-1a8e-7eca-66f24dc63f09)**|Yes|Yes|Yes|Yes| |**[Windows Autopatch](/windows/deployment/windows-autopatch/)**|❌|Yes|❌|Yes| @@ -79,7 +70,6 @@ ms.topic: include |**[Windows Defender Credential Guard](/windows/security/identity-protection/credential-guard/credential-guard)**|❌|Yes|❌|Yes| |**[Windows Defender Remote Credential Guard](/windows/security/identity-protection/remote-credential-guard)**|Yes|Yes|Yes|Yes| |**[Windows Defender System Guard](/windows/security/threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows)**|Yes|Yes|Yes|Yes| -|**[Windows feature and expedite updates with Intune](/mem/intune/protect/windows-10-feature-updates)**|Yes|Yes|Yes|Yes| |**[Windows Firewall](/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security)**|Yes|Yes|Yes|Yes| |**[Windows Hello for Business](/windows/security/identity-protection/hello-for-business)**|Yes|Yes|Yes|Yes| |**[Windows Hello for Business Enhanced Security Sign-in (ESS)](/windows-hardware/design/device-experiences/windows-hello-enhanced-sign-in-security)**|Yes|Yes|Yes|Yes| @@ -87,6 +77,3 @@ ms.topic: include |**[Windows presence sensing](https://support.microsoft.com/windows/wake-your-windows-11-pc-when-you-approach-82285c93-440c-4e15-9081-c9e38c1290bb)**|Yes|Yes|Yes|Yes| |**[Windows Sandbox](/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview)**|Yes|Yes|Yes|Yes| |**[Windows Security policy settings and auditing](/windows/security/threat-protection/security-policy-settings/security-policy-settings)**|Yes|Yes|Yes|Yes| -|**[Windows subscription activation](/windows/deployment/windows-10-subscription-activation)**|Yes|Yes|Yes|Yes| -|**[Windows Update for Business](/windows/deployment/update/waas-manage-updates-wufb)**|Yes|Yes|Yes|Yes| -|**[Windows Update for Business deployment service](/windows/deployment/update/deployment-service-overview)**|Yes|Yes|Yes|Yes| diff --git a/includes/licensing/_licensing-requirements.md b/includes/licensing/_licensing-requirements.md index 6035077e87..a27829cbab 100644 --- a/includes/licensing/_licensing-requirements.md +++ b/includes/licensing/_licensing-requirements.md @@ -7,86 +7,73 @@ ms.topic: include |Feature name|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---|:---:|:---:|:---:|:---:|:---:| -|**[36 months support period](/lifecycle/products/windows-11-enterprise-and-education)**||Yes|Yes|Yes|Yes| -|**[Access Control (ACLs/SCALS)](/windows/security/identity-protection/access-control/access-control)**||Yes|Yes|Yes|Yes| -|**[Account Lockout Policy](/windows/security/threat-protection/security-policy-settings/account-lockout-policy)**||Yes|Yes|Yes|Yes| -|**[Always On VPN (device tunnel)](/windows-server/remote/remote-access/vpn/always-on-vpn/)**||Yes|Yes|Yes|Yes| -|**[AppLocker](/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview)**||Yes|Yes|Yes|Yes| -|**[Assigned Access (kiosk mode)](/windows/configuration/kiosk-methods)**||Yes|Yes|Yes|Yes| -|**[Attack surface reduction (ASR)](/microsoft-365/security/defender-endpoint/overview-attack-surface-reduction)**||Yes|Yes|Yes|Yes| -|**[Azure AD join, Active Directory domain join, and Hybrid Azure AD join with single sign-on (SSO)](/azure/active-directory/devices/concept-azure-ad-join)**||Yes|Yes|Yes|Yes| -|**[BitLocker](/windows/security/information-protection/bitlocker/bitlocker-overview)**||Yes|Yes|Yes|Yes| -|**Bluetooth pairing and connection protection**||Yes|Yes|Yes|Yes| -|**[Common Criteria certifications](/windows/security/threat-protection/windows-platform-common-criteria)**||Yes|Yes|Yes|Yes| -|**[Controlled folder access](/microsoft-365/security/defender-endpoint/controlled-folders)**||Yes|Yes|Yes|Yes| -|**[Device health attestation service](/windows/security/threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices)**||Yes|Yes|Yes|Yes| -|**[Device readiness and update compatibility reports with Intune](/mem/intune/protect/windows-update-compatibility-reports)**||Yes|Yes|Yes|Yes| -|**[Direct Access](/windows-server/remote/remote-access/directaccess/directaccess)**||Yes|Yes|Yes|Yes| -|**[Email Encryption (S/MIME)](/windows/security/identity-protection/configure-s-mime)**||Yes|Yes|Yes|Yes| -|**[Encrypted hard drive](/windows/security/information-protection/encrypted-hard-drive)**||Yes|Yes|Yes|Yes| -|**[Endpoint Analytics](/mem/analytics/overview)**||Yes|Yes|Yes|Yes| -|**[Enhanced phishing protection with SmartScreen](/windows/security/threat-protection/microsoft-defender-smartscreen/phishing-protection-microsoft-defender-smartscreen)**||Yes|Yes|Yes|Yes| -|**[Exploit protection](/microsoft-365/security/defender-endpoint/exploit-protection)**||Yes|Yes|Yes|Yes| -|**[Fast Identity Online (FIDO2) security key](/azure/active-directory/authentication/howto-authentication-passwordless-security-key)**||Yes|Yes|Yes|Yes| -|**[Federal Information Processing Standard (FIPS) 140 validation](/windows/security/threat-protection/fips-140-validation)**||Yes|Yes|Yes|Yes| -|**[Federated sign-in](/education/windows/federated-sign-in)**||❌|❌|Yes|Yes| -|**[Hardware-enforced stack protection](https://techcommunity.microsoft.com/t5/windows-os-platform-blog/understanding-hardware-enforced-stack-protection/ba-p/1247815)**||Yes|Yes|Yes|Yes| -|**[Hypervisor-protected Code Integrity (HVCI)](/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity)**||Yes|Yes|Yes|Yes| -|**[Kernel Direct Memory Access (DMA) protection](/windows/security/information-protection/kernel-dma-protection-for-thunderbolt)**||Yes|Yes|Yes|Yes| -|**Local Security Authority (LSA) Protection**||Yes|Yes|Yes|Yes| -|**[Manage by Mobile Device Management (MDM) and group policy](/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines)**||Yes|Yes|Yes|Yes| -|**[Measured boot](/windows/compatibility/measured-boot)**||Yes|Yes|Yes|Yes| -|**[Microsoft Connected Cache (MCC)](/windows/deployment/do/mcc-enterprise-prerequisites)**||❌|❌|❌|❌| -|**[Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows)**||Yes|Yes|Yes|Yes| -|**[Microsoft Defender Application Guard (MDAG) configure via MDM](/windows/client-management/mdm/windowsdefenderapplicationguard-csp)**||Yes|Yes|Yes|Yes| -|**[Microsoft Defender Application Guard (MDAG) for Edge enterprise mode and enterprise management](/deployedge/microsoft-edge-security-windows-defender-application-guard)**||Yes|Yes|Yes|Yes| -|**[Microsoft Defender Application Guard (MDAG) for Edge standalone mode](/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview)**||Yes|Yes|Yes|Yes| -|**[Microsoft Defender Application Guard (MDAG) for Microsoft Office](https://support.microsoft.com/office/application-guard-for-office-9e0fb9c2-ffad-43bf-8ba3-78f785fdba46)**||❌|❌|❌|❌| -|**Microsoft Defender Application Guard (MDAG) public APIs**||Yes|Yes|Yes|Yes| -|**[Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint)**||❌|Yes|❌|Yes| -|**[Microsoft Defender SmartScreen](/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview)**||Yes|Yes|Yes|Yes| -|**[Microsoft Desktop Optimization Pack (MDOP)](/microsoft-desktop-optimization-pack)**||Yes|Yes|Yes|Yes| -|**[Microsoft Pluton security processor](/windows/security/information-protection/pluton/microsoft-pluton-security-processor)**||Yes|Yes|Yes|Yes| -|**[Microsoft Vulnerable Driver Blocklist](/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules)**||Yes|Yes|Yes|Yes| -|**Opportunistic Wireless Encryption (OWE)**||Yes|Yes|Yes|Yes| -|**[Organizational messages with Intune](/mem/intune/remote-actions/organizational-messages-overview)**||Yes|Yes|Yes|Yes| -|**[Personal data encryption (PDE)](/windows/security/information-protection/personal-data-encryption/overview-pde)**||Yes|Yes|Yes|Yes| -|**Privacy Resource Usage**||Yes|Yes|Yes|Yes| -|**Privacy Transparency and Controls**||Yes|Yes|Yes|Yes| -|**[Remote wipe](/windows/client-management/mdm/remotewipe-csp)**||Yes|Yes|Yes|Yes| -|**[Secure Boot and Trusted Boot](/windows/security/trusted-boot)**||Yes|Yes|Yes|Yes| -|**[Secured-core configuration lock](/windows/client-management/config-lock)**||Yes|Yes|Yes|Yes| -|**[Secured-core PC](/windows-hardware/design/device-experiences/oem-highly-secure-11)**||Yes|Yes|Yes|Yes| -|**[Security baselines](/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines)**||Yes|Yes|Yes|Yes| -|**[Server Message Block (SMB) file service](/windows-server/storage/file-server/file-server-smb-overview)**||Yes|Yes|Yes|Yes| -|**[Server Message Block Direct (SMB Direct)](/windows-server/storage/file-server/smb-direct)**||Yes|Yes|Yes|Yes| -|**[Smart App Control](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control)**||Yes|Yes|Yes|Yes| -|**[Smart Cards for Windows Service](/windows/security/identity-protection/smart-cards/smart-card-smart-cards-for-windows-service)**||Yes|Yes|Yes|Yes| -|**Start menu and taskbar**||Yes|Yes|Yes|Yes| -|**[Tamper protection settings for MDE](/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection)**||Yes|Yes|Yes|Yes| -|**[Transport layer security (TLS)](/windows-server/security/tls/tls-ssl-schannel-ssp-overview)**||Yes|Yes|Yes|Yes| -|**[Trusted Platform Module (TPM) 2.0](/windows/security/information-protection/tpm/trusted-platform-module-overview)**||Yes|Yes|Yes|Yes| -|**[Universal Print](/universal-print/)**||Yes|Yes|Yes|Yes| -|**[User Account Control (UAC)](/windows/security/identity-protection/user-account-control/user-account-control-overview)**||Yes|Yes|Yes|Yes| -|**[Virtual Private Network (VPN)](/windows/security/identity-protection/vpn/vpn-guide)**||Yes|Yes|Yes|Yes| -|**[Virtualization rights (VDA, AVD and W365)](/azure/virtual-desktop/prerequisites%23operating-systems-and-licenses)**||Yes|Yes|Yes|Yes| -|**[Virtualization-based security (VBS)](/windows-hardware/design/device-experiences/oem-vbs)**||Yes|Yes|Yes|Yes| -|**[WiFi Security](https://support.microsoft.com/windows/faster-and-more-secure-wi-fi-in-windows-26177a28-38ed-1a8e-7eca-66f24dc63f09)**||Yes|Yes|Yes|Yes| -|**[Windows Autopatch](/windows/deployment/windows-autopatch/)**||Yes|Yes|❌|❌| -|**[Windows Autopilot](/windows/deployment/windows-autopilot)**||Yes|Yes|Yes|Yes| -|**[Windows containers](/virtualization/windowscontainers/about/)**||Yes|Yes|Yes|Yes| -|**[Windows Defender Application Control (WDAC)](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control)**||Yes|Yes|Yes|Yes| -|**[Windows Defender Credential Guard](/windows/security/identity-protection/credential-guard/credential-guard)**||Yes|Yes|Yes|Yes| -|**[Windows Defender Remote Credential Guard](/windows/security/identity-protection/remote-credential-guard)**||Yes|Yes|Yes|Yes| -|**[Windows Defender System Guard](/windows/security/threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows)**||Yes|Yes|Yes|Yes| -|**[Windows feature and expedite updates with Intune](/mem/intune/protect/windows-10-feature-updates)**||Yes|Yes|Yes|Yes| -|**[Windows Firewall](/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security)**||Yes|Yes|Yes|Yes| -|**[Windows Hello for Business](/windows/security/identity-protection/hello-for-business)**||Yes|Yes|Yes|Yes| -|**[Windows Hello for Business Enhanced Security Sign-in (ESS)](/windows-hardware/design/device-experiences/windows-hello-enhanced-sign-in-security)**||Yes|Yes|Yes|Yes| -|**[Windows LAPS](/windows-server/identity/laps/laps-overview)**||Yes|Yes|Yes|Yes| -|**[Windows presence sensing](https://support.microsoft.com/windows/wake-your-windows-11-pc-when-you-approach-82285c93-440c-4e15-9081-c9e38c1290bb)**||Yes|Yes|Yes|Yes| -|**[Windows Sandbox](/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview)**||Yes|Yes|Yes|Yes| -|**[Windows Security policy settings and auditing](/windows/security/threat-protection/security-policy-settings/security-policy-settings)**||Yes|Yes|Yes|Yes| -|**[Windows subscription activation](/windows/deployment/windows-10-subscription-activation)**||Yes|Yes|Yes|Yes| -|**[Windows Update for Business](/windows/deployment/update/waas-manage-updates-wufb)**||Yes|Yes|Yes|Yes| -|**[Windows Update for Business deployment service](/windows/deployment/update/deployment-service-overview)**||Yes|Yes|Yes|Yes| +|**[Access Control (ACLs/SCALS)](/windows/security/identity-protection/access-control/access-control)**|Yes|Yes|Yes|Yes|Yes| +|**[Account Lockout Policy](/windows/security/threat-protection/security-policy-settings/account-lockout-policy)**|Yes|Yes|Yes|Yes|Yes| +|**[Always On VPN (device tunnel)](/windows-server/remote/remote-access/vpn/always-on-vpn/)**|❌|Yes|Yes|Yes|Yes| +|**[Assigned Access (kiosk mode)](/windows/configuration/kiosk-methods)**|Yes|Yes|Yes|Yes|Yes| +|**[Attack surface reduction (ASR)](/microsoft-365/security/defender-endpoint/overview-attack-surface-reduction)**|Yes|Yes|Yes|Yes|Yes| +|**[Azure AD join, Active Directory domain join, and Hybrid Azure AD join with single sign-on (SSO)](/azure/active-directory/devices/concept-azure-ad-join)**|Yes|Yes|Yes|Yes|Yes| +|**[BitLocker](/windows/security/information-protection/bitlocker/bitlocker-overview)**|Yes|Yes|Yes|Yes|Yes| +|**Bluetooth pairing and connection protection**|Yes|Yes|Yes|Yes|Yes| +|**[Common Criteria certifications](/windows/security/threat-protection/windows-platform-common-criteria)**|Yes|Yes|Yes|Yes|Yes| +|**[Controlled folder access](/microsoft-365/security/defender-endpoint/controlled-folders)**|Yes|Yes|Yes|Yes|Yes| +|**[Device health attestation service](/windows/security/threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices)**|Yes|Yes|Yes|Yes|Yes| +|**[Direct Access](/windows-server/remote/remote-access/directaccess/directaccess)**|❌|Yes|Yes|Yes|Yes| +|**[Email Encryption (S/MIME)](/windows/security/identity-protection/configure-s-mime)**|Yes|Yes|Yes|Yes|Yes| +|**[Encrypted hard drive](/windows/security/information-protection/encrypted-hard-drive)**|Yes|Yes|Yes|Yes|Yes| +|**[Enhanced phishing protection with SmartScreen](/windows/security/threat-protection/microsoft-defender-smartscreen/phishing-protection-microsoft-defender-smartscreen)**|Yes|Yes|Yes|Yes|Yes| +|**[Exploit protection](/microsoft-365/security/defender-endpoint/exploit-protection)**|Yes|Yes|Yes|Yes|Yes| +|**[Fast Identity Online (FIDO2) security key](/azure/active-directory/authentication/howto-authentication-passwordless-security-key)**|Yes|Yes|Yes|Yes|Yes| +|**[Federal Information Processing Standard (FIPS) 140 validation](/windows/security/threat-protection/fips-140-validation)**|Yes|Yes|Yes|Yes|Yes| +|**[Federated sign-in](/education/windows/federated-sign-in)**|❌|❌|❌|Yes|Yes| +|**[Hardware-enforced stack protection](https://techcommunity.microsoft.com/t5/windows-os-platform-blog/understanding-hardware-enforced-stack-protection/ba-p/1247815)**|Yes|Yes|Yes|Yes|Yes| +|**[Hypervisor-protected Code Integrity (HVCI)](/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity)**|Yes|Yes|Yes|Yes|Yes| +|**[Kernel Direct Memory Access (DMA) protection](/windows/security/information-protection/kernel-dma-protection-for-thunderbolt)**|Yes|Yes|Yes|Yes|Yes| +|**Local Security Authority (LSA) Protection**|Yes|Yes|Yes|Yes|Yes| +|**[Manage by Mobile Device Management (MDM) and group policy](/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines)**|Yes|Yes|Yes|Yes|Yes| +|**[Measured boot](/windows/compatibility/measured-boot)**|Yes|Yes|Yes|Yes|Yes| +|**[Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows)**|Yes|Yes|Yes|Yes|Yes| +|**[Microsoft Defender Application Guard (MDAG) configure via MDM](/windows/client-management/mdm/windowsdefenderapplicationguard-csp)**|❌|Yes|Yes|Yes|Yes| +|**[Microsoft Defender Application Guard (MDAG) for Edge enterprise mode and enterprise management](/deployedge/microsoft-edge-security-windows-defender-application-guard)**|❌|Yes|Yes|Yes|Yes| +|**[Microsoft Defender Application Guard (MDAG) for Edge standalone mode](/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview)**|Yes|Yes|Yes|Yes|Yes| +|**[Microsoft Defender Application Guard (MDAG) for Microsoft Office](https://support.microsoft.com/office/application-guard-for-office-9e0fb9c2-ffad-43bf-8ba3-78f785fdba46)**|❌|❌|❌|❌|❌| +|**Microsoft Defender Application Guard (MDAG) public APIs**|❌|Yes|Yes|Yes|Yes| +|**[Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint)**|❌|❌|Yes|❌|Yes| +|**[Microsoft Defender SmartScreen](/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview)**|Yes|Yes|Yes|Yes|Yes| +|**[Microsoft Pluton security processor](/windows/security/information-protection/pluton/microsoft-pluton-security-processor)**|Yes|Yes|Yes|Yes|Yes| +|**[Microsoft Vulnerable Driver Blocklist](/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules)**|Yes|Yes|Yes|Yes|Yes| +|**Opportunistic Wireless Encryption (OWE)**|Yes|Yes|Yes|Yes|Yes| +|**[Personal data encryption (PDE)](/windows/security/information-protection/personal-data-encryption/overview-pde)**|❌|Yes|Yes|Yes|Yes| +|**Privacy Resource Usage**|Yes|Yes|Yes|Yes|Yes| +|**Privacy Transparency and Controls**|Yes|Yes|Yes|Yes|Yes| +|**[Remote wipe](/windows/client-management/mdm/remotewipe-csp)**|Yes|Yes|Yes|Yes|Yes| +|**[Secure Boot and Trusted Boot](/windows/security/trusted-boot)**|Yes|Yes|Yes|Yes|Yes| +|**[Secured-core configuration lock](/windows/client-management/config-lock)**|Yes|Yes|Yes|Yes|Yes| +|**[Secured-core PC](/windows-hardware/design/device-experiences/oem-highly-secure-11)**|Yes|Yes|Yes|Yes|Yes| +|**[Security baselines](/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines)**|Yes|Yes|Yes|Yes|Yes| +|**[Server Message Block (SMB) file service](/windows-server/storage/file-server/file-server-smb-overview)**|Yes|Yes|Yes|Yes|Yes| +|**[Server Message Block Direct (SMB Direct)](/windows-server/storage/file-server/smb-direct)**|Yes|Yes|Yes|Yes|Yes| +|**[Smart App Control](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control)**|Yes|Yes|Yes|Yes|Yes| +|**[Smart Cards for Windows Service](/windows/security/identity-protection/smart-cards/smart-card-smart-cards-for-windows-service)**|Yes|Yes|Yes|Yes|Yes| +|**[Tamper protection settings for MDE](/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection)**|Yes|Yes|Yes|Yes|Yes| +|**[Transport layer security (TLS)](/windows-server/security/tls/tls-ssl-schannel-ssp-overview)**|Yes|Yes|Yes|Yes|Yes| +|**[Trusted Platform Module (TPM) 2.0](/windows/security/information-protection/tpm/trusted-platform-module-overview)**|Yes|Yes|Yes|Yes|Yes| +|**[Universal Print](/universal-print/)**|❌|Yes|Yes|Yes|Yes| +|**[User Account Control (UAC)](/windows/security/identity-protection/user-account-control/user-account-control-overview)**|Yes|Yes|Yes|Yes|Yes| +|**[Virtual Private Network (VPN)](/windows/security/identity-protection/vpn/vpn-guide)**|Yes|Yes|Yes|Yes|Yes| +|**[Virtualization-based security (VBS)](/windows-hardware/design/device-experiences/oem-vbs)**|Yes|Yes|Yes|Yes|Yes| +|**[WiFi Security](https://support.microsoft.com/windows/faster-and-more-secure-wi-fi-in-windows-26177a28-38ed-1a8e-7eca-66f24dc63f09)**|Yes|Yes|Yes|Yes|Yes| +|**[Windows Autopatch](/windows/deployment/windows-autopatch/)**|❌|Yes|Yes|❌|❌| +|**[Windows Autopilot](/windows/deployment/windows-autopilot)**|Yes|Yes|Yes|Yes|Yes| +|**[Windows containers](/virtualization/windowscontainers/about/)**|Yes|Yes|Yes|Yes|Yes| +|**[Windows Defender Application Control (WDAC)](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control)**|Yes|Yes|Yes|Yes|Yes| +|**[Windows Defender Credential Guard](/windows/security/identity-protection/credential-guard/credential-guard)**|❌|Yes|Yes|Yes|Yes| +|**[Windows Defender Remote Credential Guard](/windows/security/identity-protection/remote-credential-guard)**|Yes|Yes|Yes|Yes|Yes| +|**[Windows Defender System Guard](/windows/security/threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows)**|Yes|Yes|Yes|Yes|Yes| +|**[Windows Firewall](/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security)**|Yes|Yes|Yes|Yes|Yes| +|**[Windows Hello for Business](/windows/security/identity-protection/hello-for-business)**|Yes|Yes|Yes|Yes|Yes| +|**[Windows Hello for Business Enhanced Security Sign-in (ESS)](/windows-hardware/design/device-experiences/windows-hello-enhanced-sign-in-security)**|Yes|Yes|Yes|Yes|Yes| +|**[Windows LAPS](/windows-server/identity/laps/laps-overview)**|Yes|Yes|Yes|Yes|Yes| +|**[Windows presence sensing](https://support.microsoft.com/windows/wake-your-windows-11-pc-when-you-approach-82285c93-440c-4e15-9081-c9e38c1290bb)**|Yes|Yes|Yes|Yes|Yes| +|**[Windows Sandbox](/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview)**|Yes|Yes|Yes|Yes|Yes| +|**[Windows Security policy settings and auditing](/windows/security/threat-protection/security-policy-settings/security-policy-settings)**|Yes|Yes|Yes|Yes|Yes| diff --git a/includes/licensing/access-control-aclsscals.md b/includes/licensing/access-control-aclsscals.md index f339bd84c4..74b2f49090 100644 --- a/includes/licensing/access-control-aclsscals.md +++ b/includes/licensing/access-control-aclsscals.md @@ -17,6 +17,6 @@ Access Control (ACLs/SCALS) license entitlements are granted by the following li |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -||Yes|Yes|Yes|Yes| +|Yes|Yes|Yes|Yes|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/account-lockout-policy.md b/includes/licensing/account-lockout-policy.md index c7bb6241a7..f73aa4228c 100644 --- a/includes/licensing/account-lockout-policy.md +++ b/includes/licensing/account-lockout-policy.md @@ -17,6 +17,6 @@ Account Lockout Policy license entitlements are granted by the following license |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -||Yes|Yes|Yes|Yes| +|Yes|Yes|Yes|Yes|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/always-on-vpn-device-tunnel.md b/includes/licensing/always-on-vpn-device-tunnel.md index a379e7ad79..74b2333a3d 100644 --- a/includes/licensing/always-on-vpn-device-tunnel.md +++ b/includes/licensing/always-on-vpn-device-tunnel.md @@ -17,6 +17,6 @@ Always On VPN (device tunnel) license entitlements are granted by the following |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -||Yes|Yes|Yes|Yes| +|No|Yes|Yes|Yes|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/applocker.md b/includes/licensing/applocker.md deleted file mode 100644 index 69bd446158..0000000000 --- a/includes/licensing/applocker.md +++ /dev/null @@ -1,22 +0,0 @@ ---- -author: paolomatarazzo -ms.author: paoloma -ms.date: 05/04/2023 -ms.topic: include ---- - -## Windows edition and licensing requirements - -The following table lists the Windows editions that support AppLocker: - -|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education| -|:---:|:---:|:---:|:---:| -|Yes|Yes|Yes|Yes| - -AppLocker license entitlements are granted by the following licenses: - -|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| -|:---:|:---:|:---:|:---:|:---:| -||Yes|Yes|Yes|Yes| - -For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/assigned-access-kiosk-mode.md b/includes/licensing/assigned-access-kiosk-mode.md index aba7ff37fe..a2f4b745bb 100644 --- a/includes/licensing/assigned-access-kiosk-mode.md +++ b/includes/licensing/assigned-access-kiosk-mode.md @@ -17,6 +17,6 @@ Assigned Access (kiosk mode) license entitlements are granted by the following l |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -||Yes|Yes|Yes|Yes| +|Yes|Yes|Yes|Yes|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/attack-surface-reduction-asr.md b/includes/licensing/attack-surface-reduction-asr.md index f3213322c4..666af08c54 100644 --- a/includes/licensing/attack-surface-reduction-asr.md +++ b/includes/licensing/attack-surface-reduction-asr.md @@ -17,6 +17,6 @@ Attack surface reduction (ASR) license entitlements are granted by the following |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -||Yes|Yes|Yes|Yes| +|Yes|Yes|Yes|Yes|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/azure-ad-join-active-directory-domain-join-and-hybrid-azure-ad-join-with-single-sign-on-sso.md b/includes/licensing/azure-ad-join-active-directory-domain-join-and-hybrid-azure-ad-join-with-single-sign-on-sso.md index f2d9aa6ebf..b093cd8faa 100644 --- a/includes/licensing/azure-ad-join-active-directory-domain-join-and-hybrid-azure-ad-join-with-single-sign-on-sso.md +++ b/includes/licensing/azure-ad-join-active-directory-domain-join-and-hybrid-azure-ad-join-with-single-sign-on-sso.md @@ -17,6 +17,6 @@ Azure AD join, Active Directory domain join, and Hybrid Azure AD join with singl |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -||Yes|Yes|Yes|Yes| +|Yes|Yes|Yes|Yes|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/bitlocker.md b/includes/licensing/bitlocker.md index cc4b2e43bf..cf1f80b079 100644 --- a/includes/licensing/bitlocker.md +++ b/includes/licensing/bitlocker.md @@ -17,6 +17,6 @@ BitLocker license entitlements are granted by the following licenses: |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -||Yes|Yes|Yes|Yes| +|Yes|Yes|Yes|Yes|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/bluetooth-pairing-and-connection-protection.md b/includes/licensing/bluetooth-pairing-and-connection-protection.md index 34d7ec09fb..494fee6609 100644 --- a/includes/licensing/bluetooth-pairing-and-connection-protection.md +++ b/includes/licensing/bluetooth-pairing-and-connection-protection.md @@ -17,6 +17,6 @@ Bluetooth pairing and connection protection license entitlements are granted by |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -||Yes|Yes|Yes|Yes| +|Yes|Yes|Yes|Yes|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/common-criteria-certifications.md b/includes/licensing/common-criteria-certifications.md index 024213280f..dbb9d1669a 100644 --- a/includes/licensing/common-criteria-certifications.md +++ b/includes/licensing/common-criteria-certifications.md @@ -17,6 +17,6 @@ Common Criteria certifications license entitlements are granted by the following |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -||Yes|Yes|Yes|Yes| +|Yes|Yes|Yes|Yes|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/controlled-folder-access.md b/includes/licensing/controlled-folder-access.md index 8897700279..855d0cf28f 100644 --- a/includes/licensing/controlled-folder-access.md +++ b/includes/licensing/controlled-folder-access.md @@ -17,6 +17,6 @@ Controlled folder access license entitlements are granted by the following licen |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -||Yes|Yes|Yes|Yes| +|Yes|Yes|Yes|Yes|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/device-health-attestation-service.md b/includes/licensing/device-health-attestation-service.md index 4eeedc00df..f8fdb1e381 100644 --- a/includes/licensing/device-health-attestation-service.md +++ b/includes/licensing/device-health-attestation-service.md @@ -17,6 +17,6 @@ Device health attestation service license entitlements are granted by the follow |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -||Yes|Yes|Yes|Yes| +|Yes|Yes|Yes|Yes|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/device-readiness-and-update-compatibility-reports-with-intune.md b/includes/licensing/device-readiness-and-update-compatibility-reports-with-intune.md deleted file mode 100644 index 83dad5c4f9..0000000000 --- a/includes/licensing/device-readiness-and-update-compatibility-reports-with-intune.md +++ /dev/null @@ -1,22 +0,0 @@ ---- -author: paolomatarazzo -ms.author: paoloma -ms.date: 05/04/2023 -ms.topic: include ---- - -## Windows edition and licensing requirements - -The following table lists the Windows editions that support Device readiness and update compatibility reports with Intune: - -|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education| -|:---:|:---:|:---:|:---:| -|Yes|Yes|Yes|Yes| - -Device readiness and update compatibility reports with Intune license entitlements are granted by the following licenses: - -|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| -|:---:|:---:|:---:|:---:|:---:| -||Yes|Yes|Yes|Yes| - -For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/direct-access.md b/includes/licensing/direct-access.md index bd55346388..f1b2da9ef5 100644 --- a/includes/licensing/direct-access.md +++ b/includes/licensing/direct-access.md @@ -17,6 +17,6 @@ Direct Access license entitlements are granted by the following licenses: |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -||Yes|Yes|Yes|Yes| +|No|Yes|Yes|Yes|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/email-encryption-smime.md b/includes/licensing/email-encryption-smime.md index dc22baf095..07e14851b2 100644 --- a/includes/licensing/email-encryption-smime.md +++ b/includes/licensing/email-encryption-smime.md @@ -17,6 +17,6 @@ Email Encryption (S/MIME) license entitlements are granted by the following lice |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -||Yes|Yes|Yes|Yes| +|Yes|Yes|Yes|Yes|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/encrypted-hard-drive.md b/includes/licensing/encrypted-hard-drive.md index c9860962a4..e365c0d71c 100644 --- a/includes/licensing/encrypted-hard-drive.md +++ b/includes/licensing/encrypted-hard-drive.md @@ -17,6 +17,6 @@ Encrypted hard drive license entitlements are granted by the following licenses: |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -||Yes|Yes|Yes|Yes| +|Yes|Yes|Yes|Yes|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/endpoint-analytics.md b/includes/licensing/endpoint-analytics.md deleted file mode 100644 index 497d3030d9..0000000000 --- a/includes/licensing/endpoint-analytics.md +++ /dev/null @@ -1,22 +0,0 @@ ---- -author: paolomatarazzo -ms.author: paoloma -ms.date: 05/04/2023 -ms.topic: include ---- - -## Windows edition and licensing requirements - -The following table lists the Windows editions that support Endpoint Analytics: - -|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education| -|:---:|:---:|:---:|:---:| -|Yes|Yes|Yes|Yes| - -Endpoint Analytics license entitlements are granted by the following licenses: - -|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| -|:---:|:---:|:---:|:---:|:---:| -||Yes|Yes|Yes|Yes| - -For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/enhanced-phishing-protection-with-smartscreen.md b/includes/licensing/enhanced-phishing-protection-with-smartscreen.md index 90585b908b..4f4c059f8b 100644 --- a/includes/licensing/enhanced-phishing-protection-with-smartscreen.md +++ b/includes/licensing/enhanced-phishing-protection-with-smartscreen.md @@ -17,6 +17,6 @@ Enhanced phishing protection with SmartScreen license entitlements are granted b |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -||Yes|Yes|Yes|Yes| +|Yes|Yes|Yes|Yes|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/exploit-protection.md b/includes/licensing/exploit-protection.md index 194f986b4f..c774cb4f5e 100644 --- a/includes/licensing/exploit-protection.md +++ b/includes/licensing/exploit-protection.md @@ -17,6 +17,6 @@ Exploit protection license entitlements are granted by the following licenses: |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -||Yes|Yes|Yes|Yes| +|Yes|Yes|Yes|Yes|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/fast-identity-online-fido2-security-key.md b/includes/licensing/fast-identity-online-fido2-security-key.md index 5a3e06df91..b47385e2f5 100644 --- a/includes/licensing/fast-identity-online-fido2-security-key.md +++ b/includes/licensing/fast-identity-online-fido2-security-key.md @@ -17,6 +17,6 @@ Fast Identity Online (FIDO2) security key license entitlements are granted by th |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -||Yes|Yes|Yes|Yes| +|Yes|Yes|Yes|Yes|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/federal-information-processing-standard-fips-140-validation.md b/includes/licensing/federal-information-processing-standard-fips-140-validation.md index 40e47fb3c8..ff0563a439 100644 --- a/includes/licensing/federal-information-processing-standard-fips-140-validation.md +++ b/includes/licensing/federal-information-processing-standard-fips-140-validation.md @@ -17,6 +17,6 @@ Federal Information Processing Standard (FIPS) 140 validation license entitlemen |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -||Yes|Yes|Yes|Yes| +|Yes|Yes|Yes|Yes|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/federated-sign-in.md b/includes/licensing/federated-sign-in.md index 7ee5966b53..28e69d8a5e 100644 --- a/includes/licensing/federated-sign-in.md +++ b/includes/licensing/federated-sign-in.md @@ -17,6 +17,6 @@ Federated sign-in license entitlements are granted by the following licenses: |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -||No|No|Yes|Yes| +|No|No|No|Yes|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/hardware-enforced-stack-protection.md b/includes/licensing/hardware-enforced-stack-protection.md index a51f0a3c14..50ae05045a 100644 --- a/includes/licensing/hardware-enforced-stack-protection.md +++ b/includes/licensing/hardware-enforced-stack-protection.md @@ -17,6 +17,6 @@ Hardware-enforced stack protection license entitlements are granted by the follo |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -||Yes|Yes|Yes|Yes| +|Yes|Yes|Yes|Yes|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/hypervisor-protected-code-integrity-hvci.md b/includes/licensing/hypervisor-protected-code-integrity-hvci.md index 1026304f72..8f6b16cf28 100644 --- a/includes/licensing/hypervisor-protected-code-integrity-hvci.md +++ b/includes/licensing/hypervisor-protected-code-integrity-hvci.md @@ -17,6 +17,6 @@ Hypervisor-protected Code Integrity (HVCI) license entitlements are granted by t |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -||Yes|Yes|Yes|Yes| +|Yes|Yes|Yes|Yes|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/kernel-direct-memory-access-dma-protection.md b/includes/licensing/kernel-direct-memory-access-dma-protection.md index e274721eba..7c805915cb 100644 --- a/includes/licensing/kernel-direct-memory-access-dma-protection.md +++ b/includes/licensing/kernel-direct-memory-access-dma-protection.md @@ -17,6 +17,6 @@ Kernel Direct Memory Access (DMA) protection license entitlements are granted by |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -||Yes|Yes|Yes|Yes| +|Yes|Yes|Yes|Yes|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/local-security-authority-lsa-protection.md b/includes/licensing/local-security-authority-lsa-protection.md index 52bc417812..af4fb5b47f 100644 --- a/includes/licensing/local-security-authority-lsa-protection.md +++ b/includes/licensing/local-security-authority-lsa-protection.md @@ -17,6 +17,6 @@ Local Security Authority (LSA) Protection license entitlements are granted by th |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -||Yes|Yes|Yes|Yes| +|Yes|Yes|Yes|Yes|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/manage-by-mobile-device-management-mdm-and-group-policy.md b/includes/licensing/manage-by-mobile-device-management-mdm-and-group-policy.md index 39e45deb89..7330817deb 100644 --- a/includes/licensing/manage-by-mobile-device-management-mdm-and-group-policy.md +++ b/includes/licensing/manage-by-mobile-device-management-mdm-and-group-policy.md @@ -17,6 +17,6 @@ Manage by Mobile Device Management (MDM) and group policy license entitlements a |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -||Yes|Yes|Yes|Yes| +|Yes|Yes|Yes|Yes|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/measured-boot.md b/includes/licensing/measured-boot.md index b52c825259..39c560d47f 100644 --- a/includes/licensing/measured-boot.md +++ b/includes/licensing/measured-boot.md @@ -17,6 +17,6 @@ Measured boot license entitlements are granted by the following licenses: |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -||Yes|Yes|Yes|Yes| +|Yes|Yes|Yes|Yes|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/microsoft-connected-cache-mcc.md b/includes/licensing/microsoft-connected-cache-mcc.md deleted file mode 100644 index d45efe86e0..0000000000 --- a/includes/licensing/microsoft-connected-cache-mcc.md +++ /dev/null @@ -1,22 +0,0 @@ ---- -author: paolomatarazzo -ms.author: paoloma -ms.date: 05/04/2023 -ms.topic: include ---- - -## Windows edition and licensing requirements - -The following table lists the Windows editions that support Microsoft Connected Cache (MCC): - -|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education| -|:---:|:---:|:---:|:---:| -|No|No|No|No| - -Microsoft Connected Cache (MCC) license entitlements are granted by the following licenses: - -|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| -|:---:|:---:|:---:|:---:|:---:| -||No|No|No|No| - -For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/microsoft-defender-antivirus.md b/includes/licensing/microsoft-defender-antivirus.md index 39b0dec8a8..ba5bb932ea 100644 --- a/includes/licensing/microsoft-defender-antivirus.md +++ b/includes/licensing/microsoft-defender-antivirus.md @@ -17,6 +17,6 @@ Microsoft Defender Antivirus license entitlements are granted by the following l |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -||Yes|Yes|Yes|Yes| +|Yes|Yes|Yes|Yes|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/microsoft-defender-application-guard-mdag-configure-via-mdm.md b/includes/licensing/microsoft-defender-application-guard-mdag-configure-via-mdm.md index 950ee7e5c7..453b5db930 100644 --- a/includes/licensing/microsoft-defender-application-guard-mdag-configure-via-mdm.md +++ b/includes/licensing/microsoft-defender-application-guard-mdag-configure-via-mdm.md @@ -17,6 +17,6 @@ Microsoft Defender Application Guard (MDAG) configure via MDM license entitlemen |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -||Yes|Yes|Yes|Yes| +|No|Yes|Yes|Yes|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/microsoft-defender-application-guard-mdag-for-edge-enterprise-mode-and-enterprise-management.md b/includes/licensing/microsoft-defender-application-guard-mdag-for-edge-enterprise-mode-and-enterprise-management.md index ff3b4081cf..36c1c33234 100644 --- a/includes/licensing/microsoft-defender-application-guard-mdag-for-edge-enterprise-mode-and-enterprise-management.md +++ b/includes/licensing/microsoft-defender-application-guard-mdag-for-edge-enterprise-mode-and-enterprise-management.md @@ -17,6 +17,6 @@ Microsoft Defender Application Guard (MDAG) for Edge enterprise mode and enterpr |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -||Yes|Yes|Yes|Yes| +|No|Yes|Yes|Yes|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/microsoft-defender-application-guard-mdag-for-edge-standalone-mode.md b/includes/licensing/microsoft-defender-application-guard-mdag-for-edge-standalone-mode.md index ec4f9aa4cb..23bf14013f 100644 --- a/includes/licensing/microsoft-defender-application-guard-mdag-for-edge-standalone-mode.md +++ b/includes/licensing/microsoft-defender-application-guard-mdag-for-edge-standalone-mode.md @@ -17,6 +17,6 @@ Microsoft Defender Application Guard (MDAG) for Edge standalone mode license ent |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -||Yes|Yes|Yes|Yes| +|Yes|Yes|Yes|Yes|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/microsoft-defender-application-guard-mdag-for-microsoft-office.md b/includes/licensing/microsoft-defender-application-guard-mdag-for-microsoft-office.md index 7fd3537173..2ccf97f2da 100644 --- a/includes/licensing/microsoft-defender-application-guard-mdag-for-microsoft-office.md +++ b/includes/licensing/microsoft-defender-application-guard-mdag-for-microsoft-office.md @@ -17,6 +17,6 @@ Microsoft Defender Application Guard (MDAG) for Microsoft Office license entitle |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -||No|No|No|No| +|No|No|No|No|No| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/microsoft-defender-application-guard-mdag-public-apis.md b/includes/licensing/microsoft-defender-application-guard-mdag-public-apis.md index 83dfb73504..bf903c766f 100644 --- a/includes/licensing/microsoft-defender-application-guard-mdag-public-apis.md +++ b/includes/licensing/microsoft-defender-application-guard-mdag-public-apis.md @@ -17,6 +17,6 @@ Microsoft Defender Application Guard (MDAG) public APIs license entitlements are |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -||Yes|Yes|Yes|Yes| +|No|Yes|Yes|Yes|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/microsoft-defender-for-endpoint.md b/includes/licensing/microsoft-defender-for-endpoint.md index aa22c56bbe..be03daf05e 100644 --- a/includes/licensing/microsoft-defender-for-endpoint.md +++ b/includes/licensing/microsoft-defender-for-endpoint.md @@ -17,6 +17,6 @@ Microsoft Defender for Endpoint license entitlements are granted by the followin |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -||No|Yes|No|Yes| +|No|No|Yes|No|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/microsoft-defender-smartscreen.md b/includes/licensing/microsoft-defender-smartscreen.md index 8e39f1f189..a946b12155 100644 --- a/includes/licensing/microsoft-defender-smartscreen.md +++ b/includes/licensing/microsoft-defender-smartscreen.md @@ -17,6 +17,6 @@ Microsoft Defender SmartScreen license entitlements are granted by the following |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -||Yes|Yes|Yes|Yes| +|Yes|Yes|Yes|Yes|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/microsoft-desktop-optimization-pack-mdop.md b/includes/licensing/microsoft-desktop-optimization-pack-mdop.md deleted file mode 100644 index 13f935839a..0000000000 --- a/includes/licensing/microsoft-desktop-optimization-pack-mdop.md +++ /dev/null @@ -1,22 +0,0 @@ ---- -author: paolomatarazzo -ms.author: paoloma -ms.date: 05/04/2023 -ms.topic: include ---- - -## Windows edition and licensing requirements - -The following table lists the Windows editions that support Microsoft Desktop Optimization Pack (MDOP): - -|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education| -|:---:|:---:|:---:|:---:| -|Yes|Yes|Yes|Yes| - -Microsoft Desktop Optimization Pack (MDOP) license entitlements are granted by the following licenses: - -|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| -|:---:|:---:|:---:|:---:|:---:| -||Yes|Yes|Yes|Yes| - -For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/microsoft-pluton-security-processor.md b/includes/licensing/microsoft-pluton-security-processor.md index 0ca863f6f4..2190c8a4ab 100644 --- a/includes/licensing/microsoft-pluton-security-processor.md +++ b/includes/licensing/microsoft-pluton-security-processor.md @@ -17,6 +17,6 @@ Microsoft Pluton security processor license entitlements are granted by the foll |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -||Yes|Yes|Yes|Yes| +|Yes|Yes|Yes|Yes|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/microsoft-vulnerable-driver-blocklist.md b/includes/licensing/microsoft-vulnerable-driver-blocklist.md index 0d12fd38dc..39e258739c 100644 --- a/includes/licensing/microsoft-vulnerable-driver-blocklist.md +++ b/includes/licensing/microsoft-vulnerable-driver-blocklist.md @@ -17,6 +17,6 @@ Microsoft Vulnerable Driver Blocklist license entitlements are granted by the fo |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -||Yes|Yes|Yes|Yes| +|Yes|Yes|Yes|Yes|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/opportunistic-wireless-encryption-owe.md b/includes/licensing/opportunistic-wireless-encryption-owe.md index b75f017ad3..e0203c3e4d 100644 --- a/includes/licensing/opportunistic-wireless-encryption-owe.md +++ b/includes/licensing/opportunistic-wireless-encryption-owe.md @@ -17,6 +17,6 @@ Opportunistic Wireless Encryption (OWE) license entitlements are granted by the |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -||Yes|Yes|Yes|Yes| +|Yes|Yes|Yes|Yes|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/organizational-messages-with-intune.md b/includes/licensing/organizational-messages-with-intune.md deleted file mode 100644 index b1883a1e1f..0000000000 --- a/includes/licensing/organizational-messages-with-intune.md +++ /dev/null @@ -1,22 +0,0 @@ ---- -author: paolomatarazzo -ms.author: paoloma -ms.date: 05/04/2023 -ms.topic: include ---- - -## Windows edition and licensing requirements - -The following table lists the Windows editions that support Organizational messages with Intune: - -|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education| -|:---:|:---:|:---:|:---:| -|No|Yes|No|Yes| - -Organizational messages with Intune license entitlements are granted by the following licenses: - -|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| -|:---:|:---:|:---:|:---:|:---:| -||Yes|Yes|Yes|Yes| - -For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/personal-data-encryption-pde.md b/includes/licensing/personal-data-encryption-pde.md index c4c97923df..3ca149f34f 100644 --- a/includes/licensing/personal-data-encryption-pde.md +++ b/includes/licensing/personal-data-encryption-pde.md @@ -17,6 +17,6 @@ Personal data encryption (PDE) license entitlements are granted by the following |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -||Yes|Yes|Yes|Yes| +|No|Yes|Yes|Yes|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/privacy-resource-usage.md b/includes/licensing/privacy-resource-usage.md index a80a71ce3a..054bf054cc 100644 --- a/includes/licensing/privacy-resource-usage.md +++ b/includes/licensing/privacy-resource-usage.md @@ -17,6 +17,6 @@ Privacy Resource Usage license entitlements are granted by the following license |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -||Yes|Yes|Yes|Yes| +|Yes|Yes|Yes|Yes|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/privacy-transparency-and-controls.md b/includes/licensing/privacy-transparency-and-controls.md index 621683c547..711440f7a5 100644 --- a/includes/licensing/privacy-transparency-and-controls.md +++ b/includes/licensing/privacy-transparency-and-controls.md @@ -17,6 +17,6 @@ Privacy Transparency and Controls license entitlements are granted by the follow |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -||Yes|Yes|Yes|Yes| +|Yes|Yes|Yes|Yes|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/remote-wipe.md b/includes/licensing/remote-wipe.md index 7bc335c922..5f5e79eeb6 100644 --- a/includes/licensing/remote-wipe.md +++ b/includes/licensing/remote-wipe.md @@ -17,6 +17,6 @@ Remote wipe license entitlements are granted by the following licenses: |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -||Yes|Yes|Yes|Yes| +|Yes|Yes|Yes|Yes|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/secure-boot-and-trusted-boot.md b/includes/licensing/secure-boot-and-trusted-boot.md index 74d7936d3b..8c60a8b048 100644 --- a/includes/licensing/secure-boot-and-trusted-boot.md +++ b/includes/licensing/secure-boot-and-trusted-boot.md @@ -17,6 +17,6 @@ Secure Boot and Trusted Boot license entitlements are granted by the following l |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -||Yes|Yes|Yes|Yes| +|Yes|Yes|Yes|Yes|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/secured-core-configuration-lock.md b/includes/licensing/secured-core-configuration-lock.md index 642cd73671..9a2f06088b 100644 --- a/includes/licensing/secured-core-configuration-lock.md +++ b/includes/licensing/secured-core-configuration-lock.md @@ -17,6 +17,6 @@ Secured-core configuration lock license entitlements are granted by the followin |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -||Yes|Yes|Yes|Yes| +|Yes|Yes|Yes|Yes|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/secured-core-pc.md b/includes/licensing/secured-core-pc.md index 4845670fc5..f22319bbdb 100644 --- a/includes/licensing/secured-core-pc.md +++ b/includes/licensing/secured-core-pc.md @@ -17,6 +17,6 @@ Secured-core PC license entitlements are granted by the following licenses: |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -||Yes|Yes|Yes|Yes| +|Yes|Yes|Yes|Yes|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/security-baselines.md b/includes/licensing/security-baselines.md index 9facaa08ac..a615d3af13 100644 --- a/includes/licensing/security-baselines.md +++ b/includes/licensing/security-baselines.md @@ -17,6 +17,6 @@ Security baselines license entitlements are granted by the following licenses: |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -||Yes|Yes|Yes|Yes| +|Yes|Yes|Yes|Yes|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/server-message-block-direct-smb-direct.md b/includes/licensing/server-message-block-direct-smb-direct.md index 47d6f0d881..ba99c98579 100644 --- a/includes/licensing/server-message-block-direct-smb-direct.md +++ b/includes/licensing/server-message-block-direct-smb-direct.md @@ -17,6 +17,6 @@ Server Message Block Direct (SMB Direct) license entitlements are granted by the |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -||Yes|Yes|Yes|Yes| +|Yes|Yes|Yes|Yes|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/server-message-block-smb-file-service.md b/includes/licensing/server-message-block-smb-file-service.md index 762477d727..a271907d88 100644 --- a/includes/licensing/server-message-block-smb-file-service.md +++ b/includes/licensing/server-message-block-smb-file-service.md @@ -17,6 +17,6 @@ Server Message Block (SMB) file service license entitlements are granted by the |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -||Yes|Yes|Yes|Yes| +|Yes|Yes|Yes|Yes|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/smart-app-control.md b/includes/licensing/smart-app-control.md index 7dcc3b0b32..ff42750aab 100644 --- a/includes/licensing/smart-app-control.md +++ b/includes/licensing/smart-app-control.md @@ -17,6 +17,6 @@ Smart App Control license entitlements are granted by the following licenses: |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -||Yes|Yes|Yes|Yes| +|Yes|Yes|Yes|Yes|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/smart-cards-for-windows-service.md b/includes/licensing/smart-cards-for-windows-service.md index 29be818b02..98f271770f 100644 --- a/includes/licensing/smart-cards-for-windows-service.md +++ b/includes/licensing/smart-cards-for-windows-service.md @@ -17,6 +17,6 @@ Smart Cards for Windows Service license entitlements are granted by the followin |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -||Yes|Yes|Yes|Yes| +|Yes|Yes|Yes|Yes|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/start-menu-and-taskbar.md b/includes/licensing/start-menu-and-taskbar.md deleted file mode 100644 index 147c942553..0000000000 --- a/includes/licensing/start-menu-and-taskbar.md +++ /dev/null @@ -1,22 +0,0 @@ ---- -author: paolomatarazzo -ms.author: paoloma -ms.date: 05/04/2023 -ms.topic: include ---- - -## Windows edition and licensing requirements - -The following table lists the Windows editions that support Start menu and taskbar: - -|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education| -|:---:|:---:|:---:|:---:| -|Yes|Yes|Yes|Yes| - -Start menu and taskbar license entitlements are granted by the following licenses: - -|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| -|:---:|:---:|:---:|:---:|:---:| -||Yes|Yes|Yes|Yes| - -For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/tamper-protection-settings-for-mde.md b/includes/licensing/tamper-protection-settings-for-mde.md index b4c744071b..95a86ec97c 100644 --- a/includes/licensing/tamper-protection-settings-for-mde.md +++ b/includes/licensing/tamper-protection-settings-for-mde.md @@ -17,6 +17,6 @@ Tamper protection settings for MDE license entitlements are granted by the follo |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -||Yes|Yes|Yes|Yes| +|Yes|Yes|Yes|Yes|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/transport-layer-security-tls.md b/includes/licensing/transport-layer-security-tls.md index 8cfd78e987..9af6799b44 100644 --- a/includes/licensing/transport-layer-security-tls.md +++ b/includes/licensing/transport-layer-security-tls.md @@ -17,6 +17,6 @@ Transport layer security (TLS) license entitlements are granted by the following |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -||Yes|Yes|Yes|Yes| +|Yes|Yes|Yes|Yes|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/trusted-platform-module-tpm-20.md b/includes/licensing/trusted-platform-module-tpm-20.md index 37892f588b..b2e593986b 100644 --- a/includes/licensing/trusted-platform-module-tpm-20.md +++ b/includes/licensing/trusted-platform-module-tpm-20.md @@ -17,6 +17,6 @@ Trusted Platform Module (TPM) 2.0 license entitlements are granted by the follow |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -||Yes|Yes|Yes|Yes| +|Yes|Yes|Yes|Yes|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/universal-print.md b/includes/licensing/universal-print.md index 1e2f1f7384..9c6572d61e 100644 --- a/includes/licensing/universal-print.md +++ b/includes/licensing/universal-print.md @@ -17,6 +17,6 @@ Universal Print license entitlements are granted by the following licenses: |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -||Yes|Yes|Yes|Yes| +|No|Yes|Yes|Yes|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/user-account-control-uac.md b/includes/licensing/user-account-control-uac.md index 54bd71e9bd..9da42619fe 100644 --- a/includes/licensing/user-account-control-uac.md +++ b/includes/licensing/user-account-control-uac.md @@ -17,6 +17,6 @@ User Account Control (UAC) license entitlements are granted by the following lic |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -||Yes|Yes|Yes|Yes| +|Yes|Yes|Yes|Yes|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/virtual-private-network-vpn.md b/includes/licensing/virtual-private-network-vpn.md index 644adf2b91..aa184cdbb6 100644 --- a/includes/licensing/virtual-private-network-vpn.md +++ b/includes/licensing/virtual-private-network-vpn.md @@ -17,6 +17,6 @@ Virtual Private Network (VPN) license entitlements are granted by the following |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -||Yes|Yes|Yes|Yes| +|Yes|Yes|Yes|Yes|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/virtualization-based-security-vbs.md b/includes/licensing/virtualization-based-security-vbs.md index 8b0d6a2a01..bab3110e7a 100644 --- a/includes/licensing/virtualization-based-security-vbs.md +++ b/includes/licensing/virtualization-based-security-vbs.md @@ -17,6 +17,6 @@ Virtualization-based security (VBS) license entitlements are granted by the foll |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -||Yes|Yes|Yes|Yes| +|Yes|Yes|Yes|Yes|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/virtualization-rights-vda-avd-and-w365.md b/includes/licensing/virtualization-rights-vda-avd-and-w365.md deleted file mode 100644 index 8c77bfd575..0000000000 --- a/includes/licensing/virtualization-rights-vda-avd-and-w365.md +++ /dev/null @@ -1,22 +0,0 @@ ---- -author: paolomatarazzo -ms.author: paoloma -ms.date: 05/04/2023 -ms.topic: include ---- - -## Windows edition and licensing requirements - -The following table lists the Windows editions that support Virtualization rights (VDA, AVD and W365): - -|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education| -|:---:|:---:|:---:|:---:| -|No|Yes|No|Yes| - -Virtualization rights (VDA, AVD and W365) license entitlements are granted by the following licenses: - -|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| -|:---:|:---:|:---:|:---:|:---:| -||Yes|Yes|Yes|Yes| - -For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/wifi-security.md b/includes/licensing/wifi-security.md index 19a752b6b6..edb7a92967 100644 --- a/includes/licensing/wifi-security.md +++ b/includes/licensing/wifi-security.md @@ -17,6 +17,6 @@ WiFi Security license entitlements are granted by the following licenses: |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -||Yes|Yes|Yes|Yes| +|Yes|Yes|Yes|Yes|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/windows-autopatch.md b/includes/licensing/windows-autopatch.md index ebcfd239a8..85f7df53dc 100644 --- a/includes/licensing/windows-autopatch.md +++ b/includes/licensing/windows-autopatch.md @@ -17,6 +17,6 @@ Windows Autopatch license entitlements are granted by the following licenses: |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -||Yes|Yes|No|No| +|No|Yes|Yes|No|No| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/windows-autopilot.md b/includes/licensing/windows-autopilot.md index da890b8533..e187e7a3fa 100644 --- a/includes/licensing/windows-autopilot.md +++ b/includes/licensing/windows-autopilot.md @@ -17,6 +17,6 @@ Windows Autopilot license entitlements are granted by the following licenses: |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -||Yes|Yes|Yes|Yes| +|Yes|Yes|Yes|Yes|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/windows-containers.md b/includes/licensing/windows-containers.md index e0e32758d0..f3f9962827 100644 --- a/includes/licensing/windows-containers.md +++ b/includes/licensing/windows-containers.md @@ -17,6 +17,6 @@ Windows containers license entitlements are granted by the following licenses: |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -||Yes|Yes|Yes|Yes| +|Yes|Yes|Yes|Yes|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/windows-defender-application-control-wdac.md b/includes/licensing/windows-defender-application-control-wdac.md index d86996d2bc..66d6ac70dc 100644 --- a/includes/licensing/windows-defender-application-control-wdac.md +++ b/includes/licensing/windows-defender-application-control-wdac.md @@ -17,6 +17,6 @@ Windows Defender Application Control (WDAC) license entitlements are granted by |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -||Yes|Yes|Yes|Yes| +|Yes|Yes|Yes|Yes|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/windows-defender-credential-guard.md b/includes/licensing/windows-defender-credential-guard.md index e2af27fbf1..c134726708 100644 --- a/includes/licensing/windows-defender-credential-guard.md +++ b/includes/licensing/windows-defender-credential-guard.md @@ -17,6 +17,6 @@ Windows Defender Credential Guard license entitlements are granted by the follow |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -||Yes|Yes|Yes|Yes| +|No|Yes|Yes|Yes|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/windows-defender-remote-credential-guard.md b/includes/licensing/windows-defender-remote-credential-guard.md index e9753d8390..b638a7c661 100644 --- a/includes/licensing/windows-defender-remote-credential-guard.md +++ b/includes/licensing/windows-defender-remote-credential-guard.md @@ -17,6 +17,6 @@ Windows Defender Remote Credential Guard license entitlements are granted by the |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -||Yes|Yes|Yes|Yes| +|Yes|Yes|Yes|Yes|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/windows-defender-system-guard.md b/includes/licensing/windows-defender-system-guard.md index bce6a705d1..0c747b64c5 100644 --- a/includes/licensing/windows-defender-system-guard.md +++ b/includes/licensing/windows-defender-system-guard.md @@ -17,6 +17,6 @@ Windows Defender System Guard license entitlements are granted by the following |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -||Yes|Yes|Yes|Yes| +|Yes|Yes|Yes|Yes|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/windows-feature-and-expedite-updates-with-intune.md b/includes/licensing/windows-feature-and-expedite-updates-with-intune.md deleted file mode 100644 index 1eea90833f..0000000000 --- a/includes/licensing/windows-feature-and-expedite-updates-with-intune.md +++ /dev/null @@ -1,22 +0,0 @@ ---- -author: paolomatarazzo -ms.author: paoloma -ms.date: 05/04/2023 -ms.topic: include ---- - -## Windows edition and licensing requirements - -The following table lists the Windows editions that support Windows feature and expedite updates with Intune: - -|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education| -|:---:|:---:|:---:|:---:| -|Yes|Yes|Yes|Yes| - -Windows feature and expedite updates with Intune license entitlements are granted by the following licenses: - -|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| -|:---:|:---:|:---:|:---:|:---:| -||Yes|Yes|Yes|Yes| - -For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/windows-firewall.md b/includes/licensing/windows-firewall.md index e806dc33b2..2e0754b3ac 100644 --- a/includes/licensing/windows-firewall.md +++ b/includes/licensing/windows-firewall.md @@ -17,6 +17,6 @@ Windows Firewall license entitlements are granted by the following licenses: |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -||Yes|Yes|Yes|Yes| +|Yes|Yes|Yes|Yes|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/windows-hello-for-business-enhanced-security-sign-in-ess.md b/includes/licensing/windows-hello-for-business-enhanced-security-sign-in-ess.md index 344372a9d1..3d0c015bc5 100644 --- a/includes/licensing/windows-hello-for-business-enhanced-security-sign-in-ess.md +++ b/includes/licensing/windows-hello-for-business-enhanced-security-sign-in-ess.md @@ -17,6 +17,6 @@ Windows Hello for Business Enhanced Security Sign-in (ESS) license entitlements |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -||Yes|Yes|Yes|Yes| +|Yes|Yes|Yes|Yes|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/windows-hello-for-business.md b/includes/licensing/windows-hello-for-business.md index ca1a459066..f48b9316b7 100644 --- a/includes/licensing/windows-hello-for-business.md +++ b/includes/licensing/windows-hello-for-business.md @@ -17,6 +17,6 @@ Windows Hello for Business license entitlements are granted by the following lic |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -||Yes|Yes|Yes|Yes| +|Yes|Yes|Yes|Yes|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/windows-laps.md b/includes/licensing/windows-laps.md index df4788787b..d462168228 100644 --- a/includes/licensing/windows-laps.md +++ b/includes/licensing/windows-laps.md @@ -17,6 +17,6 @@ Windows LAPS license entitlements are granted by the following licenses: |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -||Yes|Yes|Yes|Yes| +|Yes|Yes|Yes|Yes|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/windows-presence-sensing.md b/includes/licensing/windows-presence-sensing.md index 03a854f909..c6cc796c33 100644 --- a/includes/licensing/windows-presence-sensing.md +++ b/includes/licensing/windows-presence-sensing.md @@ -17,6 +17,6 @@ Windows presence sensing license entitlements are granted by the following licen |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -||Yes|Yes|Yes|Yes| +|Yes|Yes|Yes|Yes|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/windows-sandbox.md b/includes/licensing/windows-sandbox.md index 2551168b7e..7ed933449c 100644 --- a/includes/licensing/windows-sandbox.md +++ b/includes/licensing/windows-sandbox.md @@ -17,6 +17,6 @@ Windows Sandbox license entitlements are granted by the following licenses: |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -||Yes|Yes|Yes|Yes| +|Yes|Yes|Yes|Yes|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/windows-security-policy-settings-and-auditing.md b/includes/licensing/windows-security-policy-settings-and-auditing.md index 762f1fb6c2..270d3267ee 100644 --- a/includes/licensing/windows-security-policy-settings-and-auditing.md +++ b/includes/licensing/windows-security-policy-settings-and-auditing.md @@ -17,6 +17,6 @@ Windows Security policy settings and auditing license entitlements are granted b |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -||Yes|Yes|Yes|Yes| +|Yes|Yes|Yes|Yes|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/windows-subscription-activation.md b/includes/licensing/windows-subscription-activation.md deleted file mode 100644 index 3b049618a9..0000000000 --- a/includes/licensing/windows-subscription-activation.md +++ /dev/null @@ -1,22 +0,0 @@ ---- -author: paolomatarazzo -ms.author: paoloma -ms.date: 05/04/2023 -ms.topic: include ---- - -## Windows edition and licensing requirements - -The following table lists the Windows editions that support Windows subscription activation: - -|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education| -|:---:|:---:|:---:|:---:| -|Yes|Yes|Yes|Yes| - -Windows subscription activation license entitlements are granted by the following licenses: - -|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| -|:---:|:---:|:---:|:---:|:---:| -||Yes|Yes|Yes|Yes| - -For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/windows-update-for-business-deployment-service.md b/includes/licensing/windows-update-for-business-deployment-service.md deleted file mode 100644 index 1a7d673606..0000000000 --- a/includes/licensing/windows-update-for-business-deployment-service.md +++ /dev/null @@ -1,22 +0,0 @@ ---- -author: paolomatarazzo -ms.author: paoloma -ms.date: 05/04/2023 -ms.topic: include ---- - -## Windows edition and licensing requirements - -The following table lists the Windows editions that support Windows Update for Business deployment service: - -|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education| -|:---:|:---:|:---:|:---:| -|Yes|Yes|Yes|Yes| - -Windows Update for Business deployment service license entitlements are granted by the following licenses: - -|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| -|:---:|:---:|:---:|:---:|:---:| -||Yes|Yes|Yes|Yes| - -For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/windows-update-for-business.md b/includes/licensing/windows-update-for-business.md deleted file mode 100644 index 9f1b4ad742..0000000000 --- a/includes/licensing/windows-update-for-business.md +++ /dev/null @@ -1,22 +0,0 @@ ---- -author: paolomatarazzo -ms.author: paoloma -ms.date: 05/04/2023 -ms.topic: include ---- - -## Windows edition and licensing requirements - -The following table lists the Windows editions that support Windows Update for Business: - -|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education| -|:---:|:---:|:---:|:---:| -|Yes|Yes|Yes|Yes| - -Windows Update for Business license entitlements are granted by the following licenses: - -|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| -|:---:|:---:|:---:|:---:|:---:| -||Yes|Yes|Yes|Yes| - -For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). From 1bbcdf12664de38ea2db9f4a978497a1312665a8 Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Thu, 4 May 2023 15:57:39 -0400 Subject: [PATCH 095/258] fixed broken links --- .../introduction/security-features-edition-requirements.md | 4 ++-- .../introduction/security-features-licensing-requirements.md | 5 ++--- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/windows/security/introduction/security-features-edition-requirements.md b/windows/security/introduction/security-features-edition-requirements.md index 45b71f66b6..0cffb54f8f 100644 --- a/windows/security/introduction/security-features-edition-requirements.md +++ b/windows/security/introduction/security-features-edition-requirements.md @@ -19,8 +19,8 @@ ms.technology: itpro-security This article lists the security features that are available in Windows, and the Windows editions that support them. > [!NOTE] -> The **Windows edition requirements** listed in the following table may be different from the **licensing requirements**. If you're looking for licensing requirements, see [Windows security features and licensing requirements](security-features-licensing-requirements.md). +> The **Windows edition** requirements listed in the following table may be different from the **licensing** requirements. If you're looking for licensing requirements, see [Windows security features and licensing requirements](security-features-licensing-requirements.md). [!INCLUDE [_edition-requirements](../../../includes/licensing/_edition-requirements.md)] -For more information about Windows licensing, see [Windows Commercial Licensing overview](/windows/whats-new/windows-licensing.md). +For more information about Windows licensing, see [Windows Commercial Licensing overview](/windows/whats-new/windows-licensing). diff --git a/windows/security/introduction/security-features-licensing-requirements.md b/windows/security/introduction/security-features-licensing-requirements.md index be59b0a473..df7e5bdcec 100644 --- a/windows/security/introduction/security-features-licensing-requirements.md +++ b/windows/security/introduction/security-features-licensing-requirements.md @@ -16,12 +16,11 @@ ms.technology: itpro-security # Windows security features and licensing requirements - This article lists the security features that are available in Windows, and the licensing requirements to use them. > [!NOTE] -> The **licensing requirements** listed in the following table may be different from the **Windows edition requirements**. If you're looking for Windows edition requirements, see [Windows security features and edition requirements](security-features-edition-requirements.md). +> The **licensing** requirements listed in the following table may be different from the **Windows edition** requirements. If you're looking for Windows edition requirements, see [Windows security features and edition requirements](security-features-edition-requirements.md). [!INCLUDE [_licensing-requirements](../../../includes/licensing/_licensing-requirements.md)] -For more information about Windows licensing, see [Windows Commercial Licensing overview](/windows/whats-new/windows-licensing.md). +For more information about Windows licensing, see [Windows Commercial Licensing overview](/windows/whats-new/windows-licensing). From 7a559087d2fed87ef019e9b2bf1ec227d9cbc6d7 Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Thu, 4 May 2023 16:20:23 -0700 Subject: [PATCH 096/258] commcontrol-7790977 --- .../deployment/update/waas-configure-wufb.md | 4 +- windows/whats-new/TOC.yml | 2 + .../windows-11-temporary-feature-control.md | 46 +++++++++++++++++++ 3 files changed, 50 insertions(+), 2 deletions(-) create mode 100644 windows/whats-new/windows-11-temporary-feature-control.md diff --git a/windows/deployment/update/waas-configure-wufb.md b/windows/deployment/update/waas-configure-wufb.md index 2b2f4074ec..bbf80891bf 100644 --- a/windows/deployment/update/waas-configure-wufb.md +++ b/windows/deployment/update/waas-configure-wufb.md @@ -213,9 +213,9 @@ Starting with Windows 10, version 1607, you can selectively opt out of receiving ## Enable features introduced via servicing that are off by default -New features and enhancements are introduced through the monthly cumulative update to provide continuous innovation for Windows 11. To give organizations time to plan and prepare, some of these new features are temporarily turned off by default. Features that are turned off by default are listed in the KB article for the monthly cumulative update. Typically, a feature is selected to be off by default because it either impacts the user experience or IT administrators significantly. +New features and enhancements are introduced through the monthly cumulative update to provide continuous innovation for Windows 11. To give organizations time to plan and prepare, some of these new features are temporarily turned off by default. Features that are turned off by default are listed in the KB article for the monthly cumulative update. Typically, a feature is selected to be off by default because it either impacts the user experience or IT administrators significantly. -The features that are turned off by default from servicing updates will be enabled in the next annual feature update. Organizations can choose to deploy feature updates at their own pace, to delay these features until they're ready for them. +The features that are turned off by default from servicing updates will be enabled in the next annual feature update. Organizations can choose to deploy feature updates at their own pace, to delay these features until they're ready for them. This policy is also known as **temporary feature control**. **Policy settings to enable features introduced via servicing that are off by default** diff --git a/windows/whats-new/TOC.yml b/windows/whats-new/TOC.yml index 0e145097a8..6f313338d0 100644 --- a/windows/whats-new/TOC.yml +++ b/windows/whats-new/TOC.yml @@ -11,6 +11,8 @@ href: windows-11-plan.md - name: Prepare for Windows 11 href: windows-11-prepare.md + - name: Windows 11 temporary feature control + href: windows-11-temporary-feature-control.md - name: What's new in Windows 11, version 22H2 href: whats-new-windows-11-version-22h2.md - name: Windows 10 diff --git a/windows/whats-new/windows-11-temporary-feature-control.md b/windows/whats-new/windows-11-temporary-feature-control.md new file mode 100644 index 0000000000..ef530333df --- /dev/null +++ b/windows/whats-new/windows-11-temporary-feature-control.md @@ -0,0 +1,46 @@ +--- +title: Temporary feature control in Windows 11 +description: Learn about the Windows 11 features behind temporary feature control. +ms.prod: windows-client +ms.technology: itpro-fundamentals +ms.author: mstewart +author: mestew +manager: aaroncz +ms.localizationpriority: medium +ms.topic: reference +ms.date: 05/15/2023 +ms.collection: + - highpri + - tier2 +--- + +# Temporary feature control in Windows 11 + +New features and enhancements are introduced through the monthly cumulative update to provide continuous innovation for Windows 11. To give organizations time to plan and prepare, some of these new features are temporarily turned off by default. Features that are turned off by default are listed in the KB article for the monthly cumulative update. Typically, a feature is selected to be off by default because it either impacts the user experience or IT administrators significantly. + +Features behind temporary control are automatically disabled for devices that have their Windows updates managed by policy. + +## Windows 11 features behind temporary control + +The following features are behind temporary control in Windows 11: + +| Feature | KB article where the feature was introduced | Feature update that enables the feature | +|---|---|---| +| Touch-optimized taskbar for 2-in-1 devices | [February 28, 2023 - KB5022913](https://support.microsoft.com/topic/february-28-2023-kb5022913-os-build-22621-1344-preview-3e38c0d9-924d-4f3f-b0b6-3bd49b2657b9) | 2023 annual feature update | + +## Enable features behind temporary control + +Features that are behind temporary control will be enabled when one of the following conditions is met: + +- The device installs the feature update that enables the new features by default +- The device receives a policy that enables features behind temporary control + - When the policy is enabled, all features on the device behind temporary control are turned on when the device next reboots. + +## Policy settings for temporary feature control + +You can use a policy to enable features introduced via servicing that are off by default. When this policy is enabled, all features that were disabled behind this control are turned on when the device next reboots. The following polices apply to Windows 11, version 22H2 with [KB5022845](https://support.microsoft.com/en-us/topic/february-14-2023-kb5022845-os-build-22621-1265-90a807f4-d2e8-486e-8a43-d09e66319f38) and later: + +- **Group Policy:** Computer Configuration\Administrative Templates\Windows Components\Windows Update\Manage end user experience\\**Enable features introduced via servicing that are off by default** + +- **CSP**: ./Device/Vendor/MSFT/Policy/Config/Update/[AllowTemporaryEnterpriseFeatureControl](/windows/client-management/mdm/policy-csp-update?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json#allowtemporaryenterprisefeaturecontrol) + - In the Intune [settings catalog](/intune/configuration/settings-catalog), this setting is named **Allow Temporary Enterprise Feature Control** under the **Windows Update for Business** category. From 7542f48c1c7dcf17565094634043f395439086f7 Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Fri, 5 May 2023 07:05:28 -0400 Subject: [PATCH 097/258] updates --- windows/security/TOC.yml | 4 ++-- .../credential-guard/credential-guard-requirements.md | 4 +++- .../credential-guard/credential-guard.md | 2 -- windows/security/introduction/index.md | 8 ++++---- windows/security/zero-trust-windows-device-health.md | 6 +++--- 5 files changed, 12 insertions(+), 12 deletions(-) diff --git a/windows/security/TOC.yml b/windows/security/TOC.yml index fb69d549ce..1577d1b22c 100644 --- a/windows/security/TOC.yml +++ b/windows/security/TOC.yml @@ -4,10 +4,10 @@ expanded: true - name: Introduction items: - - name: Zero Trust and Windows - href: zero-trust-windows-device-health.md - name: Windows security overview href: introduction/index.md + - name: Zero Trust and Windows + href: zero-trust-windows-device-health.md - name: Security features edition requirements href: introduction/security-features-edition-requirements.md - name: Security features licensing requirements diff --git a/windows/security/identity-protection/credential-guard/credential-guard-requirements.md b/windows/security/identity-protection/credential-guard/credential-guard-requirements.md index ea7bf02bae..2afb9f4a6a 100644 --- a/windows/security/identity-protection/credential-guard/credential-guard-requirements.md +++ b/windows/security/identity-protection/credential-guard/credential-guard-requirements.md @@ -66,6 +66,8 @@ Applications may cause performance issues when they attempt to hook the isolated Services or protocols that rely on Kerberos, such as file shares, remote desktop, or BranchCache, continue to work and are not affected by Windows Defender Credential Guard. +[!INCLUDE [windows-defender-credential-guard](../../../../includes/licensing/windows-defender-credential-guard.md)] + ## Security considerations All computers that meet baseline protections for hardware, firmware, and software can use Windows Defender Credential Guard. @@ -96,7 +98,7 @@ The following tables describe baseline protections, plus protections for improve |Protections for Improved Security|Description| |---|---| |Hardware: **IOMMU** (input/output memory management unit)|**Requirement**:
- VT-D or AMD Vi IOMMU

**Security benefits**:
- An IOMMU can enhance system resiliency against memory attacks. For more information, see [Advanced Configuration and Power Interface (ACPI) description tables](/windows-hardware/drivers/bringup/acpi-system-description-tables)| -|Firmware: **Securing Boot Configuration and Management**|**Requirements**:
- BIOS password or stronger authentication must be supported.
- In the BIOS configuration, BIOS authentication must be set.
- There must be support for protected BIOS option to configure list of permitted boot devices (for example, “Boot only from internal hard drive”) and boot device order, overriding BOOTORDER modification made by operating system.
- In the BIOS configuration, BIOS options related to security and boot options (list of permitted boot devices, boot order) must be secured to prevent other operating systems from starting and to prevent changes to the BIOS settings.| +|Firmware: **Securing Boot Configuration and Management**|**Requirements**:
- BIOS password or stronger authentication must be supported.
- In the BIOS configuration, BIOS authentication must be set.
- There must be support for protected BIOS option to configure list of permitted boot devices (for example, "Boot only from internal hard drive") and boot device order, overriding BOOTORDER modification made by operating system.
- In the BIOS configuration, BIOS options related to security and boot options (list of permitted boot devices, boot order) must be secured to prevent other operating systems from starting and to prevent changes to the BIOS settings.| |Firmware: **Secure MOR, revision 2 implementation**|**Requirement**:
- Secure MOR, revision 2 implementation| ### 2016 Additional security qualifications starting with Windows 10, version 1607, and Windows Server 2016 diff --git a/windows/security/identity-protection/credential-guard/credential-guard.md b/windows/security/identity-protection/credential-guard/credential-guard.md index d8fd5081a5..af00a1aef1 100644 --- a/windows/security/identity-protection/credential-guard/credential-guard.md +++ b/windows/security/identity-protection/credential-guard/credential-guard.md @@ -21,8 +21,6 @@ By enabling Windows Defender Credential Guard, the following features and soluti > [!NOTE] > As of Windows 11, version 22H2, Windows Defender Credential Guard has been enabled by default on all devices which meet the minimum requirements as specified in the [Default Enablement](credential-guard-manage.md#default-enablement) section. For information about known issues related to default enablement, see [Credential Guard: Known Issues](credential-guard-known-issues.md#known-issue-single-sign-on-sso-for-network-services-breaks-after-upgrading-to-windows-11-version-22h2). -[!INCLUDE [windows-defender-credential-guard](../../../../includes/licensing/windows-defender-credential-guard.md)] - ## Related topics - [Protecting network passwords with Windows Defender Credential Guard](https://www.microsoft.com/itshowcase/Article/Content/831/Protecting-network-passwords-with-Windows-10-Credential-Guard) diff --git a/windows/security/introduction/index.md b/windows/security/introduction/index.md index 913a477cf1..17297c9eb5 100644 --- a/windows/security/introduction/index.md +++ b/windows/security/introduction/index.md @@ -13,17 +13,17 @@ appliesto: The acceleration of digital transformation and the expansion of both remote and hybrid workplaces brings new opportunities to organizations, communities, and individuals. Our work styles have transformed. And now more than ever, employees need simple, intuitive user experiences to collaborate and stay productive, wherever work happens. But the expansion of access and ability to work anywhere has also introduced new threats and risks. According to data from the Microsoft commissioned Security Signals report, 75% of security decision-makers at the vice-president level and above feel the move to hybrid work leaves their organization more vulnerable to security threats. And [Microsoft's 2022 Work Trend Index](https://www.microsoft.com/security/blog/2022/04/05/new-security-features-for-windows-11-will-help-protect-hybrid-work/) shows "cybersecurity issues and risks" are top concerns for business decisions makers, who worry about issues like malware, stolen credentials, devices that lack security updates, and physical attacks on lost or stolen devices. -## How Windows 11 enables zero-trust protection +## How Windows 11 enables Zero Trust protection -A zero-trust security model gives the right people the right access at the right time. Zero-trust security is based on three principles: +A Zero Trust security model gives the right people the right access at the right time. Zero Trust security is based on three principles: 1. Reduce risk by explicitly verifying data points such as user identity, location, and device health for every access request, without exception 2. When verified, give people and devices access to only necessary resources for the necessary amount of time 3. Use continuous analytics to drive threat detection and improve defenses -You should continue to strengthen your zero-trust posture as well. To improve threat detection and defenses, verify end-to-end encryption and use analytics to gain visibility. +You should continue to strengthen your Zero Trust posture as well. To improve threat detection and defenses, verify end-to-end encryption and use analytics to gain visibility. -For Windows 11, the zero-trust principle of *verify explicitly* applies to risks introduced by both devices and people. Windows 11 provides chip-to-cloud security, enabling IT administrators to implement strong authorization and authentication processes with tools such as our premier solution Windows Hello for Business. IT administrators also gain attestation and measurements for determining if a device meets requirements and can be trusted. In addition, Windows 11 works out-of-the-box with Microsoft Endpoint Manager and Azure Active Directory, so access decisions and enforcement are seamless. Plus, IT administrators can easily customize Windows 11 to meet specific user and policy requirements for access, privacy, compliance, and more. +For Windows 11, the Zero Trust principle of *verify explicitly* applies to risks introduced by both devices and people. Windows 11 provides chip-to-cloud security, enabling IT administrators to implement strong authorization and authentication processes with tools such as our premier solution Windows Hello for Business. IT administrators also gain attestation and measurements for determining if a device meets requirements and can be trusted. In addition, Windows 11 works out-of-the-box with Microsoft Endpoint Manager and Azure Active Directory, so access decisions and enforcement are seamless. Plus, IT administrators can easily customize Windows 11 to meet specific user and policy requirements for access, privacy, compliance, and more. Individual users also benefit from powerful safeguards including new standards for hardware-based security and passwordless protection that help safeguard data and privacy. diff --git a/windows/security/zero-trust-windows-device-health.md b/windows/security/zero-trust-windows-device-health.md index d6159d39a6..64a4233745 100644 --- a/windows/security/zero-trust-windows-device-health.md +++ b/windows/security/zero-trust-windows-device-health.md @@ -13,7 +13,7 @@ ms.date: 12/31/2017 --- # Zero Trust and Windows device health -Organizations need a security model that more effectively adapts to the complexity of the modern work environment. IT admins need to embrace the hybrid workplace, while protecting people, devices, apps, and data wherever they’re located. Implementing a Zero Trust model for security helps address today's complex environments. +Organizations need a security model that more effectively adapts to the complexity of the modern work environment. IT admins need to embrace the hybrid workplace, while protecting people, devices, apps, and data wherever they're located. Implementing a Zero Trust model for security helps address today's complex environments. The [Zero Trust](https://www.microsoft.com/security/business/zero-trust) principles are: @@ -27,12 +27,12 @@ The Zero Trust concept of **verify explicitly** applies to the risks introduced [Conditional access](/azure/active-directory/conditional-access/overview) evaluates identity signals to confirm that users are who they say they are before they're granted access to corporate resources. -Windows 11 supports device health attestation, helping to confirm that devices are in a good state and haven't been tampered with. This capability helps users access corporate resources whether they’re in the office, at home, or when they’re traveling. +Windows 11 supports device health attestation, helping to confirm that devices are in a good state and haven't been tampered with. This capability helps users access corporate resources whether they're in the office, at home, or when they're traveling. Attestation helps verify the identity and status of essential components and that the device, firmware, and boot process haven't been altered. Information about the firmware, boot process, and software, is used to validate the security state of the device. This information is cryptographically stored in the security co-processor Trusted Platform Module (TPM). Once the device is attested, it can be granted access to resources. ## Device health attestation on Windows - Many security risks can emerge during the boot process as this process can be the most privileged component of the whole system. The verification process uses remote attestation as the secure channel to determine and present the device’s health. Remote attestation determines: + Many security risks can emerge during the boot process as this process can be the most privileged component of the whole system. The verification process uses remote attestation as the secure channel to determine and present the device's health. Remote attestation determines: - If the device can be trusted - If the operating system booted correctly From d1468452849027666f4fdbab6dda872e9e6790de Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Fri, 5 May 2023 08:17:19 -0400 Subject: [PATCH 098/258] removed and redirected article --- .openpublishing.redirection.json | 5 ++++ .../security/information-protection/index.md | 24 ------------------- .../data-protection/toc.yml | 4 ++-- 3 files changed, 7 insertions(+), 26 deletions(-) delete mode 100644 windows/security/information-protection/index.md diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index 49135c37f0..c2fb4c8e6c 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -20809,6 +20809,11 @@ "source_path": "store-for-business/sign-up-microsoft-store-for-business.md", "redirect_url": "/microsoft-store", "redirect_document_id": false + }, + { + "source_path": "security/information-protection/index.md", + "redirect_url": "/security/encryption-data-protection", + "redirect_document_id": false } ] } diff --git a/windows/security/information-protection/index.md b/windows/security/information-protection/index.md deleted file mode 100644 index f84702dd1c..0000000000 --- a/windows/security/information-protection/index.md +++ /dev/null @@ -1,24 +0,0 @@ ---- -title: Information protection (Windows 10) -description: Learn more about how to protect sensitive data across your organization. -ms.prod: windows-client -author: paolomatarazzo -ms.author: paoloma -manager: aaroncz -ms.topic: conceptual -ms.date: 03/09/2023 -ms.technology: itpro-security ---- - -# Information protection - -Learn more about how to secure documents and other data across your organization. - -| Section | Description | -|-|-| -| [BitLocker](bitlocker/bitlocker-overview.md)| Provides information about BitLocker, which is a data protection feature that integrates with the operating system and addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned computers. | -| [Encrypted Hard Drive](encrypted-hard-drive.md)| Encrypted Hard Drive uses the rapid encryption that is provided by BitLocker Drive Encryption to enhance data security and management. | -| [Kernel DMA Protection](kernel-dma-protection-for-thunderbolt.md)| Kernel DMA Protection protects PCs against drive-by Direct Memory Access (DMA) attacks using PCI hot plug devices connected to PCI accessible ports, such as Thunderbolt™ 3 ports. | -| [Protect your enterprise data using Windows Information Protection (WIP)](windows-information-protection/protect-enterprise-data-using-wip.md)|Provides info about how to create a Windows Information Protection policy that can help protect against potential corporate data leakage.| -| [Secure the Windows 10 boot process](secure-the-windows-10-boot-process.md)| Windows 10 supports features to help prevent rootkits and bootkits from loading during the startup process. | -| [Trusted Platform Module](tpm/trusted-platform-module-top-node.md)| Trusted Platform Module (TPM) technology is designed to provide hardware-based, security-related functions. A TPM chip is a secure crypto-processor that helps you with actions such as generating, storing, and limiting the use of cryptographic keys. | diff --git a/windows/security/operating-system-security/data-protection/toc.yml b/windows/security/operating-system-security/data-protection/toc.yml index bd7afea8da..56500215a0 100644 --- a/windows/security/operating-system-security/data-protection/toc.yml +++ b/windows/security/operating-system-security/data-protection/toc.yml @@ -99,8 +99,8 @@ items: href: ../../information-protection/personal-data-encryption/pde-in-intune/intune-disable-hibernation.md - name: Disable allowing users to select when a password is required when resuming from connected standby for PDE href: ../../information-protection/personal-data-encryption/pde-in-intune/intune-disable-password-connected-standby.md - - name: Configure S/MIME for Windows - href: ../../identity-protection/configure-s-mime.md +- name: Configure S/MIME for Windows + href: ../../identity-protection/configure-s-mime.md - name: Windows Information Protection (WIP) href: ../../information-protection/windows-information-protection/protect-enterprise-data-using-wip.md items: From 7490ae825b0f8c7bc35d17f17a579ea4770da584 Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Fri, 5 May 2023 08:27:41 -0400 Subject: [PATCH 099/258] updates --- .openpublishing.redirection.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index c2fb4c8e6c..e51c5d4efc 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -20811,8 +20811,8 @@ "redirect_document_id": false }, { - "source_path": "security/information-protection/index.md", - "redirect_url": "/security/encryption-data-protection", + "source_path": "windows/security/information-protection/index.md", + "redirect_url": "/windows/security/encryption-data-protection", "redirect_document_id": false } ] From 97d6b21bcb8260862b48b7ae68855b0a11cfeb9c Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Fri, 5 May 2023 10:44:59 -0700 Subject: [PATCH 100/258] 7790977: --- windows/whats-new/windows-11-temporary-feature-control.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/whats-new/windows-11-temporary-feature-control.md b/windows/whats-new/windows-11-temporary-feature-control.md index ef530333df..3f5a167550 100644 --- a/windows/whats-new/windows-11-temporary-feature-control.md +++ b/windows/whats-new/windows-11-temporary-feature-control.md @@ -24,7 +24,7 @@ Features behind temporary control are automatically disabled for devices that ha The following features are behind temporary control in Windows 11: -| Feature | KB article where the feature was introduced | Feature update that enables the feature | +| Feature | KB article where the feature was introduced | Feature update that ends temporary control | |---|---|---| | Touch-optimized taskbar for 2-in-1 devices | [February 28, 2023 - KB5022913](https://support.microsoft.com/topic/february-28-2023-kb5022913-os-build-22621-1344-preview-3e38c0d9-924d-4f3f-b0b6-3bd49b2657b9) | 2023 annual feature update | @@ -32,7 +32,7 @@ The following features are behind temporary control in Windows 11: Features that are behind temporary control will be enabled when one of the following conditions is met: -- The device installs the feature update that enables the new features by default +- The device installs the annual feature update that enables the new features by default - The device receives a policy that enables features behind temporary control - When the policy is enabled, all features on the device behind temporary control are turned on when the device next reboots. From f4e6fd64d2398b126c97740745f982d21639c62e Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Fri, 5 May 2023 10:59:33 -0700 Subject: [PATCH 101/258] 7790977: --- windows/deployment/update/waas-configure-wufb.md | 2 +- windows/whats-new/windows-11-temporary-feature-control.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/deployment/update/waas-configure-wufb.md b/windows/deployment/update/waas-configure-wufb.md index bbf80891bf..4f6b7dd408 100644 --- a/windows/deployment/update/waas-configure-wufb.md +++ b/windows/deployment/update/waas-configure-wufb.md @@ -215,7 +215,7 @@ Starting with Windows 10, version 1607, you can selectively opt out of receiving New features and enhancements are introduced through the monthly cumulative update to provide continuous innovation for Windows 11. To give organizations time to plan and prepare, some of these new features are temporarily turned off by default. Features that are turned off by default are listed in the KB article for the monthly cumulative update. Typically, a feature is selected to be off by default because it either impacts the user experience or IT administrators significantly. -The features that are turned off by default from servicing updates will be enabled in the next annual feature update. Organizations can choose to deploy feature updates at their own pace, to delay these features until they're ready for them. This policy is also known as **temporary feature control**. +The features that are turned off by default from servicing updates will be enabled in the next annual feature update. Organizations can choose to deploy feature updates at their own pace, to delay these features until they're ready for them. This policy is also known as **temporary feature control**. For a list of features that are turned off by default, see [Windows 11 features behind temporary control](/windows/whats-new/windows-11-temporary-feature-control). **Policy settings to enable features introduced via servicing that are off by default** diff --git a/windows/whats-new/windows-11-temporary-feature-control.md b/windows/whats-new/windows-11-temporary-feature-control.md index 3f5a167550..acf9f12910 100644 --- a/windows/whats-new/windows-11-temporary-feature-control.md +++ b/windows/whats-new/windows-11-temporary-feature-control.md @@ -15,7 +15,7 @@ ms.collection: --- # Temporary feature control in Windows 11 - + New features and enhancements are introduced through the monthly cumulative update to provide continuous innovation for Windows 11. To give organizations time to plan and prepare, some of these new features are temporarily turned off by default. Features that are turned off by default are listed in the KB article for the monthly cumulative update. Typically, a feature is selected to be off by default because it either impacts the user experience or IT administrators significantly. Features behind temporary control are automatically disabled for devices that have their Windows updates managed by policy. From c741449916f8bae8da2d59f7c9106e63b10cf887 Mon Sep 17 00:00:00 2001 From: Vinay Pamnani <37223378+vinaypamnani-msft@users.noreply.github.com> Date: Fri, 5 May 2023 16:38:41 -0400 Subject: [PATCH 102/258] Add tamper protection note to Defender CSP --- windows/client-management/mdm/defender-csp.md | 2 ++ ...icy-csp-admx-microsoftdefenderantivirus.md | 30 +++++++++++++++++++ .../mdm/policy-csp-defender.md | 24 +++++++++++++++ 3 files changed, 56 insertions(+) diff --git a/windows/client-management/mdm/defender-csp.md b/windows/client-management/mdm/defender-csp.md index 7550924275..a036a0332b 100644 --- a/windows/client-management/mdm/defender-csp.md +++ b/windows/client-management/mdm/defender-csp.md @@ -2212,6 +2212,8 @@ Tamper protection helps protect important security features from unwanted change +> [!NOTE] +> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled. diff --git a/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md b/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md index 07eef1894d..0a138841a5 100644 --- a/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md +++ b/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md @@ -115,6 +115,8 @@ Enabling or disabling this policy may lead to unexpected or unsupported behavior +> [!NOTE] +> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled. @@ -244,6 +246,8 @@ Real-time Protection -> Do not enable the "Turn off real-time protection" policy +> [!NOTE] +> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled. @@ -366,6 +370,8 @@ Real-time protection consists of always-on scanning with file and process behavi +> [!NOTE] +> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled. @@ -426,6 +432,8 @@ This policy setting allows you to configure whether Microsoft Defender Antivirus +> [!NOTE] +> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled. @@ -482,6 +490,8 @@ This policy setting allows you specify a list of file types that should be exclu +> [!NOTE] +> To prevent unauthorized changes to exclusions, apply tamper protection. Tamper protection for exclusions only works when [certain conditions](https://go.microsoft.com/fwlink/?linkid=2235765) are met. @@ -538,6 +548,8 @@ This policy setting allows you to disable scheduled and real-time scanning for f +> [!NOTE] +> To prevent unauthorized changes to exclusions, apply tamper protection. Tamper protection for exclusions only works when [certain conditions](https://go.microsoft.com/fwlink/?linkid=2235765) are met. @@ -594,6 +606,8 @@ This policy setting allows you to disable real-time scanning for any file opened +> [!NOTE] +> To prevent unauthorized changes to exclusions, apply tamper protection. Tamper protection for exclusions only works when [certain conditions](https://go.microsoft.com/fwlink/?linkid=2235765) are met. @@ -1577,6 +1591,8 @@ This policy setting allows you to configure behavior monitoring. +> [!NOTE] +> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled. @@ -1637,6 +1653,8 @@ This policy setting allows you to configure scanning for all downloaded files an +> [!NOTE] +> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled. @@ -1697,6 +1715,8 @@ This policy setting allows you to configure monitoring for file and program acti +> [!NOTE] +> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled. @@ -1817,6 +1837,8 @@ This policy setting allows you to configure process scanning when real-time prot +> [!NOTE] +> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled. @@ -2540,6 +2562,8 @@ Use this policy setting to specify if you want Microsoft Defender Antivirus enha +> [!NOTE] +> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled. @@ -3069,6 +3093,8 @@ This policy setting allows you to configure scans for malicious software and unw +> [!NOTE] +> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled. @@ -5551,6 +5577,8 @@ Use this policy setting to specify if you want Microsoft Defender Antivirus noti +> [!NOTE] +> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled. @@ -5609,6 +5637,8 @@ If you enable this setting AM UI won't show reboot notifications. +> [!NOTE] +> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled. diff --git a/windows/client-management/mdm/policy-csp-defender.md b/windows/client-management/mdm/policy-csp-defender.md index 1f26de308e..77b56fa11d 100644 --- a/windows/client-management/mdm/policy-csp-defender.md +++ b/windows/client-management/mdm/policy-csp-defender.md @@ -46,6 +46,8 @@ This policy setting allows you to configure scans for malicious software and unw +> [!NOTE] +> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled. @@ -113,6 +115,8 @@ This policy setting allows you to configure behavior monitoring. +> [!NOTE] +> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled. @@ -193,6 +197,8 @@ In Windows 10, Basic membership is no longer available, so setting the value to +> [!NOTE] +> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled. @@ -457,6 +463,8 @@ Allows or disallows Windows Defender Intrusion Prevention functionality. +> [!NOTE] +> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled. @@ -510,6 +518,8 @@ This policy setting allows you to configure scanning for all downloaded files an +> [!NOTE] +> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled. @@ -577,6 +587,8 @@ This policy setting allows you to configure monitoring for file and program acti +> [!NOTE] +> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled. @@ -640,6 +652,8 @@ Allows or disallows Windows Defender Realtime Monitoring functionality. +> [!NOTE] +> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled. @@ -769,6 +783,8 @@ Allows or disallows Windows Defender Script Scanning functionality. +> [!NOTE] +> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled. @@ -1891,6 +1907,8 @@ This policy setting allows you specify a list of file types that should be exclu +> [!NOTE] +> To prevent unauthorized changes to exclusions, apply tamper protection. Tamper protection for exclusions only works when [certain conditions](https://go.microsoft.com/fwlink/?linkid=2235765) are met. @@ -1945,6 +1963,8 @@ This policy setting allows you to disable scheduled and real-time scanning for f +> [!NOTE] +> To prevent unauthorized changes to exclusions, apply tamper protection. Tamper protection for exclusions only works when [certain conditions](https://go.microsoft.com/fwlink/?linkid=2235765) are met. @@ -1999,6 +2019,8 @@ This policy setting allows you to disable real-time scanning for any file opened +> [!NOTE] +> To prevent unauthorized changes to exclusions, apply tamper protection. Tamper protection for exclusions only works when [certain conditions](https://go.microsoft.com/fwlink/?linkid=2235765) are met. @@ -2790,6 +2812,8 @@ Valid remediation action values are: +> [!NOTE] +> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled. From 153d716a38947b658b06b610f784777e8e544609 Mon Sep 17 00:00:00 2001 From: yutoadachi <101614356+yut0adachi@users.noreply.github.com> Date: Tue, 9 May 2023 18:54:07 +0900 Subject: [PATCH 103/258] Update hello-hybrid-cert-whfb-provision.md The attached image on this document say "YES" about this step and the correct configuration is also like that. It needs to be corrected because it will cause confusion to readers. --- .../hello-for-business/hello-hybrid-cert-whfb-provision.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md index 629d9c561e..934a3f70de 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md @@ -139,7 +139,7 @@ To configure Windows Hello for Business using an *account protection* policy: 1. Under *Block Windows Hello for Business*, select **Disabled** and multiple policies become available - These policies are optional to configure, but it's recommended to configure *Enable to use a Trusted Platform Module (TPM)* to **Yes** - For more information about these policies, see [MDM policy settings for Windows Hello for Business](hello-manage-in-organization.md#mdm-policy-settings-for-windows-hello-for-business) -1. Under *Enable to certificate for on-premises resources*, select **Disabled** and multiple policies become available +1. Under *Enable to certificate for on-premises resources*, select **YES** 1. Select **Next** 1. Optionally, add *scope tags* > **Next** 1. Assign the policy to a security group that contains as members the devices or users that you want to configure > **Next** @@ -195,4 +195,4 @@ The certificate authority validates the certificate was signed by the registrati [MEM-3]: /mem/intune/configuration/custom-settings-configure [MEM-4]: /windows/client-management/mdm/passportforwork-csp [MEM-5]: /mem/intune/protect/endpoint-security-account-protection-policy -[MEM-6]: /mem/intune/protect/identity-protection-configure \ No newline at end of file +[MEM-6]: /mem/intune/protect/identity-protection-configure From 884c18f28424cb0b5099c8ce42a1c287fdfdf3f4 Mon Sep 17 00:00:00 2001 From: Vinay Pamnani <37223378+vinaypamnani-msft@users.noreply.github.com> Date: Tue, 9 May 2023 16:05:12 -0400 Subject: [PATCH 104/258] CSP changes to improve acro-scores --- .../client-management/mdm/bitlocker-csp.md | 323 ++++++++---------- .../mdm/includes/mdm-admx-csp-note.md | 12 + .../mdm/includes/mdm-admx-policy-note.md | 10 + .../mdm/includes/mdm-insider-csp-note.md | 10 + .../policy-configuration-service-provider.md | 53 ++- 5 files changed, 209 insertions(+), 199 deletions(-) create mode 100644 windows/client-management/mdm/includes/mdm-admx-csp-note.md create mode 100644 windows/client-management/mdm/includes/mdm-admx-policy-note.md create mode 100644 windows/client-management/mdm/includes/mdm-insider-csp-note.md diff --git a/windows/client-management/mdm/bitlocker-csp.md b/windows/client-management/mdm/bitlocker-csp.md index 16889b4db0..95f1a20a80 100644 --- a/windows/client-management/mdm/bitlocker-csp.md +++ b/windows/client-management/mdm/bitlocker-csp.md @@ -4,7 +4,7 @@ description: Learn more about the BitLocker CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/01/2023 +ms.date: 05/09/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,13 +16,9 @@ ms.topic: reference # BitLocker CSP -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] -> [!IMPORTANT] -> This CSP contains preview policies that are under development and only applicable for [Windows Insider Preview builds](/windows-insider/). These policies are subject to change and may have dependencies on other features or services in preview. +[!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)] @@ -80,7 +76,7 @@ The following list shows the BitLocker configuration service provider nodes: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763] and later | +| ✅ Device
❌ User | ❌ Home
✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later | @@ -91,18 +87,17 @@ The following list shows the BitLocker configuration service provider nodes: -Allows Admin to enforce "RequireDeviceEncryption" policy for scenarios where policy is pushed while current logged on user is non-admin/standard user. +Allows Admin to enforce "RequireDeviceEncryption" policy for scenarios where policy is pushed while current logged-on user is non-admin/standard user. + "AllowStandardUserEncryption" policy is tied to "AllowWarningForOtherDiskEncryption" policy being set to "0", i.e, Silent encryption is enforced. -If "AllowWarningForOtherDiskEncryption" is not set, or is set to "1", "RequireDeviceEncryption" policy will not try to encrypt drive(s) if a standard user -is the current logged on user in the system. + +If "AllowWarningForOtherDiskEncryption" isn't set, or is set to "1", "RequireDeviceEncryption" policy won't try to encrypt drive(s) if a standard user is the current logged-on user in the system. The expected values for this policy are: 1 = "RequireDeviceEncryption" policy will try to enable encryption on all fixed drives even if a current logged in user is standard user. -0 = This is the default, when the policy is not set. If current logged on user is a standard user, "RequireDeviceEncryption" policy -will not try to enable encryption on any drive. - +0 = This is the default, when the policy isn't set. If current logged-on user is a standard user, "RequireDeviceEncryption" policy won't try to enable encryption on any drive. @@ -114,7 +109,7 @@ will not try to enable encryption on any drive. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | | Dependency [AllowWarningForOtherDiskEncryptionDependency] | Dependency Type: `DependsOn`
Dependency URI: `Device/Vendor/MSFT/Bitlocker/AllowWarningForOtherDiskEncryption`
Dependency Allowed Value: `[0]`
Dependency Allowed Value Type: `Range`
| @@ -125,7 +120,7 @@ will not try to enable encryption on any drive. | Value | Description | |:--|:--| -| 0 (Default) | This is the default, when the policy is not set. If current logged on user is a standard user, "RequireDeviceEncryption" policy will not try to enable encryption on any drive. | +| 0 (Default) | This is the default, when the policy isn't set. If current logged-on user is a standard user, "RequireDeviceEncryption" policy won't try to enable encryption on any drive. | | 1 | "RequireDeviceEncryption" policy will try to enable encryption on all fixed drives even if a current logged in user is standard user. | @@ -159,7 +154,7 @@ To disable this policy, use the following SyncML: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows Insider Preview | +| ✅ Device
❌ User | ❌ Home
✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows Insider Preview | @@ -178,7 +173,8 @@ This policy setting allows suspending protection for BitLocker Drive Encryption The expected values for this policy are: 0 = Prevent BitLocker Drive Encryption protection from being suspended. -1 = This is the default, when the policy is not set. Allows suspending BitLocker Drive Encryption protection. + +1 = This is the default, when the policy isn't set. Allows suspending BitLocker Drive Encryption protection. @@ -190,7 +186,7 @@ The expected values for this policy are: | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -201,7 +197,7 @@ The expected values for this policy are: | Value | Description | |:--|:--| | 0 | Prevent BitLocker Drive Encryption protection from being suspended. | -| 1 (Default) | This is the default, when the policy is not set. Allows suspending BitLocker Drive Encryption protection. | +| 1 (Default) | This is the default, when the policy isn't set. Allows suspending BitLocker Drive Encryption protection. | @@ -216,7 +212,7 @@ The expected values for this policy are: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ❌ Home
✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -231,20 +227,18 @@ Allows Admin to disable all UI (notification for encryption and warning prompt f and turn on encryption on the user machines silently. > [!WARNING] -> When you enable BitLocker on a device with third party encryption, it may render the device unusable and will -require reinstallation of Windows. +> When you enable BitLocker on a device with third party encryption, it may render the device unusable and will require reinstallation of Windows. > [!NOTE] > This policy takes effect only if "RequireDeviceEncryption" policy is set to 1. The expected values for this policy are: -1 = This is the default, when the policy is not set. **Warning** prompt and encryption notification is allowed. -0 = Disables the warning prompt and encryption notification. Starting in Windows 10, next major update, -the value 0 only takes affect on Azure Active Directory joined devices. +1 = This is the default, when the policy isn't set. Warning prompt and encryption notification is allowed. + +0 = Disables the warning prompt and encryption notification. Starting in Windows 10, next major update, the value 0 only takes effect on Azure Active Directory joined devices. + Windows will attempt to silently enable BitLocker for value 0. - - @@ -266,7 +260,7 @@ Windows will attempt to silently enable BitLocker for value 0. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -307,7 +301,7 @@ Windows will attempt to silently enable BitLocker for value 0. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1909 [10.0.18363] and later | +| ✅ Device
❌ User | ❌ Home
✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1909 [10.0.18363] and later | @@ -319,16 +313,16 @@ Windows will attempt to silently enable BitLocker for value 0. Allows Admin to configure Numeric Recovery Password Rotation upon use for OS and fixed drives on AAD and Hybrid domain joined devices. -When not configured, Rotation is turned on by default for AAD only and off on Hybrid. The Policy will be effective only when -Active Directory back up for recovery password is configured to required. -For OS drive: Turn on "Do not enable Bitlocker until recovery information is stored to AD DS for operating system drives" -For Fixed drives: Turn on "Do not enable Bitlocker until recovery information is stored to AD DS for fixed data drives" + +When not configured, Rotation is turned on by default for AAD only and off on Hybrid. The Policy will be effective only when Active Directory back up for recovery password is configured to required. + +For OS drive: Turn on "don't enable Bitlocker until recovery information is stored to AD DS for operating system drives" +For Fixed drives: Turn on "don't enable Bitlocker until recovery information is stored to AD DS for fixed data drives" Supported Values: 0 - Numeric Recovery Passwords rotation OFF. + 1 - Numeric Recovery Passwords Rotation upon use ON for AAD joined devices. Default value 2 - Numeric Recovery Passwords Rotation upon use ON for both AAD and Hybrid devices - - @@ -340,7 +334,7 @@ Supported Values: 0 - Numeric Recovery Passwords rotation OFF. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -367,7 +361,7 @@ Supported Values: 0 - Numeric Recovery Passwords rotation OFF. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ❌ Home
✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -380,11 +374,11 @@ Supported Values: 0 - Numeric Recovery Passwords rotation OFF. This policy setting configures whether BitLocker protection is required for a computer to be able to write data to a removable data drive. -- If you enable this policy setting, all removable data drives that are not BitLocker-protected will be mounted as read-only. If the drive is protected by BitLocker, it will be mounted with read and write access. +- If you enable this policy setting, all removable data drives that aren't BitLocker-protected will be mounted as read-only. If the drive is protected by BitLocker, it will be mounted with read and write access. If the "Deny write access to devices configured in another organization" option is selected, only drives with identification fields matching the computer's identification fields will be given write access. When a removable data drive is accessed it will be checked for valid identification field and allowed identification fields. These fields are defined by the "Provide the unique identifiers for your organization" policy setting. -- If you disable or do not configure this policy setting, all removable data drives on the computer will be mounted with read and write access. +- If you disable or don't configure this policy setting, all removable data drives on the computer will be mounted with read and write access. > [!NOTE] > This policy setting can be overridden by the policy settings under User Configuration\Administrative Templates\System\Removable Storage Access. If the "Removable Disks: Deny write access" policy setting is enabled this policy setting will be ignored. @@ -423,13 +417,12 @@ Sample value for this node to enable this policy and set the encryption methods | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX Backed Policy Tip](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -474,7 +467,7 @@ To disable this policy, use the following SyncML: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ❌ Home
✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -487,9 +480,9 @@ To disable this policy, use the following SyncML: This policy setting allows you to configure the encryption type used by BitLocker Drive Encryption. This policy setting is applied when you turn on BitLocker. Changing the encryption type has no effect if the drive is already encrypted or if encryption is in progress. Choose full encryption to require that the entire drive be encrypted when BitLocker is turned on. Choose used space only encryption to require that only the portion of the drive used to store data is encrypted when BitLocker is turned on. -- If you enable this policy setting the encryption type that BitLocker will use to encrypt drives is defined by this policy and the encryption type option will not be presented in the BitLocker setup wizard. +- If you enable this policy setting the encryption type that BitLocker will use to encrypt drives is defined by this policy and the encryption type option won't be presented in the BitLocker setup wizard. -- If you disable or do not configure this policy setting, the BitLocker setup wizard will ask the user to select the encryption type before turning on BitLocker. +- If you disable or don't configure this policy setting, the BitLocker setup wizard will ask the user to select the encryption type before turning on BitLocker. @@ -517,13 +510,12 @@ Possible values: | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX Backed Policy Tip](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -550,7 +542,7 @@ Possible values: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ❌ Home
✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -567,18 +559,18 @@ The "Allow data recovery agent" check box is used to specify whether a data reco In "Configure user storage of BitLocker recovery information" select whether users are allowed, required, or not allowed to generate a 48-digit recovery password or a 256-bit recovery key. -Select "Omit recovery options from the BitLocker setup wizard" to prevent users from specifying recovery options when they turn on BitLocker on a drive. This means that you will not be able to specify which recovery option to use when you turn on BitLocker, instead BitLocker recovery options for the drive are determined by the policy setting. +Select "Omit recovery options from the BitLocker setup wizard" to prevent users from specifying recovery options when they turn on BitLocker on a drive. This means that you won't be able to specify which recovery option to use when you turn on BitLocker, instead BitLocker recovery options for the drive are determined by the policy setting. In "Save BitLocker recovery information to Active Directory Domain Services" choose which BitLocker recovery information to store in AD DS for fixed data drives. If you select "Backup recovery password and key package", both the BitLocker recovery password and key package are stored in AD DS. Storing the key package supports recovering data from a drive that has been physically corrupted. If you select "Backup recovery password only," only the recovery password is stored in AD DS. -Select the "Do not enable BitLocker until recovery information is stored in AD DS for fixed data drives" check box if you want to prevent users from enabling BitLocker unless the computer is connected to the domain and the backup of BitLocker recovery information to AD DS succeeds. +Select the "don't enable BitLocker until recovery information is stored in AD DS for fixed data drives" check box if you want to prevent users from enabling BitLocker unless the computer is connected to the domain and the backup of BitLocker recovery information to AD DS succeeds. > [!NOTE] -> If the "Do not enable BitLocker until recovery information is stored in AD DS for fixed data drives" check box is selected, a recovery password is automatically generated. +> If the "don't enable BitLocker until recovery information is stored in AD DS for fixed data drives" check box is selected, a recovery password is automatically generated. - If you enable this policy setting, you can control the methods available to users to recover data from BitLocker-protected fixed data drives. -- If this policy setting is not configured or disabled, the default recovery options are supported for BitLocker recovery. By default a DRA is allowed, the recovery options can be specified by the user including the recovery password and recovery key, and recovery information is not backed up to AD DS. +- If this policy setting isn't configured or disabled, the default recovery options are supported for BitLocker recovery. By default a DRA is allowed, the recovery options can be specified by the user including the recovery password and recovery key, and recovery information isn't backed up to AD DS. @@ -627,13 +619,12 @@ The possible values for 'zz' are: | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX Backed Policy Tip](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -678,7 +669,7 @@ To disable this policy, use the following SyncML: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ❌ Home
✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -691,9 +682,9 @@ To disable this policy, use the following SyncML: This policy setting determines whether BitLocker protection is required for fixed data drives to be writable on a computer. -- If you enable this policy setting, all fixed data drives that are not BitLocker-protected will be mounted as read-only. If the drive is protected by BitLocker, it will be mounted with read and write access. +- If you enable this policy setting, all fixed data drives that aren't BitLocker-protected will be mounted as read-only. If the drive is protected by BitLocker, it will be mounted with read and write access. -- If you disable or do not configure this policy setting, all fixed data drives on the computer will be mounted with read and write access. +- If you disable or don't configure this policy setting, all fixed data drives on the computer will be mounted with read and write access. @@ -706,13 +697,12 @@ Sample value for this node to enable this policy is: `` | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX Backed Policy Tip](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -757,7 +747,7 @@ To disable this policy, use hte following SyncML: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ❌ Home
✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -768,9 +758,9 @@ To disable this policy, use hte following SyncML: -This policy setting allows you to associate unique organizational identifiers to a new drive that is enabled with BitLocker. These identifiers are stored as the identification field and allowed identification field. The identification field allows you to associate a unique organizational identifier to BitLocker-protected drives. This identifier is automatically added to new BitLocker-protected drives and can be updated on existing BitLocker-protected drives using the [manage-bde](/windows-server/administration/windows-commands/manage-bde) command-line tool. An identification field is required for management of certificate-based data recovery agents on BitLocker-protected drives and for potential updates to the BitLocker To Go Reader. BitLocker will only manage and update data recovery agents when the identification field on the drive matches the value configured in the identification field. In a similar manner, BitLocker will only update the BitLocker To Go Reader when the identification field on the drive matches the value configured for the identification field. +This policy setting allows you to associate unique organizational identifiers to a new drive that's enabled with BitLocker. These identifiers are stored as the identification field and allowed identification field. The identification field allows you to associate a unique organizational identifier to BitLocker-protected drives. This identifier is automatically added to new BitLocker-protected drives and can be updated on existing BitLocker-protected drives using the [manage-bde](/windows-server/administration/windows-commands/manage-bde) command-line tool. An identification field is required for management of certificate-based data recovery agents on BitLocker-protected drives and for potential updates to the BitLocker To Go Reader. BitLocker will only manage and update data recovery agents when the identification field on the drive matches the value configured in the identification field. In a similar manner, BitLocker will only update the BitLocker To Go Reader when the identification field on the drive matches the value configured for the identification field. -The allowed identification field is used in combination with the "Deny write access to removable drives not protected by BitLocker" policy setting to help control the use of removable drives in your organization. It is a comma separated list of identification fields from your organization or other external organizations. +The allowed identification field is used in combination with the "Deny write access to removable drives not protected by BitLocker" policy setting to help control the use of removable drives in your organization. It's a comma separated list of identification fields from your organization or other external organizations. You can configure the identification fields on existing drives by using [manage-bde](/windows-server/administration/windows-commands/manage-bde).exe. @@ -778,7 +768,7 @@ You can configure the identification fields on existing drives by using [manage- When a BitLocker-protected drive is mounted on another BitLocker-enabled computer the identification field and allowed identification field will be used to determine whether the drive is from an outside organization. -- If you disable or do not configure this policy setting, the identification field is not required. +- If you disable or don't configure this policy setting, the identification field isn't required. > [!NOTE] > Identification fields are required for management of certificate-based data recovery agents on BitLocker-protected drives. BitLocker will only manage and update certificate-based data recovery agents when the identification field is present on a drive and is identical to the value configured on the computer. The identification field can be any value of 260 characters or fewer. @@ -805,13 +795,12 @@ Sample value for this node to enable this policy is: | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX Backed Policy Tip](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -838,7 +827,7 @@ Sample value for this node to enable this policy is: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ❌ Home
✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -853,9 +842,9 @@ This policy setting controls the use of BitLocker on removable data drives. This When this policy setting is enabled you can select property settings that control how users can configure BitLocker. Choose "Allow users to apply BitLocker protection on removable data drives" to permit the user to run the BitLocker setup wizard on a removable data drive. Choose "Allow users to suspend and decrypt BitLocker on removable data drives" to permit the user to remove BitLocker Drive encryption from the drive or suspend the encryption while maintenance is performed. For information about suspending BitLocker protection, see [BitLocker Basic Deployment](/windows/security/information-protection/bitlocker/bitlocker-basic-deployment). -- If you do not configure this policy setting, users can use BitLocker on removable disk drives. +- If you don't configure this policy setting, users can use BitLocker on removable disk drives. -- If you disable this policy setting, users cannot use BitLocker on removable disk drives. +- If you disable this policy setting, users can't use BitLocker on removable disk drives. @@ -879,13 +868,12 @@ Sample value for this node to enable this policy is: | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX Backed Policy Tip](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -912,7 +900,7 @@ Sample value for this node to enable this policy is: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ❌ Home
✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -925,9 +913,9 @@ Sample value for this node to enable this policy is: This policy setting allows you to configure the encryption type used by BitLocker Drive Encryption. This policy setting is applied when you turn on BitLocker. Changing the encryption type has no effect if the drive is already encrypted or if encryption is in progress. Choose full encryption to require that the entire drive be encrypted when BitLocker is turned on. Choose used space only encryption to require that only the portion of the drive used to store data is encrypted when BitLocker is turned on. -- If you enable this policy setting the encryption type that BitLocker will use to encrypt drives is defined by this policy and the encryption type option will not be presented in the BitLocker setup wizard. +- If you enable this policy setting the encryption type that BitLocker will use to encrypt drives is defined by this policy and the encryption type option won't be presented in the BitLocker setup wizard. -- If you disable or do not configure this policy setting, the BitLocker setup wizard will ask the user to select the encryption type before turning on BitLocker. +- If you disable or don't configure this policy setting, the BitLocker setup wizard will ask the user to select the encryption type before turning on BitLocker. @@ -950,14 +938,13 @@ Possible values: | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Dependency [BDEAllowed] | Dependency Type: `DependsOn`
Dependency URI: `Device/Vendor/MSFT/Bitlocker/RemovableDrivesConfigureBDE`
Dependency Allowed Value Type: `ADMX`
| -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX Backed Policy Tip](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -984,7 +971,7 @@ Possible values: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ❌ Home
✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -995,7 +982,7 @@ Possible values: -When enabled, allows you to exclude removable drives and devices connected over USB interface from [BitLocker Device Encryption](/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10#bitlocker-device-encryption). Excluded devices cannot be encrypted, even manually. Additionally, if "Deny write access to removable drives not protected by BitLocker" is configured, user will not be prompted for encryption and drive will be mounted in read/write mode. Provide a comma separated list of excluded removable drives\devices, using the Hardware ID of the disk device. Example USBSTOR\SEAGATE_ST39102LW_______0004. +When enabled, allows you to exclude removable drives and devices connected over USB interface from [BitLocker Device Encryption](/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10#bitlocker-device-encryption). Excluded devices can't be encrypted, even manually. Additionally, if "Deny write access to removable drives not protected by BitLocker" is configured, user won't be prompted for encryption and drive will be mounted in read/write mode. Provide a comma separated list of excluded removable drives\devices, using the Hardware ID of the disk device. Example USBSTOR\SEAGATE_ST39102LW_______0004. @@ -1007,7 +994,7 @@ When enabled, allows you to exclude removable drives and devices connected over | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `,`) | @@ -1024,7 +1011,7 @@ When enabled, allows you to exclude removable drives and devices connected over | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ❌ Home
✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -1037,11 +1024,11 @@ When enabled, allows you to exclude removable drives and devices connected over This policy setting configures whether BitLocker protection is required for a computer to be able to write data to a removable data drive. -- If you enable this policy setting, all removable data drives that are not BitLocker-protected will be mounted as read-only. If the drive is protected by BitLocker, it will be mounted with read and write access. +- If you enable this policy setting, all removable data drives that aren't BitLocker-protected will be mounted as read-only. If the drive is protected by BitLocker, it will be mounted with read and write access. If the "Deny write access to devices configured in another organization" option is selected, only drives with identification fields matching the computer's identification fields will be given write access. When a removable data drive is accessed it will be checked for valid identification field and allowed identification fields. These fields are defined by the "Provide the unique identifiers for your organization" policy setting. -- If you disable or do not configure this policy setting, all removable data drives on the computer will be mounted with read and write access. +- If you disable or don't configure this policy setting, all removable data drives on the computer will be mounted with read and write access. > [!NOTE] > This policy setting can be overridden by the policy settings under User Configuration\Administrative Templates\System\Removable Storage Access. If the "Removable Disks: Deny write access" policy setting is enabled this policy setting will be ignored. @@ -1070,13 +1057,12 @@ The possible values for 'xx' are: | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX Backed Policy Tip](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1121,7 +1107,7 @@ To disable this policy, use the following SyncML: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ❌ Home
✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -1137,8 +1123,7 @@ Allows the Admin to require encryption to be turned on using BitLocker\Device En Sample value for this node to enable this policy: 1 -Disabling the policy will not turn off the encryption on the system drive. But will stop prompting the user to turn it on. - +Disabling the policy won't turn off the encryption on the system drive. But will stop prompting the user to turn it on. @@ -1163,7 +1148,7 @@ Encryptable fixed data volumes are treated similarly to OS volumes. However, fix | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -1173,7 +1158,7 @@ Encryptable fixed data volumes are treated similarly to OS volumes. However, fix | Value | Description | |:--|:--| -| 0 (Default) | Disable. If the policy setting is not set or is set to 0, the device's enforcement status is not checked. The policy does not enforce encryption and it does not decrypt encrypted volumes. | +| 0 (Default) | Disable. If the policy setting isn't set or is set to 0, the device's enforcement status isn't checked. The policy doesn't enforce encryption and it doesn't decrypt encrypted volumes. | | 1 | Enable. The device's enforcement status is checked. Setting this policy to 1 triggers encryption of all drives (silently or non-silently based on AllowWarningForOtherDiskEncryption policy). | @@ -1214,7 +1199,7 @@ To disable RequireDeviceEncryption: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ❌ Home
✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -1228,11 +1213,11 @@ To disable RequireDeviceEncryption: Allows the Admin to require storage card encryption on the device. This policy is only valid for mobile SKU. + Sample value for this node to enable this policy: 1 -Disabling the policy will not turn off the encryption on the storage card. But will stop prompting the user to turn it on. - +Disabling the policy won't turn off the encryption on the storage card. But will stop prompting the user to turn it on. @@ -1244,7 +1229,7 @@ Disabling the policy will not turn off the encryption on the storage card. But w | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -1254,7 +1239,7 @@ Disabling the policy will not turn off the encryption on the storage card. But w | Value | Description | |:--|:--| -| 0 (Default) | Storage cards do not need to be encrypted. | +| 0 (Default) | Storage cards don't need to be encrypted. | | 1 | Require storage cards to be encrypted. | @@ -1270,7 +1255,7 @@ Disabling the policy will not turn off the encryption on the storage card. But w | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1909 [10.0.18363] and later | +| ✅ Device
❌ User | ❌ Home
✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1909 [10.0.18363] and later | @@ -1282,19 +1267,19 @@ Disabling the policy will not turn off the encryption on the storage card. But w Allows admin to push one-time rotation of all numeric recovery passwords for OS and Fixed Data drives on an Azure Active Directory or hybrid-joined device. + This policy is Execute type and rotates all numeric passwords when issued from MDM tools. The policy only comes into effect when Active Directory backup for a recovery password is configured to "required." -- For OS drives, enable "Do not enable BitLocker until recovery information is stored to Active Directory Domain Services for operating system drives." -- For fixed drives, enable "Do not enable BitLocker until recovery information is stored to Active Directory Domain Services for fixed data drives." +- For OS drives, enable "don't enable BitLocker until recovery information is stored to Active Directory Domain Services for operating system drives." +- For fixed drives, enable "don't enable BitLocker until recovery information is stored to Active Directory Domain Services for fixed data drives." Client returns status DM_S_ACCEPTED_FOR_PROCESSING to indicate the rotation has started. Server can query status with the following status nodes: - status\RotateRecoveryPasswordsStatus - status\RotateRecoveryPasswordsRequestID -Supported Values: String form of request ID. Example format of request ID is GUID. Server can choose the format as needed according to the management tools.\ - +Supported Values: String form of request ID. Example format of request ID is GUID. Server can choose the format as needed according to the management tools. @@ -1324,7 +1309,7 @@ Supported Values: String form of request ID. Example format of request ID is GUI | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Exec | @@ -1340,7 +1325,7 @@ Supported Values: String form of request ID. Example format of request ID is GUI | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1903 [10.0.18362] and later | +| ✅ Device
❌ User | ❌ Home
✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later | @@ -1362,7 +1347,7 @@ Supported Values: String form of request ID. Example format of request ID is GUI | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -1378,7 +1363,7 @@ Supported Values: String form of request ID. Example format of request ID is GUI | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1903 [10.0.18362] and later | +| ✅ Device
❌ User | ❌ Home
✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later | @@ -1390,6 +1375,7 @@ Supported Values: String form of request ID. Example format of request ID is GUI This node reports compliance state of device encryption on the system. + Value '0' means the device is compliant. Any other value represents a non-compliant device. @@ -1423,7 +1409,7 @@ This value represents a bitmask with each bit and the corresponding error code d | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | @@ -1439,7 +1425,7 @@ This value represents a bitmask with each bit and the corresponding error code d | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ❌ Home
✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1462,7 +1448,7 @@ This node reports compliance state of removal drive encryption. "0" Value means | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | @@ -1478,7 +1464,7 @@ This node reports compliance state of removal drive encryption. "0" Value means | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1909 [10.0.18363] and later | +| ✅ Device
❌ User | ❌ Home
✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1909 [10.0.18363] and later | @@ -1490,8 +1476,8 @@ This node reports compliance state of removal drive encryption. "0" Value means This Node reports the RequestID corresponding to RotateRecoveryPasswordsStatus. -This node needs to be queried in synchronization with RotateRecoveryPasswordsStatus -To ensure the status is correctly matched to the request ID. + +This node needs to be queried in synchronization with RotateRecoveryPasswordsStatus To ensure the status is correctly matched to the request ID. @@ -1503,7 +1489,7 @@ To ensure the status is correctly matched to the request ID. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -1519,7 +1505,7 @@ To ensure the status is correctly matched to the request ID. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1909 [10.0.18363] and later | +| ✅ Device
❌ User | ❌ Home
✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1909 [10.0.18363] and later | @@ -1531,6 +1517,7 @@ To ensure the status is correctly matched to the request ID. This Node reports the status of RotateRecoveryPasswords request. + Status code can be one of the following: NotStarted(2), Pending (1), Pass (0), Other error codes in case of failure. @@ -1544,7 +1531,7 @@ NotStarted(2), Pending (1), Pass (0), Other error codes in case of failure. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | @@ -1560,7 +1547,7 @@ NotStarted(2), Pending (1), Pass (0), Other error codes in case of failure. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ❌ Home
✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1571,13 +1558,13 @@ NotStarted(2), Pending (1), Pass (0), Other error codes in case of failure. -This policy setting allows you to configure whether or not standard users are allowed to change BitLocker volume PINs, provided they are able to provide the existing PIN first. +This policy setting allows you to configure whether or not standard users are allowed to change BitLocker volume PINs, provided they're able to provide the existing PIN first. This policy setting is applied when you turn on BitLocker. -- If you enable this policy setting, standard users will not be allowed to change BitLocker PINs or passwords. +- If you enable this policy setting, standard users won't be allowed to change BitLocker PINs or passwords. -- If you disable or do not configure this policy setting, standard users will be permitted to change BitLocker PINs and passwords. +- If you disable or don't configure this policy setting, standard users will be permitted to change BitLocker PINs and passwords. @@ -1593,13 +1580,12 @@ Sample value for this node to disable this policy is: `` | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX Backed Policy Tip](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1626,7 +1612,7 @@ Sample value for this node to disable this policy is: `` | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ❌ Home
✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1643,9 +1629,10 @@ The Windows touch keyboard (such as that used by tablets) isn't available in the - If you enable this policy setting, devices must have an alternative means of pre-boot input (such as an attached USB keyboard). -- If this policy is not enabled, the Windows Recovery Environment must be enabled on tablets to support the entry of the BitLocker recovery password. When the Windows Recovery Environment is not enabled and this policy is not enabled, you cannot turn on BitLocker on a device that uses the Windows touch keyboard. +- If this policy isn't enabled, the Windows Recovery Environment must be enabled on tablets to support the entry of the BitLocker recovery password. When the Windows Recovery Environment isn't enabled and this policy isn't enabled, you can't turn on BitLocker on a device that uses the Windows touch keyboard. + +Note that if you don't enable this policy setting, options in the "Require additional authentication at startup" policy might not be available on such devices. These options include: -**Note** that if you do not enable this policy setting, options in the "Require additional authentication at startup" policy might not be available on such devices. These options include: - Configure TPM startup PIN: Required/Allowed - Configure TPM startup key and PIN: Required/Allowed - Configure use of passwords for operating system drives. @@ -1661,13 +1648,12 @@ Sample value for this node to enable this policy is: `` | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX Backed Policy Tip](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1694,7 +1680,7 @@ Sample value for this node to enable this policy is: `` | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ❌ Home
✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1709,7 +1695,7 @@ This policy setting allows users on devices that are compliant with InstantGo or - If you enable this policy setting, users on InstantGo and HSTI compliant devices will have the choice to turn on BitLocker without pre-boot authentication. -- If this policy is not enabled, the options of "Require additional authentication at startup" policy apply. +- If this policy isn't enabled, the options of "Require additional authentication at startup" policy apply. @@ -1722,13 +1708,12 @@ Sample value for this node to enable this policy is: `` | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX Backed Policy Tip](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1755,7 +1740,7 @@ Sample value for this node to enable this policy is: `` | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ❌ Home
✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1768,9 +1753,9 @@ Sample value for this node to enable this policy is: `` This policy setting allows you to configure the encryption type used by BitLocker Drive Encryption. This policy setting is applied when you turn on BitLocker. Changing the encryption type has no effect if the drive is already encrypted or if encryption is in progress. Choose full encryption to require that the entire drive be encrypted when BitLocker is turned on. Choose used space only encryption to require that only the portion of the drive used to store data is encrypted when BitLocker is turned on. -- If you enable this policy setting the encryption type that BitLocker will use to encrypt drives is defined by this policy and the encryption type option will not be presented in the BitLocker setup wizard. +- If you enable this policy setting the encryption type that BitLocker will use to encrypt drives is defined by this policy and the encryption type option won't be presented in the BitLocker setup wizard. -- If you disable or do not configure this policy setting, the BitLocker setup wizard will ask the user to select the encryption type before turning on BitLocker. +- If you disable or don't configure this policy setting, the BitLocker setup wizard will ask the user to select the encryption type before turning on BitLocker. @@ -1799,13 +1784,12 @@ Possible values: | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX Backed Policy Tip](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1832,7 +1816,7 @@ Possible values: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ❌ Home
✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1850,9 +1834,9 @@ Enhanced startup PINs permit the use of characters including uppercase and lower - If you enable this policy setting, all new BitLocker startup PINs set will be enhanced PINs. > [!NOTE] -> Not all computers may support enhanced PINs in the pre-boot environment. It is strongly recommended that users perform a system check during BitLocker setup. +> Not all computers may support enhanced PINs in the pre-boot environment. It's strongly recommended that users perform a system check during BitLocker setup. -- If you disable or do not configure this policy setting, enhanced PINs will not be used. +- If you disable or don't configure this policy setting, enhanced PINs won't be used. @@ -1865,13 +1849,12 @@ Sample value for this node to enable this policy is: `` | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX Backed Policy Tip](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1898,7 +1881,7 @@ Sample value for this node to enable this policy is: `` | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ❌ Home
✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -1913,7 +1896,7 @@ This policy setting allows you to configure a minimum length for a Trusted Platf - If you enable this policy setting, you can require a minimum number of digits to be used when setting the startup PIN. -- If you disable or do not configure this policy setting, users can configure a startup PIN of any length between 6 and 20 digits. +- If you disable or don't configure this policy setting, users can configure a startup PIN of any length between 6 and 20 digits. > [!NOTE] > If minimum PIN length is set below 6 digits, Windows will attempt to update the TPM 2.0 lockout period to be greater than the default when a PIN is changed. If successful, Windows will only reset the TPM lockout period back to default if the TPM is reset. @@ -1936,13 +1919,12 @@ Sample value for this node to enable this policy is: | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX Backed Policy Tip](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1986,7 +1968,7 @@ To disable this policy, use the following SyncML: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ❌ Home
✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -2006,7 +1988,7 @@ If you select the "Use custom recovery message" option, the message you type in If you select the "Use custom recovery URL" option, the URL you type in the "Custom recovery URL option" text box will replace the default URL in the default recovery message, which will be displayed in the pre-boot key recovery screen. > [!NOTE] -> Not all characters and languages are supported in pre-boot. It is strongly recommended that you test that the characters you use for the custom message or URL appear correctly on the pre-boot recovery screen. +> Not all characters and languages are supported in pre-boot. It's strongly recommended that you test that the characters you use for the custom message or URL appear correctly on the pre-boot recovery screen. @@ -2046,13 +2028,12 @@ The possible value for 'yy' and 'zz' is a string of max length 900 and 500 respe | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX Backed Policy Tip](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2096,7 +2077,7 @@ To disable this policy, use the following SyncML: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ❌ Home
✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -2113,18 +2094,18 @@ The "Allow certificate-based data recovery agent" check box is used to specify w In "Configure user storage of BitLocker recovery information" select whether users are allowed, required, or not allowed to generate a 48-digit recovery password or a 256-bit recovery key. -Select "Omit recovery options from the BitLocker setup wizard" to prevent users from specifying recovery options when they turn on BitLocker on a drive. This means that you will not be able to specify which recovery option to use when you turn on BitLocker, instead BitLocker recovery options for the drive are determined by the policy setting. +Select "Omit recovery options from the BitLocker setup wizard" to prevent users from specifying recovery options when they turn on BitLocker on a drive. This means that you won't be able to specify which recovery option to use when you turn on BitLocker, instead BitLocker recovery options for the drive are determined by the policy setting. In "Save BitLocker recovery information to Active Directory Domain Services", choose which BitLocker recovery information to store in AD DS for operating system drives. If you select "Backup recovery password and key package", both the BitLocker recovery password and key package are stored in AD DS. Storing the key package supports recovering data from a drive that has been physically corrupted. If you select "Backup recovery password only," only the recovery password is stored in AD DS. -Select the "Do not enable BitLocker until recovery information is stored in AD DS for operating system drives" check box if you want to prevent users from enabling BitLocker unless the computer is connected to the domain and the backup of BitLocker recovery information to AD DS succeeds. +Select the "don't enable BitLocker until recovery information is stored in AD DS for operating system drives" check box if you want to prevent users from enabling BitLocker unless the computer is connected to the domain and the backup of BitLocker recovery information to AD DS succeeds. > [!NOTE] -> If the "Do not enable BitLocker until recovery information is stored in AD DS for operating system drives" check box is selected, a recovery password is automatically generated. +> If the "don't enable BitLocker until recovery information is stored in AD DS for operating system drives" check box is selected, a recovery password is automatically generated. - If you enable this policy setting, you can control the methods available to users to recover data from BitLocker-protected operating system drives. -- If this policy setting is disabled or not configured, the default recovery options are supported for BitLocker recovery. By default a DRA is allowed, the recovery options can be specified by the user including the recovery password and recovery key, and recovery information is not backed up to AD DS. +- If this policy setting is disabled or not configured, the default recovery options are supported for BitLocker recovery. By default a DRA is allowed, the recovery options can be specified by the user including the recovery password and recovery key, and recovery information isn't backed up to AD DS. @@ -2172,13 +2153,12 @@ The possible values for 'zz' are: | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX Backed Policy Tip](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2223,7 +2203,7 @@ To disable this policy, use the following SyncML: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ❌ Home
✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -2245,7 +2225,7 @@ On a computer with a compatible TPM, four types of authentication methods can be - If you enable this policy setting, users can configure advanced startup options in the BitLocker setup wizard. -- If you disable or do not configure this policy setting, users can configure only basic options on computers with a TPM. +- If you disable or don't configure this policy setting, users can configure only basic options on computers with a TPM. > [!NOTE] > If you want to require the use of a startup PIN and a USB flash drive, you must configure BitLocker settings using the command-line tool [manage-bde](/windows-server/administration/windows-commands/manage-bde) instead of the BitLocker Drive Encryption setup wizard. @@ -2293,13 +2273,12 @@ The possible values for 'yy' are: | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX Backed Policy Tip](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/includes/mdm-admx-csp-note.md b/windows/client-management/mdm/includes/mdm-admx-csp-note.md new file mode 100644 index 0000000000..68b132c9a5 --- /dev/null +++ b/windows/client-management/mdm/includes/mdm-admx-csp-note.md @@ -0,0 +1,12 @@ +--- +author: vinaypamnani-msft +ms.author: vinpa +ms.prod: windows +ms.topic: include +ms.date: 05/09/2023 +--- + +> [!TIP] +> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as `chr`. For details, see [Understanding ADMX-backed policies](../../understanding-admx-backed-policies.md). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). diff --git a/windows/client-management/mdm/includes/mdm-admx-policy-note.md b/windows/client-management/mdm/includes/mdm-admx-policy-note.md new file mode 100644 index 0000000000..24b506bf4b --- /dev/null +++ b/windows/client-management/mdm/includes/mdm-admx-policy-note.md @@ -0,0 +1,10 @@ +--- +author: vinaypamnani-msft +ms.author: vinpa +ms.prod: windows +ms.topic: include +ms.date: 05/09/2023 +--- + +> [!TIP] +> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](../../understanding-admx-backed-policies.md#enabling-a-policy). diff --git a/windows/client-management/mdm/includes/mdm-insider-csp-note.md b/windows/client-management/mdm/includes/mdm-insider-csp-note.md new file mode 100644 index 0000000000..5c8c70b1fe --- /dev/null +++ b/windows/client-management/mdm/includes/mdm-insider-csp-note.md @@ -0,0 +1,10 @@ +--- +author: vinaypamnani-msft +ms.author: vinpa +ms.prod: windows +ms.topic: include +ms.date: 05/09/2023 +--- + +> [!IMPORTANT] +> This CSP contains preview policies that are under development and only applicable for [Windows Insider Preview builds](/windows-insider/). These policies are subject to change and may have dependencies on other features or services in preview. diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index 1fc1424bc4..dfec87bce1 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -4,7 +4,7 @@ description: Learn more about the Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/01/2023 +ms.date: 05/09/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -25,8 +25,6 @@ The Policy configuration service provider has the following sub-categories: - Policy/Config/**AreaName** - Handles the policy configuration request from the server. - Policy/Result/**AreaName** - Provides a read-only path to policies enforced on the device. - - > [!IMPORTANT] > Policy scope is the level at which a policy can be configured. Some policies can only be configured at the device level, meaning the policy will take effect independent of who is logged into the device. Other policies can be configured at the user level, meaning the policy will only take effect for that user. > @@ -82,7 +80,7 @@ The following list shows the Policy configuration service provider nodes: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
✅ User | ❌ Home
✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -121,7 +119,7 @@ Node for grouping all policies configured by one source. The configuration sourc | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
✅ User | ❌ Home
✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -132,7 +130,7 @@ Node for grouping all policies configured by one source. The configuration sourc -The area group that can be configured by a single technology for a single provider. Once added, you cannot change the value. See the individual Area DDFs for Policy CSP for a list of Areas that can be configured. +The area group that can be configured by a single technology for a single provider. Once added, you can't change the value. See the individual Area DDFs for Policy CSP for a list of Areas that can be configured. @@ -161,7 +159,7 @@ The area group that can be configured by a single technology for a single provid | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
✅ User | ❌ Home
✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -209,7 +207,7 @@ The following list shows some tips to help you when configuring policies: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ❌ Home
✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -248,7 +246,7 @@ The root node for grouping different configuration operations. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ❌ Home
✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -259,7 +257,7 @@ The root node for grouping different configuration operations. -Allows settings for ADMX files for Win32 and Desktop Bridge apps to be imported (ingested) by your device and processed into new ADMX-backed policies or preferences. By using ADMXInstall, you can add ADMX-backed policies for those Win32 or Desktop Bridge apps that have been added between OS releases. ADMX-backed policies are ingested to your device by using the Policy CSP URI: ./Vendor/MSFT/Policy/ConfigOperations/ADMXInstall. Each ADMX-backed policy or preference that is added is assigned a unique ID. ADMX files that have been installed by using ConfigOperations/ADMXInstall can later be deleted by using the URI delete operation. Deleting an ADMX file will delete the ADMX file from disk, remove the metadata from the ADMXdefault registry hive, and delete all the policies that were set from the file. The MDM server can also delete all ADMX policies that are tied to a particular app by calling delete on the URI, ./Vendor/MSFT/Policy/ConfigOperations/ADMXInstall/{AppName}. +Allows settings for ADMX files for Win32 and Desktop Bridge apps to be imported (ingested) by your device and processed into new ADMX-backed policies or preferences. By using ADMXInstall, you can add ADMX-backed policies for those Win32 or Desktop Bridge apps that have been added between OS releases. ADMX-backed policies are ingested to your device by using the Policy CSP URI: ./Vendor/MSFT/Policy/ConfigOperations/ADMXInstall. Each ADMX-backed policy or preference that's added is assigned a unique ID. ADMX files that have been installed by using ConfigOperations/ADMXInstall can later be deleted by using the URI delete operation. Deleting an ADMX file will delete the ADMX file from disk, remove the metadata from the ADMXdefault registry hive, and delete all the policies that were set from the file. The MDM server can also delete all ADMX policies that are tied to a particular app by calling delete on the URI, ./Vendor/MSFT/Policy/ConfigOperations/ADMXInstall/{AppName}. @@ -291,7 +289,7 @@ Allows settings for ADMX files for Win32 and Desktop Bridge apps to be imported | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ❌ Home
✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -331,7 +329,7 @@ Specifies the name of the Win32 or Desktop Bridge app associated with the ADMX f | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ❌ Home
✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -371,7 +369,7 @@ Setting Type of Win32 App. Policy Or Preference. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ❌ Home
✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -411,7 +409,7 @@ Unique ID of ADMX file. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299.1481] and later
:heavy_check_mark: Windows 10, version 1803 [10.0.17134.1099] and later
:heavy_check_mark: Windows 10, version 1809 [10.0.17763.832] and later
:heavy_check_mark: Windows 10, version 1903 [10.0.18362.387] and later
:heavy_check_mark: Windows 10, version 1909 [10.0.18363] and later | +| ✅ Device
❌ User | ❌ Home
✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299.1481] and later
✅ Windows 10, version 1803 [10.0.17134.1099] and later
✅ Windows 10, version 1809 [10.0.17763.832] and later
✅ Windows 10, version 1903 [10.0.18362.387] and later
✅ Windows 10, version 1909 [10.0.18363] and later | @@ -450,7 +448,7 @@ Properties of Win32 App ADMX Ingestion. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299.1481] and later
:heavy_check_mark: Windows 10, version 1803 [10.0.17134.1099] and later
:heavy_check_mark: Windows 10, version 1809 [10.0.17763.832] and later
:heavy_check_mark: Windows 10, version 1903 [10.0.18362.387] and later
:heavy_check_mark: Windows 10, version 1909 [10.0.18363] and later | +| ✅ Device
❌ User | ❌ Home
✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299.1481] and later
✅ Windows 10, version 1803 [10.0.17134.1099] and later
✅ Windows 10, version 1809 [10.0.17763.832] and later
✅ Windows 10, version 1903 [10.0.18362.387] and later
✅ Windows 10, version 1909 [10.0.18363] and later | @@ -490,7 +488,7 @@ Setting Type of Win32 App. Policy Or Preference. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299.1481] and later
:heavy_check_mark: Windows 10, version 1803 [10.0.17134.1099] and later
:heavy_check_mark: Windows 10, version 1809 [10.0.17763.832] and later
:heavy_check_mark: Windows 10, version 1903 [10.0.18362.387] and later
:heavy_check_mark: Windows 10, version 1909 [10.0.18363] and later | +| ✅ Device
❌ User | ❌ Home
✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299.1481] and later
✅ Windows 10, version 1803 [10.0.17134.1099] and later
✅ Windows 10, version 1809 [10.0.17763.832] and later
✅ Windows 10, version 1903 [10.0.18362.387] and later
✅ Windows 10, version 1909 [10.0.18363] and later | @@ -530,7 +528,7 @@ Unique ID of ADMX file. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299.1481] and later
:heavy_check_mark: Windows 10, version 1803 [10.0.17134.1099] and later
:heavy_check_mark: Windows 10, version 1809 [10.0.17763.832] and later
:heavy_check_mark: Windows 10, version 1903 [10.0.18362.387] and later
:heavy_check_mark: Windows 10, version 1909 [10.0.18363] and later | +| ✅ Device
❌ User | ❌ Home
✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299.1481] and later
✅ Windows 10, version 1803 [10.0.17134.1099] and later
✅ Windows 10, version 1809 [10.0.17763.832] and later
✅ Windows 10, version 1903 [10.0.18362.387] and later
✅ Windows 10, version 1909 [10.0.18363] and later | @@ -569,7 +567,7 @@ Version of ADMX file. This can be set by the server to keep a record of the vers | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
✅ User | ❌ Home
✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -608,7 +606,7 @@ Groups the evaluated policies from all providers that can be configured. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
✅ User | ❌ Home
✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -648,7 +646,7 @@ The area group that can be configured by a single technology independent of the | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
✅ User | ❌ Home
✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -688,7 +686,7 @@ Specifies the name/value pair used in the policy. See the individual Area DDFs f | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:x: Pro
:x: Enterprise
:x: Education
:x: Windows SE | | +| ✅ Device
✅ User | ❌ Home
❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE | | @@ -727,7 +725,7 @@ Node for grouping all policies configured by one source. The configuration sourc | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:x: Pro
:x: Enterprise
:x: Education
:x: Windows SE | | +| ✅ Device
✅ User | ❌ Home
❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE | | @@ -738,7 +736,7 @@ Node for grouping all policies configured by one source. The configuration sourc -The area group that can be configured by a single technology for a single provider. Once added, you cannot change the value. See the individual Area DDFs for Policy CSP for a list of Areas that can be configured. +The area group that can be configured by a single technology for a single provider. Once added, you can't change the value. See the individual Area DDFs for Policy CSP for a list of Areas that can be configured. @@ -775,7 +773,7 @@ The following list shows some tips to help you when configuring policies: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:x: Pro
:x: Enterprise
:x: Education
:x: Windows SE | | +| ✅ Device
✅ User | ❌ Home
❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE | | @@ -815,7 +813,7 @@ Specifies the name/value pair used in the policy. See the individual Area DDFs f | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:x: Pro
:x: Enterprise
:x: Education
:x: Windows SE | | +| ✅ Device
✅ User | ❌ Home
❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE | | @@ -854,7 +852,7 @@ Groups the evaluated policies from all providers that can be configured. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:x: Pro
:x: Enterprise
:x: Education
:x: Windows SE | | +| ✅ Device
✅ User | ❌ Home
❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE | | @@ -894,7 +892,7 @@ The area group that can be configured by a single technology independent of the | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:x: Pro
:x: Enterprise
:x: Education
:x: Windows SE | | +| ✅ Device
✅ User | ❌ Home
❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE | | @@ -1120,6 +1118,7 @@ Specifies the name/value pair used in the policy. See the individual Area DDFs f - [ExploitGuard](policy-csp-exploitguard.md) - [FederatedAuthentication](policy-csp-federatedauthentication.md) - [FileExplorer](policy-csp-fileexplorer.md) +- [FileSystem](policy-csp-filesystem.md) - [Games](policy-csp-games.md) - [Handwriting](policy-csp-handwriting.md) - [HumanPresence](policy-csp-humanpresence.md) From 36d691beadd33ab15610479b54fa38363f986fec Mon Sep 17 00:00:00 2001 From: Amy Zhou Date: Tue, 9 May 2023 13:15:08 -0700 Subject: [PATCH 105/258] mounting instructions and fixed overview --- windows/deployment/do/mcc-isp-create-provision-deploy.md | 3 +++ windows/deployment/do/mcc-isp-overview.md | 3 --- windows/deployment/do/waas-microsoft-connected-cache.md | 2 ++ 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/windows/deployment/do/mcc-isp-create-provision-deploy.md b/windows/deployment/do/mcc-isp-create-provision-deploy.md index 52602d6b5f..6c6b6a11f0 100644 --- a/windows/deployment/do/mcc-isp-create-provision-deploy.md +++ b/windows/deployment/do/mcc-isp-create-provision-deploy.md @@ -114,6 +114,9 @@ There are five IDs that the device provisioning script takes as input in order t #### Provision your server +> [!IMPORTANT] +> Have you correctly mounted your disk? Your MCC will not be successfully installed without this important step. Before provisioning your server, ensure your disk is correctly mounted by following the instructions here: [Attach a data disk to a Linux VM](/azure/virtual-machines/linux/attach-disk-portal#find-the-disk). + :::image type="content" source="images/mcc-isp-deploy-cache-node-numbered.png" alt-text="Screenshot of the server provisioning tab within cache node configuration in Azure portal."::: 1. After completing cache node provisioning, navigate to the **Server provisioning** tab. Select **Download provisioning package** to download the installation package to your server. diff --git a/windows/deployment/do/mcc-isp-overview.md b/windows/deployment/do/mcc-isp-overview.md index a1e7335919..a5bb6ef9df 100644 --- a/windows/deployment/do/mcc-isp-overview.md +++ b/windows/deployment/do/mcc-isp-overview.md @@ -38,6 +38,3 @@ Microsoft Connected Cache uses Delivery Optimization as the backbone for Microso - Xbox: Xbox Game Pass (PC only) For the full list of content endpoints that Microsoft Connected Cache for ISPs supports, see [Microsoft Connected Cache content and services endpoints](delivery-optimization-endpoints.md). - -## How it works - diff --git a/windows/deployment/do/waas-microsoft-connected-cache.md b/windows/deployment/do/waas-microsoft-connected-cache.md index b616087474..b65a32025e 100644 --- a/windows/deployment/do/waas-microsoft-connected-cache.md +++ b/windows/deployment/do/waas-microsoft-connected-cache.md @@ -42,6 +42,8 @@ Microsoft Connected Cache (MCC) for Internet Service Providers is currently in p Microsoft Connected Cache (MCC) for Enterprise and Education (early preview) is a software-only caching solution that delivers Microsoft content within Enterprise and Education networks. MCC can be deployed to as many Windows servers, bare-metal servers, or VMs as needed, and is managed from a cloud portal. Cache nodes are created in the cloud portal and are configured by applying the client policy using management tools such as Intune. Learn more at [Microsoft Connected Cache for Enterprise and Education Overview](mcc-ent-edu-overview.md). +Microsoft Connected Cache (MCC) for Enterprise and Education (early preview) is a standalone cache for customers moving towards modern management and away from Configuration Manager distribution points. For Microsoft Connected Cache in Configuration Manager (generally available starting Configuration Manager version 2111), see [Microsoft Connected Cache in Configuration Manager](/mem/configmgr/core/plan-design/hierarchy/microsoft-connected-cache) + ## Next steps - [Microsoft Connected Cache for ISPs Overview](mcc-isp-overview.md) From 8bc711cb055cf912864eff2b23ec38cec529750d Mon Sep 17 00:00:00 2001 From: Vinay Pamnani <37223378+vinaypamnani-msft@users.noreply.github.com> Date: Tue, 9 May 2023 16:22:49 -0400 Subject: [PATCH 106/258] Fix links --- .../policy-configuration-service-provider.md | 73 +++++++++---------- 1 file changed, 36 insertions(+), 37 deletions(-) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index dfec87bce1..f17f1f953f 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -25,21 +25,21 @@ The Policy configuration service provider has the following sub-categories: - Policy/Config/**AreaName** - Handles the policy configuration request from the server. - Policy/Result/**AreaName** - Provides a read-only path to policies enforced on the device. -> [!IMPORTANT] -> Policy scope is the level at which a policy can be configured. Some policies can only be configured at the device level, meaning the policy will take effect independent of who is logged into the device. Other policies can be configured at the user level, meaning the policy will only take effect for that user. -> -> The allowed scope of a specific policy is represented below its table of supported Windows editions. To configure a policy under a specific scope (user vs. device), please use the following paths: -> -> User scope: -> -> - **./User/Vendor/MSFT/Policy/Config/_AreaName/PolicyName_** to configure the policy. -> - **./User/Vendor/MSFT/Policy/Result/_AreaName/PolicyName_** to get the result. -> -> Device scope: -> -> - **./Device/Vendor/MSFT/Policy/Config/_AreaName/PolicyName_** to configure the policy. -> - **./Device/Vendor/MSFT/Policy/Result/_AreaName/PolicyName_** to get the result. -> +## Policy scope + +Policy scope is the level at which a policy can be configured. Some policies can only be configured at the device level, meaning the policy will take effect independent of who is logged into the device. Other policies can be configured at the user level, meaning the policy will only take effect for that user. To configure a policy under a specific scope (user vs. device), please use the following paths: + +**User scope**: + +- **./User/Vendor/MSFT/Policy/Config/_AreaName/PolicyName_** to configure the policy. +- **./User/Vendor/MSFT/Policy/Result/_AreaName/PolicyName_** to get the result. + +**Device scope**: + +- **./Device/Vendor/MSFT/Policy/Config/_AreaName/PolicyName_** to configure the policy. +- **./Device/Vendor/MSFT/Policy/Result/_AreaName/PolicyName_** to get the result. + +> [!NOTE] > For device wide configuration the **_Device/_** portion may be omitted from the path, deeming the following paths respectively equivalent to the paths provided above: > > - **./Vendor/MSFT/Policy/Config/_AreaName/PolicyName_** to configure the policy. @@ -103,7 +103,7 @@ Node for grouping all policies configured by one source. The configuration sourc | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Delete, Get | @@ -142,7 +142,7 @@ The area group that can be configured by a single technology for a single provid | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Delete, Get | | Dynamic Node Naming | ClientInventory | @@ -190,7 +190,7 @@ The following list shows some tips to help you when configuring policies: | Property name | Property value | |:--|:--| -| Format | null | +| Format | `null` | | Access Type | Add, Delete, Get, Replace | | Dynamic Node Naming | ClientInventory | @@ -230,7 +230,7 @@ The root node for grouping different configuration operations. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Delete, Get | @@ -273,7 +273,7 @@ Allows settings for ADMX files for Win32 and Desktop Bridge apps to be imported | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Delete, Get | @@ -312,7 +312,7 @@ Specifies the name of the Win32 or Desktop Bridge app associated with the ADMX f | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Delete, Get | | Dynamic Node Naming | UniqueName: Specifies the name of the Win32 or Desktop Bridge app associated with the ADMX file. | @@ -352,7 +352,7 @@ Setting Type of Win32 App. Policy Or Preference. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Delete, Get | | Dynamic Node Naming | UniqueName: Setting Type of Win32 App. Policy Or Preference | @@ -392,7 +392,7 @@ Unique ID of ADMX file. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Dynamic Node Naming | ServerGeneratedUniqueIdentifier | @@ -432,7 +432,7 @@ Properties of Win32 App ADMX Ingestion. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Delete, Get | @@ -471,7 +471,7 @@ Setting Type of Win32 App. Policy Or Preference. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Delete, Get | | Dynamic Node Naming | UniqueName: Setting Type of Win32 App. Policy Or Preference | @@ -511,7 +511,7 @@ Unique ID of ADMX file. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Delete, Get | | Dynamic Node Naming | ServerGeneratedUniqueIdentifier | @@ -551,7 +551,7 @@ Version of ADMX file. This can be set by the server to keep a record of the vers | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -590,7 +590,7 @@ Groups the evaluated policies from all providers that can be configured. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -629,7 +629,7 @@ The area group that can be configured by a single technology independent of the | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | | Dynamic Node Naming | ClientInventory | @@ -669,7 +669,7 @@ Specifies the name/value pair used in the policy. See the individual Area DDFs f | Property name | Property value | |:--|:--| -| Format | null | +| Format | `null` | | Access Type | Get | | Dynamic Node Naming | ClientInventory | @@ -709,7 +709,7 @@ Node for grouping all policies configured by one source. The configuration sourc | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Delete, Get | @@ -756,7 +756,7 @@ The following list shows some tips to help you when configuring policies: | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Delete, Get | | Dynamic Node Naming | ClientInventory | @@ -796,7 +796,7 @@ Specifies the name/value pair used in the policy. See the individual Area DDFs f | Property name | Property value | |:--|:--| -| Format | null | +| Format | `null` | | Access Type | Add, Delete, Get, Replace | | Dynamic Node Naming | ClientInventory | @@ -836,7 +836,7 @@ Groups the evaluated policies from all providers that can be configured. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -875,7 +875,7 @@ The area group that can be configured by a single technology independent of the | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | | Dynamic Node Naming | ClientInventory | @@ -915,7 +915,7 @@ Specifies the name/value pair used in the policy. See the individual Area DDFs f | Property name | Property value | |:--|:--| -| Format | null | +| Format | `null` | | Access Type | Get | | Dynamic Node Naming | ServerGeneratedUniqueIdentifier | @@ -1118,7 +1118,6 @@ Specifies the name/value pair used in the policy. See the individual Area DDFs f - [ExploitGuard](policy-csp-exploitguard.md) - [FederatedAuthentication](policy-csp-federatedauthentication.md) - [FileExplorer](policy-csp-fileexplorer.md) -- [FileSystem](policy-csp-filesystem.md) - [Games](policy-csp-games.md) - [Handwriting](policy-csp-handwriting.md) - [HumanPresence](policy-csp-humanpresence.md) From 383ae37660c60ba73de6eaed832b5a8819680ecc Mon Sep 17 00:00:00 2001 From: Vinay Pamnani <37223378+vinaypamnani-msft@users.noreply.github.com> Date: Tue, 9 May 2023 16:41:38 -0400 Subject: [PATCH 107/258] Test format change --- .../client-management/mdm/bitlocker-csp.md | 60 +++++++++---------- 1 file changed, 30 insertions(+), 30 deletions(-) diff --git a/windows/client-management/mdm/bitlocker-csp.md b/windows/client-management/mdm/bitlocker-csp.md index 95f1a20a80..0d606d17fb 100644 --- a/windows/client-management/mdm/bitlocker-csp.md +++ b/windows/client-management/mdm/bitlocker-csp.md @@ -76,7 +76,7 @@ The following list shows the BitLocker configuration service provider nodes: | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ❌ Home
✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later | +| ✅ Device
❌ User | Pro
Enterprise
Education
Windows SE | Windows 10, version 1809 [10.0.17763] and later | @@ -154,7 +154,7 @@ To disable this policy, use the following SyncML: | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ❌ Home
✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows Insider Preview | +| ✅ Device
❌ User | Pro
Enterprise
Education
Windows SE | Windows Insider Preview | @@ -212,7 +212,7 @@ The expected values for this policy are: | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ❌ Home
✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | Pro
Enterprise
Education
Windows SE | Windows 10, version 1703 [10.0.15063] and later | @@ -301,7 +301,7 @@ Windows will attempt to silently enable BitLocker for value 0. | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ❌ Home
✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1909 [10.0.18363] and later | +| ✅ Device
❌ User | Pro
Enterprise
Education
Windows SE | Windows 10, version 1909 [10.0.18363] and later | @@ -361,7 +361,7 @@ Supported Values: 0 - Numeric Recovery Passwords rotation OFF. | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ❌ Home
✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | Pro
Enterprise
Education
Windows SE | Windows 10, version 1703 [10.0.15063] and later | @@ -467,7 +467,7 @@ To disable this policy, use the following SyncML: | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ❌ Home
✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | Pro
Enterprise
Education
Windows SE | Windows 10, version 2004 [10.0.19041.1202] and later
Windows 10, version 2009 [10.0.19042.1202] and later
Windows 10, version 21H1 [10.0.19043.1202] and later
Windows 11, version 21H2 [10.0.22000] and later | @@ -542,7 +542,7 @@ Possible values: | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ❌ Home
✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | Pro
Enterprise
Education
Windows SE | Windows 10, version 1703 [10.0.15063] and later | @@ -669,7 +669,7 @@ To disable this policy, use the following SyncML: | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ❌ Home
✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | Pro
Enterprise
Education
Windows SE | Windows 10, version 1703 [10.0.15063] and later | @@ -747,7 +747,7 @@ To disable this policy, use hte following SyncML: | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ❌ Home
✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | Pro
Enterprise
Education
Windows SE | Windows 10, version 2004 [10.0.19041.1202] and later
Windows 10, version 2009 [10.0.19042.1202] and later
Windows 10, version 21H1 [10.0.19043.1202] and later
Windows 11, version 21H2 [10.0.22000] and later | @@ -827,7 +827,7 @@ Sample value for this node to enable this policy is: | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ❌ Home
✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | Pro
Enterprise
Education
Windows SE | Windows 10, version 2004 [10.0.19041.1202] and later
Windows 10, version 2009 [10.0.19042.1202] and later
Windows 10, version 21H1 [10.0.19043.1202] and later
Windows 11, version 21H2 [10.0.22000] and later | @@ -900,7 +900,7 @@ Sample value for this node to enable this policy is: | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ❌ Home
✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | Pro
Enterprise
Education
Windows SE | Windows 10, version 2004 [10.0.19041.1202] and later
Windows 10, version 2009 [10.0.19042.1202] and later
Windows 10, version 21H1 [10.0.19043.1202] and later
Windows 11, version 21H2 [10.0.22000] and later | @@ -971,7 +971,7 @@ Possible values: | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ❌ Home
✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | Pro
Enterprise
Education
Windows SE | Windows 11, version 21H2 [10.0.22000] and later | @@ -1011,7 +1011,7 @@ When enabled, allows you to exclude removable drives and devices connected over | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ❌ Home
✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | Pro
Enterprise
Education
Windows SE | Windows 10, version 1703 [10.0.15063] and later | @@ -1107,7 +1107,7 @@ To disable this policy, use the following SyncML: | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ❌ Home
✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | Pro
Enterprise
Education
Windows SE | Windows 10, version 1703 [10.0.15063] and later | @@ -1199,7 +1199,7 @@ To disable RequireDeviceEncryption: | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ❌ Home
✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | Pro
Enterprise
Education
Windows SE | Windows 10, version 1703 [10.0.15063] and later | @@ -1255,7 +1255,7 @@ Disabling the policy won't turn off the encryption on the storage card. But will | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ❌ Home
✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1909 [10.0.18363] and later | +| ✅ Device
❌ User | Pro
Enterprise
Education
Windows SE | Windows 10, version 1909 [10.0.18363] and later | @@ -1325,7 +1325,7 @@ Supported Values: String form of request ID. Example format of request ID is GUI | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ❌ Home
✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later | +| ✅ Device
❌ User | Pro
Enterprise
Education
Windows SE | Windows 10, version 1903 [10.0.18362] and later | @@ -1363,7 +1363,7 @@ Supported Values: String form of request ID. Example format of request ID is GUI | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ❌ Home
✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later | +| ✅ Device
❌ User | Pro
Enterprise
Education
Windows SE | Windows 10, version 1903 [10.0.18362] and later | @@ -1425,7 +1425,7 @@ This value represents a bitmask with each bit and the corresponding error code d | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ❌ Home
✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | Pro
Enterprise
Education
Windows SE | Windows 10, version 2004 [10.0.19041.1202] and later
Windows 10, version 2009 [10.0.19042.1202] and later
Windows 10, version 21H1 [10.0.19043.1202] and later
Windows 11, version 21H2 [10.0.22000] and later | @@ -1464,7 +1464,7 @@ This node reports compliance state of removal drive encryption. "0" Value means | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ❌ Home
✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1909 [10.0.18363] and later | +| ✅ Device
❌ User | Pro
Enterprise
Education
Windows SE | Windows 10, version 1909 [10.0.18363] and later | @@ -1505,7 +1505,7 @@ This node needs to be queried in synchronization with RotateRecoveryPasswordsSta | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ❌ Home
✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1909 [10.0.18363] and later | +| ✅ Device
❌ User | Pro
Enterprise
Education
Windows SE | Windows 10, version 1909 [10.0.18363] and later | @@ -1547,7 +1547,7 @@ NotStarted(2), Pending (1), Pass (0), Other error codes in case of failure. | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ❌ Home
✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | Pro
Enterprise
Education
Windows SE | Windows 10, version 2004 [10.0.19041.1202] and later
Windows 10, version 2009 [10.0.19042.1202] and later
Windows 10, version 21H1 [10.0.19043.1202] and later
Windows 11, version 21H2 [10.0.22000] and later | @@ -1612,7 +1612,7 @@ Sample value for this node to disable this policy is: `` | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ❌ Home
✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | Pro
Enterprise
Education
Windows SE | Windows 10, version 2004 [10.0.19041.1202] and later
Windows 10, version 2009 [10.0.19042.1202] and later
Windows 10, version 21H1 [10.0.19043.1202] and later
Windows 11, version 21H2 [10.0.22000] and later | @@ -1680,7 +1680,7 @@ Sample value for this node to enable this policy is: `` | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ❌ Home
✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | Pro
Enterprise
Education
Windows SE | Windows 10, version 2004 [10.0.19041.1202] and later
Windows 10, version 2009 [10.0.19042.1202] and later
Windows 10, version 21H1 [10.0.19043.1202] and later
Windows 11, version 21H2 [10.0.22000] and later | @@ -1740,7 +1740,7 @@ Sample value for this node to enable this policy is: `` | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ❌ Home
✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | Pro
Enterprise
Education
Windows SE | Windows 10, version 2004 [10.0.19041.1202] and later
Windows 10, version 2009 [10.0.19042.1202] and later
Windows 10, version 21H1 [10.0.19043.1202] and later
Windows 11, version 21H2 [10.0.22000] and later | @@ -1816,7 +1816,7 @@ Possible values: | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ❌ Home
✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | Pro
Enterprise
Education
Windows SE | Windows 10, version 2004 [10.0.19041.1202] and later
Windows 10, version 2009 [10.0.19042.1202] and later
Windows 10, version 21H1 [10.0.19043.1202] and later
Windows 11, version 21H2 [10.0.22000] and later | @@ -1881,7 +1881,7 @@ Sample value for this node to enable this policy is: `` | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ❌ Home
✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | Pro
Enterprise
Education
Windows SE | Windows 10, version 1703 [10.0.15063] and later | @@ -1968,7 +1968,7 @@ To disable this policy, use the following SyncML: | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ❌ Home
✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | Pro
Enterprise
Education
Windows SE | Windows 10, version 1703 [10.0.15063] and later | @@ -2077,7 +2077,7 @@ To disable this policy, use the following SyncML: | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ❌ Home
✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | Pro
Enterprise
Education
Windows SE | Windows 10, version 1703 [10.0.15063] and later | @@ -2203,7 +2203,7 @@ To disable this policy, use the following SyncML: | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ❌ Home
✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | Pro
Enterprise
Education
Windows SE | Windows 10, version 1703 [10.0.15063] and later | From fc6bc0b8d83346b77ec815c113ed31b08e140c72 Mon Sep 17 00:00:00 2001 From: Vinay Pamnani <37223378+vinaypamnani-msft@users.noreply.github.com> Date: Tue, 9 May 2023 17:09:25 -0400 Subject: [PATCH 108/258] Revert format and remove Home edition --- .../client-management/mdm/bitlocker-csp.md | 60 +++++++++---------- .../policy-configuration-service-provider.md | 42 ++++++------- 2 files changed, 51 insertions(+), 51 deletions(-) diff --git a/windows/client-management/mdm/bitlocker-csp.md b/windows/client-management/mdm/bitlocker-csp.md index 0d606d17fb..5a8cc3daa1 100644 --- a/windows/client-management/mdm/bitlocker-csp.md +++ b/windows/client-management/mdm/bitlocker-csp.md @@ -76,7 +76,7 @@ The following list shows the BitLocker configuration service provider nodes: | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | Pro
Enterprise
Education
Windows SE | Windows 10, version 1809 [10.0.17763] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later | @@ -154,7 +154,7 @@ To disable this policy, use the following SyncML: | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | Pro
Enterprise
Education
Windows SE | Windows Insider Preview | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows Insider Preview | @@ -212,7 +212,7 @@ The expected values for this policy are: | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | Pro
Enterprise
Education
Windows SE | Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -301,7 +301,7 @@ Windows will attempt to silently enable BitLocker for value 0. | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | Pro
Enterprise
Education
Windows SE | Windows 10, version 1909 [10.0.18363] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1909 [10.0.18363] and later | @@ -361,7 +361,7 @@ Supported Values: 0 - Numeric Recovery Passwords rotation OFF. | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | Pro
Enterprise
Education
Windows SE | Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -467,7 +467,7 @@ To disable this policy, use the following SyncML: | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | Pro
Enterprise
Education
Windows SE | Windows 10, version 2004 [10.0.19041.1202] and later
Windows 10, version 2009 [10.0.19042.1202] and later
Windows 10, version 21H1 [10.0.19043.1202] and later
Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -542,7 +542,7 @@ Possible values: | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | Pro
Enterprise
Education
Windows SE | Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -669,7 +669,7 @@ To disable this policy, use the following SyncML: | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | Pro
Enterprise
Education
Windows SE | Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -747,7 +747,7 @@ To disable this policy, use hte following SyncML: | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | Pro
Enterprise
Education
Windows SE | Windows 10, version 2004 [10.0.19041.1202] and later
Windows 10, version 2009 [10.0.19042.1202] and later
Windows 10, version 21H1 [10.0.19043.1202] and later
Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -827,7 +827,7 @@ Sample value for this node to enable this policy is: | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | Pro
Enterprise
Education
Windows SE | Windows 10, version 2004 [10.0.19041.1202] and later
Windows 10, version 2009 [10.0.19042.1202] and later
Windows 10, version 21H1 [10.0.19043.1202] and later
Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -900,7 +900,7 @@ Sample value for this node to enable this policy is: | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | Pro
Enterprise
Education
Windows SE | Windows 10, version 2004 [10.0.19041.1202] and later
Windows 10, version 2009 [10.0.19042.1202] and later
Windows 10, version 21H1 [10.0.19043.1202] and later
Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -971,7 +971,7 @@ Possible values: | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | Pro
Enterprise
Education
Windows SE | Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1011,7 +1011,7 @@ When enabled, allows you to exclude removable drives and devices connected over | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | Pro
Enterprise
Education
Windows SE | Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -1107,7 +1107,7 @@ To disable this policy, use the following SyncML: | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | Pro
Enterprise
Education
Windows SE | Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -1199,7 +1199,7 @@ To disable RequireDeviceEncryption: | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | Pro
Enterprise
Education
Windows SE | Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -1255,7 +1255,7 @@ Disabling the policy won't turn off the encryption on the storage card. But will | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | Pro
Enterprise
Education
Windows SE | Windows 10, version 1909 [10.0.18363] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1909 [10.0.18363] and later | @@ -1325,7 +1325,7 @@ Supported Values: String form of request ID. Example format of request ID is GUI | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | Pro
Enterprise
Education
Windows SE | Windows 10, version 1903 [10.0.18362] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later | @@ -1363,7 +1363,7 @@ Supported Values: String form of request ID. Example format of request ID is GUI | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | Pro
Enterprise
Education
Windows SE | Windows 10, version 1903 [10.0.18362] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later | @@ -1425,7 +1425,7 @@ This value represents a bitmask with each bit and the corresponding error code d | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | Pro
Enterprise
Education
Windows SE | Windows 10, version 2004 [10.0.19041.1202] and later
Windows 10, version 2009 [10.0.19042.1202] and later
Windows 10, version 21H1 [10.0.19043.1202] and later
Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1464,7 +1464,7 @@ This node reports compliance state of removal drive encryption. "0" Value means | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | Pro
Enterprise
Education
Windows SE | Windows 10, version 1909 [10.0.18363] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1909 [10.0.18363] and later | @@ -1505,7 +1505,7 @@ This node needs to be queried in synchronization with RotateRecoveryPasswordsSta | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | Pro
Enterprise
Education
Windows SE | Windows 10, version 1909 [10.0.18363] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1909 [10.0.18363] and later | @@ -1547,7 +1547,7 @@ NotStarted(2), Pending (1), Pass (0), Other error codes in case of failure. | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | Pro
Enterprise
Education
Windows SE | Windows 10, version 2004 [10.0.19041.1202] and later
Windows 10, version 2009 [10.0.19042.1202] and later
Windows 10, version 21H1 [10.0.19043.1202] and later
Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1612,7 +1612,7 @@ Sample value for this node to disable this policy is: `` | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | Pro
Enterprise
Education
Windows SE | Windows 10, version 2004 [10.0.19041.1202] and later
Windows 10, version 2009 [10.0.19042.1202] and later
Windows 10, version 21H1 [10.0.19043.1202] and later
Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1680,7 +1680,7 @@ Sample value for this node to enable this policy is: `` | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | Pro
Enterprise
Education
Windows SE | Windows 10, version 2004 [10.0.19041.1202] and later
Windows 10, version 2009 [10.0.19042.1202] and later
Windows 10, version 21H1 [10.0.19043.1202] and later
Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1740,7 +1740,7 @@ Sample value for this node to enable this policy is: `` | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | Pro
Enterprise
Education
Windows SE | Windows 10, version 2004 [10.0.19041.1202] and later
Windows 10, version 2009 [10.0.19042.1202] and later
Windows 10, version 21H1 [10.0.19043.1202] and later
Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1816,7 +1816,7 @@ Possible values: | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | Pro
Enterprise
Education
Windows SE | Windows 10, version 2004 [10.0.19041.1202] and later
Windows 10, version 2009 [10.0.19042.1202] and later
Windows 10, version 21H1 [10.0.19043.1202] and later
Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1881,7 +1881,7 @@ Sample value for this node to enable this policy is: `` | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | Pro
Enterprise
Education
Windows SE | Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -1968,7 +1968,7 @@ To disable this policy, use the following SyncML: | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | Pro
Enterprise
Education
Windows SE | Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -2077,7 +2077,7 @@ To disable this policy, use the following SyncML: | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | Pro
Enterprise
Education
Windows SE | Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -2203,7 +2203,7 @@ To disable this policy, use the following SyncML: | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | Pro
Enterprise
Education
Windows SE | Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index f17f1f953f..6dfdadfe54 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -80,7 +80,7 @@ The following list shows the Policy configuration service provider nodes: | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
✅ User | ❌ Home
✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -119,7 +119,7 @@ Node for grouping all policies configured by one source. The configuration sourc | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
✅ User | ❌ Home
✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -159,7 +159,7 @@ The area group that can be configured by a single technology for a single provid | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
✅ User | ❌ Home
✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -207,7 +207,7 @@ The following list shows some tips to help you when configuring policies: | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ❌ Home
✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -246,7 +246,7 @@ The root node for grouping different configuration operations. | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ❌ Home
✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -289,7 +289,7 @@ Allows settings for ADMX files for Win32 and Desktop Bridge apps to be imported | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ❌ Home
✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -329,7 +329,7 @@ Specifies the name of the Win32 or Desktop Bridge app associated with the ADMX f | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ❌ Home
✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -369,7 +369,7 @@ Setting Type of Win32 App. Policy Or Preference. | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ❌ Home
✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -409,7 +409,7 @@ Unique ID of ADMX file. | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ❌ Home
✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299.1481] and later
✅ Windows 10, version 1803 [10.0.17134.1099] and later
✅ Windows 10, version 1809 [10.0.17763.832] and later
✅ Windows 10, version 1903 [10.0.18362.387] and later
✅ Windows 10, version 1909 [10.0.18363] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299.1481] and later
✅ Windows 10, version 1803 [10.0.17134.1099] and later
✅ Windows 10, version 1809 [10.0.17763.832] and later
✅ Windows 10, version 1903 [10.0.18362.387] and later
✅ Windows 10, version 1909 [10.0.18363] and later | @@ -448,7 +448,7 @@ Properties of Win32 App ADMX Ingestion. | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ❌ Home
✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299.1481] and later
✅ Windows 10, version 1803 [10.0.17134.1099] and later
✅ Windows 10, version 1809 [10.0.17763.832] and later
✅ Windows 10, version 1903 [10.0.18362.387] and later
✅ Windows 10, version 1909 [10.0.18363] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299.1481] and later
✅ Windows 10, version 1803 [10.0.17134.1099] and later
✅ Windows 10, version 1809 [10.0.17763.832] and later
✅ Windows 10, version 1903 [10.0.18362.387] and later
✅ Windows 10, version 1909 [10.0.18363] and later | @@ -488,7 +488,7 @@ Setting Type of Win32 App. Policy Or Preference. | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ❌ Home
✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299.1481] and later
✅ Windows 10, version 1803 [10.0.17134.1099] and later
✅ Windows 10, version 1809 [10.0.17763.832] and later
✅ Windows 10, version 1903 [10.0.18362.387] and later
✅ Windows 10, version 1909 [10.0.18363] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299.1481] and later
✅ Windows 10, version 1803 [10.0.17134.1099] and later
✅ Windows 10, version 1809 [10.0.17763.832] and later
✅ Windows 10, version 1903 [10.0.18362.387] and later
✅ Windows 10, version 1909 [10.0.18363] and later | @@ -528,7 +528,7 @@ Unique ID of ADMX file. | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ❌ Home
✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299.1481] and later
✅ Windows 10, version 1803 [10.0.17134.1099] and later
✅ Windows 10, version 1809 [10.0.17763.832] and later
✅ Windows 10, version 1903 [10.0.18362.387] and later
✅ Windows 10, version 1909 [10.0.18363] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299.1481] and later
✅ Windows 10, version 1803 [10.0.17134.1099] and later
✅ Windows 10, version 1809 [10.0.17763.832] and later
✅ Windows 10, version 1903 [10.0.18362.387] and later
✅ Windows 10, version 1909 [10.0.18363] and later | @@ -567,7 +567,7 @@ Version of ADMX file. This can be set by the server to keep a record of the vers | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
✅ User | ❌ Home
✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -606,7 +606,7 @@ Groups the evaluated policies from all providers that can be configured. | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
✅ User | ❌ Home
✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -646,7 +646,7 @@ The area group that can be configured by a single technology independent of the | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
✅ User | ❌ Home
✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -686,7 +686,7 @@ Specifies the name/value pair used in the policy. See the individual Area DDFs f | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
✅ User | ❌ Home
❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE | | +| ✅ Device
✅ User | ❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE | | @@ -725,7 +725,7 @@ Node for grouping all policies configured by one source. The configuration sourc | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
✅ User | ❌ Home
❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE | | +| ✅ Device
✅ User | ❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE | | @@ -773,7 +773,7 @@ The following list shows some tips to help you when configuring policies: | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
✅ User | ❌ Home
❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE | | +| ✅ Device
✅ User | ❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE | | @@ -813,7 +813,7 @@ Specifies the name/value pair used in the policy. See the individual Area DDFs f | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
✅ User | ❌ Home
❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE | | +| ✅ Device
✅ User | ❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE | | @@ -852,7 +852,7 @@ Groups the evaluated policies from all providers that can be configured. | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
✅ User | ❌ Home
❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE | | +| ✅ Device
✅ User | ❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE | | @@ -892,7 +892,7 @@ The area group that can be configured by a single technology independent of the | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
✅ User | ❌ Home
❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE | | +| ✅ Device
✅ User | ❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE | | From a2ec379662fa352b97d62357b5ff2676893c642a Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Tue, 9 May 2023 14:24:40 -0700 Subject: [PATCH 109/258] 7876532-links --- windows/deployment/update/WIP4Biz-intro.md | 2 +- windows/deployment/update/eval-infra-tools.md | 2 +- .../update/waas-servicing-channels-windows-10-updates.md | 6 +++--- windows/deployment/upgrade/windows-10-edition-upgrades.md | 1 - .../volume-activation/volume-activation-windows-10.md | 2 +- 5 files changed, 6 insertions(+), 7 deletions(-) diff --git a/windows/deployment/update/WIP4Biz-intro.md b/windows/deployment/update/WIP4Biz-intro.md index 15954efa93..ba129003a6 100644 --- a/windows/deployment/update/WIP4Biz-intro.md +++ b/windows/deployment/update/WIP4Biz-intro.md @@ -44,7 +44,7 @@ Windows 10 Insider Preview builds offer organizations a valuable and exciting op |Release channel |**Fast Ring:** Insider Preview builds in the Fast Ring are released approximately once a week and contain the very latest features. This makes them ideal for feature exploration.| |Users | Because Fast Ring builds are released so early in the development cycle, we recommend limiting feature exploration in your organization to IT administrators and developers running Insider Preview builds on secondary devices. | |Tasks | - Install and manage Insider Preview builds on devices (per device or centrally across multiple devices)
- Explore new features in Windows designed for organizations, including new features related to current and planned line of business applications
- Before running an Insider Preview build, check our [Windows Insider blog](https://blogs.windows.com/windowsexperience/tag/windows-insider-program/#k3WWwxKCTWHCO82H.97) for a summary of current features. | -|Feedback | - This helps us make adjustments to features as quickly as possible.
- Encourage users to sign into the Feedback Hub using their Azure Active Directory work accounts. This enables both you and Microsoft to track feedback submitted by users within your specific organization. (Note: This tracking is only visible to Microsoft and registered Insiders within your organization’s domain.)
- [Learn how to provide effective feedback in the Feedback Hub](https://insider.windows.com/how-to-feedback/) | +|Feedback | - This helps us make adjustments to features as quickly as possible.
- Encourage users to sign into the Feedback Hub using their Azure Active Directory work accounts. This enables both you and Microsoft to track feedback submitted by users within your specific organization. (Note: This tracking is only visible to Microsoft and registered Insiders within your organization’s domain.)
- [Learn how to provide effective feedback in the Feedback Hub](/windows-insider/feedback) | ## Validate Insider Preview builds Along with exploring new features, you also have the option to validate your apps and infrastructure on Insider Preview builds. Early validation has several benefits: diff --git a/windows/deployment/update/eval-infra-tools.md b/windows/deployment/update/eval-infra-tools.md index 14e8129982..4a20d28511 100644 --- a/windows/deployment/update/eval-infra-tools.md +++ b/windows/deployment/update/eval-infra-tools.md @@ -45,7 +45,7 @@ Keep security baselines current to help ensure that your environment is secure a There are a number of Windows policies (set by Group Policy, Intune, or other methods) that affect when Windows updates are installed, deferral, end-user experience, and many other aspects. Check these policies to make sure they are set appropriately. -- **Windows Administrative templates**: Each Windows client feature update has a supporting Administrative template (.admx) file. Group Policy tools use Administrative template files to populate policy settings in the user interface. The templates are available in the Download Center, for example, this one for [Windows 10, version 1909](https://www.microsoft.com/download/100591). +- **Windows Administrative templates**: Each Windows client feature update has a supporting Administrative template (.admx) file. Group Policy tools use Administrative template files to populate policy settings in the user interface. The templates are available in the Download Center, for example, this one for [Windows 11, version 22H2](https://www.microsoft.com/download/details.aspx?id=104593). - **Policies for update compliance and end-user experience**: A number of settings affect when a device installs updates, whether and for how long a user can defer an update, restart behavior after installation, and many other aspects of update behavior. It's especially important to look for existing policies that are out of date or could conflict with new ones. diff --git a/windows/deployment/update/waas-servicing-channels-windows-10-updates.md b/windows/deployment/update/waas-servicing-channels-windows-10-updates.md index 1b6ef429f8..82f1a7f953 100644 --- a/windows/deployment/update/waas-servicing-channels-windows-10-updates.md +++ b/windows/deployment/update/waas-servicing-channels-windows-10-updates.md @@ -48,10 +48,10 @@ The General Availability Channel is the default servicing channel for all Window To get started with the Windows Insider Program for Business, follows these steps: -1. On the [Windows Insider](https://insider.windows.com) website, go to **For Business > Getting Started** to [register your organizational Azure AD account](https://insider.windows.com/insidersigninaad/). -2. **Register your domain**. Rather than have each user register individually for Insider Preview builds, administrators can [register their domain](https://insider.windows.com/for-business-organization-admin/) and control settings centrally.
**Note:** The signed-in user needs to be a **Global Administrator** of the Azure AD domain in order to be able to register the domain. +1. On the [Windows Insider](https://www.microsoft.com/windowsinsider/for-business) website, select **Register** to register your organizational Azure AD account. +2. Follow the prompts to register your tenant.
**Note:** The signed-in user needs to be a **Global Administrator** of the Azure AD domain in order to be able to register. 3. Make sure the **Allow Telemetry** setting is set to **2** or higher. -4. For Windows 10, version 1709 or later, set policies to manage preview builds and their delivery: +4. For Windows devices, set policies to manage preview builds and their delivery: The **Manage preview builds** setting gives administrators control over enabling or disabling preview build installation on a device. You can also decide to stop preview builds once the release is public. * Group Policy: **Computer Configuration/Administrative Templates/Windows Components/Windows Update/Windows Update for Business** - *Manage preview builds* diff --git a/windows/deployment/upgrade/windows-10-edition-upgrades.md b/windows/deployment/upgrade/windows-10-edition-upgrades.md index ea38090b1d..c3c3acaa55 100644 --- a/windows/deployment/upgrade/windows-10-edition-upgrades.md +++ b/windows/deployment/upgrade/windows-10-edition-upgrades.md @@ -22,7 +22,6 @@ ms.date: 10/28/2022 With Windows 10, you can quickly upgrade from one edition of Windows 10 to another, provided the upgrade path is supported. For information on what edition of Windows 10 is right for you, see [Compare Windows 10 Editions](https://go.microsoft.com/fwlink/p/?LinkID=690882). For a comprehensive list of all possible upgrade paths to Windows 10, see [Windows 10 upgrade paths](windows-10-upgrade-paths.md). Downgrading the edition of Windows is discussed in the [License expiration](#license-expiration) section on this page. -For a list of operating systems that qualify for the Windows 10 Pro Upgrade or Windows 10 Enterprise Upgrade through Microsoft Volume Licensing, see [Windows 10 Qualifying Operating Systems](https://download.microsoft.com/download/2/d/1/2d14fe17-66c2-4d4c-af73-e122930b60f6/Windows10-QOS.pdf). The following table shows the methods and paths available to change the edition of Windows 10 that is running on your computer. diff --git a/windows/deployment/volume-activation/volume-activation-windows-10.md b/windows/deployment/volume-activation/volume-activation-windows-10.md index 29dfd02ddc..3c213a2a45 100644 --- a/windows/deployment/volume-activation/volume-activation-windows-10.md +++ b/windows/deployment/volume-activation/volume-activation-windows-10.md @@ -27,7 +27,7 @@ ms.technology: itpro-fundamentals > [!TIP] > Are you looking for volume licensing information? > -> - [Download the Volume Licensing Reference Guide for Windows 10 Desktop Operating System](https://go.microsoft.com/fwlink/p/?LinkId=620104) +> - [Download the Volume Licensing Reference Guide for Windows 10 Desktop Operating System](https://www.microsoft.com/download/details.aspx?id=11091) > [!TIP] > Are you looking for information on retail activation? From 1cf424c686bd845a19bf44f561bab75b7220a6fc Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Tue, 9 May 2023 15:01:55 -0700 Subject: [PATCH 110/258] edits --- windows/deployment/do/TOC.yml | 2 +- windows/deployment/do/mcc-ent-edu-overview.md | 14 ++++++-------- .../do/mcc-isp-create-provision-deploy.md | 14 +++++++++----- windows/deployment/do/mcc-isp-overview.md | 2 +- .../do/waas-microsoft-connected-cache.md | 2 +- windows/deployment/update/media-dynamic-update.md | 2 +- 6 files changed, 19 insertions(+), 17 deletions(-) diff --git a/windows/deployment/do/TOC.yml b/windows/deployment/do/TOC.yml index 41763a5c9a..4e9dc9cb0c 100644 --- a/windows/deployment/do/TOC.yml +++ b/windows/deployment/do/TOC.yml @@ -27,7 +27,7 @@ href: delivery-optimization-test.md - name: Microsoft Connected Cache items: - - name: What is Microsoft Connected Cache + - name: What is Microsoft Connected Cache? href: waas-microsoft-connected-cache.md - name: MCC for Enterprise and Education items: diff --git a/windows/deployment/do/mcc-ent-edu-overview.md b/windows/deployment/do/mcc-ent-edu-overview.md index ac1fd7ba34..5702d64fde 100644 --- a/windows/deployment/do/mcc-ent-edu-overview.md +++ b/windows/deployment/do/mcc-ent-edu-overview.md @@ -6,7 +6,7 @@ ms.prod: windows-client author: amymzhou ms.author: amyzhou ms.topic: article -ms.date: 12/31/2017 +ms.date: 05/09/2023 ms.technology: itpro-updates ms.collection: tier3 --- @@ -19,14 +19,12 @@ ms.collection: tier3 - Windows 11 > [!IMPORTANT] -> Microsoft Connected Cache is currently a preview feature. For more information, see [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/). - -> [!NOTE] -> We're still accepting Enterprise and Education customers to join the early preview. To register your interest, fill out the survey located at [https://aka.ms/MSConnectedCacheSignup](https://aka.ms/MSConnectedCacheSignup). +> - Microsoft Connected Cache is currently a preview feature. For more information, see [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/). +> - We're still accepting Enterprise and Education customers to join the early preview. To register your interest, fill out the survey located at [https://aka.ms/MSConnectedCacheSignup](https://aka.ms/MSConnectedCacheSignup). Microsoft Connected Cache (MCC) for Enterprise and Education (early preview) is a software-only caching solution that delivers Microsoft content within Enterprise and Education networks. MCC can be deployed to as many Windows servers, bare-metal servers, or VMs as needed, and is managed from a cloud portal. Cache nodes are created in the cloud portal and are configured by applying the client policy using management tools such as Intune. -Microsoft Connected Cache (MCC) for Enterprise and Education (early preview) is a standalone cache for customers moving towards modern management and away from Configuration Manager distribution points. For Microsoft Connected Cache in Configuration Manager (generally available starting Configuration Manager version 2111), see [Microsoft Connected Cache in Configuration Manager](/mem/configmgr/core/plan-design/hierarchy/microsoft-connected-cache). +Microsoft Connected Cache (MCC) for Enterprise and Education (early preview) is a standalone cache for customers moving towards modern management and away from Configuration Manager distribution points. For information about Microsoft Connected Cache in Configuration Manager (generally available, starting Configuration Manager version 2111), see [Microsoft Connected Cache in Configuration Manager](/mem/configmgr/core/plan-design/hierarchy/microsoft-connected-cache). ## Supported scenarios @@ -48,7 +46,7 @@ For the full list of content endpoints that Microsoft Connected Cache for Enterp ## How it works -MCC is a hybrid (mix of on-premises and cloud resources) SaaS solution built as an Azure IoT Edge module and Docker compatible Linux container deployed to your Windows devices. The Delivery Optimization team chose IoT Edge for Linux on Windows (EFLOW) as a secure, reliable container management infrastructure. EFLOW is a Linux virtual machine, based on Microsoft's first party CBL-Mariner operating system. It’s built with the IoT Edge runtime and validated as a tier 1 supported environment for IoT Edge workloads. MCC will be a Linux IoT Edge module running on the Windows Host OS. +MCC is a hybrid (mix of on-premises and cloud resources) SaaS solution built as an Azure IoT Edge module and Docker compatible Linux container deployed to your Windows devices. The Delivery Optimization team chose IoT Edge for Linux on Windows (EFLOW) as a secure, reliable container management infrastructure. EFLOW is a Linux virtual machine, based on Microsoft's first party CBL-Mariner operating system. It's built with the IoT Edge runtime and validated as a tier 1 supported environment for IoT Edge workloads. MCC is a Linux IoT Edge module running on the Windows Host OS. 1. The Azure Management Portal is used to create MCC nodes. 1. The MCC container is deployed and provisioned to the server using the installer provided in the portal. @@ -56,7 +54,7 @@ MCC is a hybrid (mix of on-premises and cloud resources) SaaS solution built as 1. Microsoft end-user devices make range requests for content from the MCC node. 1. The MCC node pulls content from the CDN, seeds its local cache stored on disk, and delivers the content to the client. 1. Subsequent requests from end-user devices for content will now come from cache. -1. If the MCC node is unavailable, the client will pull content from CDN to ensure uninterrupted service for your subscribers. +1. If the MCC node is unavailable, the client pulls content from CDN to ensure uninterrupted service for your subscribers. The following diagram displays an overview of how MCC functions: diff --git a/windows/deployment/do/mcc-isp-create-provision-deploy.md b/windows/deployment/do/mcc-isp-create-provision-deploy.md index 6c6b6a11f0..d7bf5ee7a4 100644 --- a/windows/deployment/do/mcc-isp-create-provision-deploy.md +++ b/windows/deployment/do/mcc-isp-create-provision-deploy.md @@ -6,7 +6,7 @@ ms.prod: windows-client author: nidos ms.author: nidos ms.topic: article -ms.date: 12/31/2017 +ms.date: 05/09/2023 ms.technology: itpro-updates ms.collection: tier3 --- @@ -18,7 +18,7 @@ ms.collection: tier3 - Windows 10 - Windows 11 -This article outlines how to create, provision, and deploy your Microsoft Connected Cache nodes. The creation and provisioning of your cache node takes place in Azure portal. The deployment of your cache node will require downloading an installer script that will be run on your cache server. +This article outlines how to create, provision, and deploy your Microsoft Connected Cache nodes. The creation and provisioning of your cache node takes place in Azure portal. The deployment of your cache node requires downloading an installer script that will be run on your cache server. > [!IMPORTANT] > Before you can create your Microsoft Connected Cache, you will need to complete the [sign up process](mcc-isp-signup.md). You cannot proceed without signing up for our service. @@ -37,7 +37,7 @@ During the configuration of your cache node, there are many fields for you to co ### Client routing -Before serving traffic to your customers, client routing configuration is needed. During the configuration of your cache node in Azure portal, you'll be able to route your clients to your cache node. +Before serving traffic to your customers, client routing configuration is needed. During the configuration of your cache node in Azure portal, you're able to route your clients to your cache node. Microsoft Connected Cache offers two ways for you to route your clients to your cache node. The first method of manual entry involves uploading a comma-separated list of CIDR blocks that represents the clients. The second method of setting BGP (Border Gateway Protocol) is more automatic and dynamic, which is set up by establishing neighborships with other ASNs. All routing methods are set up within Azure portal. @@ -53,7 +53,11 @@ You can manually upload a list of your CIDR blocks in Azure portal to enable man BGP (Border Gateway Protocol) routing is another method offered for client routing. BGP dynamically retrieves CIDR ranges by exchanging information with routers to understand reachable networks. For an automatic method of routing traffic, you can choose to configure BGP routing in Azure portal. -Microsoft Connected Cache includes Bird BGP which enables the cache node to 1) establish iBGP peering sessions with routers, route servers, or route collectors within operator networks and 2) act as a route collector. The operator will start the iBGP peering session from the Microsoft Connected Cache side using the Azure management portal and then start the session with the Microsoft Connected Cache node from the router. +Microsoft Connected Cache includes Bird BGP, which enables the cache node to: + - Establish iBGP peering sessions with routers, route servers, or route collectors within operator networks + - Act as a route collector + +The operator starts the iBGP peering session from the Microsoft Connected Cache side using the Azure management portal and then starts the session with the Microsoft Connected Cache node from the router. In the example configuration below: - The operator ASN is 65100 @@ -64,7 +68,7 @@ In the example configuration below: :::image type="content" source="images/mcc-isp-bgp-diagram.png" alt-text="A diagram that shows the relationship between the cache node and other ASNs/routers when using BGP. BGP routing allows the cache node to route to other network providers with different ASNs." lightbox="./images/mcc-isp-provision-cache-node-numbered.png"::: -To set up and enable BGP routing for your cache node, follow these steps below: +To set up and enable BGP routing for your cache node, follow the steps below: 1. Navigate to **Settings** > **Cache nodes**. Select the cache node you wish to provision. diff --git a/windows/deployment/do/mcc-isp-overview.md b/windows/deployment/do/mcc-isp-overview.md index a5bb6ef9df..9ef0352aab 100644 --- a/windows/deployment/do/mcc-isp-overview.md +++ b/windows/deployment/do/mcc-isp-overview.md @@ -6,7 +6,7 @@ ms.prod: windows-client author: amymzhou ms.author: amyzhou ms.topic: article -ms.date: 12/31/2017 +ms.date: 05/09/2023 ms.technology: itpro-updates ms.collection: tier3 --- diff --git a/windows/deployment/do/waas-microsoft-connected-cache.md b/windows/deployment/do/waas-microsoft-connected-cache.md index b65a32025e..7b4290c2a6 100644 --- a/windows/deployment/do/waas-microsoft-connected-cache.md +++ b/windows/deployment/do/waas-microsoft-connected-cache.md @@ -8,7 +8,7 @@ ms.localizationpriority: medium ms.author: carmenf ms.topic: article ms.technology: itpro-updates -ms.date: 12/31/2017 +ms.date: 05/09/2023 ms.collection: tier3 --- diff --git a/windows/deployment/update/media-dynamic-update.md b/windows/deployment/update/media-dynamic-update.md index 135a23932a..bd19b56970 100644 --- a/windows/deployment/update/media-dynamic-update.md +++ b/windows/deployment/update/media-dynamic-update.md @@ -8,7 +8,7 @@ ms.author: mstewart manager: aaroncz ms.topic: article ms.technology: itpro-updates -ms.date: 12/31/2017 +ms.date: 05/09/2023 ms.reviewer: stevedia --- From a6b0cede629a64d738f11518fffbc0268835b24d Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Wed, 10 May 2023 07:16:51 -0400 Subject: [PATCH 111/258] updates --- includes/licensing/federated-sign-in.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/includes/licensing/federated-sign-in.md b/includes/licensing/federated-sign-in.md index 28e69d8a5e..f1462fff61 100644 --- a/includes/licensing/federated-sign-in.md +++ b/includes/licensing/federated-sign-in.md @@ -15,8 +15,8 @@ The following table lists the Windows editions that support Federated sign-in: Federated sign-in license entitlements are granted by the following licenses: -|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| +|Windows Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -|No|No|No|Yes|Yes| +|Yes|No|Yes|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). From 379fabc5c753c6d870f5d4f20195aa8c0f2a70d3 Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Wed, 10 May 2023 07:20:31 -0400 Subject: [PATCH 112/258] updates --- includes/licensing/federated-sign-in.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/includes/licensing/federated-sign-in.md b/includes/licensing/federated-sign-in.md index f1462fff61..5a1a787e06 100644 --- a/includes/licensing/federated-sign-in.md +++ b/includes/licensing/federated-sign-in.md @@ -17,6 +17,6 @@ Federated sign-in license entitlements are granted by the following licenses: |Windows Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -|Yes|No|Yes|Yes| +|Yes|No|No|Yes|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). From 285f0ae0c2411e12dec42a504787e2b09321495f Mon Sep 17 00:00:00 2001 From: Vinay Pamnani <37223378+vinaypamnani-msft@users.noreply.github.com> Date: Wed, 10 May 2023 10:21:20 -0400 Subject: [PATCH 113/258] Change link --- .../mdm/policy-csp-admx-microsoftdefenderantivirus.md | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md b/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md index 0a138841a5..5ab458d27a 100644 --- a/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md +++ b/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md @@ -491,7 +491,7 @@ This policy setting allows you specify a list of file types that should be exclu > [!NOTE] -> To prevent unauthorized changes to exclusions, apply tamper protection. Tamper protection for exclusions only works when [certain conditions](https://go.microsoft.com/fwlink/?linkid=2235765) are met. +> To prevent unauthorized changes to exclusions, apply tamper protection. Tamper protection for exclusions only works when [certain conditions][TAMPER-2] are met. @@ -549,7 +549,7 @@ This policy setting allows you to disable scheduled and real-time scanning for f > [!NOTE] -> To prevent unauthorized changes to exclusions, apply tamper protection. Tamper protection for exclusions only works when [certain conditions](https://go.microsoft.com/fwlink/?linkid=2235765) are met. +> To prevent unauthorized changes to exclusions, apply tamper protection. Tamper protection for exclusions only works when [certain conditions][TAMPER-2] are met. @@ -607,7 +607,7 @@ This policy setting allows you to disable real-time scanning for any file opened > [!NOTE] -> To prevent unauthorized changes to exclusions, apply tamper protection. Tamper protection for exclusions only works when [certain conditions](https://go.microsoft.com/fwlink/?linkid=2235765) are met. +> To prevent unauthorized changes to exclusions, apply tamper protection. Tamper protection for exclusions only works when [certain conditions][TAMPER-2] are met. @@ -5732,6 +5732,9 @@ If you enable this setting AM UI won't be available to users. + +[TAMPER-1]: /microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection +[TAMPER-2]: /microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection#what-about-exclusions From 59ff3435b68c4b2749763caf3cd2e919441f33d0 Mon Sep 17 00:00:00 2001 From: Vinay Pamnani <37223378+vinaypamnani-msft@users.noreply.github.com> Date: Wed, 10 May 2023 10:28:51 -0400 Subject: [PATCH 114/258] Update all links --- windows/client-management/mdm/defender-csp.md | 4 ++- ...icy-csp-admx-microsoftdefenderantivirus.md | 26 +++++++++--------- .../mdm/policy-csp-defender.md | 27 ++++++++++--------- 3 files changed, 31 insertions(+), 26 deletions(-) diff --git a/windows/client-management/mdm/defender-csp.md b/windows/client-management/mdm/defender-csp.md index 6a1e494ea6..a94f1eed2e 100644 --- a/windows/client-management/mdm/defender-csp.md +++ b/windows/client-management/mdm/defender-csp.md @@ -2263,7 +2263,7 @@ Tamper protection helps protect important security features from unwanted change > [!NOTE] -> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled. +> Changes to this setting are not applied when [tamper protection][TAMPER-1] is enabled. @@ -3880,6 +3880,8 @@ Node that can be used to perform signature updates for Windows Defender. + +[TAMPER-1]: /microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection diff --git a/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md b/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md index 5ab458d27a..8e1f7925f0 100644 --- a/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md +++ b/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md @@ -116,7 +116,7 @@ Enabling or disabling this policy may lead to unexpected or unsupported behavior > [!NOTE] -> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled. +> Changes to this setting are not applied when [tamper protection][TAMPER-1] is enabled. @@ -247,7 +247,7 @@ Real-time Protection -> Do not enable the "Turn off real-time protection" policy > [!NOTE] -> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled. +> Changes to this setting are not applied when [tamper protection][TAMPER-1] is enabled. @@ -371,7 +371,7 @@ Real-time protection consists of always-on scanning with file and process behavi > [!NOTE] -> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled. +> Changes to this setting are not applied when [tamper protection][TAMPER-1] is enabled. @@ -433,7 +433,7 @@ This policy setting allows you to configure whether Microsoft Defender Antivirus > [!NOTE] -> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled. +> Changes to this setting are not applied when [tamper protection][TAMPER-1] is enabled. @@ -1592,7 +1592,7 @@ This policy setting allows you to configure behavior monitoring. > [!NOTE] -> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled. +> Changes to this setting are not applied when [tamper protection][TAMPER-1] is enabled. @@ -1654,7 +1654,7 @@ This policy setting allows you to configure scanning for all downloaded files an > [!NOTE] -> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled. +> Changes to this setting are not applied when [tamper protection][TAMPER-1] is enabled. @@ -1716,7 +1716,7 @@ This policy setting allows you to configure monitoring for file and program acti > [!NOTE] -> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled. +> Changes to this setting are not applied when [tamper protection][TAMPER-1] is enabled. @@ -1838,7 +1838,7 @@ This policy setting allows you to configure process scanning when real-time prot > [!NOTE] -> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled. +> Changes to this setting are not applied when [tamper protection][TAMPER-1] is enabled. @@ -2563,7 +2563,7 @@ Use this policy setting to specify if you want Microsoft Defender Antivirus enha > [!NOTE] -> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled. +> Changes to this setting are not applied when [tamper protection][TAMPER-1] is enabled. @@ -3094,7 +3094,7 @@ This policy setting allows you to configure scans for malicious software and unw > [!NOTE] -> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled. +> Changes to this setting are not applied when [tamper protection][TAMPER-1] is enabled. @@ -5578,7 +5578,7 @@ Use this policy setting to specify if you want Microsoft Defender Antivirus noti > [!NOTE] -> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled. +> Changes to this setting are not applied when [tamper protection][TAMPER-1] is enabled. @@ -5638,7 +5638,7 @@ If you enable this setting AM UI won't show reboot notifications. > [!NOTE] -> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled. +> Changes to this setting are not applied when [tamper protection][TAMPER-1] is enabled. @@ -5732,7 +5732,7 @@ If you enable this setting AM UI won't be available to users. - + [TAMPER-1]: /microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection [TAMPER-2]: /microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection#what-about-exclusions diff --git a/windows/client-management/mdm/policy-csp-defender.md b/windows/client-management/mdm/policy-csp-defender.md index 87429df941..3e6b64b062 100644 --- a/windows/client-management/mdm/policy-csp-defender.md +++ b/windows/client-management/mdm/policy-csp-defender.md @@ -47,7 +47,7 @@ This policy setting allows you to configure scans for malicious software and unw > [!NOTE] -> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled. +> Changes to this setting are not applied when [tamper protection][TAMPER-1] is enabled. @@ -116,7 +116,7 @@ This policy setting allows you to configure behavior monitoring. > [!NOTE] -> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled. +> Changes to this setting are not applied when [tamper protection][TAMPER-1] is enabled. @@ -198,7 +198,7 @@ In Windows 10, Basic membership is no longer available, so setting the value to > [!NOTE] -> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled. +> Changes to this setting are not applied when [tamper protection][TAMPER-1] is enabled. @@ -464,7 +464,7 @@ Allows or disallows Windows Defender Intrusion Prevention functionality. > [!NOTE] -> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled. +> Changes to this setting are not applied when [tamper protection][TAMPER-1] is enabled. @@ -519,7 +519,7 @@ This policy setting allows you to configure scanning for all downloaded files an > [!NOTE] -> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled. +> Changes to this setting are not applied when [tamper protection][TAMPER-1] is enabled. @@ -588,7 +588,7 @@ This policy setting allows you to configure monitoring for file and program acti > [!NOTE] -> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled. +> Changes to this setting are not applied when [tamper protection][TAMPER-1] is enabled. @@ -653,7 +653,7 @@ Allows or disallows Windows Defender Realtime Monitoring functionality. > [!NOTE] -> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled. +> Changes to this setting are not applied when [tamper protection][TAMPER-1] is enabled. @@ -784,7 +784,7 @@ Allows or disallows Windows Defender Script Scanning functionality. > [!NOTE] -> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled. +> Changes to this setting are not applied when [tamper protection][TAMPER-1] is enabled. @@ -1908,7 +1908,7 @@ Allows an administrator to specify a list of file type extensions to ignore duri > [!NOTE] -> To prevent unauthorized changes to exclusions, apply tamper protection. Tamper protection for exclusions only works when [certain conditions](https://go.microsoft.com/fwlink/?linkid=2235765) are met. +> To prevent unauthorized changes to exclusions, apply tamper protection. Tamper protection for exclusions only works when [certain conditions][TAMPER-2] are met. @@ -1964,7 +1964,7 @@ Allows an administrator to specify a list of directory paths to ignore during a > [!NOTE] -> To prevent unauthorized changes to exclusions, apply tamper protection. Tamper protection for exclusions only works when [certain conditions](https://go.microsoft.com/fwlink/?linkid=2235765) are met. +> To prevent unauthorized changes to exclusions, apply tamper protection. Tamper protection for exclusions only works when [certain conditions][TAMPER-2] are met. @@ -2023,7 +2023,7 @@ Allows an administrator to specify a list of files opened by processes to ignore > [!NOTE] -> To prevent unauthorized changes to exclusions, apply tamper protection. Tamper protection for exclusions only works when [certain conditions](https://go.microsoft.com/fwlink/?linkid=2235765) are met. +> To prevent unauthorized changes to exclusions, apply tamper protection. Tamper protection for exclusions only works when [certain conditions][TAMPER-2] are met. @@ -2816,7 +2816,7 @@ Valid remediation action values are: > [!NOTE] -> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled. +> Changes to this setting are not applied when [tamper protection][TAMPER-1] is enabled. @@ -2850,6 +2850,9 @@ Valid remediation action values are: + +[TAMPER-1]: /microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection +[TAMPER-2]: /microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection#what-about-exclusions From 80910f301d41f1d302a7d1b54c3d312bcece8e3a Mon Sep 17 00:00:00 2001 From: Vinay Pamnani <37223378+vinaypamnani-msft@users.noreply.github.com> Date: Wed, 10 May 2023 17:44:24 -0400 Subject: [PATCH 115/258] Use includes for common notes and minor tweaks --- .../mdm/Language-pack-management-csp.md | 5 +- .../client-management/mdm/bitlocker-csp.md | 288 +++--- .../mdm/certificatestore-csp.md | 4 +- .../mdm/clientcertificateinstall-csp.md | 16 +- .../mdm/devicepreparation-csp.md | 7 +- windows/client-management/mdm/dmacc-csp.md | 4 +- windows/client-management/mdm/dmclient-csp.md | 13 +- windows/client-management/mdm/firewall-csp.md | 20 +- windows/client-management/mdm/laps-csp.md | 4 +- .../mdm/passportforwork-csp.md | 25 +- .../policy-configuration-service-provider.md | 92 +- .../mdm/policy-csp-activexcontrols.md | 10 +- .../policy-csp-admx-activexinstallservice.md | 10 +- .../mdm/policy-csp-admx-addremoveprograms.md | 40 +- .../mdm/policy-csp-admx-admpwd.md | 19 +- .../mdm/policy-csp-admx-appcompat.md | 34 +- .../mdm/policy-csp-admx-appxpackagemanager.md | 10 +- .../mdm/policy-csp-admx-appxruntime.md | 19 +- .../mdm/policy-csp-admx-attachmentmanager.md | 22 +- .../mdm/policy-csp-admx-auditsettings.md | 10 +- .../mdm/policy-csp-admx-bits.md | 49 +- .../mdm/policy-csp-admx-ciphersuiteorder.md | 13 +- .../mdm/policy-csp-admx-com.md | 13 +- .../mdm/policy-csp-admx-controlpanel.md | 19 +- .../policy-csp-admx-controlpaneldisplay.md | 79 +- .../mdm/policy-csp-admx-cpls.md | 10 +- .../policy-csp-admx-credentialproviders.md | 18 +- .../mdm/policy-csp-admx-credssp.md | 42 +- .../mdm/policy-csp-admx-credui.md | 13 +- .../mdm/policy-csp-admx-ctrlaltdel.md | 19 +- .../mdm/policy-csp-admx-datacollection.md | 10 +- .../mdm/policy-csp-admx-dcom.md | 15 +- .../mdm/policy-csp-admx-desktop.md | 94 +- .../mdm/policy-csp-admx-devicecompat.md | 13 +- .../mdm/policy-csp-admx-deviceguard.md | 10 +- .../mdm/policy-csp-admx-deviceinstallation.md | 31 +- .../mdm/policy-csp-admx-devicesetup.md | 15 +- .../mdm/policy-csp-admx-dfs.md | 10 +- .../mdm/policy-csp-admx-digitallocker.md | 13 +- .../mdm/policy-csp-admx-diskdiagnostic.md | 13 +- .../mdm/policy-csp-admx-disknvcache.md | 21 +- .../mdm/policy-csp-admx-diskquota.md | 25 +- ...policy-csp-admx-distributedlinktracking.md | 10 +- .../mdm/policy-csp-admx-dnsclient.md | 73 +- .../mdm/policy-csp-admx-dwm.md | 25 +- .../mdm/policy-csp-admx-eaime.md | 43 +- .../mdm/policy-csp-admx-encryptfilesonmove.md | 10 +- .../mdm/policy-csp-admx-enhancedstorage.md | 25 +- .../mdm/policy-csp-admx-errorreporting.md | 94 +- .../mdm/policy-csp-admx-eventforwarding.md | 13 +- .../mdm/policy-csp-admx-eventlog.md | 70 +- .../mdm/policy-csp-admx-eventlogging.md | 10 +- .../mdm/policy-csp-admx-eventviewer.md | 16 +- .../mdm/policy-csp-admx-explorer.md | 22 +- .../mdm/policy-csp-admx-externalboot.md | 16 +- .../mdm/policy-csp-admx-filerecovery.md | 10 +- .../mdm/policy-csp-admx-filerevocation.md | 10 +- .../policy-csp-admx-fileservervssprovider.md | 10 +- .../mdm/policy-csp-admx-filesys.md | 31 +- .../mdm/policy-csp-admx-folderredirection.md | 28 +- .../mdm/policy-csp-admx-framepanes.md | 13 +- .../mdm/policy-csp-admx-fthsvc.md | 10 +- .../mdm/policy-csp-admx-globalization.md | 89 +- .../mdm/policy-csp-admx-grouppolicy.md | 141 +-- .../mdm/policy-csp-admx-help.md | 19 +- .../mdm/policy-csp-admx-helpandsupport.md | 19 +- .../mdm/policy-csp-admx-hotspotauth.md | 10 +- .../mdm/policy-csp-admx-icm.md | 87 +- .../mdm/policy-csp-admx-iis.md | 10 +- .../mdm/policy-csp-admx-iscsi.md | 43 +- .../mdm/policy-csp-admx-kdc.md | 27 +- .../mdm/policy-csp-admx-kerberos.md | 31 +- .../mdm/policy-csp-admx-lanmanserver.md | 23 +- .../mdm/policy-csp-admx-lanmanworkstation.md | 20 +- .../mdm/policy-csp-admx-leakdiagnostic.md | 11 +- ...icy-csp-admx-linklayertopologydiscovery.md | 13 +- .../policy-csp-admx-locationprovideradm.md | 10 +- .../mdm/policy-csp-admx-logon.md | 57 +- ...icy-csp-admx-microsoftdefenderantivirus.md | 294 +++--- .../mdm/policy-csp-admx-mmc.md | 22 +- .../mdm/policy-csp-admx-mmcsnapins.md | 319 +++---- .../policy-csp-admx-mobilepcmobilitycenter.md | 13 +- ...y-csp-admx-mobilepcpresentationsettings.md | 13 +- .../mdm/policy-csp-admx-msapolicy.md | 10 +- .../mdm/policy-csp-admx-msched.md | 13 +- .../mdm/policy-csp-admx-msdt.md | 16 +- .../mdm/policy-csp-admx-msi.md | 79 +- .../mdm/policy-csp-admx-msifilerecovery.md | 10 +- .../mdm/policy-csp-admx-mss-legacy.md | 61 +- .../mdm/policy-csp-admx-nca.md | 39 +- .../mdm/policy-csp-admx-ncsi.md | 28 +- .../mdm/policy-csp-admx-netlogon.md | 114 +-- .../mdm/policy-csp-admx-networkconnections.md | 90 +- .../mdm/policy-csp-admx-offlinefiles.md | 153 ++-- .../mdm/policy-csp-admx-pca.md | 28 +- .../mdm/policy-csp-admx-peertopeercaching.md | 34 +- .../mdm/policy-csp-admx-pentraining.md | 13 +- .../policy-csp-admx-performancediagnostics.md | 19 +- .../mdm/policy-csp-admx-power.md | 86 +- ...licy-csp-admx-powershellexecutionpolicy.md | 19 +- .../mdm/policy-csp-admx-previousversions.md | 43 +- .../mdm/policy-csp-admx-printing.md | 94 +- .../mdm/policy-csp-admx-printing2.md | 34 +- .../mdm/policy-csp-admx-programs.md | 28 +- .../mdm/policy-csp-admx-pushtoinstall.md | 10 +- .../mdm/policy-csp-admx-qos.md | 64 +- .../mdm/policy-csp-admx-radar.md | 10 +- .../mdm/policy-csp-admx-reliability.md | 19 +- .../mdm/policy-csp-admx-remoteassistance.md | 15 +- .../mdm/policy-csp-admx-removablestorage.md | 103 +-- .../mdm/policy-csp-admx-rpc.md | 19 +- .../mdm/policy-csp-admx-sam.md | 12 +- .../mdm/policy-csp-admx-scripts.md | 43 +- .../mdm/policy-csp-admx-sdiageng.md | 18 +- .../mdm/policy-csp-admx-sdiagschd.md | 10 +- .../mdm/policy-csp-admx-securitycenter.md | 14 +- .../mdm/policy-csp-admx-sensors.md | 22 +- .../mdm/policy-csp-admx-servermanager.md | 21 +- .../mdm/policy-csp-admx-servicing.md | 10 +- .../mdm/policy-csp-admx-settingsync.md | 34 +- .../mdm/policy-csp-admx-sharedfolders.md | 13 +- .../mdm/policy-csp-admx-sharing.md | 13 +- ...csp-admx-shellcommandpromptregedittools.md | 19 +- .../mdm/policy-csp-admx-smartcard.md | 56 +- .../mdm/policy-csp-admx-snmp.md | 16 +- .../mdm/policy-csp-admx-soundrec.md | 13 +- .../mdm/policy-csp-admx-srmfci.md | 19 +- .../mdm/policy-csp-admx-startmenu.md | 212 ++--- .../mdm/policy-csp-admx-systemrestore.md | 10 +- .../mdm/policy-csp-admx-tabletpcinputpanel.md | 55 +- .../mdm/policy-csp-admx-tabletshell.md | 73 +- .../mdm/policy-csp-admx-taskbar.md | 73 +- .../mdm/policy-csp-admx-tcpip.md | 46 +- .../mdm/policy-csp-admx-terminalserver.md | 295 +++--- .../mdm/policy-csp-admx-thumbnails.md | 16 +- .../mdm/policy-csp-admx-touchinput.md | 19 +- .../mdm/policy-csp-admx-tpm.md | 39 +- ...y-csp-admx-userexperiencevirtualization.md | 385 +++----- .../mdm/policy-csp-admx-userprofiles.md | 36 +- .../mdm/policy-csp-admx-w32time.md | 21 +- .../mdm/policy-csp-admx-wcm.md | 17 +- .../mdm/policy-csp-admx-wdi.md | 13 +- .../mdm/policy-csp-admx-wincal.md | 13 +- .../mdm/policy-csp-admx-windowscolorsystem.md | 13 +- .../mdm/policy-csp-admx-windowsconnectnow.md | 16 +- .../mdm/policy-csp-admx-windowsexplorer.md | 220 ++--- .../mdm/policy-csp-admx-windowsmediadrm.md | 10 +- .../mdm/policy-csp-admx-windowsmediaplayer.md | 70 +- ...policy-csp-admx-windowsremotemanagement.md | 13 +- .../mdm/policy-csp-admx-windowsstore.md | 22 +- .../mdm/policy-csp-admx-wininit.md | 16 +- .../mdm/policy-csp-admx-winlogon.md | 27 +- .../mdm/policy-csp-admx-winsrv.md | 10 +- .../mdm/policy-csp-admx-wlansvc.md | 16 +- .../mdm/policy-csp-admx-wordwheel.md | 10 +- .../mdm/policy-csp-admx-workfoldersclient.md | 16 +- .../mdm/policy-csp-admx-wpn.md | 29 +- .../mdm/policy-csp-applicationmanagement.md | 4 +- .../mdm/policy-csp-appruntime.md | 10 +- .../mdm/policy-csp-appvirtualization.md | 91 +- .../mdm/policy-csp-attachmentmanager.md | 16 +- .../client-management/mdm/policy-csp-audit.md | 6 +- .../mdm/policy-csp-authentication.md | 5 +- .../mdm/policy-csp-autoplay.md | 16 +- .../client-management/mdm/policy-csp-bits.md | 4 +- .../mdm/policy-csp-browser.md | 29 +- .../mdm/policy-csp-cellular.md | 10 +- .../mdm/policy-csp-clouddesktop.md | 5 +- .../mdm/policy-csp-connectivity.md | 22 +- .../mdm/policy-csp-credentialproviders.md | 15 +- .../mdm/policy-csp-credentialsdelegation.md | 10 +- .../mdm/policy-csp-credentialsui.md | 13 +- .../mdm/policy-csp-datausage.md | 13 +- .../mdm/policy-csp-defender.md | 17 +- .../mdm/policy-csp-deliveryoptimization.md | 23 +- .../mdm/policy-csp-desktop.md | 10 +- .../mdm/policy-csp-desktopappinstaller.md | 46 +- .../mdm/policy-csp-deviceinstallation.md | 37 +- .../mdm/policy-csp-devicelock.md | 16 +- .../mdm/policy-csp-dmaguard.md | 4 +- .../mdm/policy-csp-errorreporting.md | 22 +- .../mdm/policy-csp-eventlogservice.md | 19 +- .../mdm/policy-csp-experience.md | 5 +- .../mdm/policy-csp-fileexplorer.md | 13 +- .../mdm/policy-csp-humanpresence.md | 5 +- .../mdm/policy-csp-internetexplorer.md | 843 ++++++------------ .../mdm/policy-csp-kerberos.md | 22 +- .../mdm/policy-csp-licensing.md | 4 +- ...policy-csp-localpoliciessecurityoptions.md | 5 +- .../client-management/mdm/policy-csp-lsa.md | 10 +- .../mdm/policy-csp-mixedreality.md | 17 +- .../mdm/policy-csp-mssecurityguide.md | 25 +- .../mdm/policy-csp-msslegacy.md | 19 +- .../client-management/mdm/policy-csp-power.md | 43 +- .../mdm/policy-csp-printers.md | 75 +- .../mdm/policy-csp-remoteassistance.md | 19 +- .../mdm/policy-csp-remotedesktopservices.md | 30 +- .../mdm/policy-csp-remotemanagement.md | 52 +- .../mdm/policy-csp-remoteprocedurecall.md | 13 +- .../mdm/policy-csp-remoteshell.md | 28 +- .../mdm/policy-csp-search.md | 5 +- .../mdm/policy-csp-servicecontrolmanager.md | 10 +- .../mdm/policy-csp-settingssync.md | 16 +- .../client-management/mdm/policy-csp-start.md | 7 +- .../mdm/policy-csp-storage.md | 22 +- .../mdm/policy-csp-system.md | 23 +- .../mdm/policy-csp-tenantrestrictions.md | 10 +- .../mdm/policy-csp-textinput.md | 4 +- .../mdm/policy-csp-update.md | 29 +- .../mdm/policy-csp-userrights.md | 15 +- .../mdm/policy-csp-webthreatdefense.md | 5 +- .../client-management/mdm/policy-csp-wifi.md | 4 +- .../policy-csp-windowsconnectionmanager.md | 10 +- ...olicy-csp-windowsdefendersecuritycenter.md | 4 +- .../mdm/policy-csp-windowslogon.md | 29 +- .../mdm/policy-csp-windowspowershell.md | 10 +- .../mdm/policy-csp-windowssandbox.md | 10 +- .../mdm/printerprovisioning-csp.md | 8 +- windows/client-management/mdm/supl-csp.md | 4 +- .../client-management/mdm/surfacehub-csp.md | 5 +- windows/client-management/mdm/vpnv2-csp.md | 14 +- 221 files changed, 2895 insertions(+), 5442 deletions(-) diff --git a/windows/client-management/mdm/Language-pack-management-csp.md b/windows/client-management/mdm/Language-pack-management-csp.md index 5c3c9714b8..9daeb51cec 100644 --- a/windows/client-management/mdm/Language-pack-management-csp.md +++ b/windows/client-management/mdm/Language-pack-management-csp.md @@ -4,7 +4,7 @@ description: Learn more about the LanguagePackManagement CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 02/28/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,8 +16,7 @@ ms.topic: reference # LanguagePackManagement CSP -> [!IMPORTANT] -> This CSP contains preview policies that are under development and only applicable for [Windows Insider Preview builds](/windows-insider/). These policies are subject to change and may have dependencies on other features or services in preview. +[!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)] diff --git a/windows/client-management/mdm/bitlocker-csp.md b/windows/client-management/mdm/bitlocker-csp.md index 5a8cc3daa1..f660ac2ba8 100644 --- a/windows/client-management/mdm/bitlocker-csp.md +++ b/windows/client-management/mdm/bitlocker-csp.md @@ -4,7 +4,7 @@ description: Learn more about the BitLocker CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/09/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -76,7 +76,7 @@ The following list shows the BitLocker configuration service provider nodes: | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later | +| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763] and later | @@ -87,17 +87,16 @@ The following list shows the BitLocker configuration service provider nodes: -Allows Admin to enforce "RequireDeviceEncryption" policy for scenarios where policy is pushed while current logged-on user is non-admin/standard user. - +Allows Admin to enforce "RequireDeviceEncryption" policy for scenarios where policy is pushed while current logged on user is non-admin/standard user. "AllowStandardUserEncryption" policy is tied to "AllowWarningForOtherDiskEncryption" policy being set to "0", i.e, Silent encryption is enforced. - -If "AllowWarningForOtherDiskEncryption" isn't set, or is set to "1", "RequireDeviceEncryption" policy won't try to encrypt drive(s) if a standard user is the current logged-on user in the system. +If "AllowWarningForOtherDiskEncryption" is not set, or is set to "1", "RequireDeviceEncryption" policy will not try to encrypt drive(s) if a standard user +is the current logged on user in the system. The expected values for this policy are: 1 = "RequireDeviceEncryption" policy will try to enable encryption on all fixed drives even if a current logged in user is standard user. - -0 = This is the default, when the policy isn't set. If current logged-on user is a standard user, "RequireDeviceEncryption" policy won't try to enable encryption on any drive. +0 = This is the default, when the policy is not set. If current logged on user is a standard user, "RequireDeviceEncryption" policy +will not try to enable encryption on any drive. @@ -109,7 +108,7 @@ The expected values for this policy are: | Property name | Property value | |:--|:--| -| Format | `int` | +| Format | int | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | | Dependency [AllowWarningForOtherDiskEncryptionDependency] | Dependency Type: `DependsOn`
Dependency URI: `Device/Vendor/MSFT/Bitlocker/AllowWarningForOtherDiskEncryption`
Dependency Allowed Value: `[0]`
Dependency Allowed Value Type: `Range`
| @@ -120,7 +119,7 @@ The expected values for this policy are: | Value | Description | |:--|:--| -| 0 (Default) | This is the default, when the policy isn't set. If current logged-on user is a standard user, "RequireDeviceEncryption" policy won't try to enable encryption on any drive. | +| 0 (Default) | This is the default, when the policy is not set. If current logged on user is a standard user, "RequireDeviceEncryption" policy will not try to enable encryption on any drive. | | 1 | "RequireDeviceEncryption" policy will try to enable encryption on all fixed drives even if a current logged in user is standard user. | @@ -154,7 +153,7 @@ To disable this policy, use the following SyncML: | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows Insider Preview | +| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows Insider Preview | @@ -173,8 +172,7 @@ This policy setting allows suspending protection for BitLocker Drive Encryption The expected values for this policy are: 0 = Prevent BitLocker Drive Encryption protection from being suspended. - -1 = This is the default, when the policy isn't set. Allows suspending BitLocker Drive Encryption protection. +1 = This is the default, when the policy is not set. Allows suspending BitLocker Drive Encryption protection. @@ -186,7 +184,7 @@ The expected values for this policy are: | Property name | Property value | |:--|:--| -| Format | `int` | +| Format | int | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -197,7 +195,7 @@ The expected values for this policy are: | Value | Description | |:--|:--| | 0 | Prevent BitLocker Drive Encryption protection from being suspended. | -| 1 (Default) | This is the default, when the policy isn't set. Allows suspending BitLocker Drive Encryption protection. | +| 1 (Default) | This is the default, when the policy is not set. Allows suspending BitLocker Drive Encryption protection. | @@ -212,7 +210,7 @@ The expected values for this policy are: | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | +| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | @@ -227,17 +225,17 @@ Allows Admin to disable all UI (notification for encryption and warning prompt f and turn on encryption on the user machines silently. > [!WARNING] -> When you enable BitLocker on a device with third party encryption, it may render the device unusable and will require reinstallation of Windows. +> When you enable BitLocker on a device with third party encryption, it may render the device unusable and will +require reinstallation of Windows. > [!NOTE] > This policy takes effect only if "RequireDeviceEncryption" policy is set to 1. The expected values for this policy are: -1 = This is the default, when the policy isn't set. Warning prompt and encryption notification is allowed. - -0 = Disables the warning prompt and encryption notification. Starting in Windows 10, next major update, the value 0 only takes effect on Azure Active Directory joined devices. - +1 = This is the default, when the policy is not set. Warning prompt and encryption notification is allowed. +0 = Disables the warning prompt and encryption notification. Starting in Windows 10, next major update, +the value 0 only takes affect on Azure Active Directory joined devices. Windows will attempt to silently enable BitLocker for value 0. @@ -260,7 +258,7 @@ Windows will attempt to silently enable BitLocker for value 0. | Property name | Property value | |:--|:--| -| Format | `int` | +| Format | int | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -301,7 +299,7 @@ Windows will attempt to silently enable BitLocker for value 0. | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1909 [10.0.18363] and later | +| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1909 [10.0.18363] and later | @@ -313,14 +311,12 @@ Windows will attempt to silently enable BitLocker for value 0. Allows Admin to configure Numeric Recovery Password Rotation upon use for OS and fixed drives on AAD and Hybrid domain joined devices. - -When not configured, Rotation is turned on by default for AAD only and off on Hybrid. The Policy will be effective only when Active Directory back up for recovery password is configured to required. - -For OS drive: Turn on "don't enable Bitlocker until recovery information is stored to AD DS for operating system drives" -For Fixed drives: Turn on "don't enable Bitlocker until recovery information is stored to AD DS for fixed data drives" +When not configured, Rotation is turned on by default for AAD only and off on Hybrid. The Policy will be effective only when +Active Directory back up for recovery password is configured to required. +For OS drive: Turn on "Do not enable Bitlocker until recovery information is stored to AD DS for operating system drives" +For Fixed drives: Turn on "Do not enable Bitlocker until recovery information is stored to AD DS for fixed data drives" Supported Values: 0 - Numeric Recovery Passwords rotation OFF. - 1 - Numeric Recovery Passwords Rotation upon use ON for AAD joined devices. Default value 2 - Numeric Recovery Passwords Rotation upon use ON for both AAD and Hybrid devices @@ -334,7 +330,7 @@ Supported Values: 0 - Numeric Recovery Passwords rotation OFF. | Property name | Property value | |:--|:--| -| Format | `int` | +| Format | int | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -361,7 +357,7 @@ Supported Values: 0 - Numeric Recovery Passwords rotation OFF. | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | +| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | @@ -374,11 +370,11 @@ Supported Values: 0 - Numeric Recovery Passwords rotation OFF. This policy setting configures whether BitLocker protection is required for a computer to be able to write data to a removable data drive. -- If you enable this policy setting, all removable data drives that aren't BitLocker-protected will be mounted as read-only. If the drive is protected by BitLocker, it will be mounted with read and write access. +- If you enable this policy setting, all removable data drives that are not BitLocker-protected will be mounted as read-only. If the drive is protected by BitLocker, it will be mounted with read and write access. If the "Deny write access to devices configured in another organization" option is selected, only drives with identification fields matching the computer's identification fields will be given write access. When a removable data drive is accessed it will be checked for valid identification field and allowed identification fields. These fields are defined by the "Provide the unique identifiers for your organization" policy setting. -- If you disable or don't configure this policy setting, all removable data drives on the computer will be mounted with read and write access. +- If you disable or do not configure this policy setting, all removable data drives on the computer will be mounted with read and write access. > [!NOTE] > This policy setting can be overridden by the policy settings under User Configuration\Administrative Templates\System\Removable Storage Access. If the "Removable Disks: Deny write access" policy setting is enabled this policy setting will be ignored. @@ -417,12 +413,12 @@ Sample value for this node to enable this policy and set the encryption methods | Property name | Property value | |:--|:--| -| Format | `chr` (string) | +| Format | chr (string) | | Access Type | Add, Delete, Get, Replace | -[!INCLUDE [ADMX Backed Policy Tip](includes/mdm-admx-policy-note.md)] +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -467,7 +463,7 @@ To disable this policy, use the following SyncML: | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | +| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | @@ -480,9 +476,9 @@ To disable this policy, use the following SyncML: This policy setting allows you to configure the encryption type used by BitLocker Drive Encryption. This policy setting is applied when you turn on BitLocker. Changing the encryption type has no effect if the drive is already encrypted or if encryption is in progress. Choose full encryption to require that the entire drive be encrypted when BitLocker is turned on. Choose used space only encryption to require that only the portion of the drive used to store data is encrypted when BitLocker is turned on. -- If you enable this policy setting the encryption type that BitLocker will use to encrypt drives is defined by this policy and the encryption type option won't be presented in the BitLocker setup wizard. +- If you enable this policy setting the encryption type that BitLocker will use to encrypt drives is defined by this policy and the encryption type option will not be presented in the BitLocker setup wizard. -- If you disable or don't configure this policy setting, the BitLocker setup wizard will ask the user to select the encryption type before turning on BitLocker. +- If you disable or do not configure this policy setting, the BitLocker setup wizard will ask the user to select the encryption type before turning on BitLocker. @@ -510,12 +506,12 @@ Possible values: | Property name | Property value | |:--|:--| -| Format | `chr` (string) | +| Format | chr (string) | | Access Type | Add, Delete, Get, Replace | -[!INCLUDE [ADMX Backed Policy Tip](includes/mdm-admx-policy-note.md)] +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -542,7 +538,7 @@ Possible values: | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | +| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | @@ -559,18 +555,18 @@ The "Allow data recovery agent" check box is used to specify whether a data reco In "Configure user storage of BitLocker recovery information" select whether users are allowed, required, or not allowed to generate a 48-digit recovery password or a 256-bit recovery key. -Select "Omit recovery options from the BitLocker setup wizard" to prevent users from specifying recovery options when they turn on BitLocker on a drive. This means that you won't be able to specify which recovery option to use when you turn on BitLocker, instead BitLocker recovery options for the drive are determined by the policy setting. +Select "Omit recovery options from the BitLocker setup wizard" to prevent users from specifying recovery options when they turn on BitLocker on a drive. This means that you will not be able to specify which recovery option to use when you turn on BitLocker, instead BitLocker recovery options for the drive are determined by the policy setting. In "Save BitLocker recovery information to Active Directory Domain Services" choose which BitLocker recovery information to store in AD DS for fixed data drives. If you select "Backup recovery password and key package", both the BitLocker recovery password and key package are stored in AD DS. Storing the key package supports recovering data from a drive that has been physically corrupted. If you select "Backup recovery password only," only the recovery password is stored in AD DS. -Select the "don't enable BitLocker until recovery information is stored in AD DS for fixed data drives" check box if you want to prevent users from enabling BitLocker unless the computer is connected to the domain and the backup of BitLocker recovery information to AD DS succeeds. +Select the "Do not enable BitLocker until recovery information is stored in AD DS for fixed data drives" check box if you want to prevent users from enabling BitLocker unless the computer is connected to the domain and the backup of BitLocker recovery information to AD DS succeeds. > [!NOTE] -> If the "don't enable BitLocker until recovery information is stored in AD DS for fixed data drives" check box is selected, a recovery password is automatically generated. +> If the "Do not enable BitLocker until recovery information is stored in AD DS for fixed data drives" check box is selected, a recovery password is automatically generated. - If you enable this policy setting, you can control the methods available to users to recover data from BitLocker-protected fixed data drives. -- If this policy setting isn't configured or disabled, the default recovery options are supported for BitLocker recovery. By default a DRA is allowed, the recovery options can be specified by the user including the recovery password and recovery key, and recovery information isn't backed up to AD DS. +- If this policy setting is not configured or disabled, the default recovery options are supported for BitLocker recovery. By default a DRA is allowed, the recovery options can be specified by the user including the recovery password and recovery key, and recovery information is not backed up to AD DS. @@ -619,12 +615,12 @@ The possible values for 'zz' are: | Property name | Property value | |:--|:--| -| Format | `chr` (string) | +| Format | chr (string) | | Access Type | Add, Delete, Get, Replace | -[!INCLUDE [ADMX Backed Policy Tip](includes/mdm-admx-policy-note.md)] +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -669,7 +665,7 @@ To disable this policy, use the following SyncML: | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | +| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | @@ -682,9 +678,9 @@ To disable this policy, use the following SyncML: This policy setting determines whether BitLocker protection is required for fixed data drives to be writable on a computer. -- If you enable this policy setting, all fixed data drives that aren't BitLocker-protected will be mounted as read-only. If the drive is protected by BitLocker, it will be mounted with read and write access. +- If you enable this policy setting, all fixed data drives that are not BitLocker-protected will be mounted as read-only. If the drive is protected by BitLocker, it will be mounted with read and write access. -- If you disable or don't configure this policy setting, all fixed data drives on the computer will be mounted with read and write access. +- If you disable or do not configure this policy setting, all fixed data drives on the computer will be mounted with read and write access. @@ -697,12 +693,12 @@ Sample value for this node to enable this policy is: `` | Property name | Property value | |:--|:--| -| Format | `chr` (string) | +| Format | chr (string) | | Access Type | Add, Delete, Get, Replace | -[!INCLUDE [ADMX Backed Policy Tip](includes/mdm-admx-policy-note.md)] +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -747,7 +743,7 @@ To disable this policy, use hte following SyncML: | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | +| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | @@ -758,9 +754,9 @@ To disable this policy, use hte following SyncML: -This policy setting allows you to associate unique organizational identifiers to a new drive that's enabled with BitLocker. These identifiers are stored as the identification field and allowed identification field. The identification field allows you to associate a unique organizational identifier to BitLocker-protected drives. This identifier is automatically added to new BitLocker-protected drives and can be updated on existing BitLocker-protected drives using the [manage-bde](/windows-server/administration/windows-commands/manage-bde) command-line tool. An identification field is required for management of certificate-based data recovery agents on BitLocker-protected drives and for potential updates to the BitLocker To Go Reader. BitLocker will only manage and update data recovery agents when the identification field on the drive matches the value configured in the identification field. In a similar manner, BitLocker will only update the BitLocker To Go Reader when the identification field on the drive matches the value configured for the identification field. +This policy setting allows you to associate unique organizational identifiers to a new drive that is enabled with BitLocker. These identifiers are stored as the identification field and allowed identification field. The identification field allows you to associate a unique organizational identifier to BitLocker-protected drives. This identifier is automatically added to new BitLocker-protected drives and can be updated on existing BitLocker-protected drives using the [manage-bde](/windows-server/administration/windows-commands/manage-bde) command-line tool. An identification field is required for management of certificate-based data recovery agents on BitLocker-protected drives and for potential updates to the BitLocker To Go Reader. BitLocker will only manage and update data recovery agents when the identification field on the drive matches the value configured in the identification field. In a similar manner, BitLocker will only update the BitLocker To Go Reader when the identification field on the drive matches the value configured for the identification field. -The allowed identification field is used in combination with the "Deny write access to removable drives not protected by BitLocker" policy setting to help control the use of removable drives in your organization. It's a comma separated list of identification fields from your organization or other external organizations. +The allowed identification field is used in combination with the "Deny write access to removable drives not protected by BitLocker" policy setting to help control the use of removable drives in your organization. It is a comma separated list of identification fields from your organization or other external organizations. You can configure the identification fields on existing drives by using [manage-bde](/windows-server/administration/windows-commands/manage-bde).exe. @@ -768,7 +764,7 @@ You can configure the identification fields on existing drives by using [manage- When a BitLocker-protected drive is mounted on another BitLocker-enabled computer the identification field and allowed identification field will be used to determine whether the drive is from an outside organization. -- If you disable or don't configure this policy setting, the identification field isn't required. +- If you disable or do not configure this policy setting, the identification field is not required. > [!NOTE] > Identification fields are required for management of certificate-based data recovery agents on BitLocker-protected drives. BitLocker will only manage and update certificate-based data recovery agents when the identification field is present on a drive and is identical to the value configured on the computer. The identification field can be any value of 260 characters or fewer. @@ -795,12 +791,12 @@ Sample value for this node to enable this policy is: | Property name | Property value | |:--|:--| -| Format | `chr` (string) | +| Format | chr (string) | | Access Type | Add, Delete, Get, Replace | -[!INCLUDE [ADMX Backed Policy Tip](includes/mdm-admx-policy-note.md)] +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -827,7 +823,7 @@ Sample value for this node to enable this policy is: | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | +| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | @@ -842,9 +838,9 @@ This policy setting controls the use of BitLocker on removable data drives. This When this policy setting is enabled you can select property settings that control how users can configure BitLocker. Choose "Allow users to apply BitLocker protection on removable data drives" to permit the user to run the BitLocker setup wizard on a removable data drive. Choose "Allow users to suspend and decrypt BitLocker on removable data drives" to permit the user to remove BitLocker Drive encryption from the drive or suspend the encryption while maintenance is performed. For information about suspending BitLocker protection, see [BitLocker Basic Deployment](/windows/security/information-protection/bitlocker/bitlocker-basic-deployment). -- If you don't configure this policy setting, users can use BitLocker on removable disk drives. +- If you do not configure this policy setting, users can use BitLocker on removable disk drives. -- If you disable this policy setting, users can't use BitLocker on removable disk drives. +- If you disable this policy setting, users cannot use BitLocker on removable disk drives. @@ -868,12 +864,12 @@ Sample value for this node to enable this policy is: | Property name | Property value | |:--|:--| -| Format | `chr` (string) | +| Format | chr (string) | | Access Type | Add, Delete, Get, Replace | -[!INCLUDE [ADMX Backed Policy Tip](includes/mdm-admx-policy-note.md)] +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -900,7 +896,7 @@ Sample value for this node to enable this policy is: | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | +| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | @@ -913,9 +909,9 @@ Sample value for this node to enable this policy is: This policy setting allows you to configure the encryption type used by BitLocker Drive Encryption. This policy setting is applied when you turn on BitLocker. Changing the encryption type has no effect if the drive is already encrypted or if encryption is in progress. Choose full encryption to require that the entire drive be encrypted when BitLocker is turned on. Choose used space only encryption to require that only the portion of the drive used to store data is encrypted when BitLocker is turned on. -- If you enable this policy setting the encryption type that BitLocker will use to encrypt drives is defined by this policy and the encryption type option won't be presented in the BitLocker setup wizard. +- If you enable this policy setting the encryption type that BitLocker will use to encrypt drives is defined by this policy and the encryption type option will not be presented in the BitLocker setup wizard. -- If you disable or don't configure this policy setting, the BitLocker setup wizard will ask the user to select the encryption type before turning on BitLocker. +- If you disable or do not configure this policy setting, the BitLocker setup wizard will ask the user to select the encryption type before turning on BitLocker. @@ -938,13 +934,13 @@ Possible values: | Property name | Property value | |:--|:--| -| Format | `chr` (string) | +| Format | chr (string) | | Access Type | Add, Delete, Get, Replace | | Dependency [BDEAllowed] | Dependency Type: `DependsOn`
Dependency URI: `Device/Vendor/MSFT/Bitlocker/RemovableDrivesConfigureBDE`
Dependency Allowed Value Type: `ADMX`
| -[!INCLUDE [ADMX Backed Policy Tip](includes/mdm-admx-policy-note.md)] +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -971,7 +967,7 @@ Possible values: | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | +| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | @@ -982,7 +978,7 @@ Possible values: -When enabled, allows you to exclude removable drives and devices connected over USB interface from [BitLocker Device Encryption](/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10#bitlocker-device-encryption). Excluded devices can't be encrypted, even manually. Additionally, if "Deny write access to removable drives not protected by BitLocker" is configured, user won't be prompted for encryption and drive will be mounted in read/write mode. Provide a comma separated list of excluded removable drives\devices, using the Hardware ID of the disk device. Example USBSTOR\SEAGATE_ST39102LW_______0004. +When enabled, allows you to exclude removable drives and devices connected over USB interface from [BitLocker Device Encryption](/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10#bitlocker-device-encryption). Excluded devices cannot be encrypted, even manually. Additionally, if "Deny write access to removable drives not protected by BitLocker" is configured, user will not be prompted for encryption and drive will be mounted in read/write mode. Provide a comma separated list of excluded removable drives\devices, using the Hardware ID of the disk device. Example USBSTOR\SEAGATE_ST39102LW_______0004. @@ -994,7 +990,7 @@ When enabled, allows you to exclude removable drives and devices connected over | Property name | Property value | |:--|:--| -| Format | `chr` (string) | +| Format | chr (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `,`) | @@ -1011,7 +1007,7 @@ When enabled, allows you to exclude removable drives and devices connected over | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | +| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | @@ -1024,11 +1020,11 @@ When enabled, allows you to exclude removable drives and devices connected over This policy setting configures whether BitLocker protection is required for a computer to be able to write data to a removable data drive. -- If you enable this policy setting, all removable data drives that aren't BitLocker-protected will be mounted as read-only. If the drive is protected by BitLocker, it will be mounted with read and write access. +- If you enable this policy setting, all removable data drives that are not BitLocker-protected will be mounted as read-only. If the drive is protected by BitLocker, it will be mounted with read and write access. If the "Deny write access to devices configured in another organization" option is selected, only drives with identification fields matching the computer's identification fields will be given write access. When a removable data drive is accessed it will be checked for valid identification field and allowed identification fields. These fields are defined by the "Provide the unique identifiers for your organization" policy setting. -- If you disable or don't configure this policy setting, all removable data drives on the computer will be mounted with read and write access. +- If you disable or do not configure this policy setting, all removable data drives on the computer will be mounted with read and write access. > [!NOTE] > This policy setting can be overridden by the policy settings under User Configuration\Administrative Templates\System\Removable Storage Access. If the "Removable Disks: Deny write access" policy setting is enabled this policy setting will be ignored. @@ -1057,12 +1053,12 @@ The possible values for 'xx' are: | Property name | Property value | |:--|:--| -| Format | `chr` (string) | +| Format | chr (string) | | Access Type | Add, Delete, Get, Replace | -[!INCLUDE [ADMX Backed Policy Tip](includes/mdm-admx-policy-note.md)] +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1107,7 +1103,7 @@ To disable this policy, use the following SyncML: | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | +| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | @@ -1123,7 +1119,7 @@ Allows the Admin to require encryption to be turned on using BitLocker\Device En Sample value for this node to enable this policy: 1 -Disabling the policy won't turn off the encryption on the system drive. But will stop prompting the user to turn it on. +Disabling the policy will not turn off the encryption on the system drive. But will stop prompting the user to turn it on. @@ -1148,7 +1144,7 @@ Encryptable fixed data volumes are treated similarly to OS volumes. However, fix | Property name | Property value | |:--|:--| -| Format | `int` | +| Format | int | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -1158,7 +1154,7 @@ Encryptable fixed data volumes are treated similarly to OS volumes. However, fix | Value | Description | |:--|:--| -| 0 (Default) | Disable. If the policy setting isn't set or is set to 0, the device's enforcement status isn't checked. The policy doesn't enforce encryption and it doesn't decrypt encrypted volumes. | +| 0 (Default) | Disable. If the policy setting is not set or is set to 0, the device's enforcement status is not checked. The policy does not enforce encryption and it does not decrypt encrypted volumes. | | 1 | Enable. The device's enforcement status is checked. Setting this policy to 1 triggers encryption of all drives (silently or non-silently based on AllowWarningForOtherDiskEncryption policy). | @@ -1199,7 +1195,7 @@ To disable RequireDeviceEncryption: | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | +| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | @@ -1213,11 +1209,10 @@ To disable RequireDeviceEncryption: Allows the Admin to require storage card encryption on the device. This policy is only valid for mobile SKU. - Sample value for this node to enable this policy: 1 -Disabling the policy won't turn off the encryption on the storage card. But will stop prompting the user to turn it on. +Disabling the policy will not turn off the encryption on the storage card. But will stop prompting the user to turn it on. @@ -1229,7 +1224,7 @@ Disabling the policy won't turn off the encryption on the storage card. But will | Property name | Property value | |:--|:--| -| Format | `int` | +| Format | int | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -1239,7 +1234,7 @@ Disabling the policy won't turn off the encryption on the storage card. But will | Value | Description | |:--|:--| -| 0 (Default) | Storage cards don't need to be encrypted. | +| 0 (Default) | Storage cards do not need to be encrypted. | | 1 | Require storage cards to be encrypted. | @@ -1255,7 +1250,7 @@ Disabling the policy won't turn off the encryption on the storage card. But will | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1909 [10.0.18363] and later | +| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1909 [10.0.18363] and later | @@ -1267,12 +1262,11 @@ Disabling the policy won't turn off the encryption on the storage card. But will Allows admin to push one-time rotation of all numeric recovery passwords for OS and Fixed Data drives on an Azure Active Directory or hybrid-joined device. - This policy is Execute type and rotates all numeric passwords when issued from MDM tools. The policy only comes into effect when Active Directory backup for a recovery password is configured to "required." -- For OS drives, enable "don't enable BitLocker until recovery information is stored to Active Directory Domain Services for operating system drives." -- For fixed drives, enable "don't enable BitLocker until recovery information is stored to Active Directory Domain Services for fixed data drives." +- For OS drives, enable "Do not enable BitLocker until recovery information is stored to Active Directory Domain Services for operating system drives." +- For fixed drives, enable "Do not enable BitLocker until recovery information is stored to Active Directory Domain Services for fixed data drives." Client returns status DM_S_ACCEPTED_FOR_PROCESSING to indicate the rotation has started. Server can query status with the following status nodes: @@ -1309,7 +1303,7 @@ Supported Values: String form of request ID. Example format of request ID is GUI | Property name | Property value | |:--|:--| -| Format | `chr` (string) | +| Format | chr (string) | | Access Type | Exec | @@ -1325,7 +1319,7 @@ Supported Values: String form of request ID. Example format of request ID is GUI | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later | +| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1903 [10.0.18362] and later | @@ -1347,7 +1341,7 @@ Supported Values: String form of request ID. Example format of request ID is GUI | Property name | Property value | |:--|:--| -| Format | `node` | +| Format | node | | Access Type | Get | @@ -1363,7 +1357,7 @@ Supported Values: String form of request ID. Example format of request ID is GUI | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later | +| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1903 [10.0.18362] and later | @@ -1375,7 +1369,6 @@ Supported Values: String form of request ID. Example format of request ID is GUI This node reports compliance state of device encryption on the system. - Value '0' means the device is compliant. Any other value represents a non-compliant device. @@ -1409,7 +1402,7 @@ This value represents a bitmask with each bit and the corresponding error code d | Property name | Property value | |:--|:--| -| Format | `int` | +| Format | int | | Access Type | Get | @@ -1425,7 +1418,7 @@ This value represents a bitmask with each bit and the corresponding error code d | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | +| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | @@ -1448,7 +1441,7 @@ This node reports compliance state of removal drive encryption. "0" Value means | Property name | Property value | |:--|:--| -| Format | `int` | +| Format | int | | Access Type | Get | @@ -1464,7 +1457,7 @@ This node reports compliance state of removal drive encryption. "0" Value means | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1909 [10.0.18363] and later | +| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1909 [10.0.18363] and later | @@ -1476,8 +1469,8 @@ This node reports compliance state of removal drive encryption. "0" Value means This Node reports the RequestID corresponding to RotateRecoveryPasswordsStatus. - -This node needs to be queried in synchronization with RotateRecoveryPasswordsStatus To ensure the status is correctly matched to the request ID. +This node needs to be queried in synchronization with RotateRecoveryPasswordsStatus +To ensure the status is correctly matched to the request ID. @@ -1489,7 +1482,7 @@ This node needs to be queried in synchronization with RotateRecoveryPasswordsSta | Property name | Property value | |:--|:--| -| Format | `chr` (string) | +| Format | chr (string) | | Access Type | Get | @@ -1505,7 +1498,7 @@ This node needs to be queried in synchronization with RotateRecoveryPasswordsSta | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1909 [10.0.18363] and later | +| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1909 [10.0.18363] and later | @@ -1517,7 +1510,6 @@ This node needs to be queried in synchronization with RotateRecoveryPasswordsSta This Node reports the status of RotateRecoveryPasswords request. - Status code can be one of the following: NotStarted(2), Pending (1), Pass (0), Other error codes in case of failure. @@ -1531,7 +1523,7 @@ NotStarted(2), Pending (1), Pass (0), Other error codes in case of failure. | Property name | Property value | |:--|:--| -| Format | `int` | +| Format | int | | Access Type | Get | @@ -1547,7 +1539,7 @@ NotStarted(2), Pending (1), Pass (0), Other error codes in case of failure. | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | +| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | @@ -1558,13 +1550,13 @@ NotStarted(2), Pending (1), Pass (0), Other error codes in case of failure. -This policy setting allows you to configure whether or not standard users are allowed to change BitLocker volume PINs, provided they're able to provide the existing PIN first. +This policy setting allows you to configure whether or not standard users are allowed to change BitLocker volume PINs, provided they are able to provide the existing PIN first. This policy setting is applied when you turn on BitLocker. -- If you enable this policy setting, standard users won't be allowed to change BitLocker PINs or passwords. +- If you enable this policy setting, standard users will not be allowed to change BitLocker PINs or passwords. -- If you disable or don't configure this policy setting, standard users will be permitted to change BitLocker PINs and passwords. +- If you disable or do not configure this policy setting, standard users will be permitted to change BitLocker PINs and passwords. @@ -1580,12 +1572,12 @@ Sample value for this node to disable this policy is: `` | Property name | Property value | |:--|:--| -| Format | `chr` (string) | +| Format | chr (string) | | Access Type | Add, Delete, Get, Replace | -[!INCLUDE [ADMX Backed Policy Tip](includes/mdm-admx-policy-note.md)] +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1612,7 +1604,7 @@ Sample value for this node to disable this policy is: `` | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | +| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | @@ -1629,9 +1621,9 @@ The Windows touch keyboard (such as that used by tablets) isn't available in the - If you enable this policy setting, devices must have an alternative means of pre-boot input (such as an attached USB keyboard). -- If this policy isn't enabled, the Windows Recovery Environment must be enabled on tablets to support the entry of the BitLocker recovery password. When the Windows Recovery Environment isn't enabled and this policy isn't enabled, you can't turn on BitLocker on a device that uses the Windows touch keyboard. +- If this policy is not enabled, the Windows Recovery Environment must be enabled on tablets to support the entry of the BitLocker recovery password. When the Windows Recovery Environment is not enabled and this policy is not enabled, you cannot turn on BitLocker on a device that uses the Windows touch keyboard. -Note that if you don't enable this policy setting, options in the "Require additional authentication at startup" policy might not be available on such devices. These options include: +Note that if you do not enable this policy setting, options in the "Require additional authentication at startup" policy might not be available on such devices. These options include: - Configure TPM startup PIN: Required/Allowed - Configure TPM startup key and PIN: Required/Allowed @@ -1648,12 +1640,12 @@ Sample value for this node to enable this policy is: `` | Property name | Property value | |:--|:--| -| Format | `chr` (string) | +| Format | chr (string) | | Access Type | Add, Delete, Get, Replace | -[!INCLUDE [ADMX Backed Policy Tip](includes/mdm-admx-policy-note.md)] +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1680,7 +1672,7 @@ Sample value for this node to enable this policy is: `` | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | +| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | @@ -1695,7 +1687,7 @@ This policy setting allows users on devices that are compliant with InstantGo or - If you enable this policy setting, users on InstantGo and HSTI compliant devices will have the choice to turn on BitLocker without pre-boot authentication. -- If this policy isn't enabled, the options of "Require additional authentication at startup" policy apply. +- If this policy is not enabled, the options of "Require additional authentication at startup" policy apply. @@ -1708,12 +1700,12 @@ Sample value for this node to enable this policy is: `` | Property name | Property value | |:--|:--| -| Format | `chr` (string) | +| Format | chr (string) | | Access Type | Add, Delete, Get, Replace | -[!INCLUDE [ADMX Backed Policy Tip](includes/mdm-admx-policy-note.md)] +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1740,7 +1732,7 @@ Sample value for this node to enable this policy is: `` | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | +| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | @@ -1753,9 +1745,9 @@ Sample value for this node to enable this policy is: `` This policy setting allows you to configure the encryption type used by BitLocker Drive Encryption. This policy setting is applied when you turn on BitLocker. Changing the encryption type has no effect if the drive is already encrypted or if encryption is in progress. Choose full encryption to require that the entire drive be encrypted when BitLocker is turned on. Choose used space only encryption to require that only the portion of the drive used to store data is encrypted when BitLocker is turned on. -- If you enable this policy setting the encryption type that BitLocker will use to encrypt drives is defined by this policy and the encryption type option won't be presented in the BitLocker setup wizard. +- If you enable this policy setting the encryption type that BitLocker will use to encrypt drives is defined by this policy and the encryption type option will not be presented in the BitLocker setup wizard. -- If you disable or don't configure this policy setting, the BitLocker setup wizard will ask the user to select the encryption type before turning on BitLocker. +- If you disable or do not configure this policy setting, the BitLocker setup wizard will ask the user to select the encryption type before turning on BitLocker. @@ -1784,12 +1776,12 @@ Possible values: | Property name | Property value | |:--|:--| -| Format | `chr` (string) | +| Format | chr (string) | | Access Type | Add, Delete, Get, Replace | -[!INCLUDE [ADMX Backed Policy Tip](includes/mdm-admx-policy-note.md)] +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1816,7 +1808,7 @@ Possible values: | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | +| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | @@ -1834,9 +1826,9 @@ Enhanced startup PINs permit the use of characters including uppercase and lower - If you enable this policy setting, all new BitLocker startup PINs set will be enhanced PINs. > [!NOTE] -> Not all computers may support enhanced PINs in the pre-boot environment. It's strongly recommended that users perform a system check during BitLocker setup. +> Not all computers may support enhanced PINs in the pre-boot environment. It is strongly recommended that users perform a system check during BitLocker setup. -- If you disable or don't configure this policy setting, enhanced PINs won't be used. +- If you disable or do not configure this policy setting, enhanced PINs will not be used. @@ -1849,12 +1841,12 @@ Sample value for this node to enable this policy is: `` | Property name | Property value | |:--|:--| -| Format | `chr` (string) | +| Format | chr (string) | | Access Type | Add, Delete, Get, Replace | -[!INCLUDE [ADMX Backed Policy Tip](includes/mdm-admx-policy-note.md)] +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1881,7 +1873,7 @@ Sample value for this node to enable this policy is: `` | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | +| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | @@ -1896,7 +1888,7 @@ This policy setting allows you to configure a minimum length for a Trusted Platf - If you enable this policy setting, you can require a minimum number of digits to be used when setting the startup PIN. -- If you disable or don't configure this policy setting, users can configure a startup PIN of any length between 6 and 20 digits. +- If you disable or do not configure this policy setting, users can configure a startup PIN of any length between 6 and 20 digits. > [!NOTE] > If minimum PIN length is set below 6 digits, Windows will attempt to update the TPM 2.0 lockout period to be greater than the default when a PIN is changed. If successful, Windows will only reset the TPM lockout period back to default if the TPM is reset. @@ -1919,12 +1911,12 @@ Sample value for this node to enable this policy is: | Property name | Property value | |:--|:--| -| Format | `chr` (string) | +| Format | chr (string) | | Access Type | Add, Delete, Get, Replace | -[!INCLUDE [ADMX Backed Policy Tip](includes/mdm-admx-policy-note.md)] +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1968,7 +1960,7 @@ To disable this policy, use the following SyncML: | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | +| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | @@ -1988,7 +1980,7 @@ If you select the "Use custom recovery message" option, the message you type in If you select the "Use custom recovery URL" option, the URL you type in the "Custom recovery URL option" text box will replace the default URL in the default recovery message, which will be displayed in the pre-boot key recovery screen. > [!NOTE] -> Not all characters and languages are supported in pre-boot. It's strongly recommended that you test that the characters you use for the custom message or URL appear correctly on the pre-boot recovery screen. +> Not all characters and languages are supported in pre-boot. It is strongly recommended that you test that the characters you use for the custom message or URL appear correctly on the pre-boot recovery screen. @@ -2028,12 +2020,12 @@ The possible value for 'yy' and 'zz' is a string of max length 900 and 500 respe | Property name | Property value | |:--|:--| -| Format | `chr` (string) | +| Format | chr (string) | | Access Type | Add, Delete, Get, Replace | -[!INCLUDE [ADMX Backed Policy Tip](includes/mdm-admx-policy-note.md)] +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2077,7 +2069,7 @@ To disable this policy, use the following SyncML: | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | +| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | @@ -2094,18 +2086,18 @@ The "Allow certificate-based data recovery agent" check box is used to specify w In "Configure user storage of BitLocker recovery information" select whether users are allowed, required, or not allowed to generate a 48-digit recovery password or a 256-bit recovery key. -Select "Omit recovery options from the BitLocker setup wizard" to prevent users from specifying recovery options when they turn on BitLocker on a drive. This means that you won't be able to specify which recovery option to use when you turn on BitLocker, instead BitLocker recovery options for the drive are determined by the policy setting. +Select "Omit recovery options from the BitLocker setup wizard" to prevent users from specifying recovery options when they turn on BitLocker on a drive. This means that you will not be able to specify which recovery option to use when you turn on BitLocker, instead BitLocker recovery options for the drive are determined by the policy setting. In "Save BitLocker recovery information to Active Directory Domain Services", choose which BitLocker recovery information to store in AD DS for operating system drives. If you select "Backup recovery password and key package", both the BitLocker recovery password and key package are stored in AD DS. Storing the key package supports recovering data from a drive that has been physically corrupted. If you select "Backup recovery password only," only the recovery password is stored in AD DS. -Select the "don't enable BitLocker until recovery information is stored in AD DS for operating system drives" check box if you want to prevent users from enabling BitLocker unless the computer is connected to the domain and the backup of BitLocker recovery information to AD DS succeeds. +Select the "Do not enable BitLocker until recovery information is stored in AD DS for operating system drives" check box if you want to prevent users from enabling BitLocker unless the computer is connected to the domain and the backup of BitLocker recovery information to AD DS succeeds. > [!NOTE] -> If the "don't enable BitLocker until recovery information is stored in AD DS for operating system drives" check box is selected, a recovery password is automatically generated. +> If the "Do not enable BitLocker until recovery information is stored in AD DS for operating system drives" check box is selected, a recovery password is automatically generated. - If you enable this policy setting, you can control the methods available to users to recover data from BitLocker-protected operating system drives. -- If this policy setting is disabled or not configured, the default recovery options are supported for BitLocker recovery. By default a DRA is allowed, the recovery options can be specified by the user including the recovery password and recovery key, and recovery information isn't backed up to AD DS. +- If this policy setting is disabled or not configured, the default recovery options are supported for BitLocker recovery. By default a DRA is allowed, the recovery options can be specified by the user including the recovery password and recovery key, and recovery information is not backed up to AD DS. @@ -2153,12 +2145,12 @@ The possible values for 'zz' are: | Property name | Property value | |:--|:--| -| Format | `chr` (string) | +| Format | chr (string) | | Access Type | Add, Delete, Get, Replace | -[!INCLUDE [ADMX Backed Policy Tip](includes/mdm-admx-policy-note.md)] +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2203,7 +2195,7 @@ To disable this policy, use the following SyncML: | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | +| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | @@ -2225,7 +2217,7 @@ On a computer with a compatible TPM, four types of authentication methods can be - If you enable this policy setting, users can configure advanced startup options in the BitLocker setup wizard. -- If you disable or don't configure this policy setting, users can configure only basic options on computers with a TPM. +- If you disable or do not configure this policy setting, users can configure only basic options on computers with a TPM. > [!NOTE] > If you want to require the use of a startup PIN and a USB flash drive, you must configure BitLocker settings using the command-line tool [manage-bde](/windows-server/administration/windows-commands/manage-bde) instead of the BitLocker Drive Encryption setup wizard. @@ -2273,12 +2265,12 @@ The possible values for 'yy' are: | Property name | Property value | |:--|:--| -| Format | `chr` (string) | +| Format | chr (string) | | Access Type | Add, Delete, Get, Replace | -[!INCLUDE [ADMX Backed Policy Tip](includes/mdm-admx-policy-note.md)] +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/certificatestore-csp.md b/windows/client-management/mdm/certificatestore-csp.md index 2ea3f57533..377db193e9 100644 --- a/windows/client-management/mdm/certificatestore-csp.md +++ b/windows/client-management/mdm/certificatestore-csp.md @@ -4,7 +4,7 @@ description: Learn more about the CertificateStore CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 02/28/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -1766,7 +1766,7 @@ The SHA1 hash for the certificate. The 20-byte SHA1 hash of the certificate is s -The base64 Encoded X.509 certificate. **Note** that though during MDM enrollment, enrollment server could use WAP XML format to add public part of MDM client cert via EncodedCertificate node, properly enroll a client certificate including private needs a cert enroll protocol handle it or user installs it manually. In WP, the server cannot purely rely on CertificateStore CSP to install a client certificate including private key. +The base64 Encoded X.509 certificate. Note that though during MDM enrollment, enrollment server could use WAP XML format to add public part of MDM client cert via EncodedCertificate node, properly enroll a client certificate including private needs a cert enroll protocol handle it or user installs it manually. In WP, the server cannot purely rely on CertificateStore CSP to install a client certificate including private key. diff --git a/windows/client-management/mdm/clientcertificateinstall-csp.md b/windows/client-management/mdm/clientcertificateinstall-csp.md index 630acc3431..40ffe17423 100644 --- a/windows/client-management/mdm/clientcertificateinstall-csp.md +++ b/windows/client-management/mdm/clientcertificateinstall-csp.md @@ -4,7 +4,7 @@ description: Learn more about the ClientCertificateInstall CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 02/28/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -299,7 +299,6 @@ Required. If Add is called on this node and a blob already exists, it will fail. If Replace is called on this node, the certificates will be overwritten. If Add is called on this node for a new PFX, the certificate will be added. If Replace is called on this node when it does not exist, this will fail. In other words, using Replace or Add will result in the effect of either overwriting the old certificate or adding a new certificate - @@ -1171,7 +1170,7 @@ Valid value: 1024, 2048, 4096. For NGC, only 2048 is the supported keylength. -Optional. Specify where to keep the private key. **Note** that even it is protected by TPM, it is not guarded with TPM PIN. +Optional. Specify where to keep the private key. Note that even it is protected by TPM, it is not guarded with TPM PIN. SCEP enrolled cert doesn't support TPM PIN protection. @@ -1466,7 +1465,7 @@ For more information, see [CertNameToStrA function](/windows/win32/api/wincrypt/ -Optional. OID of certificate template name. **Note** that this name is typically ignored by the SCEP server, therefore the MDM server typically doesn't need to provide it. +Optional. OID of certificate template name. Note that this name is typically ignored by the SCEP server, therefore the MDM server typically doesn't need to provide it. @@ -1556,7 +1555,7 @@ MDM server expected certificate validation period (ValidPeriodUnits + ValidPerio -Optional. Specify desired number of units used in validity period. Subjected to SCEP server configuration. Default is 0. The units are defined in ValidPeriod node. **Note** the valid period specified by MDM will overwrite the valid period specified in cert template. For example, if ValidPeriod is days and ValidPeriodUnits is 30, it means the total valid duration is 30 days. +Optional. Specify desired number of units used in validity period. Subjected to SCEP server configuration. Default is 0. The units are defined in ValidPeriod node. Note the valid period specified by MDM will overwrite the valid period specified in cert template. For example, if ValidPeriod is days and ValidPeriodUnits is 30, it means the total valid duration is 30 days. > [!NOTE] > The device only sends the MDM server expected certificate validation period (ValidPeriodUnits + ValidPeriod) the SCEP server as part of certificate enrollment request. It is the server's decision on how to use this valid period to create the certificate. @@ -1859,7 +1858,6 @@ Required. If Add is called on this node and a blob already exists, it will fail. If Replace is called on this node, the certificates will be overwritten. If Add is called on this node for a new PFX, the certificate will be added. If Replace is called on this node when it does not exist, this will fail. In other words, using Replace or Add will result in the effect of either overwriting the old certificate or adding a new certificate - @@ -2729,7 +2727,7 @@ Valid value: 1024, 2048, 4096. For NGC, only 2048 is the supported keylength. -Optional. Specify where to keep the private key. **Note** that even it is protected by TPM, it is not guarded with TPM PIN. +Optional. Specify where to keep the private key. Note that even it is protected by TPM, it is not guarded with TPM PIN. SCEP enrolled cert doesn't support TPM PIN protection. @@ -3024,7 +3022,7 @@ For more information, see [CertNameToStrA function](/windows/win32/api/wincrypt/ -Optional. OID of certificate template name. **Note** that this name is typically ignored by the SCEP server, therefore the MDM server typically doesn't need to provide it. +Optional. OID of certificate template name. Note that this name is typically ignored by the SCEP server, therefore the MDM server typically doesn't need to provide it. @@ -3114,7 +3112,7 @@ MDM server expected certificate validation period (ValidPeriodUnits + ValidPerio -Optional. Specify desired number of units used in validity period. Subjected to SCEP server configuration. Default is 0. The units are defined in ValidPeriod node. **Note** the valid period specified by MDM will overwrite the valid period specified in cert template. For example, if ValidPeriod is days and ValidPeriodUnits is 30, it means the total valid duration is 30 days. +Optional. Specify desired number of units used in validity period. Subjected to SCEP server configuration. Default is 0. The units are defined in ValidPeriod node. Note the valid period specified by MDM will overwrite the valid period specified in cert template. For example, if ValidPeriod is days and ValidPeriodUnits is 30, it means the total valid duration is 30 days. > [!NOTE] > The device only sends the MDM server expected certificate validation period (ValidPeriodUnits + ValidPeriod) the SCEP server as part of certificate enrollment request. It is the server's decision on how to use this valid period to create the certificate. diff --git a/windows/client-management/mdm/devicepreparation-csp.md b/windows/client-management/mdm/devicepreparation-csp.md index a6be4ec54b..18d2b86d9b 100644 --- a/windows/client-management/mdm/devicepreparation-csp.md +++ b/windows/client-management/mdm/devicepreparation-csp.md @@ -4,7 +4,7 @@ description: Learn more about the DevicePreparation CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/01/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,8 +16,7 @@ ms.topic: reference # DevicePreparation CSP -> [!IMPORTANT] -> This CSP contains preview policies that are under development and only applicable for [Windows Insider Preview builds](/windows-insider/). These policies are subject to change and may have dependencies on other features or services in preview. +[!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)] @@ -291,7 +290,7 @@ The subnode configures the settings for the MDMProvider. -Noode for reporting progress status as opaque data. +Node for reporting progress status as opaque data. diff --git a/windows/client-management/mdm/dmacc-csp.md b/windows/client-management/mdm/dmacc-csp.md index 488633b587..838664e59a 100644 --- a/windows/client-management/mdm/dmacc-csp.md +++ b/windows/client-management/mdm/dmacc-csp.md @@ -4,7 +4,7 @@ description: Learn more about the DMAcc CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 02/28/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -1434,7 +1434,7 @@ This node specifies whether the DM client can use the nonce resynchronization pr resynchronization is disabled and authentication of the server notification fails, the notification is dropped. Possible Values: false (default) : Nonce resynchronization is disabled. -true : Nonce resynchronization is enabled. +true: Nonce resynchronization is enabled. diff --git a/windows/client-management/mdm/dmclient-csp.md b/windows/client-management/mdm/dmclient-csp.md index ff2a647808..4b4fbefe7c 100644 --- a/windows/client-management/mdm/dmclient-csp.md +++ b/windows/client-management/mdm/dmclient-csp.md @@ -4,7 +4,7 @@ description: Learn more about the DMClient CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/01/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,8 +16,7 @@ ms.topic: reference # DMClient CSP -> [!IMPORTANT] -> This CSP contains preview policies that are under development and only applicable for [Windows Insider Preview builds](/windows-insider/). These policies are subject to change and may have dependencies on other features or services in preview. +[!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)] @@ -1921,7 +1920,7 @@ This node, when doing a get, tells the server if the "First Syncs" are done and | Value | Description | |:--|:--| | false | The device is not finished provisioning. | -| true | The device has finished provisoining. | +| true | The device has finished provisioning. | @@ -2206,7 +2205,7 @@ Force device to send device AAD token during check-in as a separate header. |:--|:--| | 0 | ForceAadTokenNotDefined: the value is not defined(default). | | 1 | AlwaysSendAadDeviceTokenCheckIn: always send AAD device token during check-in as a separate header section(not as Bearer token). | -| 2 | Reserved for future. AlwaysSendAadUserTokenCheckin: always send AAD user token during check-in as a separate header section(not as Bearer toekn). | +| 2 | Reserved for future. AlwaysSendAadUserTokenCheckin: always send AAD user token during check-in as a separate header section(not as Bearer token). | | 4 | SendAadDeviceTokenForAuth: to replace AADSendDeviceToken, send AAD Device token for auth as Bearer token. | | 8 | Reserved for future. ForceAadTokenMaxAllowed: max value allowed. | @@ -2563,7 +2562,7 @@ return the last error for enroll/unenroll. -Optional. Allowed value is 0 or 1. 0 means the main enrollment has authority for mdm settings and resources, 1 means the linked enrollment has authority. +Optional. Allowed value is 0 or 1. 0 means the main enrollment has authority for MDM settings and resources, 1 means the linked enrollment has authority. @@ -4587,7 +4586,7 @@ This node, when doing a get, tells the server if the "First Syncs" are done and | Value | Description | |:--|:--| | false | The user is not finished provisioning. | -| true | The user has finished provisoining. | +| true | The user has finished provisioning. | diff --git a/windows/client-management/mdm/firewall-csp.md b/windows/client-management/mdm/firewall-csp.md index dd6206ae17..6d3ab4b908 100644 --- a/windows/client-management/mdm/firewall-csp.md +++ b/windows/client-management/mdm/firewall-csp.md @@ -4,7 +4,7 @@ description: Learn more about the Firewall CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/01/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -2030,9 +2030,9 @@ If more than one interface type is specified, the strings must be separated by a -Consists of one or more comma-delimited tokens specifying the local addresses covered by the rule. "*" is the default value. +Consists of one or more comma-delimited tokens specifying the local addresses covered by the rule. "\*" is the default value. Valid tokens include: -"*" indicates any local address. If present, this must be the only token included. +"\*" indicates any local address. If present, this must be the only token included. A subnet can be specified using either the subnet mask or network prefix notation. If neither a subnet mask not a network prefix is specified, the subnet mask defaults to 255.255.255.255. A valid IPv6 address. @@ -2119,7 +2119,7 @@ When setting this field in a firewall rule, the protocol field must also be set, Specifies the list of authorized local users for the app container. -This is a string in Security Descriptor Definition Language (SDDL) format.. +This is a string in Security Descriptor Definition Language (SDDL) format\. @@ -2369,8 +2369,8 @@ Comma separated list of Dynamic Keyword Address Ids (GUID strings) specifying th -Consists of one or more comma-delimited tokens specifying the remote addresses covered by the rule. The default value is "*". Valid tokens include: -"*" indicates any remote address. If present, this must be the only token included. +Consists of one or more comma-delimited tokens specifying the remote addresses covered by the rule. The default value is "\*". Valid tokens include: +"\*" indicates any remote address. If present, this must be the only token included. "Defaultgateway" "DHCP" "DNS" @@ -3270,9 +3270,9 @@ If not specified - a new rule is disabled by default. -Consists of one or more comma-delimited tokens specifying the local addresses covered by the rule. "*" is the default value. +Consists of one or more comma-delimited tokens specifying the local addresses covered by the rule. "\*" is the default value. Valid tokens include: -"*" indicates any local address. If present, this must be the only token included. +"\*" indicates any local address. If present, this must be the only token included. A subnet can be specified using either the subnet mask or network prefix notation. If neither a subnet mask not a network prefix is specified, the subnet mask defaults to 255.255.255.255. A valid IPv6 address. @@ -3526,8 +3526,8 @@ Specifies the profiles to which the rule belongs: Domain, Private, Public. See [ -Consists of one or more comma-delimited tokens specifying the remote addresses covered by the rule. The default value is "*". Valid tokens include: -"*" indicates any remote address. If present, this must be the only token included. +Consists of one or more comma-delimited tokens specifying the remote addresses covered by the rule. The default value is "\*". Valid tokens include: +"\*" indicates any remote address. If present, this must be the only token included. A subnet can be specified using either the subnet mask or network prefix notation. If neither a subnet mask not a network prefix is specified, the subnet mask defaults to 255.255.255.255. A valid IPv6 address. An IPv4 address range in the format of "start address - end address" with no spaces included. diff --git a/windows/client-management/mdm/laps-csp.md b/windows/client-management/mdm/laps-csp.md index 004ac731d2..41e10a9f37 100644 --- a/windows/client-management/mdm/laps-csp.md +++ b/windows/client-management/mdm/laps-csp.md @@ -4,7 +4,7 @@ description: Learn more about the LAPS CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 04/07/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -285,7 +285,7 @@ If not specified, the default built-in local administrator account will be locat If specified, the specified account's password will be managed. -**Note** if a custom managed local administrator account name is specified in this setting, that account must be created via other means. Specifying a name in this setting will not cause the account to be created. +Note if a custom managed local administrator account name is specified in this setting, that account must be created via other means. Specifying a name in this setting will not cause the account to be created. diff --git a/windows/client-management/mdm/passportforwork-csp.md b/windows/client-management/mdm/passportforwork-csp.md index e172fe94a5..e55a44f67b 100644 --- a/windows/client-management/mdm/passportforwork-csp.md +++ b/windows/client-management/mdm/passportforwork-csp.md @@ -4,7 +4,7 @@ description: Learn more about the PassportForWork CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 04/26/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,8 +16,7 @@ ms.topic: reference # PassportForWork CSP -> [!IMPORTANT] -> This CSP contains preview policies that are under development and only applicable for [Windows Insider Preview builds](/windows-insider/). These policies are subject to change and may have dependencies on other features or services in preview. +[!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)] @@ -422,7 +421,7 @@ A value of 1 corresponds to "Required." If you configure this policy setting to A value of 2 corresponds to "Disallow." If you configure this policy setting to 2, Windows Hello for Business prevents users from using digits in their PIN. -- If you do not configure this policy setting, Windows Hello for Business requires users to use digits in their PIN. +If you do not configure this policy setting, Windows Hello for Business requires users to use digits in their PIN. @@ -560,7 +559,7 @@ A value of 1 corresponds to "Required." If you configure this policy setting to A value of 2 corresponds to "Disallow." If you configure this policy setting to 2, Windows Hello for Business prevents users from using lowercase letters in their PIN. -- If you do not configure this policy setting, Windows Hello for Business does not allow users to use lowercase letters in their PIN. +If you do not configure this policy setting, Windows Hello for Business does not allow users to use lowercase letters in their PIN. @@ -712,7 +711,7 @@ A value of 1 corresponds to "Required." If you configure this policy setting to A value of 2 corresponds to "Disallow." If you configure this policy setting to 2, Windows Hello for Business prevents users from using special characters in their PIN. -- If you do not configure this policy setting, Windows Hello for Business does not allow users to use special characters in their PIN. +If you do not configure this policy setting, Windows Hello for Business does not allow users to use special characters in their PIN. @@ -768,7 +767,7 @@ A value of 1 corresponds to "Required." If you configure this policy setting to A value of 2 corresponds to "Disallow." If you configure this policy setting to 2, Windows Hello for Business prevents users from using uppercase letters in their PIN. -- If you do not configure this policy setting, Windows Hello for Business does not allow users to use uppercase letters in their PIN. +If you do not configure this policy setting, Windows Hello for Business does not allow users to use uppercase letters in their PIN. @@ -1282,7 +1281,7 @@ This setting determines whether enhanced anti-spoofing is required for Windows H - If you disable or do not configure this setting, Windows doesn't require enhanced anti-spoofing for Windows Hello face authentication. -**Note** that enhanced anti-spoofing for Windows Hello face authentication is not required on unmanaged devices. +Note that enhanced anti-spoofing for Windows Hello face authentication is not required on unmanaged devices. @@ -1588,7 +1587,7 @@ Dynamic Lock. -Enables/Disables Dyanamic Lock. +Enables/Disables Dynamic Lock. @@ -2004,7 +2003,7 @@ A value of 1 corresponds to "Required." If you configure this policy setting to A value of 2 corresponds to "Disallow." If you configure this policy setting to 2, Windows Hello for Business prevents users from using digits in their PIN. -- If you do not configure this policy setting, Windows Hello for Business requires users to use digits in their PIN. +If you do not configure this policy setting, Windows Hello for Business requires users to use digits in their PIN. @@ -2142,7 +2141,7 @@ A value of 1 corresponds to "Required." If you configure this policy setting to A value of 2 corresponds to "Disallow." If you configure this policy setting to 2, Windows Hello for Business prevents users from using lowercase letters in their PIN. -- If you do not configure this policy setting, Windows Hello for Business does not allow users to use lowercase letters in their PIN. +If you do not configure this policy setting, Windows Hello for Business does not allow users to use lowercase letters in their PIN. @@ -2294,7 +2293,7 @@ A value of 1 corresponds to "Required." If you configure this policy setting to A value of 2 corresponds to "Disallow." If you configure this policy setting to 2, Windows Hello for Business prevents users from using special characters in their PIN. -- If you do not configure this policy setting, Windows Hello for Business does not allow users to use special characters in their PIN. +If you do not configure this policy setting, Windows Hello for Business does not allow users to use special characters in their PIN. @@ -2350,7 +2349,7 @@ A value of 1 corresponds to "Required." If you configure this policy setting to A value of 2 corresponds to "Disallow." If you configure this policy setting to 2, Windows Hello for Business prevents users from using uppercase letters in their PIN. -- If you do not configure this policy setting, Windows Hello for Business does not allow users to use uppercase letters in their PIN. +If you do not configure this policy setting, Windows Hello for Business does not allow users to use uppercase letters in their PIN. diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index 6dfdadfe54..34f29ece12 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -4,7 +4,7 @@ description: Learn more about the Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/09/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -80,7 +80,7 @@ The following list shows the Policy configuration service provider nodes: | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | +| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | @@ -103,7 +103,7 @@ Node for grouping all policies configured by one source. The configuration sourc | Property name | Property value | |:--|:--| -| Format | `node` | +| Format | node | | Access Type | Add, Delete, Get | @@ -119,7 +119,7 @@ Node for grouping all policies configured by one source. The configuration sourc | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | +| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | @@ -130,7 +130,7 @@ Node for grouping all policies configured by one source. The configuration sourc -The area group that can be configured by a single technology for a single provider. Once added, you can't change the value. See the individual Area DDFs for Policy CSP for a list of Areas that can be configured. +The area group that can be configured by a single technology for a single provider. Once added, you cannot change the value. See the individual Area DDFs for Policy CSP for a list of Areas that can be configured. @@ -142,7 +142,7 @@ The area group that can be configured by a single technology for a single provid | Property name | Property value | |:--|:--| -| Format | `node` | +| Format | node | | Access Type | Add, Delete, Get | | Dynamic Node Naming | ClientInventory | @@ -159,7 +159,7 @@ The area group that can be configured by a single technology for a single provid | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | +| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | @@ -190,7 +190,7 @@ The following list shows some tips to help you when configuring policies: | Property name | Property value | |:--|:--| -| Format | `null` | +| Format | null | | Access Type | Add, Delete, Get, Replace | | Dynamic Node Naming | ClientInventory | @@ -207,7 +207,7 @@ The following list shows some tips to help you when configuring policies: | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | +| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | @@ -230,7 +230,7 @@ The root node for grouping different configuration operations. | Property name | Property value | |:--|:--| -| Format | `node` | +| Format | node | | Access Type | Add, Delete, Get | @@ -246,7 +246,7 @@ The root node for grouping different configuration operations. | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | +| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | @@ -257,7 +257,7 @@ The root node for grouping different configuration operations. -Allows settings for ADMX files for Win32 and Desktop Bridge apps to be imported (ingested) by your device and processed into new ADMX-backed policies or preferences. By using ADMXInstall, you can add ADMX-backed policies for those Win32 or Desktop Bridge apps that have been added between OS releases. ADMX-backed policies are ingested to your device by using the Policy CSP URI: ./Vendor/MSFT/Policy/ConfigOperations/ADMXInstall. Each ADMX-backed policy or preference that's added is assigned a unique ID. ADMX files that have been installed by using ConfigOperations/ADMXInstall can later be deleted by using the URI delete operation. Deleting an ADMX file will delete the ADMX file from disk, remove the metadata from the ADMXdefault registry hive, and delete all the policies that were set from the file. The MDM server can also delete all ADMX policies that are tied to a particular app by calling delete on the URI, ./Vendor/MSFT/Policy/ConfigOperations/ADMXInstall/{AppName}. +Allows settings for ADMX files for Win32 and Desktop Bridge apps to be imported (ingested) by your device and processed into new ADMX-backed policies or preferences. By using ADMXInstall, you can add ADMX-backed policies for those Win32 or Desktop Bridge apps that have been added between OS releases. ADMX-backed policies are ingested to your device by using the Policy CSP URI: ./Vendor/MSFT/Policy/ConfigOperations/ADMXInstall. Each ADMX-backed policy or preference that is added is assigned a unique ID. ADMX files that have been installed by using ConfigOperations/ADMXInstall can later be deleted by using the URI delete operation. Deleting an ADMX file will delete the ADMX file from disk, remove the metadata from the ADMXdefault registry hive, and delete all the policies that were set from the file. The MDM server can also delete all ADMX policies that are tied to a particular app by calling delete on the URI, ./Vendor/MSFT/Policy/ConfigOperations/ADMXInstall/{AppName}. @@ -273,7 +273,7 @@ Allows settings for ADMX files for Win32 and Desktop Bridge apps to be imported | Property name | Property value | |:--|:--| -| Format | `node` | +| Format | node | | Access Type | Add, Delete, Get | @@ -289,7 +289,7 @@ Allows settings for ADMX files for Win32 and Desktop Bridge apps to be imported | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | +| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | @@ -312,7 +312,7 @@ Specifies the name of the Win32 or Desktop Bridge app associated with the ADMX f | Property name | Property value | |:--|:--| -| Format | `node` | +| Format | node | | Access Type | Add, Delete, Get | | Dynamic Node Naming | UniqueName: Specifies the name of the Win32 or Desktop Bridge app associated with the ADMX file. | @@ -329,7 +329,7 @@ Specifies the name of the Win32 or Desktop Bridge app associated with the ADMX f | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | +| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | @@ -352,7 +352,7 @@ Setting Type of Win32 App. Policy Or Preference. | Property name | Property value | |:--|:--| -| Format | `node` | +| Format | node | | Access Type | Add, Delete, Get | | Dynamic Node Naming | UniqueName: Setting Type of Win32 App. Policy Or Preference | @@ -369,7 +369,7 @@ Setting Type of Win32 App. Policy Or Preference. | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | +| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | @@ -392,7 +392,7 @@ Unique ID of ADMX file. | Property name | Property value | |:--|:--| -| Format | `chr` (string) | +| Format | chr (string) | | Access Type | Add, Delete, Get, Replace | | Dynamic Node Naming | ServerGeneratedUniqueIdentifier | @@ -409,7 +409,7 @@ Unique ID of ADMX file. | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299.1481] and later
✅ Windows 10, version 1803 [10.0.17134.1099] and later
✅ Windows 10, version 1809 [10.0.17763.832] and later
✅ Windows 10, version 1903 [10.0.18362.387] and later
✅ Windows 10, version 1909 [10.0.18363] and later | +| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299.1481] and later
:heavy_check_mark: Windows 10, version 1803 [10.0.17134.1099] and later
:heavy_check_mark: Windows 10, version 1809 [10.0.17763.832] and later
:heavy_check_mark: Windows 10, version 1903 [10.0.18362.387] and later
:heavy_check_mark: Windows 10, version 1909 [10.0.18363] and later | @@ -432,7 +432,7 @@ Properties of Win32 App ADMX Ingestion. | Property name | Property value | |:--|:--| -| Format | `node` | +| Format | node | | Access Type | Add, Delete, Get | @@ -448,7 +448,7 @@ Properties of Win32 App ADMX Ingestion. | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299.1481] and later
✅ Windows 10, version 1803 [10.0.17134.1099] and later
✅ Windows 10, version 1809 [10.0.17763.832] and later
✅ Windows 10, version 1903 [10.0.18362.387] and later
✅ Windows 10, version 1909 [10.0.18363] and later | +| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299.1481] and later
:heavy_check_mark: Windows 10, version 1803 [10.0.17134.1099] and later
:heavy_check_mark: Windows 10, version 1809 [10.0.17763.832] and later
:heavy_check_mark: Windows 10, version 1903 [10.0.18362.387] and later
:heavy_check_mark: Windows 10, version 1909 [10.0.18363] and later | @@ -471,7 +471,7 @@ Setting Type of Win32 App. Policy Or Preference. | Property name | Property value | |:--|:--| -| Format | `node` | +| Format | node | | Access Type | Add, Delete, Get | | Dynamic Node Naming | UniqueName: Setting Type of Win32 App. Policy Or Preference | @@ -488,7 +488,7 @@ Setting Type of Win32 App. Policy Or Preference. | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299.1481] and later
✅ Windows 10, version 1803 [10.0.17134.1099] and later
✅ Windows 10, version 1809 [10.0.17763.832] and later
✅ Windows 10, version 1903 [10.0.18362.387] and later
✅ Windows 10, version 1909 [10.0.18363] and later | +| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299.1481] and later
:heavy_check_mark: Windows 10, version 1803 [10.0.17134.1099] and later
:heavy_check_mark: Windows 10, version 1809 [10.0.17763.832] and later
:heavy_check_mark: Windows 10, version 1903 [10.0.18362.387] and later
:heavy_check_mark: Windows 10, version 1909 [10.0.18363] and later | @@ -511,7 +511,7 @@ Unique ID of ADMX file. | Property name | Property value | |:--|:--| -| Format | `node` | +| Format | node | | Access Type | Add, Delete, Get | | Dynamic Node Naming | ServerGeneratedUniqueIdentifier | @@ -528,7 +528,7 @@ Unique ID of ADMX file. | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299.1481] and later
✅ Windows 10, version 1803 [10.0.17134.1099] and later
✅ Windows 10, version 1809 [10.0.17763.832] and later
✅ Windows 10, version 1903 [10.0.18362.387] and later
✅ Windows 10, version 1909 [10.0.18363] and later | +| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299.1481] and later
:heavy_check_mark: Windows 10, version 1803 [10.0.17134.1099] and later
:heavy_check_mark: Windows 10, version 1809 [10.0.17763.832] and later
:heavy_check_mark: Windows 10, version 1903 [10.0.18362.387] and later
:heavy_check_mark: Windows 10, version 1909 [10.0.18363] and later | @@ -551,7 +551,7 @@ Version of ADMX file. This can be set by the server to keep a record of the vers | Property name | Property value | |:--|:--| -| Format | `chr` (string) | +| Format | chr (string) | | Access Type | Add, Delete, Get, Replace | @@ -567,7 +567,7 @@ Version of ADMX file. This can be set by the server to keep a record of the vers | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | +| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | @@ -590,7 +590,7 @@ Groups the evaluated policies from all providers that can be configured. | Property name | Property value | |:--|:--| -| Format | `node` | +| Format | node | | Access Type | Get | @@ -606,7 +606,7 @@ Groups the evaluated policies from all providers that can be configured. | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | +| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | @@ -629,7 +629,7 @@ The area group that can be configured by a single technology independent of the | Property name | Property value | |:--|:--| -| Format | `node` | +| Format | node | | Access Type | Get | | Dynamic Node Naming | ClientInventory | @@ -646,7 +646,7 @@ The area group that can be configured by a single technology independent of the | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | +| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | @@ -669,7 +669,7 @@ Specifies the name/value pair used in the policy. See the individual Area DDFs f | Property name | Property value | |:--|:--| -| Format | `null` | +| Format | null | | Access Type | Get | | Dynamic Node Naming | ClientInventory | @@ -686,7 +686,7 @@ Specifies the name/value pair used in the policy. See the individual Area DDFs f | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
✅ User | ❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE | | +| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:x: Pro
:x: Enterprise
:x: Education
:x: Windows SE | | @@ -709,7 +709,7 @@ Node for grouping all policies configured by one source. The configuration sourc | Property name | Property value | |:--|:--| -| Format | `node` | +| Format | node | | Access Type | Add, Delete, Get | @@ -725,7 +725,7 @@ Node for grouping all policies configured by one source. The configuration sourc | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
✅ User | ❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE | | +| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:x: Pro
:x: Enterprise
:x: Education
:x: Windows SE | | @@ -736,7 +736,7 @@ Node for grouping all policies configured by one source. The configuration sourc -The area group that can be configured by a single technology for a single provider. Once added, you can't change the value. See the individual Area DDFs for Policy CSP for a list of Areas that can be configured. +The area group that can be configured by a single technology for a single provider. Once added, you cannot change the value. See the individual Area DDFs for Policy CSP for a list of Areas that can be configured. @@ -756,7 +756,7 @@ The following list shows some tips to help you when configuring policies: | Property name | Property value | |:--|:--| -| Format | `node` | +| Format | node | | Access Type | Add, Delete, Get | | Dynamic Node Naming | ClientInventory | @@ -773,7 +773,7 @@ The following list shows some tips to help you when configuring policies: | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
✅ User | ❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE | | +| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:x: Pro
:x: Enterprise
:x: Education
:x: Windows SE | | @@ -796,7 +796,7 @@ Specifies the name/value pair used in the policy. See the individual Area DDFs f | Property name | Property value | |:--|:--| -| Format | `null` | +| Format | null | | Access Type | Add, Delete, Get, Replace | | Dynamic Node Naming | ClientInventory | @@ -813,7 +813,7 @@ Specifies the name/value pair used in the policy. See the individual Area DDFs f | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
✅ User | ❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE | | +| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:x: Pro
:x: Enterprise
:x: Education
:x: Windows SE | | @@ -836,7 +836,7 @@ Groups the evaluated policies from all providers that can be configured. | Property name | Property value | |:--|:--| -| Format | `node` | +| Format | node | | Access Type | Get | @@ -852,7 +852,7 @@ Groups the evaluated policies from all providers that can be configured. | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
✅ User | ❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE | | +| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:x: Pro
:x: Enterprise
:x: Education
:x: Windows SE | | @@ -875,7 +875,7 @@ The area group that can be configured by a single technology independent of the | Property name | Property value | |:--|:--| -| Format | `node` | +| Format | node | | Access Type | Get | | Dynamic Node Naming | ClientInventory | @@ -892,7 +892,7 @@ The area group that can be configured by a single technology independent of the | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
✅ User | ❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE | | +| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:x: Pro
:x: Enterprise
:x: Education
:x: Windows SE | | @@ -915,7 +915,7 @@ Specifies the name/value pair used in the policy. See the individual Area DDFs f | Property name | Property value | |:--|:--| -| Format | `null` | +| Format | null | | Access Type | Get | | Dynamic Node Naming | ServerGeneratedUniqueIdentifier | diff --git a/windows/client-management/mdm/policy-csp-activexcontrols.md b/windows/client-management/mdm/policy-csp-activexcontrols.md index 6432707d70..4fa248b41e 100644 --- a/windows/client-management/mdm/policy-csp-activexcontrols.md +++ b/windows/client-management/mdm/policy-csp-activexcontrols.md @@ -4,7 +4,7 @@ description: Learn more about the ActiveXControls Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 01/09/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ActiveXControls -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -66,8 +63,7 @@ This policy setting determines which ActiveX installation sites standard users i -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-activexinstallservice.md b/windows/client-management/mdm/policy-csp-admx-activexinstallservice.md index ad05a61b1f..f44fba1e66 100644 --- a/windows/client-management/mdm/policy-csp-admx-activexinstallservice.md +++ b/windows/client-management/mdm/policy-csp-admx-activexinstallservice.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_ActiveXInstallService Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 01/09/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_ActiveXInstallService -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -68,8 +65,7 @@ If the trusted site uses the HTTPS protocol, this policy setting can also contro -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-addremoveprograms.md b/windows/client-management/mdm/policy-csp-admx-addremoveprograms.md index d1170a124f..12cee81f73 100644 --- a/windows/client-management/mdm/policy-csp-admx-addremoveprograms.md +++ b/windows/client-management/mdm/policy-csp-admx-addremoveprograms.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_AddRemovePrograms Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 03/23/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_AddRemovePrograms -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -70,8 +67,7 @@ You can use this setting to direct users to the programs they are most likely to -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -132,8 +128,7 @@ This setting does not prevent users from using other tools and methods to add or -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -195,8 +190,7 @@ This setting does not prevent users from using other tools and methods to connec -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -262,8 +256,7 @@ Published programs are those programs that the system administrator has explicit -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -324,8 +317,7 @@ This setting does not prevent users from using other tools and methods to instal -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -390,8 +382,7 @@ This setting does not prevent users from using other tools and methods to instal -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -454,8 +445,7 @@ This setting does not prevent the Set Program Access and Defaults icon from appe -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -516,8 +506,7 @@ This setting does not prevent users from using other tools and methods to delete -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -585,8 +574,7 @@ To remove "Set up services" and prevent the Windows Component Wizard from starti -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -648,8 +636,7 @@ If you disable this setting or do not configure it, the Support Info hyperlink a -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -710,8 +697,7 @@ This setting does not prevent users from using other tools and methods to config -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-admpwd.md b/windows/client-management/mdm/policy-csp-admx-admpwd.md index 747cb54e0e..cac09f39c5 100644 --- a/windows/client-management/mdm/policy-csp-admx-admpwd.md +++ b/windows/client-management/mdm/policy-csp-admx-admpwd.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_AdmPwd Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 01/09/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_AdmPwd -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -62,8 +59,7 @@ If you disable or not configure this setting, local administrator password is NO -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -116,8 +112,7 @@ When you disable or don't configure this setting, password expiration time may b -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -170,8 +165,7 @@ When you disable or don't configure this setting, password expiration time may b -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -226,8 +220,7 @@ If you disable or not configure this setting, local administrator password is NO -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-appcompat.md b/windows/client-management/mdm/policy-csp-admx-appcompat.md index d864def13f..3347483928 100644 --- a/windows/client-management/mdm/policy-csp-admx-appcompat.md +++ b/windows/client-management/mdm/policy-csp-admx-appcompat.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_AppCompat Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 03/23/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_AppCompat -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -70,8 +67,7 @@ If the status is set to Not Configured, the OS falls back on a local policy set -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -128,8 +124,7 @@ The compatibility property page displays a list of options that can be selected -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -192,8 +187,7 @@ Disabling telemetry will take effect on any newly launched applications. To ensu -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -259,8 +253,7 @@ This option is useful to server administrators who require faster performance an -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -315,8 +308,7 @@ This setting exists only for backward compatibility, and is not valid for this v -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -380,8 +372,7 @@ The PCA monitors applications run by the user. When a potential compatibility is -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -445,8 +436,7 @@ The Inventory Collector inventories applications, files, devices, and drivers on -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -511,8 +501,7 @@ Please reboot the system after changing the setting to ensure that your system a -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -573,8 +562,7 @@ Steps Recorder keeps a record of steps taken by the user. The data generated by -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-appxpackagemanager.md b/windows/client-management/mdm/policy-csp-admx-appxpackagemanager.md index fb99a07c57..13d4e6da46 100644 --- a/windows/client-management/mdm/policy-csp-admx-appxpackagemanager.md +++ b/windows/client-management/mdm/policy-csp-admx-appxpackagemanager.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_AppxPackageManager Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 01/09/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_AppxPackageManager -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -71,8 +68,7 @@ User profiles for the Guest account and members of the Guests group -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-appxruntime.md b/windows/client-management/mdm/policy-csp-admx-appxruntime.md index b440390a21..539bd887fd 100644 --- a/windows/client-management/mdm/policy-csp-admx-appxruntime.md +++ b/windows/client-management/mdm/policy-csp-admx-appxruntime.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_AppXRuntime Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 01/12/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_AppXRuntime -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -63,8 +60,7 @@ This policy setting lets you turn on Content URI Rules to supplement the static -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -127,8 +123,7 @@ This policy setting lets you control whether Windows Store apps can open files u -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -189,8 +184,7 @@ This policy should not be enabled unless recommended by Microsoft as a security -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -256,8 +250,7 @@ This policy setting lets you control whether Windows Store apps can open URIs us -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-attachmentmanager.md b/windows/client-management/mdm/policy-csp-admx-attachmentmanager.md index e6f792fa8b..9e7e114b62 100644 --- a/windows/client-management/mdm/policy-csp-admx-attachmentmanager.md +++ b/windows/client-management/mdm/policy-csp-admx-attachmentmanager.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_AttachmentManager Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 01/09/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_AttachmentManager -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -71,8 +68,7 @@ Using both the file handler and type data is the most restrictive option. Window -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -138,8 +134,7 @@ Low Risk: If the attachment is in the list of low-risk file types, Windows will -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -199,8 +194,7 @@ This policy setting allows you to configure the list of high-risk file types. If -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -260,8 +254,7 @@ This policy setting allows you to configure the list of low-risk file types. If -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -321,8 +314,7 @@ This policy setting allows you to configure the list of moderate-risk file types -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-auditsettings.md b/windows/client-management/mdm/policy-csp-admx-auditsettings.md index 9df41c0e25..9a29e37336 100644 --- a/windows/client-management/mdm/policy-csp-admx-auditsettings.md +++ b/windows/client-management/mdm/policy-csp-admx-auditsettings.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_AuditSettings Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 03/23/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_AuditSettings -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -70,8 +67,7 @@ Default: Not configured -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-bits.md b/windows/client-management/mdm/policy-csp-admx-bits.md index 53f320034a..25dab08d2d 100644 --- a/windows/client-management/mdm/policy-csp-admx-bits.md +++ b/windows/client-management/mdm/policy-csp-admx-bits.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_Bits Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 01/09/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_Bits -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -66,8 +63,7 @@ This setting affects whether the BITS client is allowed to use Windows Branch Ca -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -129,8 +125,7 @@ This policy setting specifies whether the computer will act as a BITS peer cachi -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -192,8 +187,7 @@ This policy setting specifies whether the computer will act as a BITS peer cachi -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -254,8 +248,7 @@ If BITS peer caching is enabled, BITS caches downloaded files and makes them ava -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -319,8 +312,7 @@ You can change the default behavior of BITS, and specify a fixed maximum bandwid -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -383,8 +375,7 @@ You can specify a limit to use for background jobs during a maintenance schedule -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -445,8 +436,7 @@ You can specify a limit to use for background jobs during a work schedule. For e -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -508,8 +498,7 @@ This policy setting limits the maximum amount of disk space that can be used for -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -570,8 +559,7 @@ This policy setting limits the maximum age of files in the Background Intelligen -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -633,8 +621,7 @@ By default BITS uses a maximum download time of 90 days (7,776,000 seconds). -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -695,8 +682,7 @@ This policy setting limits the number of files that a BITS job can contain. By d -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -757,8 +743,7 @@ This policy setting limits the number of BITS jobs that can be created for all u -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -819,8 +804,7 @@ This policy setting limits the number of BITS jobs that can be created by a user -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -881,8 +865,7 @@ This policy setting limits the number of ranges that can be added to a file in a -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md b/windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md index 4381ecdcb1..daa8d23044 100644 --- a/windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md +++ b/windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_CipherSuiteOrder Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 03/23/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_CipherSuiteOrder -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -65,8 +62,7 @@ Link for all the cipherSuites: -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -134,8 +130,7 @@ CertUtil.exe -DisplayEccCurve. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-com.md b/windows/client-management/mdm/policy-csp-admx-com.md index 3ee1a98a1d..f016f7dfca 100644 --- a/windows/client-management/mdm/policy-csp-admx-com.md +++ b/windows/client-management/mdm/policy-csp-admx-com.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_COM Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 01/09/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_COM -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -67,8 +64,7 @@ This setting appears in the Computer Configuration and User Configuration folder -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -131,8 +127,7 @@ This setting appears in the Computer Configuration and User Configuration folder -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-controlpanel.md b/windows/client-management/mdm/policy-csp-admx-controlpanel.md index 07bb2c18f1..2c700395ec 100644 --- a/windows/client-management/mdm/policy-csp-admx-controlpanel.md +++ b/windows/client-management/mdm/policy-csp-admx-controlpanel.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_ControlPanel Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 03/23/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_ControlPanel -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -74,8 +71,7 @@ If both the "Hide specified Control Panel items" setting and the "Show only spec -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -139,8 +135,7 @@ This policy setting controls the default Control Panel view, whether by category -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -209,8 +204,7 @@ If users try to select a Control Panel item from the Properties item on a contex -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -278,8 +272,7 @@ If both the "Hide specified Control Panel items" setting and the "Show only spec -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-controlpaneldisplay.md b/windows/client-management/mdm/policy-csp-admx-controlpaneldisplay.md index e751b4fa8b..d3031f09d2 100644 --- a/windows/client-management/mdm/policy-csp-admx-controlpaneldisplay.md +++ b/windows/client-management/mdm/policy-csp-admx-controlpaneldisplay.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_ControlPanelDisplay Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 03/23/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_ControlPanelDisplay -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -63,8 +60,7 @@ Also, see the "Prohibit access to the Control Panel" (User Configuration\Adminis -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -121,8 +117,7 @@ This setting prevents users from using Control Panel to add, configure, or chang -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -183,8 +178,7 @@ For Windows 7 and later, use the "Prevent changing color and appearance" setting -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -246,8 +240,7 @@ This setting disables the theme gallery in the Personalization Control Panel. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -306,8 +299,7 @@ When enabled on Windows XP and later systems, this setting prevents users and ap -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -370,8 +362,7 @@ Also, see the "Prevent changing Screen Saver" setting. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -435,8 +426,7 @@ This can be used in conjunction with the "Prevent changing lock screen and logon -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -494,8 +484,7 @@ Prevents users from changing the size of the font in the windows and buttons dis -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -554,8 +543,7 @@ If you enable this setting, the user will not be able to change their lock scree -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -618,8 +606,7 @@ If the "Force a specific Start background" policy is also set on a supported ver -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -680,8 +667,7 @@ For systems prior to Windows Vista, this setting hides the Appearance and Themes -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -747,8 +733,7 @@ Also, see the "Allow only bitmapped wallpaper" setting. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -809,8 +794,7 @@ For systems prior to Windows Vista, this setting also hides the Desktop tab in t -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -869,8 +853,7 @@ This policy setting controls whether the lock screen appears for users. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -929,8 +912,7 @@ If you enable this setting, none of the mouse pointer scheme settings can be cha -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -987,8 +969,7 @@ This setting prevents users from using Control Panel to add, configure, or chang -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1047,8 +1028,7 @@ If you enable this setting, none of the Sound Scheme settings can be changed by -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1107,8 +1087,7 @@ If this setting is enabled, the background and accent colors of Windows will be -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1174,8 +1153,7 @@ To ensure that a computer will be password protected, enable the "Enable Screen -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1244,8 +1222,7 @@ When not configured, whatever wait time is set on the client through the Screen -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1310,8 +1287,7 @@ If the specified screen saver is not installed on a computer to which this setti -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1373,8 +1349,7 @@ Specifies which theme file is applied to the computer the first time a user logs -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1443,8 +1418,7 @@ This can be a local computer visual style (aero.msstyles), or a file located on -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1502,8 +1476,7 @@ If this setting is set to a nonzero value, then Start uses the specified backgro -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-cpls.md b/windows/client-management/mdm/policy-csp-admx-cpls.md index 7f08bf470b..3ec9c6ecea 100644 --- a/windows/client-management/mdm/policy-csp-admx-cpls.md +++ b/windows/client-management/mdm/policy-csp-admx-cpls.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_Cpls Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 01/09/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_Cpls -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -66,8 +63,7 @@ This policy setting allows an administrator to standardize the account pictures -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-credentialproviders.md b/windows/client-management/mdm/policy-csp-admx-credentialproviders.md index 90a95f4010..5d2b50bda2 100644 --- a/windows/client-management/mdm/policy-csp-admx-credentialproviders.md +++ b/windows/client-management/mdm/policy-csp-admx-credentialproviders.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_CredentialProviders Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 03/23/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_CredentialProviders -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -67,8 +64,7 @@ This policy setting allows you to control whether a user can change the time bef -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -130,8 +126,7 @@ This policy setting allows the administrator to assign a specified credential pr -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -171,7 +166,7 @@ This policy setting allows the administrator to assign a specified credential pr This policy setting allows the administrator to exclude the specified credential providers from use during authentication. -**Note** credential providers are used to process and validate user +Note credential providers are used to process and validate user credentials during logon or when authentication is required. Windows Vista provides two default credential providers: Password and Smart Card. An administrator can install additional @@ -199,8 +194,7 @@ credential providers available for authentication purposes. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-credssp.md b/windows/client-management/mdm/policy-csp-admx-credssp.md index 336f4f912a..2503db801f 100644 --- a/windows/client-management/mdm/policy-csp-admx-credssp.md +++ b/windows/client-management/mdm/policy-csp-admx-credssp.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_CredSsp Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 03/23/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_CredSsp -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -78,8 +75,7 @@ TERMSRV/*.humanresources.fabrikam.com Remote Desktop Session Host running on all -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -148,8 +144,7 @@ TERMSRV/*.humanresources.fabrikam.com Remote Desktop Session Host running on all -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -195,7 +190,7 @@ Some versions of the CredSSP protocol are vulnerable to an encryption oracle att If you enable this policy setting, CredSSP version support will be selected based on the following options: -Force Updated Clients: Client applications which use CredSSP will not be able to fall back to the insecure versions and services using CredSSP will not accept unpatched clients. **Note** this setting should not be deployed until all remote hosts support the newest version. +Force Updated Clients: Client applications which use CredSSP will not be able to fall back to the insecure versions and services using CredSSP will not accept unpatched clients. Note this setting should not be deployed until all remote hosts support the newest version. Mitigated: Client applications which use CredSSP will not be able to fall back to the insecure version but services using CredSSP will accept unpatched clients. See the link below for important information about the risk posed by remaining unpatched clients. @@ -218,8 +213,7 @@ For more information about the vulnerability and servicing requirements for prot -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -290,8 +284,7 @@ TERMSRV/*.humanresources.fabrikam.com Remote Desktop Session Host running on all -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -362,8 +355,7 @@ TERMSRV/*.humanresources.fabrikam.com Remote Desktop Session Host running on all -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -434,8 +426,7 @@ TERMSRV/*.humanresources.fabrikam.com Remote Desktop Session Host running on all -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -506,8 +497,7 @@ TERMSRV/*.humanresources.fabrikam.com Remote Desktop Session Host running on all -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -576,8 +566,7 @@ This policy setting can be used in combination with the "Allow delegating defaul -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -646,8 +635,7 @@ This policy setting can be used in combination with the "Allow delegating fresh -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -716,8 +704,7 @@ This policy setting can be used in combination with the "Allow delegating saved -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -791,8 +778,7 @@ Require Restricted Admin: Participating applications must use Restricted Admin t -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-credui.md b/windows/client-management/mdm/policy-csp-admx-credui.md index dfe52973d8..c44cb3ba10 100644 --- a/windows/client-management/mdm/policy-csp-admx-credui.md +++ b/windows/client-management/mdm/policy-csp-admx-credui.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_CredUI Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 01/09/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_CredUI -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -66,8 +63,7 @@ This policy setting requires the user to enter Microsoft Windows credentials usi -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -122,8 +118,7 @@ If you turn this policy setting on, local users won't be able to set up and use -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-ctrlaltdel.md b/windows/client-management/mdm/policy-csp-admx-ctrlaltdel.md index 84347d6bd5..aad9cb3504 100644 --- a/windows/client-management/mdm/policy-csp-admx-ctrlaltdel.md +++ b/windows/client-management/mdm/policy-csp-admx-ctrlaltdel.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_CtrlAltDel Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 03/23/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_CtrlAltDel -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -63,8 +60,7 @@ However, users are still able to change their password when prompted by the syst -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -128,8 +124,7 @@ While locked, the desktop is hidden and the system cannot be used. Only the user -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -190,8 +185,7 @@ Task Manager (taskmgr.exe) lets users start and stop programs; monitor the perfo -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -252,8 +246,7 @@ Also, see the 'Remove Logoff on the Start Menu' policy setting. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-datacollection.md b/windows/client-management/mdm/policy-csp-admx-datacollection.md index fcae6c76a0..fa46076a6e 100644 --- a/windows/client-management/mdm/policy-csp-admx-datacollection.md +++ b/windows/client-management/mdm/policy-csp-admx-datacollection.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_DataCollection Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 03/23/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_DataCollection -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -63,8 +60,7 @@ If you disable or do not configure this policy setting, then Microsoft will not -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-dcom.md b/windows/client-management/mdm/policy-csp-admx-dcom.md index 57e6837e05..c922711dfd 100644 --- a/windows/client-management/mdm/policy-csp-admx-dcom.md +++ b/windows/client-management/mdm/policy-csp-admx-dcom.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_DCOM Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 03/23/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_DCOM -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -66,8 +63,7 @@ Allows you to specify that local computer administrators can supplement the "Def -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -115,7 +111,7 @@ DCOM server appids added to this policy must be listed in curly-brace format. Fo - If you do not configure this policy setting, the appid exemption list defined by local computer administrators is used. -**Note**: +Note: The DCOM Activation security check is done after a DCOM server process is started, but before an object activation request is dispatched to the server process. This access check is done against the DCOM server's custom launch permission security descriptor if it exists, or otherwise against the configured defaults. @@ -139,8 +135,7 @@ DCOM servers added to this exemption list are only exempted if their custom laun -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-desktop.md b/windows/client-management/mdm/policy-csp-admx-desktop.md index 4a0662062e..1d524fa141 100644 --- a/windows/client-management/mdm/policy-csp-admx-desktop.md +++ b/windows/client-management/mdm/policy-csp-admx-desktop.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_Desktop Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 03/23/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_Desktop -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -65,8 +62,7 @@ To see the filter bar, open Network Locations, click Entire Network, and then cl -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -129,8 +125,7 @@ This setting is designed to let users search Active Directory but not tempt them -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -191,8 +186,7 @@ This setting is designed to protect the network and the domain controller from t -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -253,8 +247,7 @@ If you disable this setting or do not configure it, Active Desktop is disabled b -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -316,8 +309,7 @@ If you disable this setting or do not configure it, Active Desktop is disabled b -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -374,8 +366,7 @@ This is a comprehensive setting that locks down the configuration you establish -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -438,8 +429,7 @@ Also, see "Items displayed in Places Bar" in User Configuration\Administrative T -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -501,8 +491,7 @@ Prevents users from using the Desktop Cleanup Wizard. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -559,8 +548,7 @@ This setting does not prevent the user from starting Internet Explorer by using -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -624,8 +612,7 @@ This setting hides Computer from the desktop and from the new Start menu. It als -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -689,8 +676,7 @@ This setting does not remove the My Documents icon from the Start menu. To do so -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -750,8 +736,7 @@ This setting only affects the desktop icon. It does not prevent users from conne -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -810,8 +795,7 @@ This setting hides Properties on the context menu for Computer. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -874,8 +858,7 @@ Clicks the My Documents icon, and then presses ALT+ENTER. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -934,8 +917,7 @@ Remote shared folders are not added to Network Locations whenever you open a doc -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -997,8 +979,7 @@ This setting does not prevent the user from using other methods to gain access t -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1057,8 +1038,7 @@ Removes the Properties option from the Recycle Bin context menu. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1115,8 +1095,7 @@ If you enable this setting, users can change the desktop, but some changes, such -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1175,8 +1154,7 @@ Prevents windows from being minimized or restored when the active window is shak -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1241,8 +1219,7 @@ You can also use this setting to delete particular Web-based items from users' d -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1300,8 +1277,7 @@ Also, see the "Disable all items" setting. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1363,8 +1339,7 @@ If you enable this setting, items added to the desktop cannot be closed; they al -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1425,8 +1400,7 @@ Also, see the "Prohibit closing items" and "Disable all items" settings. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1483,8 +1457,7 @@ This setting disables the Properties button on the Web tab in Display in Control -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1544,8 +1517,7 @@ This setting removes all Active Desktop items from the desktop. It also removes -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1610,8 +1582,7 @@ Also, see the "Prohibit adjusting desktop toolbars" setting. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1673,8 +1644,7 @@ Also, see the "Prevent adding, dragging, dropping and closing the Taskbar's tool -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1731,8 +1701,7 @@ Also, see the "Desktop Wallpaper" and the "Prevent changing wallpaper" (in User -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1798,8 +1767,7 @@ Also, see the "Allow only bitmapped wallpaper" in the same location, and the "Pr -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-devicecompat.md b/windows/client-management/mdm/policy-csp-admx-devicecompat.md index c7ba19f2ce..c1599d017c 100644 --- a/windows/client-management/mdm/policy-csp-admx-devicecompat.md +++ b/windows/client-management/mdm/policy-csp-admx-devicecompat.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_DeviceCompat Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 01/09/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_DeviceCompat -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -59,8 +56,7 @@ Changes behavior of Microsoft bus drivers to work with specific devices. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -115,8 +111,7 @@ Changes behavior of 3rd-party drivers to work around incompatibilities introduce -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-deviceguard.md b/windows/client-management/mdm/policy-csp-admx-deviceguard.md index 35e1379f3c..a3552e0e6c 100644 --- a/windows/client-management/mdm/policy-csp-admx-deviceguard.md +++ b/windows/client-management/mdm/policy-csp-admx-deviceguard.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_DeviceGuard Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 01/09/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_DeviceGuard -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -72,8 +69,7 @@ If using a signed and protected policy then disabling this policy setting doesn' -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-deviceinstallation.md b/windows/client-management/mdm/policy-csp-admx-deviceinstallation.md index e0d3710fed..a8f9d96912 100644 --- a/windows/client-management/mdm/policy-csp-admx-deviceinstallation.md +++ b/windows/client-management/mdm/policy-csp-admx-deviceinstallation.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_DeviceInstallation Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 03/23/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_DeviceInstallation -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -65,8 +62,7 @@ This policy setting allows you to determine whether members of the Administrator -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -125,8 +121,7 @@ This policy setting allows you to display a custom message to users in a notific -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -184,8 +179,7 @@ This policy setting allows you to display a custom message title in a notificati -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -243,8 +237,7 @@ This policy setting allows you to configure the number of seconds Windows waits -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -305,8 +298,7 @@ This policy setting establishes the amount of time (in seconds) that the system -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -370,8 +362,7 @@ This policy setting allows you to prevent Windows from installing removable devi -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -430,8 +421,7 @@ This policy setting allows you to prevent Windows from creating a system restore -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -490,8 +480,7 @@ This policy setting specifies a list of device setup class GUIDs describing driv -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-devicesetup.md b/windows/client-management/mdm/policy-csp-admx-devicesetup.md index 658452c874..c8eaa4c96c 100644 --- a/windows/client-management/mdm/policy-csp-admx-devicesetup.md +++ b/windows/client-management/mdm/policy-csp-admx-devicesetup.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_DeviceSetup Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 01/09/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_DeviceSetup -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -63,8 +60,7 @@ This policy setting allows you to turn off "Found New Hardware" balloons during -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -106,7 +102,7 @@ This policy setting allows you to specify the order in which Windows searches so - If you enable this policy setting, you can select whether Windows searches for drivers on Windows Update unconditionally, only if necessary, or not at all. -**Note** that searching always implies that Windows will attempt to search Windows Update exactly one time. With this setting, Windows will not continually search for updates. This setting is used to ensure that the best software will be found for the device, even if the network is temporarily available. +Note that searching always implies that Windows will attempt to search Windows Update exactly one time. With this setting, Windows will not continually search for updates. This setting is used to ensure that the best software will be found for the device, even if the network is temporarily available. If the setting for searching only if needed is specified, then Windows will search for a driver only if a driver is not locally available on the system. @@ -127,8 +123,7 @@ If the setting for searching only if needed is specified, then Windows will sear -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-dfs.md b/windows/client-management/mdm/policy-csp-admx-dfs.md index a1bfa5be48..424decf97a 100644 --- a/windows/client-management/mdm/policy-csp-admx-dfs.md +++ b/windows/client-management/mdm/policy-csp-admx-dfs.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_DFS Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 01/09/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_DFS -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -66,8 +63,7 @@ This policy setting allows you to configure how often a Distributed File System -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-digitallocker.md b/windows/client-management/mdm/policy-csp-admx-digitallocker.md index 78e62e2a1a..27e75b70be 100644 --- a/windows/client-management/mdm/policy-csp-admx-digitallocker.md +++ b/windows/client-management/mdm/policy-csp-admx-digitallocker.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_DigitalLocker Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 01/09/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_DigitalLocker -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -65,8 +62,7 @@ Digital Locker is a dedicated download manager associated with Windows Marketpla -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -127,8 +123,7 @@ Digital Locker is a dedicated download manager associated with Windows Marketpla -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-diskdiagnostic.md b/windows/client-management/mdm/policy-csp-admx-diskdiagnostic.md index 01ef255643..1dec1d3d3f 100644 --- a/windows/client-management/mdm/policy-csp-admx-diskdiagnostic.md +++ b/windows/client-management/mdm/policy-csp-admx-diskdiagnostic.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_DiskDiagnostic Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 01/09/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_DiskDiagnostic -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -70,8 +67,7 @@ This policy setting only takes effect if the Disk Diagnostic scenario policy set -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -142,8 +138,7 @@ This policy setting takes effect only when the DPS is in the running state. When -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-disknvcache.md b/windows/client-management/mdm/policy-csp-admx-disknvcache.md index 04aee2cb1f..1f77b069a2 100644 --- a/windows/client-management/mdm/policy-csp-admx-disknvcache.md +++ b/windows/client-management/mdm/policy-csp-admx-disknvcache.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_DiskNVCache Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 01/09/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_DiskNVCache -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -68,8 +65,7 @@ This policy setting turns off the boot and resume optimizations for the hybrid h -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -133,8 +129,7 @@ This policy setting turns off power save mode on the hybrid hard disks in the sy -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -198,8 +193,7 @@ This policy setting turns off all support for the non-volatile (NV) cache on all -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -241,7 +235,7 @@ This policy setting turns off the solid state mode for the hybrid hard disks. - If you enable this policy setting, frequently written files such as the file system metadata and registry may not be stored in the NV cache. -- If you disable this policy setting, the system will store frequently written data into the non-volatile (NV) cache. This allows the system to exclusively run out of the NV cache and power down the disk for longer periods to save power. **Note** that this can cause increased wear of the NV cache. +- If you disable this policy setting, the system will store frequently written data into the non-volatile (NV) cache. This allows the system to exclusively run out of the NV cache and power down the disk for longer periods to save power. Note that this can cause increased wear of the NV cache. - If you do not configure this policy setting, the default behavior of the system is observed and frequently written files will be stored in the NV cache. @@ -263,8 +257,7 @@ This policy setting turns off the solid state mode for the hybrid hard disks. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-diskquota.md b/windows/client-management/mdm/policy-csp-admx-diskquota.md index 30316a20e8..aaf1463c9c 100644 --- a/windows/client-management/mdm/policy-csp-admx-diskquota.md +++ b/windows/client-management/mdm/policy-csp-admx-diskquota.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_DiskQuota Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 03/23/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_DiskQuota -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -73,8 +70,7 @@ To prevent users from changing the setting while a setting is in effect, the sys -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -142,8 +138,7 @@ Enforcement is optional. When users reach an enforced disk quota limit, the syst -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -210,8 +205,7 @@ This policy setting is effective only when disk quota management is enabled on t -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -277,8 +271,7 @@ Also, this policy setting does not affect the Quota Entries window on the Quota -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -343,8 +336,7 @@ This policy setting does not affect the Quota Entries window on the Quota tab. E -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -404,8 +396,7 @@ If you disable or do not configure this policy setting, the disk quota policies -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-distributedlinktracking.md b/windows/client-management/mdm/policy-csp-admx-distributedlinktracking.md index 60915bf0cb..e1db98c378 100644 --- a/windows/client-management/mdm/policy-csp-admx-distributedlinktracking.md +++ b/windows/client-management/mdm/policy-csp-admx-distributedlinktracking.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_DistributedLinkTracking Area in Policy CS author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 01/09/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_DistributedLinkTracking -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -60,8 +57,7 @@ Specifies that Distributed Link Tracking clients in this domain may use the Dist -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-dnsclient.md b/windows/client-management/mdm/policy-csp-admx-dnsclient.md index c9dacb52a6..500e7c6cd8 100644 --- a/windows/client-management/mdm/policy-csp-admx-dnsclient.md +++ b/windows/client-management/mdm/policy-csp-admx-dnsclient.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_DnsClient Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 01/09/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_DnsClient -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -63,8 +60,7 @@ Specifies that NetBIOS over TCP/IP (NetBT) queries are issued for fully qualifie -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -131,8 +127,7 @@ If attaching suffixes is allowed, and a DNS client with a primary domain suffix -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -193,8 +188,7 @@ To use this policy setting, click Enabled, and then enter a string value represe -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -270,8 +264,7 @@ For example, if the primary DNS suffix ooo.aaa.microsoft.com is attached to the -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -330,8 +323,7 @@ Specifies whether the DNS client should convert internationalized domain names ( -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -390,8 +382,7 @@ Specifies whether the DNS client should convert internationalized domain names ( -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -452,8 +443,7 @@ To use this policy setting, click Enabled, and then enter a space-delimited list -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -514,8 +504,7 @@ Specifies that responses from link local name resolution protocols received over -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -581,8 +570,7 @@ You can use this policy setting to prevent users, including local administrators -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -647,8 +635,7 @@ For example, with a computer name of mycomputer, a primary DNS suffix of microso -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -717,8 +704,7 @@ Register only if A record registration succeeds: Computers will attempt to regis -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -776,8 +762,7 @@ Specifies if DNS dynamic update is enabled. Computers configured for DNS dynamic -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -840,8 +825,7 @@ During dynamic update of resource records in a zone that does not use Secure Dyn -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -907,8 +891,7 @@ To specify the registration refresh interval, click Enabled and then enter a val -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -968,8 +951,7 @@ To specify the TTL, click Enabled and then enter a value in seconds (for example -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1033,8 +1015,7 @@ To use this policy setting, click Enabled, and then enter a string value represe -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1092,8 +1073,7 @@ Specifies that a multi-homed DNS client should optimize name resolution across n -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1155,8 +1135,7 @@ Specifies that the DNS client should prefer responses from link local name resol -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1223,8 +1202,7 @@ Only secure - computers send only secure dynamic updates. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1284,8 +1262,7 @@ By default, a DNS client that is configured to perform dynamic DNS update will u -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1362,8 +1339,7 @@ For example, if the primary DNS suffix ooo.aaa.microsoft.com is attached to the -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1424,8 +1400,7 @@ LLMNR is a secondary name resolution protocol. With LLMNR, queries are sent usin -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-dwm.md b/windows/client-management/mdm/policy-csp-admx-dwm.md index eccb350bf2..1f17f0e7fa 100644 --- a/windows/client-management/mdm/policy-csp-admx-dwm.md +++ b/windows/client-management/mdm/policy-csp-admx-dwm.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_DWM Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 01/09/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_DWM -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -66,8 +63,7 @@ This policy setting controls the default color for window frames when the user d -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -129,8 +125,7 @@ This policy setting controls the default color for window frames when the user d -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -191,8 +186,7 @@ Changing this policy setting requires a logoff for it to be applied. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -253,8 +247,7 @@ Changing this policy setting requires a logoff for it to be applied. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -316,8 +309,7 @@ This policy setting controls the ability to change the color of window frames. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -379,8 +371,7 @@ This policy setting controls the ability to change the color of window frames. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-eaime.md b/windows/client-management/mdm/policy-csp-admx-eaime.md index 3592fb1a73..2578137e94 100644 --- a/windows/client-management/mdm/policy-csp-admx-eaime.md +++ b/windows/client-management/mdm/policy-csp-admx-eaime.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_EAIME Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 01/09/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_EAIME -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -68,8 +65,7 @@ This policy setting applies to Japanese Microsoft IME only. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -145,8 +141,7 @@ This policy setting applies to Japanese Microsoft IME only. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -213,8 +208,7 @@ This policy setting is applied to Japanese Microsoft IME. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -278,8 +272,7 @@ This policy setting applies to Japanese Microsoft IME only. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -345,8 +338,7 @@ This policy setting applies to Japanese Microsoft IME. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -409,8 +401,7 @@ This policy setting is applied to Japanese Microsoft IME. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -471,8 +462,7 @@ This policy setting applies to Japanese Microsoft IME only. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -535,8 +525,7 @@ This Policy setting applies to Microsoft CHS Pinyin IME and JPN IME. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -599,8 +588,7 @@ This Policy setting applies only to Microsoft CHS Pinyin IME. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -664,8 +652,7 @@ This Policy setting applies only to Microsoft CHS Pinyin IME. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -724,8 +711,7 @@ This Policy setting applies only to Microsoft CHS Pinyin IME. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -781,8 +767,7 @@ This policy setting applies to Japanese Microsoft IME and Traditional Chinese IM -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-encryptfilesonmove.md b/windows/client-management/mdm/policy-csp-admx-encryptfilesonmove.md index 0c9580b962..adb6e26f60 100644 --- a/windows/client-management/mdm/policy-csp-admx-encryptfilesonmove.md +++ b/windows/client-management/mdm/policy-csp-admx-encryptfilesonmove.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_EncryptFilesonMove Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 01/09/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_EncryptFilesonMove -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -65,8 +62,7 @@ This setting applies only to files moved within a volume. When files are moved t -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-enhancedstorage.md b/windows/client-management/mdm/policy-csp-admx-enhancedstorage.md index 72b2d0f856..3d25fc4f8d 100644 --- a/windows/client-management/mdm/policy-csp-admx-enhancedstorage.md +++ b/windows/client-management/mdm/policy-csp-admx-enhancedstorage.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_EnhancedStorage Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 01/09/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_EnhancedStorage -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -63,8 +60,7 @@ This policy setting allows you to configure a list of Enhanced Storage devices b -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -123,8 +119,7 @@ This policy setting allows you to create a list of IEEE 1667 silos, compliant wi -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -183,8 +178,7 @@ This policy setting configures whether or not a password can be used to unlock a -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -243,8 +237,7 @@ This policy setting configures whether or not non-Enhanced Storage removable dev -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -305,8 +298,7 @@ This policy setting is supported in Windows Server SKUs only. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -365,8 +357,7 @@ This policy setting configures whether or not only USB root hub connected Enhanc -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-errorreporting.md b/windows/client-management/mdm/policy-csp-admx-errorreporting.md index 17b77f1279..dfe6b2bced 100644 --- a/windows/client-management/mdm/policy-csp-admx-errorreporting.md +++ b/windows/client-management/mdm/policy-csp-admx-errorreporting.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_ErrorReporting Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 03/23/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_ErrorReporting -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -69,8 +66,7 @@ For related information, see the Configure Error Reporting and Report Operating -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -130,8 +126,7 @@ This policy setting controls Windows Error Reporting behavior for errors in gene -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -197,8 +192,7 @@ This setting will be ignored if the 'Configure Error Reporting' setting is disab -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -279,8 +273,7 @@ See related policy settings Display Error Notification (same folder as this poli -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -342,8 +335,7 @@ See also the Configure Error Reporting policy setting. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -402,8 +394,7 @@ This policy setting controls the behavior of the Windows Error Reporting archive -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -462,8 +453,7 @@ This policy setting controls the behavior of the Windows Error Reporting archive -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -522,8 +512,7 @@ This policy setting controls whether memory dumps in support of OS-generated err -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -582,8 +571,7 @@ This policy setting controls whether memory dumps in support of OS-generated err -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -642,8 +630,7 @@ This policy setting determines whether Windows Error Reporting (WER) sends addit -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -702,8 +689,7 @@ This policy setting determines whether Windows Error Reporting (WER) sends addit -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -762,8 +748,7 @@ This policy setting determines whether Windows Error Reporting (WER) checks for -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -822,8 +807,7 @@ This policy setting determines whether Windows Error Reporting (WER) checks for -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -882,8 +866,7 @@ This policy setting determines whether Windows Error Reporting (WER) checks if t -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -942,8 +925,7 @@ This policy setting determines whether Windows Error Reporting (WER) checks if t -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1002,8 +984,7 @@ This policy setting specifies a corporate server to which Windows Error Reportin -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1071,8 +1052,7 @@ This policy setting determines the consent behavior of Windows Error Reporting f -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1130,8 +1110,7 @@ This policy setting determines the behavior of the Configure Default Consent set -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1190,8 +1169,7 @@ This policy setting determines the behavior of the Configure Default Consent set -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1258,8 +1236,7 @@ This policy setting determines the default consent behavior of Windows Error Rep -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1325,8 +1302,7 @@ This policy setting determines the default consent behavior of Windows Error Rep -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1384,8 +1360,7 @@ This policy setting turns off Windows Error Reporting, so that reports are not c -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1446,8 +1421,7 @@ This policy setting limits Windows Error Reporting behavior for errors in genera -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1507,8 +1481,7 @@ This policy setting limits Windows Error Reporting behavior for errors in genera -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1566,8 +1539,7 @@ This policy setting controls whether Windows Error Reporting saves its own event -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1626,8 +1598,7 @@ This policy setting controls whether Windows Error Reporting saves its own event -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1686,8 +1657,7 @@ This policy setting controls whether additional data in support of error reports -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1748,8 +1718,7 @@ The Maximum number of reports to queue setting determines how many reports can b -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1810,8 +1779,7 @@ The Maximum number of reports to queue setting determines how many reports can b -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-eventforwarding.md b/windows/client-management/mdm/policy-csp-admx-eventforwarding.md index 4a0513e2d2..359c649ead 100644 --- a/windows/client-management/mdm/policy-csp-admx-eventforwarding.md +++ b/windows/client-management/mdm/policy-csp-admx-eventforwarding.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_EventForwarding Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 01/09/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_EventForwarding -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -65,8 +62,7 @@ This setting applies across all subscriptions for the forwarder (source computer -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -127,8 +123,7 @@ Server=https://``:5986/wsman/SubscriptionManager/WEC,Refr -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-eventlog.md b/windows/client-management/mdm/policy-csp-admx-eventlog.md index 1164b582ab..697eed0a3b 100644 --- a/windows/client-management/mdm/policy-csp-admx-eventlog.md +++ b/windows/client-management/mdm/policy-csp-admx-eventlog.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_EventLog Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 03/23/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_EventLog -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -65,8 +62,7 @@ This policy setting controls Event Log behavior when the log file reaches its ma -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -127,8 +123,7 @@ This policy setting controls Event Log behavior when the log file reaches its ma -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -189,8 +184,7 @@ This policy setting controls Event Log behavior when the log file reaches its ma -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -251,8 +245,7 @@ This policy setting controls Event Log behavior when the log file reaches its ma -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -314,8 +307,7 @@ This policy setting specifies the security descriptor to use for the log using t -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -376,8 +368,7 @@ This policy setting specifies the security descriptor to use for the log using t -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -438,8 +429,7 @@ This policy setting specifies the security descriptor to use for the log using t -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -500,8 +490,7 @@ This policy setting specifies the security descriptor to use for the log using t -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -561,8 +550,7 @@ This policy setting specifies the security descriptor to use for the log using t -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -622,8 +610,7 @@ This policy setting specifies the security descriptor to use for the log using t -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -683,8 +670,7 @@ This policy setting specifies the security descriptor to use for the log using t -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -744,8 +730,7 @@ This policy setting specifies the security descriptor to use for the log using t -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -806,8 +791,7 @@ This policy setting controls Event Log behavior when the log file reaches its ma -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -869,8 +853,7 @@ This policy setting controls Event Log behavior when the log file reaches its ma -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -932,8 +915,7 @@ This policy setting controls Event Log behavior when the log file reaches its ma -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -992,8 +974,7 @@ If the policy setting is disabled, then no new events can be logged. Events can -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1052,8 +1033,7 @@ This policy setting controls the location of the log file. The location of the f -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1111,8 +1091,7 @@ This policy setting controls the location of the log file. The location of the f -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1170,8 +1149,7 @@ This policy setting controls the location of the log file. The location of the f -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1229,8 +1207,7 @@ This policy setting controls the location of the log file. The location of the f -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1288,8 +1265,7 @@ This policy setting specifies the maximum size of the log file in kilobytes. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-eventlogging.md b/windows/client-management/mdm/policy-csp-admx-eventlogging.md index b49b9259de..cb1ff63073 100644 --- a/windows/client-management/mdm/policy-csp-admx-eventlogging.md +++ b/windows/client-management/mdm/policy-csp-admx-eventlogging.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_EventLogging Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 01/09/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_EventLogging -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -63,8 +60,7 @@ This policy setting lets you configure Protected Event Logging. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-eventviewer.md b/windows/client-management/mdm/policy-csp-admx-eventviewer.md index ec7f4e721d..462071a83e 100644 --- a/windows/client-management/mdm/policy-csp-admx-eventviewer.md +++ b/windows/client-management/mdm/policy-csp-admx-eventviewer.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_EventViewer Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 03/23/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_EventViewer -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -59,8 +56,7 @@ This is the program that will be invoked when the user clicks the events.asp lin -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -114,8 +110,7 @@ This specifies the command line parameters that will be passed to the events.asp -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -169,8 +164,7 @@ This is the URL that will be passed to the Description area in the Event Propert -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-explorer.md b/windows/client-management/mdm/policy-csp-admx-explorer.md index 1508b4ca33..e14da0b40b 100644 --- a/windows/client-management/mdm/policy-csp-admx-explorer.md +++ b/windows/client-management/mdm/policy-csp-admx-explorer.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_Explorer Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 03/23/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_Explorer -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -59,8 +56,7 @@ Sets the target of the More Information link that will be displayed when the use -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -124,8 +120,7 @@ This policy setting configures File Explorer to always display the menu bar. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -182,8 +177,7 @@ If you enable this policy setting on a machine that does not contain all program -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -245,8 +239,7 @@ This policy setting allows administrators to prevent users from adding new items -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -301,8 +294,7 @@ This policy is similar to settings directly available to computer users. Disabli -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-externalboot.md b/windows/client-management/mdm/policy-csp-admx-externalboot.md index de3e5d8181..1eaf7b6be0 100644 --- a/windows/client-management/mdm/policy-csp-admx-externalboot.md +++ b/windows/client-management/mdm/policy-csp-admx-externalboot.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_ExternalBoot Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 01/09/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_ExternalBoot -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -63,8 +60,7 @@ Specifies whether the PC can use the hibernation sleep state (S4) when started f -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -125,8 +121,7 @@ This policy setting controls whether the PC will boot to Windows To Go if a USB -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -185,8 +180,7 @@ Specifies whether the PC can use standby sleep states (S1-S3) when starting from -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-filerecovery.md b/windows/client-management/mdm/policy-csp-admx-filerecovery.md index b645c3d188..27d6d8ed74 100644 --- a/windows/client-management/mdm/policy-csp-admx-filerecovery.md +++ b/windows/client-management/mdm/policy-csp-admx-filerecovery.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_FileRecovery Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 01/09/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_FileRecovery -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -77,8 +74,7 @@ No system or service restarts are required for changes to this policy to take im -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-filerevocation.md b/windows/client-management/mdm/policy-csp-admx-filerevocation.md index a23152f09a..3e63382c0b 100644 --- a/windows/client-management/mdm/policy-csp-admx-filerevocation.md +++ b/windows/client-management/mdm/policy-csp-admx-filerevocation.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_FileRevocation Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 01/09/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_FileRevocation -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -69,8 +66,7 @@ Contoso.com,ContosoIT. HumanResourcesApp_m5g0r7arhahqy -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-fileservervssprovider.md b/windows/client-management/mdm/policy-csp-admx-fileservervssprovider.md index 2333b8c1fb..c58f793f4f 100644 --- a/windows/client-management/mdm/policy-csp-admx-fileservervssprovider.md +++ b/windows/client-management/mdm/policy-csp-admx-fileservervssprovider.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_FileServerVSSProvider Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 01/09/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_FileServerVSSProvider -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -66,8 +63,7 @@ By default, the RPC protocol message between File Server VSS provider and File S -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-filesys.md b/windows/client-management/mdm/policy-csp-admx-filesys.md index cf01947874..0f8c5a111c 100644 --- a/windows/client-management/mdm/policy-csp-admx-filesys.md +++ b/windows/client-management/mdm/policy-csp-admx-filesys.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_FileSys Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 03/23/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_FileSys -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -61,8 +58,7 @@ A reboot is required for this setting to take effect. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -120,8 +116,7 @@ A value of 1 will disable delete notifications for all volumes. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -178,8 +173,7 @@ A reboot is required for this setting to take effect. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -234,8 +228,7 @@ Encrypting the page file prevents malicious users from reading data that has bee -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -290,8 +283,7 @@ Enabling Win32 long paths will allow manifested win32 applications and Windows S -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -348,8 +340,7 @@ If you enable short names on all volumes then short names will always be generat -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -413,8 +404,7 @@ For further information please refer to the Windows Help section -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -469,8 +459,7 @@ TXF deprecated features included savepoints, secondary RM, miniversion and roll -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-folderredirection.md b/windows/client-management/mdm/policy-csp-admx-folderredirection.md index ef355a430a..424005b4ff 100644 --- a/windows/client-management/mdm/policy-csp-admx-folderredirection.md +++ b/windows/client-management/mdm/policy-csp-admx-folderredirection.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_FolderRedirection Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 03/23/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_FolderRedirection -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -72,8 +69,7 @@ This policy setting allows you to control whether all redirected shell folders, -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -138,8 +134,7 @@ If you disable or do not configure this policy setting, all redirected shell fol -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -197,8 +192,7 @@ This policy setting controls whether the contents of redirected folders is copie -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -260,8 +254,7 @@ This policy setting allows the administrator to define whether Folder Redirectio -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -323,8 +316,7 @@ This policy setting allows the administrator to define whether Folder Redirectio -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -388,8 +380,7 @@ To designate a user's primary computers, an administrator must use management so -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -453,8 +444,7 @@ To designate a user's primary computers, an administrator must use management so -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-framepanes.md b/windows/client-management/mdm/policy-csp-admx-framepanes.md index 00c5fcc190..2f606ca169 100644 --- a/windows/client-management/mdm/policy-csp-admx-framepanes.md +++ b/windows/client-management/mdm/policy-csp-admx-framepanes.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_FramePanes Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 03/23/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_FramePanes -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -68,8 +65,7 @@ If you disable, or do not configure this policy setting, the Details Pane is hid -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -127,8 +123,7 @@ If you disable, or do not configure this setting, the Preview Pane is hidden by -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-fthsvc.md b/windows/client-management/mdm/policy-csp-admx-fthsvc.md index 79f96e961d..6b6547e73a 100644 --- a/windows/client-management/mdm/policy-csp-admx-fthsvc.md +++ b/windows/client-management/mdm/policy-csp-admx-fthsvc.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_fthsvc Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 01/09/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_fthsvc -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -71,8 +68,7 @@ No system restart or service restart is required for this policy setting to take -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-globalization.md b/windows/client-management/mdm/policy-csp-admx-globalization.md index 9a730ad116..03d6b59d85 100644 --- a/windows/client-management/mdm/policy-csp-admx-globalization.md +++ b/windows/client-management/mdm/policy-csp-admx-globalization.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_Globalization Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 01/09/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_Globalization -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -44,7 +41,7 @@ ms.topic: reference This policy prevents automatic copying of user input methods to the system account for use on the sign-in screen. The user is restricted to the set of input methods that are enabled in the system account. -**Note** this does not affect the availability of user input methods on the lock screen or with the UAC prompt. +Note this does not affect the availability of user input methods on the lock screen or with the UAC prompt. - If the policy is enabled, then the user will get input methods enabled for the system account on the sign-in page. @@ -65,8 +62,7 @@ This policy prevents automatic copying of user input methods to the system accou -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -135,8 +131,7 @@ To set this policy setting on a per-user basis, make sure that you do not config -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -205,8 +200,7 @@ To set this policy setting on a per-user basis, make sure that you do not config -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -270,8 +264,7 @@ This policy setting is used only to simplify the Regional Options control panel. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -335,8 +328,7 @@ This policy setting is used only to simplify the Regional Options control panel. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -400,8 +392,7 @@ This policy setting is used only to simplify the Regional Options control panel. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -462,8 +453,7 @@ This policy setting is used only to simplify the Regional and Language Options c -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -539,8 +529,7 @@ This policy setting is related to the "Turn off handwriting personalization" pol -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -615,8 +604,7 @@ This policy setting is related to the "Turn off handwriting personalization" pol -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -676,8 +664,7 @@ The locale list is specified using language names, separated by a semicolon (;). -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -744,8 +731,7 @@ The locale list is specified using language tags, separated by a semicolon (;). -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -812,8 +798,7 @@ The locale list is specified using language tags, separated by a semicolon (;). -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -874,8 +859,7 @@ This is a policy setting for computers with more than one UI language installed. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -937,8 +921,7 @@ To enable this policy setting in Windows Server 2003, Windows XP, or Windows 200 -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1002,8 +985,7 @@ To set this policy setting on a per-user basis, make sure that the per-computer -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1068,8 +1050,7 @@ To set this policy setting on a per-user basis, make sure that the per-computer -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1136,8 +1117,7 @@ To set this policy on a per-user basis, make sure that the per-computer policy i -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1204,8 +1184,7 @@ To set this policy on a per-user basis, make sure that the per-computer policy i -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1266,8 +1245,7 @@ To enable this policy setting in Windows Vista, use the "Restricts the UI langua -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1312,7 +1290,7 @@ The autocorrect misspelled words option controls whether or not errors in typed - If the policy is disabled or Not Configured, then the user will be free to change the setting according to their preference. -**Note** that the availability and function of this setting is dependent on supported languages being enabled. +Note that the availability and function of this setting is dependent on supported languages being enabled. @@ -1329,8 +1307,7 @@ The autocorrect misspelled words option controls whether or not errors in typed -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1376,7 +1353,7 @@ The highlight misspelled words option controls whether or next spelling errors i - If the policy is disabled or Not Configured, then the user will be free to change the setting according to their preference. -**Note** that the availability and function of this setting is dependent on supported languages being enabled. +Note that the availability and function of this setting is dependent on supported languages being enabled. @@ -1393,8 +1370,7 @@ The highlight misspelled words option controls whether or next spelling errors i -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1440,7 +1416,7 @@ The insert a space after selecting a text prediction option controls whether or - If the policy is disabled or Not Configured, then the user will be free to change the setting according to their preference. -**Note** that the availability and function of this setting is dependent on supported languages being enabled. +Note that the availability and function of this setting is dependent on supported languages being enabled. @@ -1457,8 +1433,7 @@ The insert a space after selecting a text prediction option controls whether or -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1504,7 +1479,7 @@ The offer text predictions as I type option controls whether or not text predict - If the policy is disabled or Not Configured, then the user will be free to change the setting according to their preference. -**Note** that the availability and function of this setting is dependent on supported languages being enabled. +Note that the availability and function of this setting is dependent on supported languages being enabled. @@ -1521,8 +1496,7 @@ The offer text predictions as I type option controls whether or not text predict -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1585,8 +1559,7 @@ For example, the default value, 2029, specifies that all two-digit years less th -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-grouppolicy.md b/windows/client-management/mdm/policy-csp-admx-grouppolicy.md index f1ef50e530..09b33d7603 100644 --- a/windows/client-management/mdm/policy-csp-admx-grouppolicy.md +++ b/windows/client-management/mdm/policy-csp-admx-grouppolicy.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_GroupPolicy Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 03/23/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_GroupPolicy -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -47,6 +44,7 @@ This policy setting allows user-based policy processing, roaming user profiles, This policy setting affects all user accounts that interactively log on to a computer in a different forest when a trust across forests or a two-way forest trust exists. - If you do not configure this policy setting: + - No user-based policy settings are applied from the user's forest. - Users do not receive their roaming profiles; they receive a local profile on the computer from the local forest. A warning message appears to the user, and an event log message (1529) is posted. - Loopback Group Policy processing is applied, using the Group Policy Objects (GPOs) that are scoped to the computer. @@ -71,8 +69,7 @@ This policy setting affects all user accounts that interactively log on to a com -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -131,8 +128,7 @@ This policy setting specifies how long Group Policy should wait for workplace co -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -197,8 +193,7 @@ The "Process even if the Group Policy objects have not changed" option updates a -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -265,8 +260,7 @@ The "Process even if the Group Policy objects have not changed" option updates a -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -333,8 +327,7 @@ The "Process even if the Group Policy objects have not changed" option updates a -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -399,8 +392,7 @@ The "Process even if the Group Policy objects have not changed" option updates a -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -467,8 +459,7 @@ The "Process even if the Group Policy objects have not changed" option updates a -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -535,8 +526,7 @@ The "Process even if the Group Policy objects have not changed" option updates a -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -599,8 +589,7 @@ The "Process even if the Group Policy objects have not changed" option updates a -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -665,8 +654,7 @@ The "Process even if the Group Policy objects have not changed" option updates a -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -731,8 +719,7 @@ The "Process even if the Group Policy objects have not changed" option updates a -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -800,8 +787,7 @@ The "Process even if the Group Policy objects have not changed" option updates a -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -869,8 +855,7 @@ The "Process even if the Group Policy objects have not changed" option updates a -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -941,8 +926,7 @@ Also, see the "Turn off Resultant set of Policy logging" policy setting in Compu -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1014,8 +998,7 @@ Also, see the "Turn off Resultant set of Policy logging" policy setting in Compu -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1070,8 +1053,7 @@ This policy setting prevents the Group Policy Client Service from stopping when -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1135,8 +1117,7 @@ Changing the status of this setting to Disabled will enforce the default behavio -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1198,8 +1179,7 @@ This policy setting prevents Group Policy from being updated while the computer -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1263,8 +1243,7 @@ By default, the policy settings in Local GPOs are applied before any domain-base -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1331,8 +1310,7 @@ Also, see the "Set Group Policy refresh interval for computers" policy setting t -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1393,8 +1371,7 @@ This policy setting determines whether the Windows device is allowed to particip -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1457,8 +1434,7 @@ The timeout value that is defined in this policy setting determines how long Gro -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1518,8 +1494,7 @@ The timeout value that is defined in this policy setting determines how long Gro -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1580,8 +1555,7 @@ This policy allows IT admins to turn off the ability to Link a Phone with a PC t -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1647,8 +1621,7 @@ In Group Policy Object Editor, preferences have a red icon to distinguish them f -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1703,8 +1676,7 @@ This security feature provides a global setting to prevent programs from loading -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1771,8 +1743,7 @@ This policy setting determines which domain controller the Group Policy Object E -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1841,8 +1812,7 @@ Also, see the "Do not detect slow network connections" and related policies in C -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1911,8 +1881,7 @@ Also, see the "Do not detect slow network connections" and related policies in C -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1983,8 +1952,7 @@ This setting is only used when the "Turn off background refresh of Group Policy" -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2049,8 +2017,7 @@ This setting also lets you specify how much the actual update interval varies. T -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2123,8 +2090,7 @@ This setting also lets you specify how much the actual update interval varies. T -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2188,8 +2154,7 @@ By default, the Group Policy client waits five minutes before running logon scri -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2250,8 +2215,7 @@ If this setting is Disabled or Not Configured, the default display name of New G -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2309,8 +2273,7 @@ This policy setting allows you to create new Group Policy object links in the di -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2386,8 +2349,7 @@ This leads to the following behavior: -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2467,8 +2429,7 @@ Setting flags not specified here to any value other than ? results in undefined -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2522,8 +2483,7 @@ Enabling this setting will cause the Group Policy Client to connect to the same -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2587,8 +2547,7 @@ RSoP logs information on Group Policy settings that have been applied to the cli -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2652,8 +2611,7 @@ When Group Policy detects the bandwidth speed of a Direct Access connection, the -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2696,10 +2654,10 @@ This policy directs Group Policy processing to skip processing any client side e - If you enable this policy setting, when a slow network connection is detected, Group Policy processing will always run in an asynchronous manner. Client computers will not wait for the network to be fully initialized at startup and logon. Existing users will be logged on using cached credentials, which will result in shorter logon times. Group Policy will be applied in the background after the network becomes available. -**Note** that because this is a background refresh, extensions requiring synchronous processing such as Software Installation, Folder Redirection +Note that because this is a background refresh, extensions requiring synchronous processing such as Software Installation, Folder Redirection and Drive Maps preference extension will not be applied. -**Note** There are two conditions that will cause Group Policy to be processed synchronously even if this policy setting is enabled: +Note There are two conditions that will cause Group Policy to be processed synchronously even if this policy setting is enabled: 1 - At the first computer startup after the client computer has joined the domain. 2 - If the policy setting "Always wait for the network at computer startup and logon" is enabled. @@ -2720,8 +2678,7 @@ and Drive Maps preference extension will not be applied. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2780,8 +2737,7 @@ This policy setting specifies how long Group Policy should wait for network avai -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2850,8 +2806,7 @@ By default, the user's Group Policy Objects determine which user settings apply. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-help.md b/windows/client-management/mdm/policy-csp-admx-help.md index c125af97bc..ffa08b71c4 100644 --- a/windows/client-management/mdm/policy-csp-admx-help.md +++ b/windows/client-management/mdm/policy-csp-admx-help.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_Help Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 03/23/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_Help -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -65,8 +62,7 @@ Data Execution Prevention (DEP) is designed to block malicious code that takes a -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -139,8 +135,7 @@ For additional options, see the "Restrict these programs from being launched fro -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -204,8 +199,7 @@ This policy setting allows you to restrict programs from being run from online H -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -269,8 +263,7 @@ This policy setting allows you to restrict programs from being run from online H -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-helpandsupport.md b/windows/client-management/mdm/policy-csp-admx-helpandsupport.md index 2fa008cfe0..88e1654ffb 100644 --- a/windows/client-management/mdm/policy-csp-admx-helpandsupport.md +++ b/windows/client-management/mdm/policy-csp-admx-helpandsupport.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_HelpAndSupport Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 01/09/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_HelpAndSupport -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -63,8 +60,7 @@ This policy setting specifies whether active content links in trusted assistance -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -125,8 +121,7 @@ Users can use the control to provide feedback on the quality and usefulness of t -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -185,8 +180,7 @@ This policy setting specifies whether users can participate in the Help Experien -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -245,8 +239,7 @@ This policy setting specifies whether users can search and view content from Win -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-hotspotauth.md b/windows/client-management/mdm/policy-csp-admx-hotspotauth.md index b16c585854..faaed56b32 100644 --- a/windows/client-management/mdm/policy-csp-admx-hotspotauth.md +++ b/windows/client-management/mdm/policy-csp-admx-hotspotauth.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_hotspotauth Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 01/09/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_hotspotauth -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -65,8 +62,7 @@ If a WLAN hotspot supports the WISPr protocol, users can submit credentials when -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-icm.md b/windows/client-management/mdm/policy-csp-admx-icm.md index 962e5c380e..e64028904f 100644 --- a/windows/client-management/mdm/policy-csp-admx-icm.md +++ b/windows/client-management/mdm/policy-csp-admx-icm.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_ICM Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 01/09/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_ICM -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -65,8 +62,7 @@ This policy setting turns off the Windows Customer Experience Improvement Progra -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -127,8 +123,7 @@ Typically, a certificate is used when you use a secure website or when you send -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -194,8 +189,7 @@ Also, see the "Web-based printing" policy setting in Computer Configuration/Admi -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -259,8 +253,7 @@ To set up HTTP printing, non-inbox drivers need to be downloaded over HTTP. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -326,8 +319,7 @@ Also see "Turn off Windows Update device driver search prompt" in "Administrativ -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -388,8 +380,7 @@ The Event Viewer normally makes all HTTP(S) URLs into hyperlinks that activate t -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -452,8 +443,7 @@ You might want to enable this policy setting for users who do not have Internet -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -514,8 +504,7 @@ The Knowledge Base is an online source of technical support information and self -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -576,8 +565,7 @@ This policy setting specifies whether Windows can access the Internet to accompl -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -638,8 +626,7 @@ This policy setting specifies whether Windows can access the Internet to accompl -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -698,8 +685,7 @@ This policy setting specifies whether the Internet Connection Wizard can connect -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -743,7 +729,7 @@ This policy setting specifies whether the Windows Registration Wizard connects t - If you disable or do not configure this policy setting, users can connect to Microsoft.com to complete the online Windows Registration. -**Note** that registration is optional and involves submitting some personal information to Microsoft. However, Windows Product Activation is required but does not involve submitting any personal information (except the country/region you live in). +Note that registration is optional and involves submitting some personal information to Microsoft. However, Windows Product Activation is required but does not involve submitting any personal information (except the country/region you live in). @@ -760,8 +746,7 @@ This policy setting specifies whether the Windows Registration Wizard connects t -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -826,8 +811,7 @@ Also see the "Configure Error Reporting", "Display Error Notification" and "Disa -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -888,8 +872,7 @@ This policy setting allows you to remove access to Windows Update. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -953,8 +936,7 @@ When users search the local computer or the Internet, Search Companion occasiona -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1015,8 +997,7 @@ When a user opens a file that has an extension that is not associated with any a -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1077,8 +1058,7 @@ When a user opens a file that has an extension that is not associated with any a -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1139,8 +1119,7 @@ When a user opens a file type or protocol that is not associated with any applic -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1201,8 +1180,7 @@ When a user opens a file type or protocol that is not associated with any applic -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1265,8 +1243,7 @@ See the documentation for the web publishing and online ordering wizards for mor -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1327,8 +1304,7 @@ The Order Prints Online Wizard is used to download a list of providers and allow -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1389,8 +1365,7 @@ The Order Prints Online Wizard is used to download a list of providers and allow -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1451,8 +1426,7 @@ The Web Publishing Wizard is used to download a list of providers and allow user -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1513,8 +1487,7 @@ The Web Publishing Wizard is used to download a list of providers and allow user -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1577,8 +1550,7 @@ With the Customer Experience Improvement program, users can allow Microsoft to c -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1641,8 +1613,7 @@ With the Customer Experience Improvement program, users can allow Microsoft to c -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-iis.md b/windows/client-management/mdm/policy-csp-admx-iis.md index 6ac2bb4f65..8bb9180356 100644 --- a/windows/client-management/mdm/policy-csp-admx-iis.md +++ b/windows/client-management/mdm/policy-csp-admx-iis.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_IIS Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 03/23/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_IIS -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -62,8 +59,7 @@ ms.topic: reference -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-iscsi.md b/windows/client-management/mdm/policy-csp-admx-iscsi.md index a7898086b3..7e452b36f8 100644 --- a/windows/client-management/mdm/policy-csp-admx-iscsi.md +++ b/windows/client-management/mdm/policy-csp-admx-iscsi.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_iSCSI Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 01/09/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_iSCSI -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -59,8 +56,7 @@ If enabled then new iSNS servers may not be added and thus new targets discovere -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -115,8 +111,7 @@ If enabled then new target portals may not be added and thus new targets discove -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -154,7 +149,7 @@ If enabled then new target portals may not be added and thus new targets discove -If enabled then discovered targets may not be manually configured. If disabled then discovered targets may be manually configured. **Note** if enabled there may be cases where this will break VDS. +If enabled then discovered targets may not be manually configured. If disabled then discovered targets may be manually configured. Note if enabled there may be cases where this will break VDS. @@ -171,8 +166,7 @@ If enabled then discovered targets may not be manually configured. If disabled t -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -210,7 +204,7 @@ If enabled then discovered targets may not be manually configured. If disabled t -If enabled then new targets may not be manually configured by entering the target name and target portal; already discovered targets may be manually configured. If disabled then new and already discovered targets may be manually configured. **Note** if enabled there may be cases where this will break VDS. +If enabled then new targets may not be manually configured by entering the target name and target portal; already discovered targets may be manually configured. If disabled then new and already discovered targets may be manually configured. Note if enabled there may be cases where this will break VDS. @@ -227,8 +221,7 @@ If enabled then new targets may not be manually configured by entering the targe -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -283,8 +276,7 @@ If enabled then do not allow the initiator iqn name to be changed. If disabled t -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -339,8 +331,7 @@ If enabled then only those sessions that are established via a persistent login -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -395,8 +386,7 @@ If enabled then do not allow the initiator CHAP secret to be changed. If disable -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -451,8 +441,7 @@ If enabled then only those connections that are configured for IPSec may be esta -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -507,8 +496,7 @@ If enabled then only those sessions that are configured for mutual CHAP may be e -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -546,7 +534,7 @@ If enabled then only those sessions that are configured for mutual CHAP may be e -If enabled then only those sessions that are configured for one-way CHAP may be established. If disabled then sessions that are configured for one-way CHAP or sessions not configured for one-way CHAP may be established. **Note** that if the "Do not allow sessions without mutual CHAP" setting is enabled then that setting overrides this one. +If enabled then only those sessions that are configured for one-way CHAP may be established. If disabled then sessions that are configured for one-way CHAP or sessions not configured for one-way CHAP may be established. Note that if the "Do not allow sessions without mutual CHAP" setting is enabled then that setting overrides this one. @@ -563,8 +551,7 @@ If enabled then only those sessions that are configured for one-way CHAP may be -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-kdc.md b/windows/client-management/mdm/policy-csp-admx-kdc.md index 3a5a0abee3..6bd45aa619 100644 --- a/windows/client-management/mdm/policy-csp-admx-kdc.md +++ b/windows/client-management/mdm/policy-csp-admx-kdc.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_kdc Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 03/23/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_kdc -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -59,6 +56,7 @@ Domain functional level requirements For the options "Always provide claims" and "Fail unarmored authentication requests", when the domain functional level is set to Windows Server 2008 R2 or earlier then domain controllers behave as if the "Supported" option is selected. When the domain functional level is set to Windows Server 2012 then the domain controller advertises to Kerberos client computers that the domain is capable of claims and compound authentication for Dynamic Access Control and Kerberos armoring, and: + - If you set the "Always provide claims" option, always returns claims for accounts and supports the RFC behavior for advertising the flexible authentication secure tunneling (FAST). - If you set the "Fail unarmored authentication requests" option, rejects unarmored Kerberos messages. @@ -68,6 +66,7 @@ When the domain functional level is set to Windows Server 2012 then the domain c To ensure this feature is effective, deploy enough domain controllers that support claims and compound authentication for Dynamic Access Control and are Kerberos armor-aware to handle the authentication requests. Insufficient number of domain controllers that support this policy result in authentication failures whenever Dynamic Access Control or Kerberos armoring is required (that is, the "Supported" option is enabled). Impact on domain controller performance when this policy setting is enabled: + - Secure Kerberos domain capability discovery is required resulting in additional message exchanges. - Claims and compound authentication for Dynamic Access Control increases the size and complexity of the data in the message which results in more processing time and greater Kerberos service ticket size. - Kerberos armoring fully encrypts Kerberos messages and signs Kerberos errors which results in increased processing time, but does not change the service ticket size. @@ -87,8 +86,7 @@ Impact on domain controller performance when this policy setting is enabled: -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -152,8 +150,7 @@ For Windows Logon to leverage this feature, the "Display information about previ -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -214,8 +211,7 @@ To ensure consistent behavior, this policy setting must be supported and set ide -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -280,8 +276,7 @@ Required: PKInit Freshness Extension is required for successful authentication. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -342,8 +337,7 @@ This policy setting allows you to configure a domain controller to request compo -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -402,8 +396,7 @@ This policy setting allows you to configure at what size Kerberos tickets will t -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-kerberos.md b/windows/client-management/mdm/policy-csp-admx-kerberos.md index 2a492d3afd..9b5b04a23d 100644 --- a/windows/client-management/mdm/policy-csp-admx-kerberos.md +++ b/windows/client-management/mdm/policy-csp-admx-kerberos.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_Kerberos Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 03/23/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_Kerberos -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -66,8 +63,7 @@ This policy setting controls whether a device always sends a compound authentica -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -133,8 +129,7 @@ Force: Device will always authenticate using its certificate. If a DC cannot be -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -195,8 +190,7 @@ This policy setting allows you to specify which DNS host names and which DNS suf -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -258,8 +252,7 @@ This policy setting allows you to disable revocation check for the SSL certifica -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -318,8 +311,7 @@ This policy setting configures the Kerberos client's mapping to KDC proxy server -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -380,8 +372,7 @@ This policy setting configures the Kerberos client so that it can authenticate w -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -449,8 +440,7 @@ Always: Compound authentication is always provided for this computer account. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -509,8 +499,7 @@ This policy setting allows you to configure this server so that Kerberos can dec -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-lanmanserver.md b/windows/client-management/mdm/policy-csp-admx-lanmanserver.md index 6db1233f57..8797d0788c 100644 --- a/windows/client-management/mdm/policy-csp-admx-lanmanserver.md +++ b/windows/client-management/mdm/policy-csp-admx-lanmanserver.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_LanmanServer Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 01/09/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_LanmanServer -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -44,9 +41,9 @@ ms.topic: reference This policy setting determines the cipher suites used by the SMB server. -- If you enable this policy setting, cipher suites are prioritized in the order specified. +If you enable this policy setting, cipher suites are prioritized in the order specified. -- If you enable this policy setting and do not specify at least one supported cipher suite, or if you disable or do not configure this policy setting, the default cipher suite order is used. +If you enable this policy setting and do not specify at least one supported cipher suite, or if you disable or do not configure this policy setting, the default cipher suite order is used. SMB 3.11 cipher suites: @@ -81,8 +78,7 @@ Arrange the desired cipher suites in the edit box, one cipher suite per line, in -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -154,8 +150,7 @@ In circumstances where this policy setting is enabled, you can also select the f -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -231,8 +226,7 @@ Hash version supported: -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -293,8 +287,7 @@ This policy setting determines how the SMB server selects a cipher suite when ne -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-lanmanworkstation.md b/windows/client-management/mdm/policy-csp-admx-lanmanworkstation.md index 4b3d5a5868..570620c9fe 100644 --- a/windows/client-management/mdm/policy-csp-admx-lanmanworkstation.md +++ b/windows/client-management/mdm/policy-csp-admx-lanmanworkstation.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_LanmanWorkstation Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 01/09/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_LanmanWorkstation -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -44,9 +41,9 @@ ms.topic: reference This policy setting determines the cipher suites used by the SMB client. -- If you enable this policy setting, cipher suites are prioritized in the order specified. +If you enable this policy setting, cipher suites are prioritized in the order specified. -- If you enable this policy setting and do not specify at least one supported cipher suite, or if you disable or do not configure this policy setting, the default cipher suite order is used. +If you enable this policy setting and do not specify at least one supported cipher suite, or if you disable or do not configure this policy setting, the default cipher suite order is used. SMB 3.11 cipher suites: @@ -82,8 +79,7 @@ AES_256 is not supported on Windows 10 version 20H2 and lower. If you enter only -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -144,8 +140,7 @@ This policy setting determines the behavior of SMB handle caching for clients co -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -207,8 +202,7 @@ This policy setting determines the behavior of Offline Files on clients connecti -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-leakdiagnostic.md b/windows/client-management/mdm/policy-csp-admx-leakdiagnostic.md index 566b0c5342..4cb2d9618a 100644 --- a/windows/client-management/mdm/policy-csp-admx-leakdiagnostic.md +++ b/windows/client-management/mdm/policy-csp-admx-leakdiagnostic.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_LeakDiagnostic Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 03/23/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_LeakDiagnostic -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -49,6 +46,7 @@ This policy setting determines whether Diagnostic Policy Service (DPS) diagnoses - If you disable this policy setting, the DPS is not able to diagnose memory leak problems. This policy setting takes effect only under the following conditions: + - If the diagnostics-wide scenario execution policy is not configured. - When the Diagnostic Policy Service is in the running state. When the service is stopped or disabled, diagnostic scenarios are not executed. @@ -73,8 +71,7 @@ For Windows Server systems, this policy setting applies only if the Desktop Expe -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-linklayertopologydiscovery.md b/windows/client-management/mdm/policy-csp-admx-linklayertopologydiscovery.md index 3d53041435..cb378bccaa 100644 --- a/windows/client-management/mdm/policy-csp-admx-linklayertopologydiscovery.md +++ b/windows/client-management/mdm/policy-csp-admx-linklayertopologydiscovery.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_LinkLayerTopologyDiscovery Area in Policy author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 01/09/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_LinkLayerTopologyDiscovery -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -65,8 +62,7 @@ LLTDIO allows a computer to discover the topology of a network it's connected to -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -127,8 +123,7 @@ The Responder allows a computer to participate in Link Layer Topology Discovery -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-locationprovideradm.md b/windows/client-management/mdm/policy-csp-admx-locationprovideradm.md index 1bef7d5e63..0cd5e91ebf 100644 --- a/windows/client-management/mdm/policy-csp-admx-locationprovideradm.md +++ b/windows/client-management/mdm/policy-csp-admx-locationprovideradm.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_LocationProviderAdm Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 01/09/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_LocationProviderAdm -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -65,8 +62,7 @@ This policy setting turns off the Windows Location Provider feature for this com -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-logon.md b/windows/client-management/mdm/policy-csp-admx-logon.md index 8854f1a0e9..45c71aa99d 100644 --- a/windows/client-management/mdm/policy-csp-admx-logon.md +++ b/windows/client-management/mdm/policy-csp-admx-logon.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_Logon Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 03/23/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_Logon -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -63,8 +60,7 @@ This policy prevents the user from showing account details (email address or use -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -122,8 +118,7 @@ This policy setting disables the acrylic blur effect on logon background image. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -191,8 +186,7 @@ Also, see the "Do not process the run once list" policy setting. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -260,8 +254,7 @@ Also, see the "Do not process the run once list" policy setting. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -329,8 +322,7 @@ Also, see the "Do not process the legacy run list" policy setting. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -398,8 +390,7 @@ Also, see the "Do not process the legacy run list" policy setting. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -458,8 +449,7 @@ This policy setting suppresses system status messages. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -518,8 +508,7 @@ This policy setting prevents connected users from being enumerated on domain-joi -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -588,8 +577,7 @@ This setting applies only to Windows 2000 Professional. It does not affect the " -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -658,8 +646,7 @@ This setting applies only to Windows 2000 Professional. It does not affect the " -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -725,8 +712,7 @@ Also, see the "Do not process the legacy run list" and the "Do not process the r -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -791,8 +777,7 @@ Also, see the "Do not process the legacy run list" and the "Do not process the r -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -831,7 +816,7 @@ Also, see the "Do not process the legacy run list" and the "Do not process the r This policy setting determines whether Group Policy processing is synchronous (that is, whether computers wait for the network to be fully initialized during computer startup and user logon). By default, on client computers, Group Policy processing is not synchronous; client computers typically do not wait for the network to be fully initialized at startup and logon. Existing users are logged on using cached credentials, which results in shorter logon times. Group Policy is applied in the background after the network becomes available. -**Note** that because this is a background refresh, extensions such as Software Installation and Folder Redirection take two logons to apply changes. To be able to operate safely, these extensions require that no users be logged on. Therefore, they must be processed in the foreground before users are actively using the computer. In addition, changes that are made to the user object, such as adding a roaming profile path, home directory, or user object logon script, may take up to two logons to be detected. +Note that because this is a background refresh, extensions such as Software Installation and Folder Redirection take two logons to apply changes. To be able to operate safely, these extensions require that no users be logged on. Therefore, they must be processed in the foreground before users are actively using the computer. In addition, changes that are made to the user object, such as adding a roaming profile path, home directory, or user object logon script, may take up to two logons to be detected. If a user with a roaming profile, home directory, or user object logon script logs on to a computer, computers always wait for the network to be initialized before logging the user on. If a user has never logged on to this computer before, computers always wait for the network to be initialized. @@ -840,6 +825,7 @@ If a user with a roaming profile, home directory, or user object logon script lo On servers running Windows Server 2008 or later, this policy setting is ignored during Group Policy processing at computer startup and Group Policy processing will be synchronous (these servers wait for the network to be initialized during computer startup). If the server is configured as follows, this policy setting takes effect during Group Policy processing at user logon: + - The server is configured as a terminal server (that is, the Terminal Server role service is installed and configured on the server); and - The "Allow asynchronous user Group Policy processing when logging on through Terminal Services" policy setting is enabled. This policy setting is located under Computer Configuration\Policies\Administrative templates\System\Group Policy\. @@ -847,7 +833,7 @@ If this configuration is not implemented on the server, this policy setting is i - If you disable or do not configure this policy setting and users log on to a client computer or a server running Windows Server 2008 or later and that is configured as described earlier, the computer typically does not wait for the network to be fully initialized. In this case, users are logged on with cached credentials. Group Policy is applied asynchronously in the background. -**Note**: +Note -If you want to guarantee the application of Folder Redirection, Software Installation, or roaming user profile settings in just one logon, enable this policy setting to ensure that Windows waits for the network to be available before applying policy. -If Folder Redirection policy will apply during the next logon, security policies will be applied asynchronously during the next update cycle, if network connectivity is available. @@ -866,8 +852,7 @@ If this configuration is not implemented on the server, this policy setting is i -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -928,8 +913,7 @@ This policy setting may be used to make Windows give preference to a custom logo -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -993,8 +977,7 @@ This policy setting is designed for advanced users who require this information. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md b/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md index 8e1f7925f0..b060939d52 100644 --- a/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md +++ b/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_MicrosoftDefenderAntivirus Area in Policy author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 03/23/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_MicrosoftDefenderAntivirus -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -63,8 +60,7 @@ This policy setting controls the load priority for the antimalware service. Incr -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -129,8 +125,7 @@ Enabling or disabling this policy may lead to unexpected or unsupported behavior -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -194,8 +189,7 @@ Same as Disabled. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -260,8 +254,7 @@ Real-time Protection -> Do not enable the "Turn off real-time protection" policy -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -320,8 +313,7 @@ This policy setting controls whether or not complex list settings configured by -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -384,8 +376,7 @@ Real-time protection consists of always-on scanning with file and process behavi -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -446,8 +437,7 @@ This policy setting allows you to configure whether Microsoft Defender Antivirus -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -504,8 +494,7 @@ This policy setting allows you specify a list of file types that should be exclu -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -562,8 +551,7 @@ This policy setting allows you to disable scheduled and real-time scanning for f -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -601,7 +589,7 @@ This policy setting allows you to disable scheduled and real-time scanning for f -This policy setting allows you to disable real-time scanning for any file opened by any of the specified processes. This policy does not apply to scheduled scans. The process itself will not be excluded. To exclude the process, use the Path exclusion. Processes should be added under the Options for this setting. Each entry must be listed as a name value pair, where the name should be a string representation of the path to the process image. **Note** that only executables can be excluded. For example, a process might be defined as: "c:\windows\app.exe". The value is not used and it is recommended that this be set to 0. +This policy setting allows you to disable real-time scanning for any file opened by any of the specified processes. This policy does not apply to scheduled scans. The process itself will not be excluded. To exclude the process, use the Path exclusion. Processes should be added under the Options for this setting. Each entry must be listed as a name value pair, where the name should be a string representation of the path to the process image. Note that only executables can be excluded. For example, a process might be defined as: "c:\windows\app.exe". The value is not used and it is recommended that this be set to 0. @@ -620,8 +608,7 @@ This policy setting allows you to disable real-time scanning for any file opened -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -664,6 +651,7 @@ Exclude files and paths from Attack Surface Reduction (ASR) rules. Enabled: Specify the folders or files and resources that should be excluded from ASR rules in the Options section. Enter each rule on a new line as a name-value pair: + - Name column: Enter a folder path or a fully qualified resource name. For example, "C:\Windows" will exclude all files in that directory. "C:\Windows\App.exe" will exclude only that specific file in that specific folder - Value column: Enter "0" for each item @@ -690,8 +678,7 @@ You can configure ASR rules in the Configure Attack Surface Reduction rules GP s -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -732,6 +719,7 @@ You can configure ASR rules in the Configure Attack Surface Reduction rules GP s Set the state for each Attack Surface Reduction (ASR) rule. After enabling this setting, you can set each rule to the following in the Options section: + - Block: the rule will be applied - Audit Mode: if the rule would normally cause an event, then it will be recorded (although the rule will not actually be applied) - Off: the rule will not be applied @@ -743,10 +731,12 @@ Unless the ASR rule is disabled, a subsample of audit events are collected for A Enabled: Specify the state for each ASR rule under the Options section for this setting. Enter each rule on a new line as a name-value pair: + - Name column: Enter a valid ASR rule ID - Value column: Enter the status ID that relates to state you want to specify for the associated rule The following status IDs are permitted under the value column: + - 1 (Block) - 0 (Off) - 2 (Audit) @@ -784,8 +774,7 @@ You can exclude folders or files in the "Exclude files and paths from Attack Sur -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -857,8 +846,7 @@ Default system folders are automatically guarded, but you can add folders in the -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -931,8 +919,7 @@ Microsoft Defender Antivirus automatically determines which applications can be -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -996,8 +983,7 @@ Same as Disabled. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1056,8 +1042,7 @@ This policy setting allows you to configure definition retirement for network pr -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1112,8 +1097,7 @@ This policy setting defines additional definition sets to enable for network tra -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1172,8 +1156,7 @@ This policy setting allows you to configure protocol recognition for network pro -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1232,8 +1215,7 @@ This policy, if defined, will prevent antimalware from using the configured prox -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1271,6 +1253,7 @@ This policy, if defined, will prevent antimalware from using the configured prox This policy setting defines the URL of a proxy .pac file that should be used when the client attempts to connect the network for security intelligence updates and MAPS reporting. If the proxy auto-config fails or if there is no proxy auto-config specified, the client will fall back to the alternative options (in order): + 1. Proxy server (if specified) 2. Proxy .pac URL (if specified) @@ -1298,8 +1281,7 @@ This policy setting defines the URL of a proxy .pac file that should be used whe -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1337,6 +1319,7 @@ This policy setting defines the URL of a proxy .pac file that should be used whe This policy setting allows you to configure the named proxy that should be used when the client attempts to connect to the network for security intelligence updates and MAPS reporting. If the named proxy fails or if there is no proxy specified, the client will fall back to the alternative options (in order): + 1. Proxy server (if specified) 2. Proxy .pac URL (if specified) @@ -1364,8 +1347,7 @@ This policy setting allows you to configure the named proxy that should be used -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1423,8 +1405,7 @@ This policy setting configures a local override for the configuration of the num -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1483,8 +1464,7 @@ This policy setting defines the number of days items should be kept in the Quara -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1543,8 +1523,7 @@ This policy setting allows you to configure the scheduled scan, and the schedule -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1605,8 +1584,7 @@ This policy setting allows you to configure behavior monitoring. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1667,8 +1645,7 @@ This policy setting allows you to configure scanning for all downloaded files an -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1729,8 +1706,7 @@ This policy setting allows you to configure monitoring for file and program acti -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1789,8 +1765,7 @@ This policy setting controls whether raw volume write notifications are sent to -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1851,8 +1826,7 @@ This policy setting allows you to configure process scanning when real-time prot -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1911,8 +1885,7 @@ This policy setting defines the maximum size (in kilobytes) of downloaded files -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1971,8 +1944,7 @@ This policy setting configures a local override for the configuration of behavio -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2031,8 +2003,7 @@ This policy setting configures a local override for the configuration of scannin -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2091,8 +2062,7 @@ This policy setting configures a local override for the configuration of monitor -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2151,8 +2121,7 @@ This policy setting configures a local override for the configuration to turn on -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2211,8 +2180,7 @@ This policy setting configures a local override for the configuration of monitor -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2271,8 +2239,7 @@ This policy setting configures a local override for the configuration of the tim -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2342,8 +2309,7 @@ This setting can be configured with the following ordinal number values: -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2402,8 +2368,7 @@ This policy setting allows you to specify the time of day at which to perform a -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2458,8 +2423,7 @@ This policy setting configures the time in minutes before a detection in the "ad -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2514,8 +2478,7 @@ This policy setting configures the time in minutes before a detection in the "cr -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2576,8 +2539,7 @@ Use this policy setting to specify if you want Microsoft Defender Antivirus enha -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2636,8 +2598,7 @@ This policy setting allows you to configure whether or not Watson events are sen -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2692,8 +2653,7 @@ This policy setting configures the time in minutes before a detection in the "no -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2748,8 +2708,7 @@ This policy setting configures the time in minutes before a detection in the "co -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2804,8 +2763,7 @@ This policy configures Windows software trace preprocessor (WPP Software Tracing -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2865,8 +2823,7 @@ Tracing levels are defined as: -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2925,8 +2882,7 @@ This policy setting allows you to manage whether or not end users can pause a sc -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2985,8 +2941,7 @@ This policy setting allows you to configure the maximum directory depth level in -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -3045,8 +3000,7 @@ This policy setting allows you to configure the maximum size of archive files su -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -3107,8 +3061,7 @@ This policy setting allows you to configure scans for malicious software and unw -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -3167,8 +3120,7 @@ This policy setting allows you to configure e-mail scanning. When e-mail scannin -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -3227,8 +3179,7 @@ This policy setting allows you to configure heuristics. Suspicious detections wi -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -3283,8 +3234,7 @@ This policy setting allows you to configure heuristics. Suspicious detections wi -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -3338,8 +3288,7 @@ This policy setting allows you to manage whether or not to scan for malicious so -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -3398,8 +3347,7 @@ This policy setting allows you to configure reparse point scanning. If you allow -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -3458,8 +3406,7 @@ This policy setting allows you to create a system restore point on the computer -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -3518,8 +3465,7 @@ This policy setting allows you to configure scanning mapped network drives. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -3578,8 +3524,7 @@ This policy setting allows you to configure scanning for network files. It is re -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -3638,8 +3583,7 @@ This policy setting configures a local override for the configuration of maximum -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -3698,8 +3642,7 @@ This policy setting configures a local override for the configuration of the sca -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -3758,8 +3701,7 @@ This policy setting configures a local override for the configuration of schedul -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -3818,8 +3760,7 @@ This policy setting configures a local override for the configuration of schedul -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -3878,8 +3819,7 @@ This policy setting configures a local override for the configuration of schedul -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -3938,8 +3878,7 @@ This policy setting allows you to enable or disable low CPU priority for schedul -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -3998,8 +3937,7 @@ This policy setting allows you to define the number of consecutive scheduled sca -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -4058,8 +3996,7 @@ This policy setting defines the number of days items should be kept in the scan -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -4118,8 +4055,7 @@ This policy setting allows you to specify an interval at which to perform a quic -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -4178,8 +4114,7 @@ This policy setting allows you to configure scheduled scans to start only when y -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -4249,8 +4184,7 @@ This setting can be configured with the following ordinal number values: -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -4309,8 +4243,7 @@ This policy setting allows you to specify the time of day at which to perform a -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -4369,8 +4302,7 @@ This policy setting allows you to configure whether or not the antimalware servi -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -4429,8 +4361,7 @@ This policy setting allows you to define the number of days that must pass befor -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -4489,8 +4420,7 @@ This policy setting allows you to define the number of days that must pass befor -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -4549,8 +4479,7 @@ This policy setting allows you to configure UNC file share sources for downloadi -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -4608,8 +4537,7 @@ This policy setting allows you to configure the automatic scan which starts afte -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -4668,8 +4596,7 @@ This policy setting allows you to configure security intelligence updates when t -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -4728,8 +4655,7 @@ This policy setting allows you to configure security intelligence updates on sta -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -4790,8 +4716,7 @@ For Example: `{ InternalDefinitionUpdateServer | MicrosoftUpdateServer | MMPC }` -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -4849,8 +4774,7 @@ This policy setting allows you to enable download of security intelligence updat -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -4909,8 +4833,7 @@ This policy setting allows you to enable real-time security intelligence updates -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -4980,8 +4903,7 @@ This setting can be configured with the following ordinal number values: -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -5040,8 +4962,7 @@ This policy setting allows you to specify the time of day at which to check for -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -5098,8 +5019,7 @@ If you disable or do not configure this setting, security intelligence will be r -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -5157,8 +5077,7 @@ This policy setting allows you to configure the antimalware service to receive n -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -5217,8 +5136,7 @@ This policy setting allows you to define the number of days after which a catch- -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -5277,8 +5195,7 @@ This policy setting allows you to manage whether a check for new virus and spywa -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -5337,8 +5254,7 @@ This policy setting configures a local override for the configuration to join Mi -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -5410,8 +5326,7 @@ In Windows 10, Basic membership is no longer available, so setting the value to -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -5471,8 +5386,7 @@ Valid remediation action values are: -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -5531,8 +5445,7 @@ This policy setting allows you to configure whether or not to display additional -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -5591,8 +5504,7 @@ Use this policy setting to specify if you want Microsoft Defender Antivirus noti -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -5651,8 +5563,7 @@ If you enable this setting AM UI won't show reboot notifications. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -5708,8 +5619,7 @@ If you enable this setting AM UI won't be available to users. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-mmc.md b/windows/client-management/mdm/policy-csp-admx-mmc.md index 1a28b481b0..5d97114149 100644 --- a/windows/client-management/mdm/policy-csp-admx-mmc.md +++ b/windows/client-management/mdm/policy-csp-admx-mmc.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_MMC Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 03/23/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_MMC -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -73,8 +70,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -143,8 +139,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -213,8 +208,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -277,8 +271,7 @@ If you disable this setting or do not configure it, users can enter author mode -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -346,8 +339,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-mmcsnapins.md b/windows/client-management/mdm/policy-csp-admx-mmcsnapins.md index 4bd4f1a4d1..258567b3e8 100644 --- a/windows/client-management/mdm/policy-csp-admx-mmcsnapins.md +++ b/windows/client-management/mdm/policy-csp-admx-mmcsnapins.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_MMCSnapins Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 03/23/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_MMCSnapins -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -73,8 +70,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -143,8 +139,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -213,8 +208,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -283,8 +277,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -353,8 +346,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -423,8 +415,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -493,8 +484,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -563,8 +553,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -633,8 +622,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -703,8 +691,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -773,8 +760,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -843,8 +829,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -913,8 +898,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -983,8 +967,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1053,8 +1036,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1123,8 +1105,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1193,8 +1174,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1263,8 +1243,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1333,8 +1312,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1403,8 +1381,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1473,8 +1450,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1543,8 +1519,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1613,8 +1588,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1683,8 +1657,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1753,8 +1726,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1823,8 +1795,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1893,8 +1864,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1963,8 +1933,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2033,8 +2002,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2103,8 +2071,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2173,8 +2140,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2243,8 +2209,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2313,8 +2278,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2383,8 +2347,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2453,8 +2416,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2523,8 +2485,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2593,8 +2554,7 @@ When the Group Policy tab is inaccessible, it does not appear in the site, domai -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2663,8 +2623,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2733,8 +2692,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2803,8 +2761,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2873,8 +2830,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2943,8 +2899,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -3013,8 +2968,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -3083,8 +3037,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -3153,8 +3106,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -3223,8 +3175,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -3293,8 +3244,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -3363,8 +3313,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -3433,8 +3382,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -3503,8 +3451,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -3573,8 +3520,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -3643,8 +3589,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -3713,8 +3658,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -3783,8 +3727,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -3853,8 +3796,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -3923,8 +3865,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -3993,8 +3934,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -4063,8 +4003,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -4133,8 +4072,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -4203,8 +4141,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -4273,8 +4210,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -4343,8 +4279,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -4413,8 +4348,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -4483,8 +4417,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -4553,8 +4486,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -4623,8 +4555,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -4693,8 +4624,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -4763,8 +4693,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -4833,8 +4762,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -4903,8 +4831,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -4973,8 +4900,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -5043,8 +4969,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -5113,8 +5038,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -5183,8 +5107,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -5253,8 +5176,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -5323,8 +5245,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -5393,8 +5314,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -5463,8 +5383,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -5533,8 +5452,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -5603,8 +5521,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -5673,8 +5590,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -5743,8 +5659,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -5813,8 +5728,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -5883,8 +5797,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -5953,8 +5866,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -6023,8 +5935,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -6093,8 +6004,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -6163,8 +6073,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -6233,8 +6142,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -6303,8 +6211,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -6373,8 +6280,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -6443,8 +6349,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -6513,8 +6418,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -6583,8 +6487,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -6653,8 +6556,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -6723,8 +6625,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -6793,8 +6694,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -6863,8 +6763,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -6933,8 +6832,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -7003,8 +6901,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -7073,8 +6970,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -7143,8 +7039,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -7213,8 +7108,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -7283,8 +7177,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-mobilepcmobilitycenter.md b/windows/client-management/mdm/policy-csp-admx-mobilepcmobilitycenter.md index 3e4935741b..9b6b505f69 100644 --- a/windows/client-management/mdm/policy-csp-admx-mobilepcmobilitycenter.md +++ b/windows/client-management/mdm/policy-csp-admx-mobilepcmobilitycenter.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_MobilePCMobilityCenter Area in Policy CSP author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 01/09/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_MobilePCMobilityCenter -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -65,8 +62,7 @@ This policy setting turns off Windows Mobility Center. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -127,8 +123,7 @@ This policy setting turns off Windows Mobility Center. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-mobilepcpresentationsettings.md b/windows/client-management/mdm/policy-csp-admx-mobilepcpresentationsettings.md index ad7d9672ac..e218a0b620 100644 --- a/windows/client-management/mdm/policy-csp-admx-mobilepcpresentationsettings.md +++ b/windows/client-management/mdm/policy-csp-admx-mobilepcpresentationsettings.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_MobilePCPresentationSettings Area in Poli author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 01/09/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_MobilePCPresentationSettings -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -68,8 +65,7 @@ This policy setting turns off Windows presentation settings. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -133,8 +129,7 @@ This policy setting turns off Windows presentation settings. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-msapolicy.md b/windows/client-management/mdm/policy-csp-admx-msapolicy.md index 6d4c737e5b..79877b4972 100644 --- a/windows/client-management/mdm/policy-csp-admx-msapolicy.md +++ b/windows/client-management/mdm/policy-csp-admx-msapolicy.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_MSAPolicy Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 03/23/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_MSAPolicy -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -65,8 +62,7 @@ By default, this setting is Disabled. This setting does not affect whether users -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-msched.md b/windows/client-management/mdm/policy-csp-admx-msched.md index a42f6715cd..d87a3ba4e2 100644 --- a/windows/client-management/mdm/policy-csp-admx-msched.md +++ b/windows/client-management/mdm/policy-csp-admx-msched.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_msched Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 01/09/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_msched -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -65,8 +62,7 @@ The maintenance activation boundary is the daily schduled time at which Automati -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -128,8 +124,7 @@ The maintenance random delay is the amount of time up to which Automatic Mainten -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-msdt.md b/windows/client-management/mdm/policy-csp-admx-msdt.md index 5dee7d69dd..0e88923b66 100644 --- a/windows/client-management/mdm/policy-csp-admx-msdt.md +++ b/windows/client-management/mdm/policy-csp-admx-msdt.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_MSDT Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 03/23/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_MSDT -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -69,8 +66,7 @@ No reboots or service restarts are required for this policy setting to take effe -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -143,8 +139,7 @@ This policy setting will only take effect when the Diagnostic Policy Service (DP -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -213,8 +208,7 @@ This policy setting will only take effect when the Diagnostic Policy Service (DP -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-msi.md b/windows/client-management/mdm/policy-csp-admx-msi.md index 6b3d9e67e1..499da602ee 100644 --- a/windows/client-management/mdm/policy-csp-admx-msi.md +++ b/windows/client-management/mdm/policy-csp-admx-msi.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_MSI Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 03/23/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_MSI -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -67,8 +64,7 @@ This policy setting does not affect installations that run in the user's securit -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -131,8 +127,7 @@ Also, see the "Prevent removable media source for any install" policy setting. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -193,8 +188,7 @@ This policy setting does not affect installations that run in the user's securit -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -259,8 +253,7 @@ This policy setting controls Windows Installer's interaction with the Restart Ma -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -324,8 +317,7 @@ Also, see the "Enable user to browse for source while elevated" policy setting. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -384,8 +376,7 @@ This policy setting controls the ability to turn off all patch optimizations. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -447,8 +438,7 @@ This policy setting controls Windows Installer's processing of the MsiLogging pr -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -510,8 +500,7 @@ Also, see the "Enable user to use media source while elevated" and "Hide the 'Ad -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -576,8 +565,7 @@ This policy setting affects Windows Installer only. It does not prevent users fr -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -640,8 +628,7 @@ Also, see the "Enable user to patch elevated products" policy setting. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -702,8 +689,7 @@ This policy setting appears in the Computer Configuration and User Configuration -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -764,8 +750,7 @@ This policy setting appears in the Computer Configuration and User Configuration -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -824,8 +809,7 @@ This policy setting controls the ability to turn off shared components. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -886,8 +870,7 @@ Non-administrator updates provide a mechanism for the author of an application t -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -948,8 +931,7 @@ This policy setting should be used if you need to maintain a tight control over -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1008,8 +990,7 @@ This policy setting prevents Windows Installer from creating a System Restore ch -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1068,8 +1049,7 @@ This policy setting allows you to configure user installs. To configure this pol -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1133,8 +1113,7 @@ The new feature must be added as a new leaf feature to an existing feature tree. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1199,8 +1178,7 @@ If you set the baseline cache to 100, the Windows Installer will use available f -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1258,8 +1236,7 @@ This policy setting controls the ability to prevent embedded UI. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1320,8 +1297,7 @@ If you disable or do not configure this policy setting, Windows Installer logs t -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1381,8 +1357,7 @@ This policy setting is designed for enterprises that use Web-based tools to dist -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1449,8 +1424,7 @@ To exclude a file source, omit or delete the letter representing that source typ -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1516,8 +1490,7 @@ This policy setting is designed for enterprises to prevent unauthorized or malic -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-msifilerecovery.md b/windows/client-management/mdm/policy-csp-admx-msifilerecovery.md index 6875c3fba2..c46a50f66e 100644 --- a/windows/client-management/mdm/policy-csp-admx-msifilerecovery.md +++ b/windows/client-management/mdm/policy-csp-admx-msifilerecovery.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_MsiFileRecovery Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 01/09/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_MsiFileRecovery -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -76,8 +73,7 @@ No system or service restarts are required for changes to this policy setting to -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-mss-legacy.md b/windows/client-management/mdm/policy-csp-admx-mss-legacy.md index 6b4d108e89..937a55a043 100644 --- a/windows/client-management/mdm/policy-csp-admx-mss-legacy.md +++ b/windows/client-management/mdm/policy-csp-admx-mss-legacy.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_MSS-legacy Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 01/09/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_MSS-legacy -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -60,8 +57,7 @@ Enable Automatic Logon (not recommended). -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -112,8 +108,7 @@ Allow Windows to automatically restart after a system crash (recommended except -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -164,8 +159,7 @@ Enable administrative shares on servers (recommended except for highly secure en -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -216,8 +210,7 @@ Enable administrative shares on workstations (recommended except for highly secu -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -267,8 +260,7 @@ Enable administrative shares on workstations (recommended except for highly secu -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -320,8 +312,7 @@ Allow automatic detection of dead network gateways (could lead to DoS). -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -372,8 +363,7 @@ Hide Computer From the Browse List (not recommended except for highly secure env -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -424,8 +414,7 @@ Define how often keep-alive packets are sent in milliseconds. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -476,8 +465,7 @@ Configure IPSec exemptions for various types of network traffic. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -528,8 +516,7 @@ Enable the computer to stop generating 8.3 style filenames. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -580,8 +567,7 @@ Enable the computer to stop generating 8.3 style filenames. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -632,8 +618,7 @@ Enable Safe DLL search mode (recommended). -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -684,8 +669,7 @@ he time in seconds before the screen saver grace period expires (0 recommended). -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -736,8 +720,7 @@ Syn attack protection level (protects against DoS). -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -788,8 +771,7 @@ SYN-ACK retransmissions when a connection request is not acknowledged. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -840,8 +822,7 @@ Define how many times unacknowledged data is retransmitted (3 recommended, 5 is -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -892,8 +873,7 @@ Define how many times unacknowledged data is retransmitted (3 recommended, 5 is -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -944,8 +924,7 @@ Percentage threshold for the security event log at which the system will generat -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-nca.md b/windows/client-management/mdm/policy-csp-admx-nca.md index 4f0aa3bb0a..85404a8ef6 100644 --- a/windows/client-management/mdm/policy-csp-admx-nca.md +++ b/windows/client-management/mdm/policy-csp-admx-nca.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_nca Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 03/23/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_nca -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -48,11 +45,11 @@ Each string can be one of the following types: - A DNS name or IPv6 address that NCA pings. The syntax is "PING:" followed by a fully qualified domain name (FQDN) that resolves to an IPv6 address, or an IPv6 address. Examples: PING:myserver.corp.contoso.com or PING:2002:836b:1::1. -**Note** +Note We recommend that you use FQDNs instead of IPv6 addresses wherever possible. -**Important** +Important At least one of the entries must be a PING: resource. @@ -77,8 +74,7 @@ You must configure this setting to have complete NCA functionality. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -132,8 +128,7 @@ Specifies commands configured by the administrator for custom logging. These com -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -193,8 +188,7 @@ You must configure this setting to have complete NCA functionality. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -250,8 +244,7 @@ If this setting is not configured, the string that appears for DirectAccess conn -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -290,13 +283,13 @@ If this setting is not configured, the string that appears for DirectAccess conn Specifies whether the user has Connect and Disconnect options for the DirectAccess entry when the user clicks the Networking notification area icon. -If the user clicks the Disconnect option, NCA removes the DirectAccess rules from the [Name Resolution Policy Table](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn593632(v=ws.11)) (NRPT) and the DirectAccess client computer uses whatever normal name resolution is available to the client computer in its current network configuration, including sending all DNS queries to the local intranet or Internet DNS servers. **Note** that NCA does not remove the existing IPsec tunnels and users can still access intranet resources across the DirectAccess server by specifying IPv6 addresses rather than names. +If the user clicks the Disconnect option, NCA removes the DirectAccess rules from the [Name Resolution Policy Table](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn593632(v=ws.11)) (NRPT) and the DirectAccess client computer uses whatever normal name resolution is available to the client computer in its current network configuration, including sending all DNS queries to the local intranet or Internet DNS servers. Note that NCA does not remove the existing IPsec tunnels and users can still access intranet resources across the DirectAccess server by specifying IPv6 addresses rather than names. The ability to disconnect allows users to specify single-label, unqualified names (such as "PRINTSVR") for local resources when connected to a different intranet and for temporary access to intranet resources when network location detection has not correctly determined that the DirectAccess client computer is connected to its own intranet. To restore the DirectAccess rules to the NRPT and resume normal DirectAccess functionality, the user clicks Connect. -**Note** +Note If the DirectAccess client computer is on the intranet and has correctly determined its network location, the Disconnect option has no effect because the rules for DirectAccess are already removed from the NRPT. If this setting is not configured, users do not have Connect or Disconnect options. @@ -316,8 +309,7 @@ If this setting is not configured, users do not have Connect or Disconnect optio -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -374,8 +366,7 @@ Set this to Disabled to keep NCA probing actively all the time. If this setting -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -434,8 +425,7 @@ If this setting is not configured, the entry for DirectAccess connectivity appea -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -492,8 +482,7 @@ When the user sends the log files to the Administrator, NCA uses the default e-m -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-ncsi.md b/windows/client-management/mdm/policy-csp-admx-ncsi.md index 4fbd4d3169..5d02b44e64 100644 --- a/windows/client-management/mdm/policy-csp-admx-ncsi.md +++ b/windows/client-management/mdm/policy-csp-admx-ncsi.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_NCSI Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 03/23/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_NCSI -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -61,8 +58,7 @@ This policy setting enables you to specify the expected address of the host name -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -118,8 +114,7 @@ This policy setting enables you to specify the host name of a computer known to -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -175,8 +170,7 @@ This policy setting enables you to specify the list of IPv6 corporate site prefi -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -232,8 +226,7 @@ This policy setting enables you to specify the URL of the corporate website, aga -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -289,8 +282,7 @@ This policy setting enables you to specify the HTTPS URL of the corporate websit -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -344,8 +336,7 @@ This policy setting enables you to specify DNS binding behavior. NCSI by default -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -399,8 +390,7 @@ This Policy setting enables you to specify passive polling behavior. NCSI polls -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-netlogon.md b/windows/client-management/mdm/policy-csp-admx-netlogon.md index 2b76aaec77..21ca763a38 100644 --- a/windows/client-management/mdm/policy-csp-admx-netlogon.md +++ b/windows/client-management/mdm/policy-csp-admx-netlogon.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_Netlogon Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 03/23/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_Netlogon -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -71,8 +68,7 @@ If you do not configure this policy setting, it is not applied to any DCs, and D -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -134,8 +130,7 @@ By default, DC Locator APIs can return IPv4/IPv6 DC address. But if some applica -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -196,8 +191,7 @@ By default, when no setting is specified for this policy, the behavior is the sa -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -260,8 +254,7 @@ By default, Net Logon will not allow the older cryptography algorithms to be use -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -324,8 +317,7 @@ By default, the behavior specified in the AllowDnsSuffixSearch is used. If the A -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -386,8 +378,7 @@ This policy setting determines whether domain controllers (DC) will dynamically -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -429,7 +420,7 @@ This policy setting allows you to control the domain controller (DC) location al NetBIOS-based discovery uses a WINS server and mailslot messages but does not use site information. Hence it does not ensure that clients will discover the closest DC. It also allows a hub-site client to discover a branch-site DC even if the branch-site DC only registers site-specific DNS records (as recommended). For these reasons, NetBIOS-based discovery is not recommended. -**Note** that this policy setting does not affect NetBIOS-based discovery for DC location if only the NetBIOS domain name is known. +Note that this policy setting does not affect NetBIOS-based discovery for DC location if only the NetBIOS domain name is known. - If you enable or do not configure this policy setting, the DC location algorithm does not use NetBIOS-based discovery as a fallback mechanism when DNS-based discovery fails. This is the default behavior. @@ -450,8 +441,7 @@ NetBIOS-based discovery uses a WINS server and mailslot messages but does not us -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -514,8 +504,7 @@ Contacting the PDC emulator is useful in case the client's password was recently -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -579,8 +568,7 @@ If the value of this setting is less than the value specified in the NegativeCac -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -645,8 +633,7 @@ If the value for this setting is too small and the DC is not available, the freq -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -705,8 +692,7 @@ The default value for this setting is to not quit retrying (0). The maximum valu -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -760,8 +746,7 @@ This policy setting determines when a successful DC cache entry is refreshed. Th -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -823,8 +808,7 @@ If you specify zero for this policy setting, the default behavior occurs as desc -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -908,8 +892,7 @@ This policy setting determines which DC Locator DNS records aren't registered by -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -972,8 +955,7 @@ If you do not configure this policy setting, it is not applied to any DCs, and D -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1039,8 +1021,7 @@ More information is available at -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1099,8 +1080,7 @@ If you do not configure this policy setting, it is not applied to any DCs, and D -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1158,8 +1138,7 @@ If you do not configure this policy setting, it is not applied to any computers, -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1221,8 +1200,7 @@ The Domain Controller Locator (DC Locator) service is used by clients to find do -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1282,8 +1260,7 @@ If you do not configure this policy setting, it is not applied to any GCs, and G -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1346,8 +1323,7 @@ This policy setting is recommended to reduce the attack surface on a DC, and can -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1408,8 +1384,7 @@ If you do not configure this policy setting, it is not applied to any DCs, and D -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1469,8 +1444,7 @@ If you do not configure this policy setting, it is not applied to any DCs, and D -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1530,8 +1504,7 @@ By default, the maximum size of the log file is 20MB. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1591,8 +1564,7 @@ If you do not configure this policy setting, it is not applied to any DCs, and D -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1651,8 +1623,7 @@ The default value for this setting is 45 seconds. The maximum value for this set -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1717,8 +1688,7 @@ By default, the Netlogon share will grant shared read access to files on the sha -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1775,8 +1745,7 @@ The default value for this setting is 30 minutes (1800). The maximum value for t -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1841,8 +1810,7 @@ If you do not configure this policy setting, it is not applied to any computers, -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1906,8 +1874,7 @@ To enable the setting, click Enabled, and then specify the interval in seconds. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1967,8 +1934,7 @@ If you do not configure this policy setting, it is not applied to any DCs, and D -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2028,8 +1994,7 @@ If you do not configure this policy setting, it is not applied to any computers, -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2094,8 +2059,7 @@ If you enable this policy setting, domain administrators should ensure that the -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2158,8 +2122,7 @@ The DC Locator service is used by clients to find domain controllers for their A -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2220,8 +2183,7 @@ This policy setting determines if dynamic registration of the domain controller -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-networkconnections.md b/windows/client-management/mdm/policy-csp-admx-networkconnections.md index 8844aca989..54ca825b67 100644 --- a/windows/client-management/mdm/policy-csp-admx-networkconnections.md +++ b/windows/client-management/mdm/policy-csp-admx-networkconnections.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_NetworkConnections Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 03/23/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_NetworkConnections -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -76,8 +73,7 @@ The Install and Uninstall buttons appear in the properties dialog box for connec -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -144,8 +140,7 @@ The Advanced Settings item lets users view and change bindings and view and chan -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -219,8 +214,7 @@ Determines whether users can configure advanced TCP/IP settings. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -288,8 +282,7 @@ Determines whether administrators can enable and disable the components used by -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -364,8 +357,7 @@ To create an all-user remote access connection, on the Connection Availability p -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -436,8 +428,7 @@ Determines whether users can delete remote access connections. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -501,8 +492,7 @@ The Remote Access Preferences item lets users create and change connections befo -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -561,8 +551,7 @@ If you disable this setting or do not configure it, the "local access only" icon -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -628,8 +617,7 @@ By default, Network Connections group settings in Windows XP Professional do not -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -692,8 +680,7 @@ When a remote client computer connects to an internal network using DirectAccess -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -751,8 +738,7 @@ This policy setting allows you to manage whether notifications are shown to the -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -830,8 +816,7 @@ The Local Area Connection Properties dialog box includes a list of the network c -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -898,8 +883,7 @@ Determines whether users can enable/disable LAN connections. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -971,8 +955,7 @@ This setting determines whether the Properties menu item is enabled, and thus, w -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1040,8 +1023,7 @@ Determines whether users can use the New Connection Wizard, which creates new ne -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1110,8 +1092,7 @@ The Internet Connection Firewall is a stateful packet filter for home and small -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1186,8 +1167,7 @@ This setting determines whether the Properties menu item is enabled, and thus, w -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1262,8 +1242,7 @@ The Networking tab of the Remote Access Connection Properties dialog box include -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1325,8 +1304,7 @@ Determines whether users can connect and disconnect remote access connections. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1400,8 +1378,7 @@ This setting determines whether the Properties menu item is enabled, and thus, w -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1473,8 +1450,7 @@ To create an all-user connection, on the Connection Availability page in the New -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1544,8 +1520,7 @@ If this setting is not configured, only Administrators and Network Configuration -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1612,8 +1587,7 @@ Determines whether nonadministrators can rename a LAN connection. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1680,8 +1654,7 @@ Private connections are those that are available only to one user. To create a p -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1739,7 +1712,7 @@ By default, ICS is disabled when you create a remote access connection, but admi > Nonadministrators are already prohibited from configuring Internet Connection Sharing, regardless of this setting. > [!NOTE] -> Disabling this setting does not prevent Wireless Hosted Networking from using the ICS service for DHCP services. To prevent the ICS service from running, on the Network Permissions tab in the network's policy properties, select the "Don't use hosted networks" check box. +> Disabling this setting does not prevent Wireless Hosted Networking from using the ICS service for DHCP services. To prevent the ICS service from running, on the Network Permissions tab in the network's policy properties, select the "Do not use hosted networks" check box. @@ -1756,8 +1729,7 @@ By default, ICS is disabled when you create a remote access connection, but admi -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1821,8 +1793,7 @@ Connection status is available from the connection status taskbar icon or from t -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1881,8 +1852,7 @@ This policy setting determines whether to require domain users to elevate when s -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-offlinefiles.md b/windows/client-management/mdm/policy-csp-admx-offlinefiles.md index 38fe42d808..cefe2b532a 100644 --- a/windows/client-management/mdm/policy-csp-admx-offlinefiles.md +++ b/windows/client-management/mdm/policy-csp-admx-offlinefiles.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_OfflineFiles Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 03/23/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_OfflineFiles -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -65,8 +62,7 @@ This setting automatically extends the "make available offline" setting to all n -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -130,8 +126,7 @@ This policy setting lists network files and folders that are always available fo -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -194,8 +189,7 @@ This policy setting lists network files and folders that are always available fo -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -255,8 +249,7 @@ You can also configure Background Sync for network shares that are in user selec -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -327,8 +320,7 @@ This setting replaces the Default Cache Size setting used by pre-Windows Vista s -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -389,8 +381,7 @@ This setting appears in the Computer Configuration and User Configuration folder -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -451,8 +442,7 @@ This setting appears in the Computer Configuration and User Configuration folder -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -521,8 +511,7 @@ This setting does not limit the disk space available for files that user's make -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -585,8 +574,7 @@ This policy setting determines whether the Offline Files feature is enabled. Off -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -654,8 +642,7 @@ This setting is applied at user logon. If this setting is changed after user log -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -725,8 +712,7 @@ To use this setting, in the "Enter" box, select the number corresponding to the -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -795,8 +781,7 @@ To use this setting, in the "Enter" box, select the number corresponding to the -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -854,8 +839,7 @@ This policy setting enables administrators to block certain file types from bein -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -918,8 +902,7 @@ To use this setting, type the file name extension in the "Extensions" box. To ty -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -992,8 +975,7 @@ Also, see the "Non-default server disconnect actions" setting. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1066,8 +1048,7 @@ Also, see the "Non-default server disconnect actions" setting. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1130,8 +1111,7 @@ This setting appears in the Computer Configuration and User Configuration folder -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1195,8 +1175,7 @@ This setting appears in the Computer Configuration and User Configuration folder -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1260,8 +1239,7 @@ This setting appears in the Computer Configuration and User Configuration folder -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1325,8 +1303,7 @@ This setting appears in the Computer Configuration and User Configuration folder -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1370,7 +1347,7 @@ This policy setting prevents users from making network files and folders availab - If you disable or do not configure this policy setting, users can manually specify files and folders that they want to make available offline. -**Note**: +Note: This policy setting appears in the Computer Configuration and User Configuration folders. If both policy settings are configured, the policy setting in Computer Configuration takes precedence. @@ -1391,8 +1368,7 @@ The "Make Available Offline" command is called "Always available offline" on com -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1436,7 +1412,7 @@ This policy setting prevents users from making network files and folders availab - If you disable or do not configure this policy setting, users can manually specify files and folders that they want to make available offline. -**Note**: +Note: This policy setting appears in the Computer Configuration and User Configuration folders. If both policy settings are configured, the policy setting in Computer Configuration takes precedence. @@ -1457,8 +1433,7 @@ The "Make Available Offline" command is called "Always available offline" on com -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1504,7 +1479,7 @@ This policy setting allows you to manage a list of files and folders for which y - If you do not configure this policy setting, the "Make Available Offline" command is available for all files and folders. -**Note**: +Note: This policy setting appears in the Computer Configuration and User Configuration folders. If both policy settings are configured, the policy settings are combined, and the "Make Available Offline" command is unavailable for all specified files and folders. @@ -1529,8 +1504,7 @@ If the "Remove 'Make Available Offline' command" policy setting is enabled, this -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1575,7 +1549,7 @@ This policy setting allows you to manage a list of files and folders for which y - If you do not configure this policy setting, the "Make Available Offline" command is available for all files and folders. -**Note**: +Note: This policy setting appears in the Computer Configuration and User Configuration folders. If both policy settings are configured, the policy settings are combined, and the "Make Available Offline" command is unavailable for all specified files and folders. @@ -1600,8 +1574,7 @@ If the "Remove 'Make Available Offline' command" policy setting is enabled, this -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1670,8 +1643,7 @@ This setting appears in the Computer Configuration and User Configuration folder -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1741,8 +1713,7 @@ This setting appears in the Computer Configuration and User Configuration folder -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1805,8 +1776,7 @@ This policy setting is triggered by the configured round trip network latency va -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1867,8 +1837,7 @@ If you disable this setting or do not configure it, automatically and manually c -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1927,8 +1896,7 @@ This policy setting allows you to turn on economical application of administrati -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1992,8 +1960,7 @@ This setting appears in the Computer Configuration and User Configuration folder -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2056,8 +2023,7 @@ This setting appears in the Computer Configuration and User Configuration folder -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2115,8 +2081,7 @@ This setting appears in the Computer Configuration and User Configuration folder -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2174,8 +2139,7 @@ This setting appears in the Computer Configuration and User Configuration folder -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2233,8 +2197,7 @@ This setting appears in the Computer Configuration and User Configuration folder -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2292,8 +2255,7 @@ This setting appears in the Computer Configuration and User Configuration folder -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2361,8 +2323,7 @@ In Windows 8 or Windows Server 2012, set the Latency threshold to 1ms to keep us -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2426,8 +2387,7 @@ When a connection is considered slow, Offline Files automatically adjust its beh -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2494,8 +2454,7 @@ This setting appears in the Computer Configuration and User Configuration folder -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2563,8 +2522,7 @@ This setting appears in the Computer Configuration and User Configuration folder -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2632,8 +2590,7 @@ This setting appears in the Computer Configuration and User Configuration folder -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2701,8 +2658,7 @@ This setting appears in the Computer Configuration and User Configuration folder -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2764,8 +2720,7 @@ Determines whether offline files are synchonized before a computer is suspended. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2826,8 +2781,7 @@ Determines whether offline files are synchonized before a computer is suspended. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2885,8 +2839,7 @@ This policy setting determines whether offline files are synchronized in the bac -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2945,8 +2898,7 @@ This policy setting removes the "Work offline" command from Explorer, preventing -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -3005,8 +2957,7 @@ This policy setting removes the "Work offline" command from Explorer, preventing -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-pca.md b/windows/client-management/mdm/policy-csp-admx-pca.md index 936802cf55..861d44b8ad 100644 --- a/windows/client-management/mdm/policy-csp-admx-pca.md +++ b/windows/client-management/mdm/policy-csp-admx-pca.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_pca Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 01/09/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_pca -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -59,8 +56,7 @@ This setting exists only for backward compatibility, and is not valid for this v -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -114,8 +110,7 @@ This setting exists only for backward compatibility, and is not valid for this v -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -170,8 +165,7 @@ This setting exists only for backward compatibility, and is not valid for this v -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -226,8 +220,7 @@ This setting exists only for backward compatibility, and is not valid for this v -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -281,8 +274,7 @@ This setting exists only for backward compatibility, and is not valid for this v -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -337,8 +329,7 @@ This setting exists only for backward compatibility, and is not valid for this v -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -402,8 +393,7 @@ This policy setting configures the Program Compatibility Assistant (PCA) to diag -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-peertopeercaching.md b/windows/client-management/mdm/policy-csp-admx-peertopeercaching.md index f2d2d78382..03cb144ea1 100644 --- a/windows/client-management/mdm/policy-csp-admx-peertopeercaching.md +++ b/windows/client-management/mdm/policy-csp-admx-peertopeercaching.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_PeerToPeerCaching Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 03/23/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_PeerToPeerCaching -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -77,8 +74,7 @@ Select one of the following: -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -147,8 +143,7 @@ Select one of the following: -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -223,8 +218,7 @@ Hosted cache clients must trust the server certificate that is issued to the hos -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -302,8 +296,7 @@ Select one of the following: -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -378,8 +371,7 @@ In circumstances where this setting is enabled, you can also select and configur -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -447,8 +439,7 @@ In circumstances where this policy setting is enabled, you can also select and c -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -522,8 +513,7 @@ In circumstances where this setting is enabled, you can also select and configur -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -595,8 +585,7 @@ In circumstances where this setting is enabled, you can also select and configur -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -672,8 +661,7 @@ Select from the following versions -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-pentraining.md b/windows/client-management/mdm/policy-csp-admx-pentraining.md index bc3212ef5a..e2b0feb0d8 100644 --- a/windows/client-management/mdm/policy-csp-admx-pentraining.md +++ b/windows/client-management/mdm/policy-csp-admx-pentraining.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_PenTraining Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 01/09/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_PenTraining -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -63,8 +60,7 @@ Turns off Tablet PC Pen Training. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -123,8 +119,7 @@ Turns off Tablet PC Pen Training. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-performancediagnostics.md b/windows/client-management/mdm/policy-csp-admx-performancediagnostics.md index f422307fe0..84fbd62527 100644 --- a/windows/client-management/mdm/policy-csp-admx-performancediagnostics.md +++ b/windows/client-management/mdm/policy-csp-admx-performancediagnostics.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_PerformanceDiagnostics Area in Policy CSP author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 01/09/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_PerformanceDiagnostics -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -71,8 +68,7 @@ This policy setting will only take effect when the Diagnostic Policy Service is -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -139,8 +135,7 @@ This policy setting will only take effect when the Diagnostic Policy Service is -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -207,8 +202,7 @@ This policy setting will only take effect when the Diagnostic Policy Service is -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -275,8 +269,7 @@ This policy setting will only take effect when the Diagnostic Policy Service is -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-power.md b/windows/client-management/mdm/policy-csp-admx-power.md index 8d39627171..c39be35f97 100644 --- a/windows/client-management/mdm/policy-csp-admx-power.md +++ b/windows/client-management/mdm/policy-csp-admx-power.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_Power Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 01/09/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_Power -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -65,8 +62,7 @@ This policy setting allows you to control the network connectivity state in stan -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -125,8 +121,7 @@ This policy setting allows you to turn on the ability for applications and servi -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -167,6 +162,7 @@ This policy setting allows you to turn on the ability for applications and servi This policy setting specifies the action that Windows takes when a user presses the Start menu Power button. - If you enable this policy setting, select one of the following actions: + -Sleep -Hibernate -Shut down @@ -188,8 +184,7 @@ This policy setting specifies the action that Windows takes when a user presses -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -247,8 +242,7 @@ This policy setting allows applications and services to prevent automatic sleep. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -307,8 +301,7 @@ This policy setting allows applications and services to prevent automatic sleep. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -367,8 +360,7 @@ This policy setting allows you to manage automatic sleep with open network files -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -427,8 +419,7 @@ This policy setting allows you to manage automatic sleep with open network files -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -487,8 +478,7 @@ This policy setting specifies the active power plan from a specified power plan' -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -528,6 +518,7 @@ This policy setting specifies the active power plan from a specified power plan' This policy setting specifies the action that Windows takes when battery capacity reaches the critical battery notification level. - If you enable this policy setting, select one of the following actions: + -Take no action -Sleep -Hibernate @@ -550,8 +541,7 @@ This policy setting specifies the action that Windows takes when battery capacit -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -591,6 +581,7 @@ This policy setting specifies the action that Windows takes when battery capacit This policy setting specifies the action that Windows takes when battery capacity reaches the low battery notification level. - If you enable this policy setting, select one of the following actions: + -Take no action -Sleep -Hibernate @@ -613,8 +604,7 @@ This policy setting specifies the action that Windows takes when battery capacit -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -674,8 +664,7 @@ To set the action that is triggered, see the "Critical Battery Notification Acti -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -735,8 +724,7 @@ To set the action that is triggered, see the "Low Battery Notification Action" p -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -796,8 +784,7 @@ The notification will only be shown if the "Low Battery Notification Action" pol -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -858,8 +845,7 @@ This policy setting allows you to control the network connectivity state in stan -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -918,8 +904,7 @@ This policy setting allows you to turn on the ability for applications and servi -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -960,6 +945,7 @@ This policy setting allows you to turn on the ability for applications and servi This policy setting specifies the action that Windows takes when a user presses the Start menu Power button. - If you enable this policy setting, select one of the following actions: + -Sleep -Hibernate -Shut down @@ -981,8 +967,7 @@ This policy setting specifies the action that Windows takes when a user presses -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1040,8 +1025,7 @@ This policy setting specifies the period of inactivity before Windows turns off -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1099,8 +1083,7 @@ This policy setting specifies the period of inactivity before Windows turns off -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1160,8 +1143,7 @@ This setting is only applicable when Windows shutdown is initiated by software p -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1222,8 +1204,7 @@ This policy setting allows you to specify if Windows should enable the desktop b -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1284,8 +1265,7 @@ This policy setting allows you to specify if Windows should enable the desktop b -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1344,8 +1324,7 @@ This policy setting specifies the active power plan from a list of default Windo -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1403,8 +1382,7 @@ This policy setting allows you to turn off Power Throttling. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1463,8 +1441,7 @@ This policy setting allows you to configure client computers to lock and prompt -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1523,8 +1500,7 @@ This policy setting specifies the percentage of battery capacity remaining that -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-powershellexecutionpolicy.md b/windows/client-management/mdm/policy-csp-admx-powershellexecutionpolicy.md index 0c13746a26..33bfe3a6b7 100644 --- a/windows/client-management/mdm/policy-csp-admx-powershellexecutionpolicy.md +++ b/windows/client-management/mdm/policy-csp-admx-powershellexecutionpolicy.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_PowerShellExecutionPolicy Area in Policy author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 01/09/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_PowerShellExecutionPolicy -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -74,8 +71,7 @@ To add modules and snap-ins to the policy setting list, click Show, and then typ -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -149,8 +145,7 @@ The "Allow all scripts" policy setting allows all scripts to run. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -223,8 +218,7 @@ from viewing the transcripts of other users or computers. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -290,8 +284,7 @@ This policy setting allows you to set the default value of the SourcePath parame -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-previousversions.md b/windows/client-management/mdm/policy-csp-admx-previousversions.md index c2aa223837..59a7deb1e2 100644 --- a/windows/client-management/mdm/policy-csp-admx-previousversions.md +++ b/windows/client-management/mdm/policy-csp-admx-previousversions.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_PreviousVersions Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 01/09/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_PreviousVersions -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -65,8 +62,7 @@ This policy setting lets you suppress the Restore button in the previous version -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -127,8 +123,7 @@ This policy setting lets you suppress the Restore button in the previous version -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -189,8 +184,7 @@ This policy setting lets you hide the list of previous versions of files that ar -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -251,8 +245,7 @@ This policy setting lets you hide the list of previous versions of files that ar -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -313,8 +306,7 @@ This policy setting lets you suppress the Restore button in the previous version -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -375,8 +367,7 @@ This policy setting lets you suppress the Restore button in the previous version -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -437,8 +428,7 @@ This policy setting lets you hide the list of previous versions of files that ar -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -499,8 +489,7 @@ This policy setting lets you hide the list of previous versions of files that ar -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -561,8 +550,7 @@ This setting lets you suppress the Restore button in the previous versions prope -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -623,8 +611,7 @@ This setting lets you suppress the Restore button in the previous versions prope -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -685,8 +672,7 @@ This policy setting lets you hide entries in the list of previous versions of a -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -747,8 +733,7 @@ This policy setting lets you hide entries in the list of previous versions of a -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-printing.md b/windows/client-management/mdm/policy-csp-admx-printing.md index 207d96ce87..1ddae9baf9 100644 --- a/windows/client-management/mdm/policy-csp-admx-printing.md +++ b/windows/client-management/mdm/policy-csp-admx-printing.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_Printing Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 03/23/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_Printing -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -70,8 +67,7 @@ Also, see the "Custom support URL in the Printers folder's left pane" setting in -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -117,7 +113,8 @@ Not all applications support driver isolation. By default, Microsoft Excel 2007, - If you disable this policy setting, then print drivers will be loaded within all associated application processes. -**Note**: +Note: + -This policy setting applies only to applications opted into isolation. -This policy setting applies only to print drivers loaded by applications. Print drivers loaded by the print spooler are not affected. -This policy setting is only checked once during the lifetime of a process. After changing the policy, a running application must be relaunched before settings take effect. @@ -137,8 +134,7 @@ Not all applications support driver isolation. By default, Microsoft Excel 2007, -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -204,8 +200,7 @@ Web view is affected by the "Turn on Classic Shell" and "Do not allow Folder Opt -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -279,8 +274,7 @@ In Windows 8 and later, Bluetooth printers are not shown so its limit does not a -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -342,8 +336,7 @@ By default, Windows Ultimate, Professional and Home SKUs will continue to search -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -405,8 +398,7 @@ Allows users to use the Add Printer Wizard to search the network for shared prin -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -478,8 +470,7 @@ If you do not enable this policy setting, the behavior is the same as disabling -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -536,8 +527,7 @@ This setting may improve the performance of the XPS Rasterization Service or the -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -600,8 +590,7 @@ Also, see the "Custom support URL in the Printers folder's left pane" and "Activ -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -664,8 +653,7 @@ Determines whether printers using kernel-mode drivers may be installed on the lo -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -726,8 +714,7 @@ This preference allows you to change default printer management. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -786,8 +773,7 @@ Microsoft XPS Document Writer (MXDW) generates OpenXPS (*.oxps) files by default -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -849,8 +835,7 @@ This setting does not prevent users from running other programs to delete a prin -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -921,8 +906,7 @@ In Windows 8 and later, Bluetooth printers are not shown so its limit does not a -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -981,8 +965,7 @@ This policy restricts clients computers to use package point and print only. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1041,8 +1024,7 @@ This policy restricts clients computers to use package point and print only. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1105,8 +1087,7 @@ Windows Vista and later clients will attempt to make a non-package point and pri -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1169,8 +1150,7 @@ Windows Vista and later clients will attempt to make a non-package point and pri -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1234,8 +1214,7 @@ Type the location of the user's computer. When users search for printers, the sy -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1295,8 +1274,7 @@ Use Location Tracking to design a location scheme for your enterprise and assign -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1340,7 +1318,8 @@ This policy setting determines whether the print spooler will execute print driv - If you disable this policy setting, the print spooler will execute print drivers in the print spooler process. -**Note**: +Note: + -Other system or driver policy settings may alter the process in which a print driver is executed. -This policy setting applies only to print drivers loaded by the print spooler. Print drivers loaded by applications are not affected. -This policy setting takes effect without restarting the print spooler service. @@ -1360,8 +1339,7 @@ This policy setting determines whether the print spooler will execute print driv -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1405,7 +1383,8 @@ This policy setting determines whether the print spooler will override the Drive - If you disable or do not configure this policy setting, the print spooler uses the Driver Isolation compatibility flag value reported by the print driver. -**Note**: +Note: + -Other system or driver policy settings may alter the process in which a print driver is executed. -This policy setting applies only to print drivers loaded by the print spooler. Print drivers loaded by applications are not affected. -This policy setting takes effect without restarting the print spooler service. @@ -1425,8 +1404,7 @@ This policy setting determines whether the print spooler will override the Drive -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1487,8 +1465,7 @@ This setting only provides a starting point for Active Directory searches for pr -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1553,8 +1530,7 @@ On domains with Active Directory, shared printer resources are available in Acti -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1616,8 +1592,7 @@ This policy controls whether the print job name will be included in print event -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1678,8 +1653,7 @@ V4 printer drivers may include an optional, customized user interface known as a -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-printing2.md b/windows/client-management/mdm/policy-csp-admx-printing2.md index 1d78b2f09e..a49b40ec9b 100644 --- a/windows/client-management/mdm/policy-csp-admx-printing2.md +++ b/windows/client-management/mdm/policy-csp-admx-printing2.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_Printing2 Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 03/23/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_Printing2 -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -68,8 +65,7 @@ The default behavior is to automatically publish shared printers in Active Direc -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -133,8 +129,7 @@ By default, the pruning service on the domain controller prunes printer objects -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -205,8 +200,7 @@ You can enable this setting to change the default behavior. To use this setting, -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -271,8 +265,7 @@ By default, the pruning service contacts computers every eight hours and allows -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -335,8 +328,7 @@ By default, the pruning thread runs at normal priority. However, you can adjust -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -401,8 +393,7 @@ By default, the pruning service contacts computers every eight hours and allows -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -468,8 +459,7 @@ The pruning service periodically contacts computers that have published printers -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -530,8 +520,7 @@ The spooler must be restarted for changes to this policy to take effect. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -592,8 +581,7 @@ To disable verification, disable this setting, or enable this setting and select -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-programs.md b/windows/client-management/mdm/policy-csp-admx-programs.md index da10e25a17..d7d7661231 100644 --- a/windows/client-management/mdm/policy-csp-admx-programs.md +++ b/windows/client-management/mdm/policy-csp-admx-programs.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_Programs Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 03/23/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_Programs -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -67,8 +64,7 @@ This setting does not prevent the Default Programs icon from appearing on the St -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -134,8 +130,7 @@ Published programs are those programs that the system administrator has explicit -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -196,8 +191,7 @@ This setting does not prevent users from using other tools and methods to instal -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -256,8 +250,7 @@ This setting does not prevent users from using other tools and methods to view o -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -320,8 +313,7 @@ This setting does not prevent users from using other tools and methods to instal -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -380,8 +372,7 @@ This setting does not prevent users from using other tools and methods to config -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -445,8 +436,7 @@ If this feature is disabled or is not configured, the "Get new programs from Win -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-pushtoinstall.md b/windows/client-management/mdm/policy-csp-admx-pushtoinstall.md index 812ee0a71e..6b8ff65a2c 100644 --- a/windows/client-management/mdm/policy-csp-admx-pushtoinstall.md +++ b/windows/client-management/mdm/policy-csp-admx-pushtoinstall.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_PushToInstall Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 03/23/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_PushToInstall -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -59,8 +56,7 @@ If you enable this setting, users will not be able to push Apps to this device f -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-qos.md b/windows/client-management/mdm/policy-csp-admx-qos.md index d81a28a193..29021d834d 100644 --- a/windows/client-management/mdm/policy-csp-admx-qos.md +++ b/windows/client-management/mdm/policy-csp-admx-qos.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_QOS Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 01/09/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_QOS -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -68,8 +65,7 @@ Specifies the maximum number of outstanding packets permitted on the system. Whe -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -132,8 +128,7 @@ By default, the Packet Scheduler limits the system to 80 percent of the bandwidt -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -196,8 +191,7 @@ This setting applies only to packets that conform to the flow specification. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -260,8 +254,7 @@ This setting applies only to packets that do not conform to the flow specificati -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -322,8 +315,7 @@ Specifies an alternate link layer (Layer-2) priority value for packets with the -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -386,8 +378,7 @@ This setting applies only to packets that conform to the flow specification. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -450,8 +441,7 @@ This setting applies only to packets that do not conform to the flow specificati -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -512,8 +502,7 @@ Specifies an alternate link layer (Layer-2) priority value for packets with the -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -576,8 +565,7 @@ This setting applies only to packets that conform to the flow specification. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -640,8 +628,7 @@ This setting applies only to packets that do not conform to the flow specificati -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -702,8 +689,7 @@ Specifies an alternate link layer (Layer-2) priority value for packets with the -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -766,8 +752,7 @@ This setting applies only to packets that conform to the flow specification. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -830,8 +815,7 @@ This setting applies only to packets that do not conform to the flow specificati -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -892,8 +876,7 @@ Specifies an alternate link layer (Layer-2) priority value for packets with the -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -954,8 +937,7 @@ Specifies an alternate link layer (Layer-2) priority value for packets that do n -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1018,8 +1000,7 @@ This setting applies only to packets that conform to the flow specification. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1082,8 +1063,7 @@ This setting applies only to packets that do not conform to the flow specificati -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1144,8 +1124,7 @@ Specifies an alternate link layer (Layer-2) priority value for packets with the -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1206,8 +1185,7 @@ Determines the smallest unit of time that the Packet Scheduler uses when schedul -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-radar.md b/windows/client-management/mdm/policy-csp-admx-radar.md index 2c6b557f6b..33a37b87de 100644 --- a/windows/client-management/mdm/policy-csp-admx-radar.md +++ b/windows/client-management/mdm/policy-csp-admx-radar.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_Radar Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 01/09/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_Radar -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -71,8 +68,7 @@ This policy setting will only take effect when the Diagnostic Policy Service is -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-reliability.md b/windows/client-management/mdm/policy-csp-admx-reliability.md index 1ac41a1abb..88e275bccc 100644 --- a/windows/client-management/mdm/policy-csp-admx-reliability.md +++ b/windows/client-management/mdm/policy-csp-admx-reliability.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_Reliability Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 01/09/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_Reliability -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -68,8 +65,7 @@ This policy setting allows the system to detect the time of unexpected shutdowns -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -132,8 +128,7 @@ Also see the "Configure Error Reporting" policy setting. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -199,8 +194,7 @@ The system state data file contains information about the basic system state as -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -268,8 +262,7 @@ The Shutdown Event Tracker can be displayed when you shut down a workstation or -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-remoteassistance.md b/windows/client-management/mdm/policy-csp-admx-remoteassistance.md index faee594f91..35d9c4b9b7 100644 --- a/windows/client-management/mdm/policy-csp-admx-remoteassistance.md +++ b/windows/client-management/mdm/policy-csp-admx-remoteassistance.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_RemoteAssistance Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 01/09/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_RemoteAssistance -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -65,8 +62,7 @@ This policy setting enables Remote Assistance invitations to be generated with i -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -111,10 +107,12 @@ This setting is incrementally scaled from "No optimization" to "Full optimizatio For example: "Turn off background" will include the following optimizations: + -No full window drag -Turn off background "Full optimization" will include the following optimizations: + -Use 16-bit color (8-bit color in Windows Vista) -Turn off font smoothing (not supported in Windows Vista) -No full window drag @@ -141,8 +139,7 @@ For example: -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-removablestorage.md b/windows/client-management/mdm/policy-csp-admx-removablestorage.md index 27e48cd062..1564db54fb 100644 --- a/windows/client-management/mdm/policy-csp-admx-removablestorage.md +++ b/windows/client-management/mdm/policy-csp-admx-removablestorage.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_RemovableStorage Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 01/09/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_RemovableStorage -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -66,8 +63,7 @@ This policy setting configures the amount of time (in seconds) that the operatin -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -129,8 +125,7 @@ This policy setting configures the amount of time (in seconds) that the operatin -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -189,8 +184,7 @@ This policy setting denies execute access to the CD and DVD removable storage cl -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -249,8 +243,7 @@ This policy setting denies read access to the CD and DVD removable storage class -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -309,8 +302,7 @@ This policy setting denies read access to the CD and DVD removable storage class -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -369,8 +361,7 @@ This policy setting denies write access to the CD and DVD removable storage clas -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -429,8 +420,7 @@ This policy setting denies write access to the CD and DVD removable storage clas -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -489,8 +479,7 @@ This policy setting denies read access to custom removable storage classes. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -549,8 +538,7 @@ This policy setting denies read access to custom removable storage classes. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -609,8 +597,7 @@ This policy setting denies write access to custom removable storage classes. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -669,8 +656,7 @@ This policy setting denies write access to custom removable storage classes. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -729,8 +715,7 @@ This policy setting denies execute access to the Floppy Drives removable storage -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -789,8 +774,7 @@ This policy setting denies read access to the Floppy Drives removable storage cl -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -849,8 +833,7 @@ This policy setting denies read access to the Floppy Drives removable storage cl -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -909,8 +892,7 @@ This policy setting denies write access to the Floppy Drives removable storage c -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -969,8 +951,7 @@ This policy setting denies write access to the Floppy Drives removable storage c -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1029,8 +1010,7 @@ This policy setting grants normal users direct access to removable storage devic -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1089,8 +1069,7 @@ This policy setting denies execute access to removable disks. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1149,8 +1128,7 @@ This policy setting denies read access to removable disks. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1209,8 +1187,7 @@ This policy setting denies read access to removable disks. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1272,8 +1249,7 @@ This policy setting denies write access to removable disks. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1334,8 +1310,7 @@ This policy setting takes precedence over any individual removable storage polic -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1396,8 +1371,7 @@ This policy setting takes precedence over any individual removable storage polic -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1456,8 +1430,7 @@ This policy setting denies execute access to the Tape Drive removable storage cl -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1516,8 +1489,7 @@ This policy setting denies read access to the Tape Drive removable storage class -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1576,8 +1548,7 @@ This policy setting denies read access to the Tape Drive removable storage class -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1636,8 +1607,7 @@ This policy setting denies write access to the Tape Drive removable storage clas -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1696,8 +1666,7 @@ This policy setting denies write access to the Tape Drive removable storage clas -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1756,8 +1725,7 @@ This policy setting denies read access to removable disks, which may include med -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1816,8 +1784,7 @@ This policy setting denies read access to removable disks, which may include med -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1876,8 +1843,7 @@ This policy setting denies write access to removable disks, which may include me -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1936,8 +1902,7 @@ This policy setting denies write access to removable disks, which may include me -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-rpc.md b/windows/client-management/mdm/policy-csp-admx-rpc.md index ca1428aae4..7ec169ec2d 100644 --- a/windows/client-management/mdm/policy-csp-admx-rpc.md +++ b/windows/client-management/mdm/policy-csp-admx-rpc.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_RPC Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 03/23/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_RPC -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -87,8 +84,7 @@ Extended error information includes the local time that the error occurred, the -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -157,8 +153,7 @@ The constrained delegation model, introduced in Windows Server 2003, does not re -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -227,8 +222,7 @@ The minimum allowed value for this policy setting is 90 seconds. The maximum is -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -307,8 +301,7 @@ This policy setting determines whether the RPC Runtime maintains RPC state infor -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-sam.md b/windows/client-management/mdm/policy-csp-admx-sam.md index 1dc3a07841..4251d8236b 100644 --- a/windows/client-management/mdm/policy-csp-admx-sam.md +++ b/windows/client-management/mdm/policy-csp-admx-sam.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_sam Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 03/23/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_sam -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -64,7 +61,7 @@ If not configured, domain controllers will default to using their local configur A reboot is not required for changes to this setting to take effect. -**Note** to avoid unexpected disruptions this setting should not be set to Block until appropriate mitigations have been performed, for example patching of vulnerable TPMs. +Note to avoid unexpected disruptions this setting should not be set to Block until appropriate mitigations have been performed, for example patching of vulnerable TPMs. More information is available at< https://go.microsoft.com/fwlink/?linkid=2116430>. @@ -83,8 +80,7 @@ More information is available at< https://go.microsoft.com/fwlink/?linkid=211643 -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-scripts.md b/windows/client-management/mdm/policy-csp-admx-scripts.md index dc87193ebf..134b5c3fce 100644 --- a/windows/client-management/mdm/policy-csp-admx-scripts.md +++ b/windows/client-management/mdm/policy-csp-admx-scripts.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_Scripts Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 01/09/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_Scripts -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -63,8 +60,7 @@ This policy setting allows user logon scripts to run when the logon cross-forest -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -129,8 +125,7 @@ An excessively long interval can delay the system and inconvenience users. Howev -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -207,8 +202,7 @@ For DesktopSales, GPOs B and C are applied, but not GPO A. Therefore, the script -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -271,8 +265,7 @@ Also, see the "Run Logon Scripts Visible" setting. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -333,8 +326,7 @@ Logoff scripts are batch files of instructions that run when the user logs off. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -395,8 +387,7 @@ This policy setting appears in the Computer Configuration and User Configuration -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -457,8 +448,7 @@ This policy setting appears in the Computer Configuration and User Configuration -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -519,8 +509,7 @@ Logon scripts are batch files of instructions that run when the user logs on. By -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -581,8 +570,7 @@ Shutdown scripts are batch files of instructions that run when the user restarts -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -646,8 +634,7 @@ Startup scripts are batch files that run before the user is invited to log on. B -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -711,8 +698,7 @@ Startup scripts are batch files of instructions that run before the user is invi -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -794,8 +780,7 @@ For Tamara, GPOs B and C are applied, but not GPO A. Therefore, the scripts for -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-sdiageng.md b/windows/client-management/mdm/policy-csp-admx-sdiageng.md index 3ec7284be3..2f6c38d8c6 100644 --- a/windows/client-management/mdm/policy-csp-admx-sdiageng.md +++ b/windows/client-management/mdm/policy-csp-admx-sdiageng.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_sdiageng Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 01/09/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_sdiageng -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -63,8 +60,7 @@ This policy setting allows users who are connected to the Internet to access and -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -108,7 +104,7 @@ This policy setting allows users to access and run the troubleshooting tools tha - If you disable this policy setting, users cannot access or run the troubleshooting tools from the Control Panel. -**Note** that this setting also controls a user's ability to launch standalone troubleshooting packs such as those found in .diagcab files. +Note that this setting also controls a user's ability to launch standalone troubleshooting packs such as those found in .diagcab files. @@ -125,8 +121,7 @@ This policy setting allows users to access and run the troubleshooting tools tha -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -185,8 +180,7 @@ This policy setting determines whether scripted diagnostics will execute diagnos -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-sdiagschd.md b/windows/client-management/mdm/policy-csp-admx-sdiagschd.md index 91f8df9c49..32ca21fb76 100644 --- a/windows/client-management/mdm/policy-csp-admx-sdiagschd.md +++ b/windows/client-management/mdm/policy-csp-admx-sdiagschd.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_sdiagschd Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 01/09/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_sdiagschd -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -71,8 +68,7 @@ This policy setting will only take effect when the Task Scheduler service is in -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-securitycenter.md b/windows/client-management/mdm/policy-csp-admx-securitycenter.md index 6bc06ebc29..4be5242325 100644 --- a/windows/client-management/mdm/policy-csp-admx-securitycenter.md +++ b/windows/client-management/mdm/policy-csp-admx-securitycenter.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_Securitycenter Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 01/09/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_Securitycenter -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -44,7 +41,7 @@ ms.topic: reference This policy setting specifies whether Security Center is turned on or off for computers that are joined to an Active Directory domain. When Security Center is turned on, it monitors essential security settings and notifies the user when the computer might be at risk. The Security Center Control Panel category view also contains a status section, where the user can get recommendations to help increase the computer's security. When Security Center is not enabled on the domain, neither the notifications nor the Security Center status section are displayed. -**Note** that Security Center can only be turned off for computers that are joined to a Windows domain. When a computer is not joined to a Windows domain, the policy setting will have no effect. +Note that Security Center can only be turned off for computers that are joined to a Windows domain. When a computer is not joined to a Windows domain, the policy setting will have no effect. If you do not congifure this policy setting, the Security Center is turned off for domain members. @@ -54,7 +51,7 @@ If you do not congifure this policy setting, the Security Center is turned off f Windows XP SP2 ---------------------- -In Windows XP SP2, the essential security settings that are monitored by Security Center include firewall, antivirus, and Automatic Updates. **Note** that Security Center might not be available following a change to this policy setting until after the computer is restarted for Windows XP SP2 computers. +In Windows XP SP2, the essential security settings that are monitored by Security Center include firewall, antivirus, and Automatic Updates. Note that Security Center might not be available following a change to this policy setting until after the computer is restarted for Windows XP SP2 computers. Windows Vista --------------------- @@ -75,8 +72,7 @@ In Windows Vista, this policy setting monitors essential security settings to in -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-sensors.md b/windows/client-management/mdm/policy-csp-admx-sensors.md index 31322c5681..2641588a9a 100644 --- a/windows/client-management/mdm/policy-csp-admx-sensors.md +++ b/windows/client-management/mdm/policy-csp-admx-sensors.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_Sensors Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 01/09/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_Sensors -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -63,8 +60,7 @@ This policy setting turns off the location feature for this computer. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -123,8 +119,7 @@ This policy setting turns off scripting for the location feature. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -183,8 +178,7 @@ This policy setting turns off scripting for the location feature. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -243,8 +237,7 @@ This policy setting turns off the sensor feature for this computer. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -303,8 +296,7 @@ This policy setting turns off the sensor feature for this computer. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-servermanager.md b/windows/client-management/mdm/policy-csp-admx-servermanager.md index 3bebbb38c2..d54287cc92 100644 --- a/windows/client-management/mdm/policy-csp-admx-servermanager.md +++ b/windows/client-management/mdm/policy-csp-admx-servermanager.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_ServerManager Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 01/09/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_ServerManager -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -46,7 +43,7 @@ This policy setting allows you to turn off the automatic display of the Manage Y - If you enable this policy setting, the Manage Your Server page is not displayed each time an administrator logs on to the server. -- If you disable or do not configure this policy setting, the Manage Your Server page is displayed each time an administrator logs on to the server. However, if the administrator has selected the "Don't display this page at logon" option at the bottom of the Manage Your Server page, the page is not displayed. +- If you disable or do not configure this policy setting, the Manage Your Server page is displayed each time an administrator logs on to the server. However, if the administrator has selected the "Do not display this page at logon" option at the bottom of the Manage Your Server page, the page is not displayed. @@ -65,8 +62,7 @@ This policy setting allows you to turn off the automatic display of the Manage Y -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -127,8 +123,7 @@ This policy setting allows you to turn off the automatic display of the Initial -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -192,8 +187,7 @@ This policy setting allows you to turn off the automatic display of Server Manag -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -256,8 +250,7 @@ This policy setting allows you to set the refresh interval for Server Manager. E -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-servicing.md b/windows/client-management/mdm/policy-csp-admx-servicing.md index 98279f859e..36bc9a4510 100644 --- a/windows/client-management/mdm/policy-csp-admx-servicing.md +++ b/windows/client-management/mdm/policy-csp-admx-servicing.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_Servicing Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 01/09/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_Servicing -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -65,8 +62,7 @@ The network location can be either a folder, or a WIM file. If it is a WIM file, -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-settingsync.md b/windows/client-management/mdm/policy-csp-admx-settingsync.md index 3eb2672ba9..4594789225 100644 --- a/windows/client-management/mdm/policy-csp-admx-settingsync.md +++ b/windows/client-management/mdm/policy-csp-admx-settingsync.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_SettingSync Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 03/23/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_SettingSync -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -65,8 +62,7 @@ If you do not set or disable this setting, syncing of the "app settings" group i -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -127,8 +123,7 @@ If you do not set or disable this setting, syncing of the "AppSync" group is on -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -189,8 +184,7 @@ If you do not set or disable this setting, syncing of the "passwords" group is o -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -251,8 +245,7 @@ If you do not set or disable this setting, syncing of the "desktop personalizati -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -313,8 +306,7 @@ If you do not set or disable this setting, syncing of the "personalize" group is -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -375,8 +367,7 @@ If you do not set or disable this setting, "sync your settings" is on by default -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -437,8 +428,7 @@ If you do not set or disable this setting, syncing of the "Start layout" group i -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -497,8 +487,7 @@ If you do not set or disable this setting, syncing on metered connections is con -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -559,8 +548,7 @@ If you do not set or disable this setting, syncing of the "Other Windows setting -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-sharedfolders.md b/windows/client-management/mdm/policy-csp-admx-sharedfolders.md index 5c5b42532a..a4dbd2c1ea 100644 --- a/windows/client-management/mdm/policy-csp-admx-sharedfolders.md +++ b/windows/client-management/mdm/policy-csp-admx-sharedfolders.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_SharedFolders Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/01/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_SharedFolders -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -66,8 +63,7 @@ This policy setting determines whether the user can publish DFS roots in Active -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -129,8 +125,7 @@ This policy setting determines whether the user can publish shared folders in Ac -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-sharing.md b/windows/client-management/mdm/policy-csp-admx-sharing.md index ca00b3af93..a1f051ccea 100644 --- a/windows/client-management/mdm/policy-csp-admx-sharing.md +++ b/windows/client-management/mdm/policy-csp-admx-sharing.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_Sharing Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 01/09/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_Sharing -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -67,8 +64,7 @@ You must restart the computer for this policy setting to take effect. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -127,8 +123,7 @@ This policy setting specifies whether users can share files within their profile -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-shellcommandpromptregedittools.md b/windows/client-management/mdm/policy-csp-admx-shellcommandpromptregedittools.md index e438a375db..9a40e45eee 100644 --- a/windows/client-management/mdm/policy-csp-admx-shellcommandpromptregedittools.md +++ b/windows/client-management/mdm/policy-csp-admx-shellcommandpromptregedittools.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_ShellCommandPromptRegEditTools Area in Po author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 03/23/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_ShellCommandPromptRegEditTools -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -66,8 +63,7 @@ This policy setting prevents users from running the interactive command prompt, -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -127,8 +123,7 @@ To prevent users from using other administrative tools, use the "Run only specif -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -194,8 +189,7 @@ This policy setting only prevents users from running programs that are started b -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -262,8 +256,7 @@ This policy setting only prevents users from running programs that are started b -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-smartcard.md b/windows/client-management/mdm/policy-csp-admx-smartcard.md index 9f8cd9d3d9..c518b5136f 100644 --- a/windows/client-management/mdm/policy-csp-admx-smartcard.md +++ b/windows/client-management/mdm/policy-csp-admx-smartcard.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_Smartcard Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 03/27/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_Smartcard -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -47,6 +44,7 @@ This policy setting lets you allow certificates without an Extended Key Usage (E In versions of Windows prior to Windows Vista, smart card certificates that are used for logon require an extended key usage (EKU) extension with a smart card logon object identifier. This policy setting can be used to modify that restriction. - If you enable this policy setting, certificates with the following attributes can also be used to log on with a smart card: + - Certificates with no EKU - Certificates with an All Purpose EKU - Certificates with a Client Authentication EKU @@ -68,8 +66,7 @@ In versions of Windows prior to Windows Vista, smart card certificates that are -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -130,8 +127,7 @@ In order to use the integrated unblock feature your smart card must support this -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -190,8 +186,7 @@ This policy setting lets you allow signature key-based certificates to be enumer -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -252,8 +247,7 @@ Under previous versions of Microsoft Windows, certificates were required to cont -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -312,8 +306,7 @@ This policy setting allows you to manage the certificate propagation that occurs -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -371,8 +364,7 @@ This policy setting allows you to manage the clean up behavior of root certifica -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -433,8 +425,7 @@ This policy setting allows you to manage the root certificate propagation that o -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -496,8 +487,7 @@ This policy setting prevents plaintext PINs from being returned by Credential Ma -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -562,8 +552,7 @@ This policy setting allows you to control whether elliptic curve cryptography (E -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -629,8 +618,7 @@ If there are two or more of the "same" certificate on a smart card and this poli -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -691,8 +679,7 @@ During logon Windows will by default only read the default certificate from the -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -754,8 +741,7 @@ This policy setting allows you to manage the displayed message when a smart card -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -815,8 +801,7 @@ If you disable , the subject name will be displayed as it appears in the certifi -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -878,8 +863,7 @@ This policy setting allows you to control whether Smart Card Plug and Play is en -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -941,8 +925,7 @@ This policy setting allows you to control whether a confirmation message is disp -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1001,8 +984,7 @@ This policy setting lets you determine whether an optional field will be display -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-snmp.md b/windows/client-management/mdm/policy-csp-admx-snmp.md index 3621590388..9a97f11a70 100644 --- a/windows/client-management/mdm/policy-csp-admx-snmp.md +++ b/windows/client-management/mdm/policy-csp-admx-snmp.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_Snmp Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 01/09/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_Snmp -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -77,8 +74,7 @@ Also, see the other two SNMP settings: "Specify permitted managers" and "Specify -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -147,8 +143,7 @@ Also, see the other two SNMP policy settings: "Specify trap configuration" and " -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -215,8 +210,7 @@ Also, see the other two SNMP settings: "Specify permitted managers" and "Specify -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-soundrec.md b/windows/client-management/mdm/policy-csp-admx-soundrec.md index 2c0c32056e..f84159cbf1 100644 --- a/windows/client-management/mdm/policy-csp-admx-soundrec.md +++ b/windows/client-management/mdm/policy-csp-admx-soundrec.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_SoundRec Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 01/09/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_SoundRec -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -65,8 +62,7 @@ Sound Recorder is a feature of Microsoft Windows Vista that can be used to recor -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -127,8 +123,7 @@ Sound Recorder is a feature of Microsoft Windows Vista that can be used to recor -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-srmfci.md b/windows/client-management/mdm/policy-csp-admx-srmfci.md index cce101b264..8e2390fa37 100644 --- a/windows/client-management/mdm/policy-csp-admx-srmfci.md +++ b/windows/client-management/mdm/policy-csp-admx-srmfci.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_srmfci Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 03/23/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_srmfci -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -65,8 +62,7 @@ This policy setting specifies the message that users see when they are denied ac -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -127,8 +123,7 @@ Administrators can define the properties for the organization by using Active Di -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -188,8 +183,7 @@ The Classification tab enables users to manually classify files by selecting pro -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -244,8 +238,7 @@ This Group Policy Setting should be set on Windows clients to enable access-deni -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-startmenu.md b/windows/client-management/mdm/policy-csp-admx-startmenu.md index 39837aa6f0..10384bce2f 100644 --- a/windows/client-management/mdm/policy-csp-admx-startmenu.md +++ b/windows/client-management/mdm/policy-csp-admx-startmenu.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_StartMenu Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 03/23/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_StartMenu -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -64,8 +61,7 @@ ms.topic: reference -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -135,8 +131,7 @@ This policy also does not clear items that the user may have pinned to the Jump -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -194,8 +189,7 @@ This policy also does not clear items that the user may have pinned to the Jump -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -255,8 +249,7 @@ This setting does not prevent new notifications from appearing. See the "Turn of -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -315,8 +308,7 @@ This policy setting allows desktop apps to be listed first in the Apps view in S -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -377,8 +369,7 @@ This policy setting is only applied when the Apps view is set as the default vie -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -446,8 +437,7 @@ Also, see "Remove Logoff" in User Configuration\Administrative Templates\System\ -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -508,8 +498,7 @@ This policy setting allows users to go to the desktop instead of the Start scree -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -573,8 +562,7 @@ If you disable this setting or do not configure it, all Start menu shortcuts app -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -633,8 +621,7 @@ This policy setting prevents users from performing the following commands from t -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -699,8 +686,7 @@ If you enable this setting, the system does not personalize menus. All menu item -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -764,8 +750,7 @@ The taskbar includes the Start button, list of currently running tasks, and the -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -824,8 +809,7 @@ Enabling this setting adds a check box to the Run dialog box, giving users the o -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -888,8 +872,7 @@ The notification area is located in the task bar, generally at the bottom of the -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -950,8 +933,7 @@ When you hold the cursor over an item on the Start menu or in the notification a -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1014,8 +996,7 @@ This policy setting allows you to prevent users from changing their Start screen -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1077,8 +1058,7 @@ This policy setting prevents users from performing the following commands from t -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1138,8 +1118,7 @@ By default, the Programs menu contains items from the All Users profile and item -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1207,8 +1186,7 @@ Prevents users from adding the Favorites menu to the Start menu or classic Start -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1246,7 +1224,7 @@ Prevents users from adding the Favorites menu to the Start menu or classic Start -This policy setting allows you to remove the Search link from the Start menu, and disables some File Explorer search elements. **Note** that this does not remove the search box from the new style Start menu. +This policy setting allows you to remove the Search link from the Start menu, and disables some File Explorer search elements. Note that this does not remove the search box from the new style Start menu. - If you enable this policy setting, the Search item is removed from the Start menu and from the context menu that appears when you right-click the Start menu. Also, the system does not respond when users press the Application key (the key with the Windows logo)+ F. @@ -1274,8 +1252,7 @@ This policy setting affects the specified user interface elements only. It does -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1333,8 +1310,7 @@ This policy setting affects the specified user interface elements only. It does -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1395,8 +1371,7 @@ This policy setting only affects the Start menu. It does not remove the Help men -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1459,8 +1434,7 @@ This policy setting does not prevent users from pinning programs to the Start Me -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1528,8 +1502,7 @@ Selecting "Remove and disable setting" will remove the all apps list from Start -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1593,8 +1566,7 @@ Also, see the "Disable programs on Settings menu" and "Disable Control Panel" po -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1654,8 +1626,7 @@ In Windows XP and Windows Vista, the Internet and email checkboxes are removed f -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1725,8 +1696,7 @@ This setting also does not hide document shortcuts displayed in the Open dialog -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1790,8 +1760,7 @@ Also, see the "Do not track Shell shortcuts during roaming" and the "Do not use -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1855,8 +1824,7 @@ Also, see the "Do not track Shell shortcuts during roaming" and the "Do not use -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1939,8 +1907,7 @@ Also, users with extended keyboards will no longer be able to display the Run di -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1998,8 +1965,7 @@ Also, users with extended keyboards will no longer be able to display the Run di -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2057,8 +2023,7 @@ Also, users with extended keyboards will no longer be able to display the Run di -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2116,8 +2081,7 @@ Also, users with extended keyboards will no longer be able to display the Run di -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2177,8 +2141,7 @@ Also, users with extended keyboards will no longer be able to display the Run di -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2236,8 +2199,7 @@ Also, users with extended keyboards will no longer be able to display the Run di -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2295,8 +2257,7 @@ Also, users with extended keyboards will no longer be able to display the Run di -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2359,8 +2320,7 @@ Also, see the "Disable Control Panel," "Disable Display in Control Panel," and " -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2425,8 +2385,7 @@ If the user right-clicks the taskbar and then clicks Properties, a message appea -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2490,8 +2449,7 @@ Clicking the Default Programs link from the Start menu opens the Default Program -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2555,8 +2513,7 @@ Also, see the "Remove Documents icon on the desktop" policy setting. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2615,8 +2572,7 @@ This policy setting allows you to remove the Music icon from Start Menu. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2675,8 +2631,7 @@ This policy setting allows you to remove the Network icon from Start Menu. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2735,8 +2690,7 @@ This policy setting allows you to remove the Pictures icon from Start Menu. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2795,8 +2749,7 @@ This policy setting allows you to remove the Downloads link from the Start Menu. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2854,8 +2807,7 @@ This policy setting allows you to remove the Downloads link from the Start Menu. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2914,8 +2866,7 @@ This policy setting allows you to remove the Recorded TV link from the Start Men -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2957,7 +2908,7 @@ Hides all folders on the user-specific (top) section of the Start menu. Other it This setting is designed for use with redirected folders. Redirected folders appear on the main (bottom) section of the Start menu. However, the original, user-specific version of the folder still appears on the top section of the Start menu. Because the appearance of two folders with the same name might confuse users, you can use this setting to hide user-specific folders. -**Note** that this setting hides all user-specific folders, not just those associated with redirected folders. +Note that this setting hides all user-specific folders, not just those associated with redirected folders. - If you enable this setting, no folders appear on the top section of the Start menu. If users add folders to the Start Menu directory in their user profiles, the folders appear in the directory but not on the Start menu. @@ -2978,8 +2929,7 @@ This setting is designed for use with redirected folders. Redirected folders app -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -3038,8 +2988,7 @@ This policy setting allows you to remove the Videos link from the Start Menu. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -3102,8 +3051,7 @@ The classic Start menu in Windows 2000 Professional allows users to begin common -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -3162,8 +3110,7 @@ Prevents the clock in the system notification area from being displayed. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -3224,8 +3171,7 @@ Taskbar grouping consolidates similar applications when there is no room on the -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -3286,8 +3232,7 @@ The taskbar includes the Start button, buttons for currently running tasks, cust -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -3352,8 +3297,7 @@ This policy setting does not prevent users from using other methods to issue the -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -3417,8 +3361,7 @@ Description: The notification area is located at the far right end of the task b -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -3480,8 +3423,7 @@ Description: The notification area is located at the far right end of the task b -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -3539,8 +3481,7 @@ Description: The notification area is located at the far right end of the task b -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -3601,8 +3542,7 @@ To remove the user name folder on Windows Vista, set the "Remove user folder lin -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -3667,8 +3607,7 @@ Also, see the "Hide the "Add programs from Microsoft" option" policy setting. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -3729,8 +3668,7 @@ If you set the button to either Sleep or Hibernate, and that state is not suppor -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -3790,8 +3728,7 @@ This policy setting controls whether the QuickLaunch bar is displayed in the Tas -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -3849,8 +3786,7 @@ This policy setting controls whether the QuickLaunch bar is displayed in the Tas -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -3909,8 +3845,7 @@ This policy setting allows the Apps view to be opened by default when the user g -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -3972,8 +3907,7 @@ This policy setting shows or hides the "Run as different user" command on the St -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -4030,8 +3964,7 @@ This policy setting shows or hides the "Run as different user" command on the St -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -4090,8 +4023,7 @@ This policy setting allows the Start screen to appear on the display the user is -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -4157,8 +4089,7 @@ See also: "Remove Logoff" policy setting in User Configuration\Administrative Te -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -4217,8 +4148,7 @@ This policy setting allows pinning apps to Start by default, when they are inclu -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-systemrestore.md b/windows/client-management/mdm/policy-csp-admx-systemrestore.md index 1880514363..debf6dcdb4 100644 --- a/windows/client-management/mdm/policy-csp-admx-systemrestore.md +++ b/windows/client-management/mdm/policy-csp-admx-systemrestore.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_SystemRestore Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 01/09/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_SystemRestore -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -69,8 +66,7 @@ Also, see the "Turn off System Restore" policy setting. If the "Turn off System -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-tabletpcinputpanel.md b/windows/client-management/mdm/policy-csp-admx-tabletpcinputpanel.md index b83e3d74c0..a73e974a68 100644 --- a/windows/client-management/mdm/policy-csp-admx-tabletpcinputpanel.md +++ b/windows/client-management/mdm/policy-csp-admx-tabletpcinputpanel.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_TabletPCInputPanel Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 01/09/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_TabletPCInputPanel -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -67,8 +64,7 @@ Tablet PC Input Panel is a Tablet PC accessory that enables you to use handwriti -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -131,8 +127,7 @@ Tablet PC Input Panel is a Tablet PC accessory that enables you to use handwriti -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -198,8 +193,7 @@ Tablet PC Input Panel is a Tablet PC accessory that enables you to use handwriti -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -265,8 +259,7 @@ Tablet PC Input Panel is a Tablet PC accessory that enables you to use handwriti -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -332,8 +325,7 @@ Tablet PC Input Panel is a Tablet PC accessory that enables you to use handwriti -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -399,8 +391,7 @@ Tablet PC Input Panel is a Tablet PC accessory that enables you to use handwriti -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -463,8 +454,7 @@ Tablet PC Input Panel is a Tablet PC accessory that enables you to use handwriti -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -527,8 +517,7 @@ Tablet PC Input Panel is a Tablet PC accessory that enables you to use handwriti -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -602,8 +591,7 @@ Touch Keyboard and Handwriting panel enables you to use handwriting or an on-scr -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -677,8 +665,7 @@ Touch Keyboard and Handwriting panel enables you to use handwriting or an on-scr -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -741,8 +728,7 @@ Touch Keyboard and Handwriting panel enables you to use handwriting or an on-scr -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -805,8 +791,7 @@ Touch Keyboard and Handwriting panel enables you to use handwriting or an on-scr -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -869,8 +854,7 @@ Touch Keyboard and Handwriting panel (a.k.a. Tablet PC Input Panel in Windows 7 -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -933,8 +917,7 @@ Touch Keyboard and Handwriting panel (a.k.a. Tablet PC Input Panel in Windows 7 -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1003,8 +986,7 @@ Tablet PC Input Panel is a Tablet PC accessory that enables you to use handwriti -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1073,8 +1055,7 @@ Tablet PC Input Panel is a Tablet PC accessory that enables you to use handwriti -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-tabletshell.md b/windows/client-management/mdm/policy-csp-admx-tabletshell.md index bb04b3fb84..134de35ead 100644 --- a/windows/client-management/mdm/policy-csp-admx-tabletshell.md +++ b/windows/client-management/mdm/policy-csp-admx-tabletshell.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_TabletShell Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 01/09/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_TabletShell -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -65,8 +62,7 @@ Prevents start of InkBall game. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -127,8 +123,7 @@ Prevents start of InkBall game. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -189,8 +184,7 @@ Prevents start of Windows Journal. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -251,8 +245,7 @@ Prevents start of Windows Journal. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -313,8 +306,7 @@ Prevents printing to Journal Note Writer. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -375,8 +367,7 @@ Prevents printing to Journal Note Writer. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -437,8 +428,7 @@ Prevents the snipping tool from running. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -499,8 +489,7 @@ Prevents the snipping tool from running. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -561,8 +550,7 @@ Removes the Back->ESC mapping that normally occurs when menus are visible, and f -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -623,8 +611,7 @@ Removes the Back->ESC mapping that normally occurs when menus are visible, and f -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -683,8 +670,7 @@ Makes pen flicks and all related features unavailable. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -743,8 +729,7 @@ Makes pen flicks and all related features unavailable. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -803,8 +788,7 @@ Makes pen flicks learning mode unavailable. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -863,8 +847,7 @@ Makes pen flicks learning mode unavailable. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -925,8 +908,7 @@ Prevents the user from launching an application from a Tablet PC hardware button -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -987,8 +969,7 @@ Prevents the user from launching an application from a Tablet PC hardware button -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1049,8 +1030,7 @@ Prevents press and hold actions on hardware buttons, so that only one action is -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1111,8 +1091,7 @@ Prevents press and hold actions on hardware buttons, so that only one action is -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1173,8 +1152,7 @@ Turns off Tablet PC hardware buttons. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1235,8 +1213,7 @@ Turns off Tablet PC hardware buttons. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1295,8 +1272,7 @@ Disables visual pen action feedback, except for press and hold feedback. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1355,8 +1331,7 @@ Disables visual pen action feedback, except for press and hold feedback. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-taskbar.md b/windows/client-management/mdm/policy-csp-admx-taskbar.md index 5324e13ac0..f110506521 100644 --- a/windows/client-management/mdm/policy-csp-admx-taskbar.md +++ b/windows/client-management/mdm/policy-csp-admx-taskbar.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_Taskbar Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 03/23/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_Taskbar -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -71,8 +68,7 @@ A reboot is required for this policy setting to take effect. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -135,8 +131,7 @@ A reboot is required for this policy setting to take effect. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -195,8 +190,7 @@ This policy setting allows you to remove Security and Maintenance from the syste -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -255,8 +249,7 @@ This policy setting allows you to remove the networking icon from the system con -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -315,8 +308,7 @@ This policy setting allows you to remove the battery meter from the system contr -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -375,8 +367,7 @@ This policy setting allows you to remove the volume control icon from the system -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -435,8 +426,7 @@ If you disable do not configure this policy setting, feature advertisement ballo -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -495,8 +485,7 @@ This policy setting allows you to control pinning the Store app to the Taskbar. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -555,8 +544,7 @@ This policy setting allows you to control pinning items in Jump Lists. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -615,8 +603,7 @@ This policy setting allows you to control pinning programs to the Taskbar. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -680,8 +667,7 @@ The Start Menu and Taskbar display Jump Lists off of programs. These menus inclu -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -740,8 +726,7 @@ This policy setting allows you to turn off automatic promotion of notification i -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -802,8 +787,7 @@ This policy setting allows users to see Windows Store apps on the taskbar. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -862,8 +846,7 @@ This policy setting allows you to lock all taskbar settings. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -922,8 +905,7 @@ This policy setting allows you to prevent users from adding or removing toolbars -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -982,8 +964,7 @@ This policy setting allows you to prevent users from rearranging toolbars. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1042,8 +1023,7 @@ This policy setting allows you to prevent taskbars from being displayed on more -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1102,8 +1082,7 @@ This policy setting allows you to turn off all notification balloons. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1166,8 +1145,7 @@ This policy setting allows you to remove pinned programs from the taskbar. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1226,8 +1204,7 @@ This policy setting allows you to prevent users from moving taskbar to another s -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1286,8 +1263,7 @@ This policy setting allows you to prevent users from resizing the taskbar. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1346,8 +1322,7 @@ This policy setting allows you to turn off taskbar thumbnails. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-tcpip.md b/windows/client-management/mdm/policy-csp-admx-tcpip.md index 07885bdc4a..2584201a47 100644 --- a/windows/client-management/mdm/policy-csp-admx-tcpip.md +++ b/windows/client-management/mdm/policy-csp-admx-tcpip.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_tcpip Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 03/23/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_tcpip -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -63,8 +60,7 @@ This policy setting allows you to specify a 6to4 relay name for a 6to4 host. A 6 -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -122,8 +118,7 @@ This policy setting allows you to specify the interval at which the relay name i -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -187,8 +182,7 @@ Policy Disabled State: 6to4 is turned off and connectivity with 6to4 will not be -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -246,8 +240,7 @@ This policy setting allows you to configure IP Stateless Autoconfiguration Limit -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -312,8 +305,7 @@ Policy Disabled State: No IP-HTTPS interfaces are present on the host. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -371,8 +363,7 @@ This policy setting allows you to specify a router name or Internet Protocol ver -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -436,8 +427,7 @@ Policy Disabled State: No ISATAP interfaces are present on the host. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -495,8 +485,7 @@ This policy setting allows you to select the UDP port the Teredo client will use -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -556,8 +545,7 @@ Policy Enabled State: If Default Qualified is enabled, Teredo will attempt quali -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -618,8 +606,7 @@ This policy setting allows you to configure the Teredo refresh rate. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -677,8 +664,7 @@ This policy setting allows you to specify the name of the Teredo server. This se -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -744,8 +730,7 @@ Enterprise Client: The Teredo interface is always present, even if the host is o -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -805,8 +790,7 @@ This policy setting allows you to configure Window Scaling Heuristics. Window Sc -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-terminalserver.md b/windows/client-management/mdm/policy-csp-admx-terminalserver.md index 31bdd76413..98e9f29b07 100644 --- a/windows/client-management/mdm/policy-csp-admx-terminalserver.md +++ b/windows/client-management/mdm/policy-csp-admx-terminalserver.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_TerminalServer Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 03/23/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_TerminalServer -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -65,8 +62,7 @@ If the status is set to Not Configured, automatic reconnection is not specified -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -127,8 +123,7 @@ By default, Remote Desktop Services allows redirection of video capture devices. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -194,8 +189,7 @@ If no certificate can be found that was created with the specified certificate t -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -257,8 +251,7 @@ This policy setting allows you to specify whether users can run Remote Desktop P -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -321,8 +314,7 @@ This policy setting allows you to specify whether users can run Remote Desktop P -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -381,8 +373,7 @@ This policy setting allows you to specify whether users can run unsigned Remote -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -441,8 +432,7 @@ This policy setting allows you to specify whether users can run unsigned Remote -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -506,8 +496,7 @@ By default, audio and video playback redirection is not allowed when connecting -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -571,8 +560,7 @@ By default, audio recording redirection is not allowed when connecting to a comp -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -635,8 +623,7 @@ Audio playback quality can be configured on the client computer by using the aud -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -698,8 +685,7 @@ You can use this setting to prevent users from redirecting Clipboard data to and -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -762,8 +748,7 @@ You can use this setting to prevent users from redirecting data to COM port peri -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -826,8 +811,7 @@ By default, Remote Desktop Services automatically designates the client default -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -882,8 +866,7 @@ This policy setting specifies whether the Remote Desktop Connection can use hard -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -942,8 +925,7 @@ Controls whether a user can save passwords using Remote Desktop Connection. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1006,8 +988,7 @@ You can use this setting to prevent users from mapping local LPT ports and redir -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1072,8 +1053,7 @@ By default, Remote Desktop Services does not allow redirection of supported Plug -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1136,8 +1116,7 @@ You can use this policy setting to prevent users from redirecting print jobs fro -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1181,7 +1160,7 @@ This policy setting allows you to specify a list of Secure Hash Algorithm 1 (SHA - If you disable or do not configure this policy setting, no publisher is treated as a trusted .rdp publisher. -**Note**: +Note: You can define this policy setting in the Computer Configuration node or in the User Configuration node. - If you configure this policy setting for the computer, the list of certificate thumbprints trusted for a user is a combination of the list defined for the computer and the list defined for the user. @@ -1205,8 +1184,7 @@ If the list contains a string that is not a certificate thumbprint, it is ignore -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1249,7 +1227,7 @@ This policy setting allows you to specify a list of Secure Hash Algorithm 1 (SHA - If you disable or do not configure this policy setting, no publisher is treated as a trusted .rdp publisher. -**Note**: +Note: You can define this policy setting in the Computer Configuration node or in the User Configuration node. - If you configure this policy setting for the computer, the list of certificate thumbprints trusted for a user is a combination of the list defined for the computer and the list defined for the user. @@ -1273,8 +1251,7 @@ If the list contains a string that is not a certificate thumbprint, it is ignore -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1332,8 +1309,7 @@ This policy setting specifies whether the UDP protocol will be used to access se -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1379,7 +1355,7 @@ You can use this policy setting to set a limit on the color depth of any connect - If you disable or do not configure this policy setting, the color depth for connections is not specified at the Group Policy level. -**Note**: +Note: 1. Setting the color depth to 24 bits is only supported on Windows Server 2003 and Windows XP Professional. 2. The value specified in this policy setting is not applied to connections from client computers that are using at least Remote Desktop Protocol 8.0 (computers running at least Windows 8 or Windows Server 2012). The 32-bit color depth format is always used for these connections. @@ -1406,8 +1382,7 @@ If the client does not support at least 16 bits, the connection is terminated. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1471,8 +1446,7 @@ This policy setting allows you to limit the size of the entire roaming user prof -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1535,8 +1509,7 @@ If the status is set to Not Configured, the default behavior applies. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1600,8 +1573,7 @@ This policy setting enables system administrators to change the graphics renderi -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1663,8 +1635,7 @@ This policy setting allows you to specify whether the Remote Desktop Easy Print -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1726,8 +1697,7 @@ This policy setting allows you to specify whether the Remote Desktop Easy Print -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1792,8 +1762,7 @@ When deployed on an RD Session Host server, RemoteFX delivers a rich user experi -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1867,8 +1836,7 @@ By default, the RD Session Host server fallback printer driver is disabled. If t -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1932,8 +1900,7 @@ This policy is useful when the currently connected administrator does not want t -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1992,8 +1959,7 @@ If you disable or do not configure this policy setting, the authentication metho -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2057,8 +2023,7 @@ To allow users to overwrite this policy setting, select the "Allow users to chan -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2121,8 +2086,7 @@ To allow users to overwrite the "Set RD Gateway server address" policy setting a -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2167,7 +2131,7 @@ If the policy setting is enabled, the RD Session Host server joins the farm that If the policy setting is not configured, the policy setting is not specified at the Group Policy level. -**Note**: +Note: 1. @@ -2190,8 +2154,7 @@ If the policy setting is not configured, the policy setting is not specified at -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2252,8 +2215,7 @@ After an RD Session Host server client loses the connection to an RD Session Hos -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2319,8 +2281,7 @@ By default, the RDS Endpoint Servers group is empty. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2383,8 +2344,7 @@ This policy setting allows you to specify the order in which an RD Session Host -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2444,8 +2404,7 @@ By default, notifications are displayed on an RD Session Host server after you l -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2509,8 +2468,7 @@ Per Device licensing mode requires that each device connecting to this RD Sessio -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2575,8 +2533,7 @@ If the status is set to Disabled or Not Configured, limits to the number of conn -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2634,8 +2591,7 @@ This policy setting allows you to specify the maximum display resolution that ca -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2693,8 +2649,7 @@ This policy setting allows you to limit the number of monitors that a user can u -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2757,8 +2712,7 @@ You can use this policy setting to prevent users from using this familiar method -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2817,8 +2771,7 @@ If the status is set to Disabled or Not Configured, Windows Security remains in -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2884,8 +2837,7 @@ By default, if the most appropriate RDS CAL is not available for a connection, a -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2947,8 +2899,7 @@ This policy setting determines whether a user will be prompted on the client com -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -3012,8 +2963,7 @@ The default connection URL must be configured in the form of< https://contoso.co -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -3073,8 +3023,7 @@ By default, when a new user signs in to a computer, the Start screen is shown an -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -3140,8 +3089,7 @@ By default, when a new user signs in to a computer, the Start screen is shown an -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -3206,8 +3154,7 @@ By default, when a new user signs in to a computer, the Start screen is shown an -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -3267,8 +3214,7 @@ By default, Remote Desktop Connection sessions that use RemoteFX are optimized f -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -3313,7 +3259,7 @@ If you specify a new farm name, a new farm is created in RD Connection Broker. I - If you disable or do not configure this policy setting, the farm name is not specified at the Group Policy level. -**Note**: +Note: 1. This policy setting is not effective unless both the Join RD Connection Broker and the Configure RD Connection Broker server name policy settings are enabled and configured by using Group Policy. @@ -3334,8 +3280,7 @@ If you specify a new farm name, a new farm is created in RD Connection Broker. I -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -3380,7 +3325,7 @@ This policy setting allows you to specify the redirection method to use when a c - If you do not configure this policy setting, the Use IP address redirection policy setting is not enforced at the group Group policy Policy level and the default will be used. This setting is enabled by default. -**Note**: +Note: 1. For Windows Server 2008, this policy setting is supported on at least Windows Server 2008 Standard. @@ -3399,8 +3344,7 @@ This policy setting allows you to specify the redirection method to use when a c -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -3444,7 +3388,7 @@ This policy setting allows you to specify the RD Connection Broker server that t - If you disable or do not configure this policy setting, the policy setting is not specified at the Group Policy level. -**Note**: +Note: 1. For Windows Server 2008, this policy setting is supported on at least Windows Server 2008 Standard. @@ -3467,8 +3411,7 @@ This policy setting allows you to specify the RD Connection Broker server that t -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -3532,8 +3475,7 @@ This policy setting specifies whether to require the use of a specific security -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -3597,8 +3539,7 @@ If you disable or do not configure this policy setting, Remote Desktop Protocol -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -3662,8 +3603,7 @@ If the UDP connection is not successful or if you select "Use only TCP," all of -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -3721,8 +3661,7 @@ This policy setting allows you to enable RemoteApp programs to use advanced grap -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -3787,8 +3726,7 @@ Do not connect if authentication fails: The client establishes a connection to t -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -3842,8 +3780,7 @@ This policy setting lets you enable H.264/AVC hardware encoding support for Remo -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -3898,8 +3835,7 @@ This policy setting prioritizes the H.264/AVC 444 graphics mode for non-RemoteFX -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -3962,8 +3898,7 @@ You can also choose not to use an RDP compression algorithm. Choosing not to use -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -4026,8 +3961,7 @@ This policy setting allows you to specify the visual quality for remote users wh -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -4084,8 +4018,7 @@ This policy setting allows you to configure graphics encoding to use the RemoteF -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -4149,8 +4082,7 @@ This policy setting allows the administrator to configure the RemoteFX experienc -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -4210,8 +4142,7 @@ By default, Remote Desktop Services sessions are optimized for rich multimedia, -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -4271,8 +4202,7 @@ For this change to take effect, you must restart Windows. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -4340,8 +4270,7 @@ Time limits are set locally by the server administrator or by using Group Policy -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -4409,8 +4338,7 @@ Time limits are set locally by the server administrator or by using Group Policy -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -4476,8 +4404,7 @@ When a session is in a disconnected state, running programs are kept active even -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -4542,8 +4469,7 @@ When a session is in a disconnected state, running programs are kept active even -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -4606,8 +4532,7 @@ If you want Remote Desktop Services to end instead of disconnect a session when -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -4670,8 +4595,7 @@ If you want Remote Desktop Services to end instead of disconnect a session when -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -4734,8 +4658,7 @@ If you want Remote Desktop Services to end instead of disconnect a session when -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -4798,8 +4721,7 @@ If you want Remote Desktop Services to end instead of disconnect a session when -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -4859,8 +4781,7 @@ This policy setting allows you to restrict users to a single Remote Desktop Serv -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -4922,8 +4843,7 @@ This policy setting allows you to control the redirection of smart card devices -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -4991,8 +4911,7 @@ If the status is set to Disabled or Not Configured, Remote Desktop Services sess -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -5060,8 +4979,7 @@ If the status is set to Disabled or Not Configured, Remote Desktop Services sess -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -5126,8 +5044,7 @@ You can use this setting to maintain a user's session-specific temporary folders -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -5190,8 +5107,7 @@ You can use this policy setting to disable the creation of separate temporary fo -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -5253,8 +5169,7 @@ This policy setting determines whether the client computer redirects its time zo -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -5318,8 +5233,7 @@ You can use this setting to prevent administrators from making changes to the us -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -5381,8 +5295,7 @@ This policy setting determines whether the desktop is always displayed after a c -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -5445,8 +5358,7 @@ Remote Desktop sessions don't currently support UI Automation redirection. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -5507,8 +5419,7 @@ For this change to take effect, you must restart Windows. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -5573,8 +5484,7 @@ To determine whether a client computer supports Network Level Authentication, st -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -5640,8 +5550,7 @@ If the status is set to Disabled or Not Configured, the user's home directory is -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -5684,7 +5593,7 @@ This policy setting allows you to specify whether Remote Desktop Services uses a - If you disable or do not configure this policy setting, mandatory user profiles are not used by users connecting remotely to the RD Session Host server. -**Note**: +Note: For this policy setting to take effect, you must also enable and configure the "Set path for Remote Desktop Services Roaming User Profile" policy setting. @@ -5703,8 +5612,7 @@ For this policy setting to take effect, you must also enable and configure the " -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -5752,7 +5660,7 @@ To configure this policy setting, type the path to the network share in the form - If you disable or do not configure this policy setting, user profiles are stored locally on the RD Session Host server. You can configure a user's profile path on the Remote Desktop Services Profile tab on the user's account Properties dialog box. -**Note**: +Note: 1. The roaming user profiles enabled by the policy setting apply only to Remote Desktop Services connections. A user might also have a Windows roaming user profile configured. The Remote Desktop Services roaming user profile always takes precedence in a Remote Desktop Services session. 2. To configure a mandatory Remote Desktop Services roaming user profile for all users connecting remotely to the RD Session Host server, use this policy setting together with the "Use mandatory profiles on the RD Session Host server" policy setting located in Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\RD Session Host\Profiles. The path set in the "Set path for Remote Desktop Services Roaming User Profile" policy setting should contain the mandatory profile. @@ -5772,8 +5680,7 @@ To configure this policy setting, type the path to the network share in the form -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-thumbnails.md b/windows/client-management/mdm/policy-csp-admx-thumbnails.md index 8e006a237e..48b4bfbd9a 100644 --- a/windows/client-management/mdm/policy-csp-admx-thumbnails.md +++ b/windows/client-management/mdm/policy-csp-admx-thumbnails.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_Thumbnails Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 01/09/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_Thumbnails -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -65,8 +62,7 @@ File Explorer displays thumbnail images by default. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -127,8 +123,7 @@ File Explorer displays thumbnail images on network folders by default. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -189,8 +184,7 @@ This policy setting allows you to configure File Explorer to cache thumbnails of -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-touchinput.md b/windows/client-management/mdm/policy-csp-admx-touchinput.md index 28c4c48fb4..f95091efea 100644 --- a/windows/client-management/mdm/policy-csp-admx-touchinput.md +++ b/windows/client-management/mdm/policy-csp-admx-touchinput.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_TouchInput Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 01/09/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_TouchInput -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -69,8 +66,7 @@ Turns off touch panning, which allows users pan inside windows by touch. On a co -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -135,8 +131,7 @@ Turns off touch panning, which allows users pan inside windows by touch. On a co -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -202,8 +197,7 @@ Turns off touch input, which allows the user to interact with their computer usi -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -269,8 +263,7 @@ Turns off touch input, which allows the user to interact with their computer usi -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-tpm.md b/windows/client-management/mdm/policy-csp-admx-tpm.md index b22b7d4527..4ddef01a00 100644 --- a/windows/client-management/mdm/policy-csp-admx-tpm.md +++ b/windows/client-management/mdm/policy-csp-admx-tpm.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_TPM Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 03/23/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_TPM -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -63,8 +60,7 @@ This policy setting allows you to manage the Group Policy list of Trusted Platfo -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -119,8 +115,7 @@ This policy setting configures the system to prompt the user to clear the TPM if -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -181,8 +176,7 @@ The default list of blocked TPM commands is pre-configured by Windows. You can v -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -243,8 +237,7 @@ The local list of blocked TPM commands is configured outside of Group Policy by -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -299,8 +292,7 @@ This group policy enables Device Health Attestation reporting (DHA-report) on su -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -368,8 +360,7 @@ Choose the operating system managed TPM authentication setting of "None" for com -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -439,8 +430,7 @@ If this value is not configured, a default value of 480 minutes (8 hours) is use -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -513,8 +503,7 @@ A value of zero means the OS will not allow standard users to send commands to t -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -587,8 +576,7 @@ A value of zero means the OS will not allow standard users to send commands to t -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -626,7 +614,7 @@ A value of zero means the OS will not allow standard users to send commands to t -This policy setting configures the TPM to use the Dictionary Attack Prevention Parameters (lockout threshold and recovery time) to the values that were used for Windows 10 Version 1607 and below. Setting this policy will take effect only if a) the TPM was originally prepared using a version of Windows after Windows 10 Version 1607 and b) the System has a TPM 2.0. **Note** that enabling this policy will only take effect after the TPM maintenance task runs (which typically happens after a system restart). Once this policy has been enabled on a system and has taken effect (after a system restart), disabling it will have no impact and the system's TPM will remain configured using the legacy Dictionary Attack Prevention parameters, regardless of the value of this group policy. The only way for the disabled setting of this policy to take effect on a system where it was once enabled is to a) disable it from group policy and b)clear the TPM on the system. +This policy setting configures the TPM to use the Dictionary Attack Prevention Parameters (lockout threshold and recovery time) to the values that were used for Windows 10 Version 1607 and below. Setting this policy will take effect only if a) the TPM was originally prepared using a version of Windows after Windows 10 Version 1607 and b) the System has a TPM 2.0. Note that enabling this policy will only take effect after the TPM maintenance task runs (which typically happens after a system restart). Once this policy has been enabled on a system and has taken effect (after a system restart), disabling it will have no impact and the system's TPM will remain configured using the legacy Dictionary Attack Prevention parameters, regardless of the value of this group policy. The only way for the disabled setting of this policy to take effect on a system where it was once enabled is to a) disable it from group policy and b)clear the TPM on the system. @@ -643,8 +631,7 @@ This policy setting configures the TPM to use the Dictionary Attack Prevention P -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-userexperiencevirtualization.md b/windows/client-management/mdm/policy-csp-admx-userexperiencevirtualization.md index f802208d23..4e6041c26c 100644 --- a/windows/client-management/mdm/policy-csp-admx-userexperiencevirtualization.md +++ b/windows/client-management/mdm/policy-csp-admx-userexperiencevirtualization.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_UserExperienceVirtualization Area in Poli author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 03/23/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_UserExperienceVirtualization -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -68,8 +65,7 @@ By default, the user settings of Calculator synchronize between computers. Use t -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -133,8 +129,7 @@ With notifications enabled, UE-V users receive a message when the settings sync -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -196,8 +191,7 @@ This policy setting configures the synchronization of User Experience Virtualiza -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -256,8 +250,7 @@ This policy setting specifies the text of the Contact IT URL hyperlink in the Co -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -315,8 +308,7 @@ This policy setting specifies the URL for the Contact IT link in the Company Set -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -382,8 +374,7 @@ By default, the UE-V Agent synchronizes settings for Windows apps between the co -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -447,8 +438,7 @@ Certain Windows settings will synchronize between computers by default. These se -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -502,8 +492,7 @@ This policy setting allows you to enable or disable User Experience Virtualizati -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -567,8 +556,7 @@ By default, the user settings of Finance sync between computers. Use the policy -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -627,8 +615,7 @@ If you do not configure this policy setting, any defined values are deleted. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -692,8 +679,7 @@ By default, the user settings of Games sync between computers. Use the policy se -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -757,8 +743,7 @@ By default, the user settings of Internet Explorer 10 synchronize between comput -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -822,8 +807,7 @@ By default, the user settings of Internet Explorer 11 synchronize between comput -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -887,8 +871,7 @@ By default, the user settings of Internet Explorer 8 synchronize between compute -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -952,8 +935,7 @@ By default, the user settings of Internet Explorer 9 synchronize between compute -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1017,8 +999,7 @@ By default, the user settings which are common between the versions of Internet -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1081,8 +1062,7 @@ By default, the user settings of Maps sync between computers. Use the policy set -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1144,8 +1124,7 @@ This policy setting allows you to configure the UE-V Agent to write a warning ev -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1208,8 +1187,7 @@ By default, the user settings of Microsoft Access 2010 synchronize between compu -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1272,8 +1250,7 @@ By default, the user settings which are common between the Microsoft Office Suit -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1336,8 +1313,7 @@ By default, the user settings of Microsoft Excel 2010 synchronize between comput -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1400,8 +1376,7 @@ By default, the user settings of Microsoft InfoPath 2010 synchronize between com -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1464,8 +1439,7 @@ By default, the user settings of Microsoft Lync 2010 synchronize between compute -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1529,8 +1503,7 @@ By default, the user settings of Microsoft OneNote 2010 synchronize between comp -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1593,8 +1566,7 @@ By default, the user settings of Microsoft Outlook 2010 synchronize between comp -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1657,8 +1629,7 @@ By default, the user settings of Microsoft PowerPoint 2010 synchronize between c -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1721,8 +1692,7 @@ By default, the user settings of Microsoft Project 2010 synchronize between comp -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1785,8 +1755,7 @@ By default, the user settings of Microsoft Publisher 2010 synchronize between co -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1849,8 +1818,7 @@ By default, the user settings of Microsoft SharePoint Designer 2010 synchronize -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1913,8 +1881,7 @@ By default, the user settings of Microsoft SharePoint Workspace 2010 synchronize -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1977,8 +1944,7 @@ By default, the user settings of Microsoft Visio 2010 synchronize between comput -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2041,8 +2007,7 @@ By default, the user settings of Microsoft Word 2010 synchronize between compute -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2105,8 +2070,7 @@ By default, the user settings of Microsoft Access 2013 synchronize between compu -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2169,8 +2133,7 @@ Microsoft Access 2013 has user settings that are backed up instead of synchroniz -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2233,8 +2196,7 @@ By default, the user settings which are common between the Microsoft Office Suit -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2297,8 +2259,7 @@ Microsoft Office Suite 2013 has user settings which are common between applicati -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2361,8 +2322,7 @@ By default, the user settings of Microsoft Excel 2013 synchronize between comput -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2425,8 +2385,7 @@ Microsoft Excel 2013 has user settings that are backed up instead of synchronizi -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2489,8 +2448,7 @@ By default, the user settings of Microsoft InfoPath 2013 synchronize between com -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2553,8 +2511,7 @@ Microsoft InfoPath 2013 has user settings that are backed up instead of synchron -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2617,8 +2574,7 @@ By default, the user settings of Microsoft Lync 2013 synchronize between compute -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2681,8 +2637,7 @@ Microsoft Lync 2013 has user settings that are backed up instead of synchronizin -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2745,8 +2700,7 @@ By default, the user settings of OneDrive for Business 2013 synchronize between -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2809,8 +2763,7 @@ By default, the user settings of Microsoft OneNote 2013 synchronize between comp -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2873,8 +2826,7 @@ Microsoft OneNote 2013 has user settings that are backed up instead of synchroni -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2937,8 +2889,7 @@ By default, the user settings of Microsoft Outlook 2013 synchronize between comp -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -3001,8 +2952,7 @@ Microsoft Outlook 2013 has user settings that are backed up instead of synchroni -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -3065,8 +3015,7 @@ By default, the user settings of Microsoft PowerPoint 2013 synchronize between c -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -3129,8 +3078,7 @@ Microsoft PowerPoint 2013 has user settings that are backed up instead of synchr -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -3193,8 +3141,7 @@ By default, the user settings of Microsoft Project 2013 synchronize between comp -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -3257,8 +3204,7 @@ Microsoft Project 2013 has user settings that are backed up instead of synchroni -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -3321,8 +3267,7 @@ By default, the user settings of Microsoft Publisher 2013 synchronize between co -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -3385,8 +3330,7 @@ Microsoft Publisher 2013 has user settings that are backed up instead of synchro -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -3449,8 +3393,7 @@ By default, the user settings of Microsoft SharePoint Designer 2013 synchronize -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -3513,8 +3456,7 @@ Microsoft SharePoint Designer 2013 has user settings that are backed up instead -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -3577,8 +3519,7 @@ By default, the user settings of Microsoft Office 2013 Upload Center synchronize -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -3641,8 +3582,7 @@ By default, the user settings of Microsoft Visio 2013 synchronize between comput -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -3705,8 +3645,7 @@ Microsoft Visio 2013 has user settings that are backed up instead of synchronizi -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -3769,8 +3708,7 @@ By default, the user settings of Microsoft Word 2013 synchronize between compute -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -3833,8 +3771,7 @@ Microsoft Word 2013 has user settings that are backed up instead of synchronizin -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -3897,8 +3834,7 @@ By default, the user settings of Microsoft Access 2016 synchronize between compu -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -3961,8 +3897,7 @@ Microsoft Access 2016 has user settings that are backed up instead of synchroniz -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -4025,8 +3960,7 @@ By default, the user settings which are common between the Microsoft Office Suit -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -4089,8 +4023,7 @@ Microsoft Office Suite 2016 has user settings which are common between applicati -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -4153,8 +4086,7 @@ By default, the user settings of Microsoft Excel 2016 synchronize between comput -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -4217,8 +4149,7 @@ Microsoft Excel 2016 has user settings that are backed up instead of synchronizi -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -4281,8 +4212,7 @@ By default, the user settings of Microsoft Lync 2016 synchronize between compute -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -4345,8 +4275,7 @@ Microsoft Lync 2016 has user settings that are backed up instead of synchronizin -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -4409,8 +4338,7 @@ By default, the user settings of OneDrive for Business 2016 synchronize between -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -4473,8 +4401,7 @@ By default, the user settings of Microsoft OneNote 2016 synchronize between comp -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -4537,8 +4464,7 @@ Microsoft OneNote 2016 has user settings that are backed up instead of synchroni -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -4601,8 +4527,7 @@ By default, the user settings of Microsoft Outlook 2016 synchronize between comp -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -4665,8 +4590,7 @@ Microsoft Outlook 2016 has user settings that are backed up instead of synchroni -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -4729,8 +4653,7 @@ By default, the user settings of Microsoft PowerPoint 2016 synchronize between c -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -4793,8 +4716,7 @@ Microsoft PowerPoint 2016 has user settings that are backed up instead of synchr -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -4857,8 +4779,7 @@ By default, the user settings of Microsoft Project 2016 synchronize between comp -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -4921,8 +4842,7 @@ Microsoft Project 2016 has user settings that are backed up instead of synchroni -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -4985,8 +4905,7 @@ By default, the user settings of Microsoft Publisher 2016 synchronize between co -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -5049,8 +4968,7 @@ Microsoft Publisher 2016 has user settings that are backed up instead of synchro -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -5113,8 +5031,7 @@ By default, the user settings of Microsoft Office 2016 Upload Center synchronize -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -5177,8 +5094,7 @@ By default, the user settings of Microsoft Visio 2016 synchronize between comput -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -5241,8 +5157,7 @@ Microsoft Visio 2016 has user settings that are backed up instead of synchronizi -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -5305,8 +5220,7 @@ By default, the user settings of Microsoft Word 2016 synchronize between compute -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -5369,8 +5283,7 @@ Microsoft Word 2016 has user settings that are backed up instead of synchronizin -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -5433,8 +5346,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -5497,8 +5409,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -5561,8 +5472,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -5625,8 +5535,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -5689,8 +5598,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -5753,8 +5661,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -5817,8 +5724,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -5881,8 +5787,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -5945,8 +5850,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -6009,8 +5913,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -6073,8 +5976,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -6137,8 +6039,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -6201,8 +6102,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -6265,8 +6165,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -6329,8 +6228,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -6393,8 +6291,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -6457,8 +6354,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -6521,8 +6417,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -6585,8 +6480,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -6649,8 +6543,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -6713,8 +6606,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -6777,8 +6669,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -6841,8 +6732,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -6905,8 +6795,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -6969,8 +6858,7 @@ By default, the user settings of Music sync between computers. Use the policy se -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -7034,8 +6922,7 @@ By default, the user settings of News sync between computers. Use the policy set -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -7099,8 +6986,7 @@ By default, the user settings of Notepad synchronize between computers. Use the -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -7164,8 +7050,7 @@ By default, the user settings of Reader sync between computers. Use the policy s -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -7228,8 +7113,7 @@ You can use this setting to override the default value of 2000 milliseconds. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -7290,8 +7174,7 @@ This policy setting configures where the settings package files that contain use -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -7352,8 +7235,7 @@ If you specify a UNC path and check the option to replace the default Microsoft -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -7416,8 +7298,7 @@ By default, the user settings of Sports sync between computers. Use the policy s -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -7476,8 +7357,7 @@ This policy setting allows you to enable or disable User Experience Virtualizati -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -7540,8 +7420,7 @@ If you do not configure this policy setting, any defined values are deleted. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -7604,8 +7483,7 @@ If you do not configure this policy setting, any defined values are deleted. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -7668,8 +7546,7 @@ This policy setting allows you to configure the User Experience Virtualization ( -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -7728,8 +7605,7 @@ If you do not configure this policy setting, any defined values are deleted. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -7793,8 +7669,7 @@ By default, the user settings of Travel sync between computers. Use the policy s -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -7851,8 +7726,7 @@ If you do not configure this policy setting, any defined values are deleted. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -7916,8 +7790,7 @@ By default, the user settings of Video sync between computers. Use the policy se -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -7981,8 +7854,7 @@ By default, the user settings of Weather sync between computers. Use the policy -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -8046,8 +7918,7 @@ By default, the user settings of WordPad synchronize between computers. Use the -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-userprofiles.md b/windows/client-management/mdm/policy-csp-admx-userprofiles.md index e5f3324a38..976e81ab41 100644 --- a/windows/client-management/mdm/policy-csp-admx-userprofiles.md +++ b/windows/client-management/mdm/policy-csp-admx-userprofiles.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_UserProfiles Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 03/23/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_UserProfiles -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -66,8 +63,7 @@ This policy setting allows an administrator to automatically delete user profile -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -128,8 +124,7 @@ This policy setting controls whether Windows forcefully unloads the user's regis -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -193,8 +188,7 @@ By default Windows deletes all information related to a roaming user (which incl -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -262,8 +256,7 @@ This policy setting sets the maximum size of each user profile and determines th -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -326,8 +319,7 @@ Also, see the "Delete cached copies of roaming profiles" policy setting. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -373,10 +365,7 @@ This policy setting and related policy settings in this folder together define t - If you enable this policy setting, you can change how long Windows waits for a response from the server before considering the connection to be slow. -- If you disable or do not configure this policy setting, Windows considers the network connection to be slow if the server returns less than 500 kilobits of data per second or take 120 milliseconds to respond. Consider increasing this value for clients using DHCP Service-assigned addresses or for computers accessing profiles across dial-up connections. - -> [!IMPORTANT] -> If the "Do not detect slow network connections" policy setting is enabled, this policy setting is ignored. Also, if the "Delete cached copies of roaming profiles" policy setting is enabled, there is no local copy of the roaming profile to load when the system detects a slow connection. +- If you disable or do not configure this policy setting, Windows considers the network connection to be slow if the server returns less than 500 kilobits of data per second or take 120 milliseconds to respond. Consider increasing this value for clients using DHCP Service-assigned addresses or for computers accessing profiles across dial-up connections. Important: If the "Do not detect slow network connections" policy setting is enabled, this policy setting is ignored. Also, if the "Delete cached copies of roaming profiles" policy setting is enabled, there is no local copy of the roaming profile to load when the system detects a slow connection. @@ -393,8 +382,7 @@ This policy setting and related policy settings in this folder together define t -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -461,8 +449,7 @@ If the "Set Remote Desktop Services User Home Directory" policy setting is enabl -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -524,8 +511,7 @@ This setting prevents users from managing the ability to allow apps to access th -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-w32time.md b/windows/client-management/mdm/policy-csp-admx-w32time.md index f35943b958..908a9f2693 100644 --- a/windows/client-management/mdm/policy-csp-admx-w32time.md +++ b/windows/client-management/mdm/policy-csp-admx-w32time.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_W32Time Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 03/23/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_W32Time -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -139,8 +136,7 @@ This parameter controls the frequency at which an event that indicates the numbe -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -181,7 +177,7 @@ This policy setting specifies a set of parameters for controlling the Windows NT - If you enable this policy setting, you can specify the following parameters for the Windows NTP Client. -- If you disable or do not configure this policy setting, the WIndows NTP Client uses the defaults of each of the following parameters. +- If you disable or do not configure this policy setting, the Windows NTP Client uses the defaults of each of the following parameters. NtpServer The Domain Name System (DNS) name or IP address of an NTP time source. This value is in the form of "dnsName,flags" where "flags" is a hexadecimal bitmask of the flags for that host. For more information, see the NTP Client Group Policy Settings Associated with Windows Time section of the Windows Time Service Group Policy Settings. The default value is "time.windows.com,0x09". @@ -219,8 +215,7 @@ This value is a bitmask that controls events that may be logged to the System lo -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -280,8 +275,7 @@ Enabling the Windows NTP Client allows your computer to synchronize its computer -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -340,8 +334,7 @@ This policy setting allows you to specify whether the Windows NTP Server is enab -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-wcm.md b/windows/client-management/mdm/policy-csp-admx-wcm.md index 525dff55c9..ad7f74feba 100644 --- a/windows/client-management/mdm/policy-csp-admx-wcm.md +++ b/windows/client-management/mdm/policy-csp-admx-wcm.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_WCM Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 03/23/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_WCM -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -63,8 +60,7 @@ This policy setting specifies that power management is disabled when the machine -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -109,6 +105,7 @@ This policy setting determines whether Windows will soft-disconnect a computer f - If this policy setting is disabled, Windows will disconnect a computer from a network immediately when it determines that the computer should no longer be connected to a network. When soft disconnect is enabled: + - When Windows decides that the computer should no longer be connected to a network, it waits for traffic to settle on that network. The existing TCP session will continue uninterrupted. - Windows then checks the traffic level on the network periodically. If the traffic level is above a certain threshold, no further action is taken. The computer stays connected to the network and continues to use it. For example, if the network connection is currently being used to download files from the Internet, the files will continue to be downloaded using that network connection. - When the network traffic drops below this threshold, the computer will be disconnected from the network. Apps that keep a network connection active even when they're not actively using it (for example, email apps) might lose their connection. If this happens, these apps should re-establish their connection over a different network. @@ -130,8 +127,7 @@ This policy setting depends on other group policy settings. For example, if 'Min -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -196,8 +192,7 @@ This policy setting is related to the "Enable Windows to soft-disconnect a compu -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-wdi.md b/windows/client-management/mdm/policy-csp-admx-wdi.md index 7091d18390..e5c1be0350 100644 --- a/windows/client-management/mdm/policy-csp-admx-wdi.md +++ b/windows/client-management/mdm/policy-csp-admx-wdi.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_WDI Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 01/09/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_WDI -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -67,8 +64,7 @@ This policy setting will only take effect when the Diagnostic Policy Service is -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -133,8 +129,7 @@ No reboots or service restarts are required for this policy setting to take effe -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-wincal.md b/windows/client-management/mdm/policy-csp-admx-wincal.md index 874461182f..ebbc5ad09f 100644 --- a/windows/client-management/mdm/policy-csp-admx-wincal.md +++ b/windows/client-management/mdm/policy-csp-admx-wincal.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_WinCal Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 01/09/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_WinCal -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -65,8 +62,7 @@ The default is for Windows Calendar to be turned on. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -127,8 +123,7 @@ The default is for Windows Calendar to be turned on. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-windowscolorsystem.md b/windows/client-management/mdm/policy-csp-admx-windowscolorsystem.md index ddc84d4371..8a97f03811 100644 --- a/windows/client-management/mdm/policy-csp-admx-windowscolorsystem.md +++ b/windows/client-management/mdm/policy-csp-admx-windowscolorsystem.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_WindowsColorSystem Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 01/09/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_WindowsColorSystem -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -63,8 +60,7 @@ This policy setting affects the ability of users to install or uninstall color p -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -123,8 +119,7 @@ This policy setting affects the ability of users to install or uninstall color p -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-windowsconnectnow.md b/windows/client-management/mdm/policy-csp-admx-windowsconnectnow.md index 5cacedd443..014ceeea05 100644 --- a/windows/client-management/mdm/policy-csp-admx-windowsconnectnow.md +++ b/windows/client-management/mdm/policy-csp-admx-windowsconnectnow.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_WindowsConnectNow Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 01/09/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_WindowsConnectNow -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -63,8 +60,7 @@ This policy setting prohibits access to Windows Connect Now (WCN) wizards. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -123,8 +119,7 @@ This policy setting prohibits access to Windows Connect Now (WCN) wizards. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -189,8 +184,7 @@ The default for this policy setting allows operations over all media. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-windowsexplorer.md b/windows/client-management/mdm/policy-csp-admx-windowsexplorer.md index be0b41abb0..334b885c7c 100644 --- a/windows/client-management/mdm/policy-csp-admx-windowsexplorer.md +++ b/windows/client-management/mdm/policy-csp-admx-windowsexplorer.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_WindowsExplorer Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 03/23/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_WindowsExplorer -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -66,8 +63,7 @@ This policy setting allows you to prevent data loss when you change the target l -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -132,8 +128,7 @@ Also, see the "Disable Active Desktop" setting in User Configuration\Administrat -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -192,8 +187,7 @@ Allows you to have File Explorer display a confirmation dialog whenever a file i -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -256,8 +250,7 @@ This policy setting allows you to specify a location where all default Library d -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -317,8 +310,7 @@ This disables access to user-defined properties, and properties stored in NTFS s -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -385,8 +377,7 @@ This policy will not enable users to add unsupported locations to Libraries. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -446,8 +437,7 @@ You can specify a known folder using its known folder id or using its canonical -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -507,8 +497,7 @@ File Explorer shows suggestion pop-ups as users type into the Search Box. These -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -570,8 +559,7 @@ This policy setting determines whether remote paths can be used for file shortcu -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -643,8 +631,7 @@ For more information, see [Microsoft Defender SmartScreen](/windows/security/thr -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -705,8 +692,7 @@ For shell extensions to run on a per-user basis, there must be an entry at HKEY_ -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -768,8 +754,7 @@ This policy setting allows you to specify whether the ribbon appears minimized o -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -828,8 +813,7 @@ This policy setting allows you to turn off the display of snippets in Content vi -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -896,8 +880,7 @@ Changes to this setting may not be applied until the user logs off from Windows. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -964,8 +947,7 @@ Changes to this setting may not be applied until the user logs off from Windows. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1032,8 +1014,7 @@ Changes to this setting may not be applied until the user logs off from Windows. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1100,8 +1081,7 @@ Changes to this setting may not be applied until the user logs off from Windows. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1168,8 +1148,7 @@ Changes to this setting may not be applied until the user logs off from Windows. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1236,8 +1215,7 @@ Changes to this setting may not be applied until the user logs off from Windows. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1304,8 +1282,7 @@ Changes to this setting may not be applied until the user logs off from Windows. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1372,8 +1349,7 @@ Changes to this setting may not be applied until the user logs off from Windows. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1440,8 +1416,7 @@ Changes to this setting may not be applied until the user logs off from Windows. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1508,8 +1483,7 @@ Changes to this setting may not be applied until the user logs off from Windows. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1574,8 +1548,7 @@ This policy setting allows you to manage whether OpenSearch queries in this zone -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1640,8 +1613,7 @@ This policy setting allows you to manage whether OpenSearch queries in this zone -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1706,8 +1678,7 @@ This policy setting allows you to manage whether OpenSearch queries in this zone -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1772,8 +1743,7 @@ This policy setting allows you to manage whether OpenSearch queries in this zone -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1838,8 +1808,7 @@ This policy setting allows you to manage whether OpenSearch queries in this zone -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1904,8 +1873,7 @@ This policy setting allows you to manage whether OpenSearch queries in this zone -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1970,8 +1938,7 @@ This policy setting allows you to manage whether OpenSearch queries in this zone -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2036,8 +2003,7 @@ This policy setting allows you to manage whether OpenSearch queries in this zone -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2102,8 +2068,7 @@ This policy setting allows you to manage whether OpenSearch queries in this zone -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2168,8 +2133,7 @@ This policy setting allows you to manage whether OpenSearch queries in this zone -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2230,8 +2194,7 @@ Shortcut files typically include an absolute path to the original target file as -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2292,8 +2255,7 @@ The Recent Items menu contains shortcuts to the nonprogram files the user has mo -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2358,8 +2320,7 @@ To see an example of the standard Open dialog box, start Notepad and, on the Fil -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2421,8 +2382,7 @@ This policy setting allows you to turn off caching of thumbnail pictures. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2484,8 +2444,7 @@ This policy setting allows you to remove CD Burning features. File Explorer allo -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2546,8 +2505,7 @@ Effects, such as animation, are designed to enhance the user's experience but mi -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2606,8 +2564,7 @@ Effects, such as transitory underlines, are designed to enhance the user's exper -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2668,8 +2625,7 @@ This policy setting does not prevent users from using other methods to configure -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2737,8 +2693,7 @@ Also, see the "Prevent access to drives from My Computer" policy setting. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2801,8 +2756,7 @@ To remove computers in the user's workgroup or domain from lists of network reso -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2859,8 +2813,7 @@ This setting does not prevent users from using other methods to perform tasks av -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2926,8 +2879,7 @@ To see an example of the standard Open dialog box, start Wordpad and, on the Fil -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2988,8 +2940,7 @@ Folder Options allows users to change the way files and folders open, what appea -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -3046,8 +2997,7 @@ This setting removes the Hardware tab from Mouse, Keyboard, and Sounds and Audio -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -3109,8 +3059,7 @@ This setting does not remove the Computer Management item from the Start menu (S -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -3174,8 +3123,7 @@ When a Windows client is in a workgroup, a Shared Documents icon appears in the -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -3242,8 +3190,7 @@ This setting was documented incorrectly on the Explain tab in Group Policy for W -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -3300,8 +3247,7 @@ If this group policy is enabled, no notifications will be shown. If the group po -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -3363,8 +3309,7 @@ To see an example of the standard Open dialog box, start Wordpad and, on the Fil -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -3423,8 +3368,7 @@ When a file or folder is deleted in File Explorer, a copy of the file or folder -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -3489,8 +3433,7 @@ By default, users are not prompted for alternate logon credentials when installi -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -3550,8 +3493,7 @@ By default, users are not prompted for alternate logon credentials when installi -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -3610,8 +3552,7 @@ Removes the Security tab from File Explorer. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -3674,8 +3615,7 @@ This policy setting does not affect the Search items on the File Explorer contex -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -3737,8 +3677,7 @@ This policy setting allows you to have file names sorted literally (as in Window -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -3795,8 +3734,7 @@ If you enable this setting, menus do not appear when you right-click the desktop -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -3862,8 +3800,7 @@ Also, see the "Hide these specified drives in My Computer" setting. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -3923,8 +3860,7 @@ Keyboards with a Windows key provide users with shortcuts to common shell featur -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -3987,8 +3923,7 @@ To remove network computers from lists of network resources, use the "No Entire -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -4064,8 +3999,7 @@ If you disable or do not configure this setting the default list of items will b -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -4130,8 +4064,7 @@ If the dialog box does not appear, the installation proceeds with the current us -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -4193,8 +4126,7 @@ Limits the percentage of a volume's disk space that can be used to store deleted -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -4254,8 +4186,7 @@ This policy setting allows you to configure the amount of functionality that the -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -4316,8 +4247,7 @@ This policy setting allows you to configure the amount of functionality that the -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -4378,8 +4308,7 @@ Shows or hides hibernate from the power options menu. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -4440,8 +4369,7 @@ Shows or hides sleep from the power options menu. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -4504,8 +4432,7 @@ The first several links will also be pinned to the Start menu. A total of four l -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -4568,8 +4495,7 @@ The first several links will also be pinned to the Start menu. A total of four l -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-windowsmediadrm.md b/windows/client-management/mdm/policy-csp-admx-windowsmediadrm.md index 66dc23c872..0bc5c5b292 100644 --- a/windows/client-management/mdm/policy-csp-admx-windowsmediadrm.md +++ b/windows/client-management/mdm/policy-csp-admx-windowsmediadrm.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_WindowsMediaDRM Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 01/09/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_WindowsMediaDRM -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -65,8 +62,7 @@ When this policy is either disabled or not configured, Windows Media DRM functio -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-windowsmediaplayer.md b/windows/client-management/mdm/policy-csp-admx-windowsmediaplayer.md index 7644cbac0e..2ff1f78b95 100644 --- a/windows/client-management/mdm/policy-csp-admx-windowsmediaplayer.md +++ b/windows/client-management/mdm/policy-csp-admx-windowsmediaplayer.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_WindowsMediaPlayer Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 01/09/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_WindowsMediaPlayer -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -75,8 +72,7 @@ This policy is ignored if the "Streaming media protocols" policy setting is enab -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -146,8 +142,7 @@ This policy setting is ignored if the "Streaming media protocols" policy setting -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -215,8 +210,7 @@ The Configure button on the Network tab in the Player is not available and the p -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -277,8 +271,7 @@ This policy setting prevents the dialog boxes which allow users to select privac -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -337,8 +330,7 @@ This policy setting allows you to hide the Network tab. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -399,8 +391,7 @@ This policy setting allows you to prevent the anchor window from being displayed -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -461,8 +452,7 @@ When this policy is not configured and the Set and Lock Skin policy is enabled, -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -525,8 +515,7 @@ Video smoothing is available only on the Windows XP Home Edition and Windows XP -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -587,8 +576,7 @@ This policy setting allows a screen saver to interrupt playback. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -649,8 +637,7 @@ The default privacy settings are used for the options on the Privacy tab unless -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -709,8 +696,7 @@ This policy setting allows you to hide the Security tab in Windows Media Player. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -774,8 +760,7 @@ The "Use default buffering" and "Buffer" options on the Performance tab in the P -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -836,8 +821,7 @@ This policy setting allows you to prevent Windows Media Player from downloading -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -896,8 +880,7 @@ This policy setting allows you to prevent media information for CDs and DVDs fro -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -956,8 +939,7 @@ This policy setting allows you to prevent media sharing from Windows Media Playe -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1016,8 +998,7 @@ This policy setting allows you to prevent media information for music files from -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1076,8 +1057,7 @@ This policy setting allows you to prevent a shortcut for the Player from being a -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1136,8 +1116,7 @@ This policy setting allows you to prevent radio station presets from being retri -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1196,8 +1175,7 @@ This policy setting allows you to prevent a shortcut icon for the Player from be -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1260,8 +1238,7 @@ A user has access only to the Player features that are available with the specif -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1324,8 +1301,7 @@ This policy setting allows you to specify that Windows Media Player can attempt -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-windowsremotemanagement.md b/windows/client-management/mdm/policy-csp-admx-windowsremotemanagement.md index 92e853efe1..eec4ecd4ae 100644 --- a/windows/client-management/mdm/policy-csp-admx-windowsremotemanagement.md +++ b/windows/client-management/mdm/policy-csp-admx-windowsremotemanagement.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_WindowsRemoteManagement Area in Policy CS author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 01/09/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_WindowsRemoteManagement -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -63,8 +60,7 @@ This policy setting allows you to manage whether the Windows Remote Management ( -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -123,8 +119,7 @@ This policy setting allows you to manage whether the Windows Remote Management ( -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-windowsstore.md b/windows/client-management/mdm/policy-csp-admx-windowsstore.md index 2187c471b8..51bdbc375a 100644 --- a/windows/client-management/mdm/policy-csp-admx-windowsstore.md +++ b/windows/client-management/mdm/policy-csp-admx-windowsstore.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_WindowsStore Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 01/09/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_WindowsStore -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -65,8 +62,7 @@ Enables or disables the automatic download of app updates on PCs running Windows -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -125,8 +121,7 @@ Enables or disables the Store offer to update to the latest version of Windows. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -185,8 +180,7 @@ Enables or disables the Store offer to update to the latest version of Windows. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -245,8 +239,7 @@ Denies or allows access to the Store application. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -305,8 +298,7 @@ Denies or allows access to the Store application. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-wininit.md b/windows/client-management/mdm/policy-csp-admx-wininit.md index 0e91181420..00e3b779a5 100644 --- a/windows/client-management/mdm/policy-csp-admx-wininit.md +++ b/windows/client-management/mdm/policy-csp-admx-wininit.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_WinInit Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 01/09/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_WinInit -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -63,8 +60,7 @@ This policy setting controls the legacy remote shutdown interface (named pipe). -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -123,8 +119,7 @@ This policy setting controls the use of fast startup. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -183,8 +178,7 @@ This policy setting configures the number of minutes the system waits for the hu -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-winlogon.md b/windows/client-management/mdm/policy-csp-admx-winlogon.md index 3f211bcf84..485134dd5c 100644 --- a/windows/client-management/mdm/policy-csp-admx-winlogon.md +++ b/windows/client-management/mdm/policy-csp-admx-winlogon.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_WinLogon Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 03/23/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_WinLogon -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -70,8 +67,7 @@ To use this setting, copy your interface program to a network share or to your s -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -114,7 +110,7 @@ For local user accounts and domain user accounts in domains of at least a Window For domain user accounts in Windows Server 2003, Windows 2000 native, or Windows 2000 mixed functional level domains, if you enable this setting, a warning message will appear that Windows could not retrieve the information and the user will not be able to log on. Therefore, you should not enable this policy setting if the domain is not at the Windows Server 2008 domain functional level. -- If you disable or do not configure this setting, messages about the previous logon or logon failures are not displayed. +If you disable or do not configure this setting, messages about the previous logon or logon failures are not displayed. @@ -131,8 +127,7 @@ For domain user accounts in Windows Server 2003, Windows 2000 native, or Windows -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -194,8 +189,7 @@ This policy controls whether the logged on user should be notified when his logo -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -261,8 +255,7 @@ If you choose to log off a user, the user cannot log on again except during perm -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -324,8 +317,7 @@ If disabled or not configured, no popup will be displayed to the user. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -389,8 +381,7 @@ If you set this policy setting to "Services and Ease of Access applications," bo -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-winsrv.md b/windows/client-management/mdm/policy-csp-admx-winsrv.md index e4b1d5df39..a2fd5d9cb2 100644 --- a/windows/client-management/mdm/policy-csp-admx-winsrv.md +++ b/windows/client-management/mdm/policy-csp-admx-winsrv.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_Winsrv Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 01/09/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_Winsrv -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -66,8 +63,7 @@ This policy setting specifies whether Windows will allow console applications an -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-wlansvc.md b/windows/client-management/mdm/policy-csp-admx-wlansvc.md index 5dcf6b4493..0463120c55 100644 --- a/windows/client-management/mdm/policy-csp-admx-wlansvc.md +++ b/windows/client-management/mdm/policy-csp-admx-wlansvc.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_wlansvc Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 01/09/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_wlansvc -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -69,8 +66,7 @@ This policy setting configures the cost of Wireless LAN (WLAN) connections on th -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -128,8 +124,7 @@ Conversely it means that Push Button is NOT allowed. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -188,8 +183,7 @@ When enabled, it makes the connections to prefer a PIN for pairing to Wireless D -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-wordwheel.md b/windows/client-management/mdm/policy-csp-admx-wordwheel.md index 47c1744461..28865acd1b 100644 --- a/windows/client-management/mdm/policy-csp-admx-wordwheel.md +++ b/windows/client-management/mdm/policy-csp-admx-wordwheel.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_WordWheel Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 01/09/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_WordWheel -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -63,8 +60,7 @@ Set up the menu name and URL for the custom Internet search provider. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-workfoldersclient.md b/windows/client-management/mdm/policy-csp-admx-workfoldersclient.md index 1d2efeeadc..b7bf87d9af 100644 --- a/windows/client-management/mdm/policy-csp-admx-workfoldersclient.md +++ b/windows/client-management/mdm/policy-csp-admx-workfoldersclient.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_WorkFoldersClient Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 03/23/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_WorkFoldersClient -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -63,8 +60,7 @@ This policy setting specifies whether Work Folders should be set up automaticall -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -119,8 +115,7 @@ This policy specifies whether Work Folders should use Token Broker for interacti -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -193,8 +188,7 @@ The "Force automatic setup" option specifies that Work Folders should be set up -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-admx-wpn.md b/windows/client-management/mdm/policy-csp-admx-wpn.md index e141fc1da3..11de17927c 100644 --- a/windows/client-management/mdm/policy-csp-admx-wpn.md +++ b/windows/client-management/mdm/policy-csp-admx-wpn.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_WPN Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 01/09/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ADMX_WPN -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -65,8 +62,7 @@ This policy setting blocks voice and video calls during Quiet Hours. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -127,8 +123,7 @@ No reboots or service restarts are required for this policy setting to take effe -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -189,8 +184,7 @@ This policy setting turns off Quiet Hours functionality. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -236,9 +230,9 @@ This policy setting turns off toast notifications for applications. - If you enable this policy setting, applications will not be able to raise toast notifications. -**Note** that this policy does not affect taskbar notification balloons. +Note that this policy does not affect taskbar notification balloons. -**Note** that Windows system features are not affected by this policy. You must enable/disable system features individually to stop their ability to raise toast notifications. +Note that Windows system features are not affected by this policy. You must enable/disable system features individually to stop their ability to raise toast notifications. - If you disable or do not configure this policy setting, toast notifications are enabled and can be turned off by the administrator or user. @@ -259,8 +253,7 @@ No reboots or service restarts are required for this policy setting to take effe -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -321,8 +314,7 @@ This policy setting specifies the number of minutes after midnight (local time) -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -382,8 +374,7 @@ This policy setting specifies the number of minutes after midnight (local time) -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-applicationmanagement.md b/windows/client-management/mdm/policy-csp-applicationmanagement.md index 6cd0b742ae..53e2098e53 100644 --- a/windows/client-management/mdm/policy-csp-applicationmanagement.md +++ b/windows/client-management/mdm/policy-csp-applicationmanagement.md @@ -4,7 +4,7 @@ description: Learn more about the ApplicationManagement Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 03/23/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -804,7 +804,7 @@ This policy setting directs Windows Installer to use elevated permissions when i > This policy setting appears both in the Computer Configuration and User Configuration folders. To make this policy setting effective, you must enable it in both folders. > [!CAUTION] -> Skilled users can take advantage of the permissions this policy setting grants to change their privileges and gain permanent access to restricted files and folders. **Note** that the User Configuration version of this policy setting is not guaranteed to be secure. +> Skilled users can take advantage of the permissions this policy setting grants to change their privileges and gain permanent access to restricted files and folders. Note that the User Configuration version of this policy setting is not guaranteed to be secure. diff --git a/windows/client-management/mdm/policy-csp-appruntime.md b/windows/client-management/mdm/policy-csp-appruntime.md index 2f7dee3b3c..f197cdc5ce 100644 --- a/windows/client-management/mdm/policy-csp-appruntime.md +++ b/windows/client-management/mdm/policy-csp-appruntime.md @@ -4,7 +4,7 @@ description: Learn more about the AppRuntime Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 01/09/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - AppRuntime -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -63,8 +60,7 @@ This policy setting lets you control whether Microsoft accounts are optional for -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-appvirtualization.md b/windows/client-management/mdm/policy-csp-appvirtualization.md index 8163149bf4..8f71ef0d15 100644 --- a/windows/client-management/mdm/policy-csp-appvirtualization.md +++ b/windows/client-management/mdm/policy-csp-appvirtualization.md @@ -4,7 +4,7 @@ description: Learn more about the AppVirtualization Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 03/23/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - AppVirtualization -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -59,8 +56,7 @@ This policy setting allows you to enable or disable Microsoft Application Virtua -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -115,8 +111,7 @@ Enables Dynamic Virtualization of supported shell extensions, browser helper obj -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -171,8 +166,7 @@ Enables automatic cleanup of appv packages that were added after Windows10 anniv -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -227,8 +221,7 @@ Enables scripts defined in the package manifest of configuration files that shou -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -283,8 +276,7 @@ Enables a UX to display to the user when a publishing refresh is performed on th -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -349,8 +341,7 @@ Data Block Size: This value specifies the maximum size in bytes to transmit to t -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -405,8 +396,7 @@ Specifies the file paths relative to %userprofile% that do not roam with a user' -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -460,8 +450,7 @@ Specifies the registry paths that do not roam with a user profile. Example usage -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -515,8 +504,7 @@ Specifies how new packages should be loaded automatically by App-V on a specific -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -570,8 +558,7 @@ Migration mode allows the App-V client to modify shortcuts and FTA's for package -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -626,8 +613,7 @@ Specifies the location where symbolic links are created to the current version o -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -681,8 +667,7 @@ Specifies the location where symbolic links are created to the current version o -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -754,8 +739,7 @@ User Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, D -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -827,8 +811,7 @@ User Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, D -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -900,8 +883,7 @@ User Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, D -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -973,8 +955,7 @@ User Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, D -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1046,8 +1027,7 @@ User Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, D -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1101,8 +1081,7 @@ Specifies the path to a valid certificate in the certificate store. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1156,8 +1135,7 @@ This setting controls whether virtualized applications are launched on Windows 8 -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1212,8 +1190,7 @@ Specifies the CLSID for a compatible implementation of the IAppvPackageLocationP -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1267,8 +1244,7 @@ Specifies directory where all new applications and updates will be installed. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1322,8 +1298,7 @@ Overrides source location for downloading package content. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1377,8 +1352,7 @@ Specifies the number of seconds between attempts to reestablish a dropped sessio -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1432,8 +1406,7 @@ Specifies the number of times to retry a dropped session. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1487,8 +1460,7 @@ Specifies that streamed package contents will be not be saved to the local hard -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1543,8 +1515,7 @@ If enabled, the App-V client will support BrancheCache compatible HTTP streaming -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1599,8 +1570,7 @@ Verifies Server certificate revocation status before streaming using HTTPS. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1655,8 +1625,7 @@ Specifies a list of process paths (may contain wildcards) which are candidates f -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-attachmentmanager.md b/windows/client-management/mdm/policy-csp-attachmentmanager.md index c8e649f195..78fb0dc2f1 100644 --- a/windows/client-management/mdm/policy-csp-attachmentmanager.md +++ b/windows/client-management/mdm/policy-csp-attachmentmanager.md @@ -4,7 +4,7 @@ description: Learn more about the AttachmentManager Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 01/09/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - AttachmentManager -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -65,8 +62,7 @@ This policy setting allows you to manage whether Windows marks file attachments -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -127,8 +123,7 @@ This policy setting allows you to manage whether users can manually remove the z -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -189,8 +184,7 @@ This policy setting allows you to manage the behavior for notifying registered a -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-audit.md b/windows/client-management/mdm/policy-csp-audit.md index 19a5889d94..0f6e42fa74 100644 --- a/windows/client-management/mdm/policy-csp-audit.md +++ b/windows/client-management/mdm/policy-csp-audit.md @@ -4,7 +4,7 @@ description: Learn more about the Audit Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 04/26/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -843,7 +843,7 @@ Volume: Low. -This policy setting allows you to audit events generated by special logons such as the following : The use of a special logon, which is a logon that has administrator-equivalent privileges and can be used to elevate a process to a higher level. A logon by a member of a Special Group. Special Groups enable you to audit events generated when a member of a certain group has logged on to your network. You can configure a list of group security identifiers (SIDs) in the registry. If any of those SIDs are added to a token during logon and the subcategory is enabled, an event is logged. For more information about this feature, see [article 947223 in the Microsoft Knowledge Base](https://go.microsoft.com/fwlink/?LinkId=121697). +This policy setting allows you to audit events generated by special logons such as the following: The use of a special logon, which is a logon that has administrator-equivalent privileges and can be used to elevate a process to a higher level. A logon by a member of a Special Group. Special Groups enable you to audit events generated when a member of a certain group has logged on to your network. You can configure a list of group security identifiers (SIDs) in the registry. If any of those SIDs are added to a token during logon and the subcategory is enabled, an event is logged. For more information about this feature, see [article 947223 in the Microsoft Knowledge Base](https://go.microsoft.com/fwlink/?LinkId=121697). @@ -2803,7 +2803,7 @@ This policy setting allows you to audit events generated by attempts to access t - If you do not configure this policy setting, no audit event is generated when an attempt to access a kernel object is made. > [!NOTE] -> Only the System Access Control List (SACL) for SAM_SERVER can be modified. Volume: High on domain controllers. +> Only the System Access Control List (SACL) for SAM_SERVER can be modified. Volume: High on domain controllers. diff --git a/windows/client-management/mdm/policy-csp-authentication.md b/windows/client-management/mdm/policy-csp-authentication.md index 3fa1f38453..845bc4e58d 100644 --- a/windows/client-management/mdm/policy-csp-authentication.md +++ b/windows/client-management/mdm/policy-csp-authentication.md @@ -4,7 +4,7 @@ description: Learn more about the Authentication Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 03/23/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,8 +16,7 @@ ms.topic: reference # Policy CSP - Authentication -> [!IMPORTANT] -> This CSP contains preview policies that are under development and only applicable for [Windows Insider Preview builds](/windows-insider/). These policies are subject to change and may have dependencies on other features or services in preview. +[!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)] diff --git a/windows/client-management/mdm/policy-csp-autoplay.md b/windows/client-management/mdm/policy-csp-autoplay.md index 2cd4bd68ad..7bac8598d7 100644 --- a/windows/client-management/mdm/policy-csp-autoplay.md +++ b/windows/client-management/mdm/policy-csp-autoplay.md @@ -4,7 +4,7 @@ description: Learn more about the Autoplay Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 01/09/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - Autoplay -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -67,8 +64,7 @@ This policy setting disallows AutoPlay for MTP devices like cameras or phones. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -140,8 +136,7 @@ b) Revert back to pre-Windows Vista behavior of automatically executing the auto -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -214,8 +209,7 @@ This policy setting disables Autoplay on additional types of drives. You cannot -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-bits.md b/windows/client-management/mdm/policy-csp-bits.md index a51ea4a85a..b99d514066 100644 --- a/windows/client-management/mdm/policy-csp-bits.md +++ b/windows/client-management/mdm/policy-csp-bits.md @@ -4,7 +4,7 @@ description: Learn more about the BITS Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 03/23/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -240,6 +240,7 @@ This policy setting defines the default behavior that the Background Intelligent If you enable this policy setting, you can define a default download policy for each BITS job priority. This setting does not override a download policy explicitly configured by the application that created the BITS job, but does apply to jobs that are created by specifying only a priority. For example, you can specify that background jobs are by default to transfer only when on uncosted network connections, but foreground jobs should proceed only when not roaming. The values that can be assigned are: + - Always transfer - Transfer unless roaming - Transfer unless surcharge applies (when not roaming or overcap) @@ -325,6 +326,7 @@ This policy setting defines the default behavior that the Background Intelligent If you enable this policy setting, you can define a default download policy for each BITS job priority. This setting does not override a download policy explicitly configured by the application that created the BITS job, but does apply to jobs that are created by specifying only a priority. For example, you can specify that background jobs are by default to transfer only when on uncosted network connections, but foreground jobs should proceed only when not roaming. The values that can be assigned are: + - Always transfer - Transfer unless roaming - Transfer unless surcharge applies (when not roaming or overcap) diff --git a/windows/client-management/mdm/policy-csp-browser.md b/windows/client-management/mdm/policy-csp-browser.md index 821501520e..e0a5e1b043 100644 --- a/windows/client-management/mdm/policy-csp-browser.md +++ b/windows/client-management/mdm/policy-csp-browser.md @@ -4,7 +4,7 @@ description: Learn more about the Browser Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 03/27/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -1334,7 +1334,7 @@ If disabled, the browsing history stops saving and is not visible in the History This policy setting lets you decide whether users can change their search engine. - If you disable this setting, users can't add new search engines or change the default used in the address bar. -**Important** +Important This setting can only be used with domain-joined or MDM-enrolled devices. For more info, see the Microsoft browser extension policy (aka.ms/browserpolicy). - If you enable or don't configure this policy, users can add new search engines and change the default used in the address bar from within Microsoft Edge Settings. @@ -1490,8 +1490,9 @@ Computer Configuration > Administrative Templates > Windows Components > App Pac Supported versions: Microsoft Edge on Windows 10, version 1809 Default setting: Disabled or not configured Related policies: + - Allows development of Windows Store apps and installing them from an integrated development environment (IDE) - - Allow all trusted apps to install + - Allow all trusted apps to install @@ -1930,7 +1931,7 @@ To verify whether browsing data is cleared on exit (ClearBrowsingDataOnExit is s This policy setting lets you add up to 5 additional search engines, which can't be removed by your employees, but can be made a personal default engine. This setting doesn't set the default search engine. For that, you must use the "Set default search engine" setting. -**Important** +Important This setting can only be used with domain-joined or MDM-enrolled devices. For more info, see the Microsoft browser extension policy (aka.ms/browserpolicy). - If you enable this setting, you can add up to 5 additional search engines. For each additional engine, you must also add a link to your OpenSearch XML file, including at least the short name and https: URL of the search engine. For more info about creating the OpenSearch XML file, see the Understanding OpenSearch Standards (https://msdn.microsoft.com/library/dd163546.aspx) topic. Use this format to specify the link(s) you wish to add: `` `` @@ -2074,6 +2075,7 @@ By default, this policy is disabled or not configured and clicking the home butt When enabled, the home button is locked down preventing your users from making changes in Microsoft Edge's UI settings. To let your users change the Microsoft Edge UI settings, enable the Unlock Home Button policy. If Enabled AND: + - Show home button & set to Start page is selected, clicking the home button loads the Start page. - Show home button & set to New tab page is selected, clicking the home button loads a New tab page. - Show home button & set a specific page is selected, clicking the home button loads the URL specified in the Set Home Button URL policy. @@ -2081,6 +2083,7 @@ If Enabled AND: Default setting: Disabled or not configured Related policies: + - Set Home Button URL - Unlock Home Button. @@ -2158,9 +2161,11 @@ Configure how Microsoft Edge behaves when it's running in kiosk mode with assign You need to configure Microsoft Edge in assigned access for this policy to take effect; otherwise, these settings are ignored. To learn more about assigned access and kiosk configuration, see "Configure kiosk and shared devices running Windows desktop editions" (https://aka.ms/E489vw). If enabled and set to 0 (Default or not configured): + - If it's a single app, it runs InPrivate full screen for digital signage or interactive displays. - If it's one of many apps, Microsoft Edge runs as normal. If enabled and set to 1: + - If it's a single app, it runs a limited multi-tab version of InPrivate and is the only app available for public browsing. Users can't minimize, close, or open windows or customize Microsoft Edge, but can clear browsing data and downloads and restart by clicking "End session." You can configure Microsoft Edge to restart after a period of inactivity by using the "Configure kiosk reset after idle timeout" policy. - If it's one of many apps, it runs in a limited multi-tab version of InPrivate for public browsing with other apps. Users can minimize, close, and open multiple InPrivate windows, but they can't customize Microsoft Edge. @@ -2298,6 +2303,7 @@ If you do not configure Microsoft Edge in assigned access, then this policy does You can configure Microsoft Edge to lock down the Start page, preventing users from changing or customizing it. If enabled, you can choose one of the following options: + - Start page: the Start page loads ignoring the Configure Start Pages policy. - New tab page: the New tab page loads ignoring the Configure Start Pages policy. - Previous pages: all tabs the user had open when Microsoft Edge last closed loads ignoring the Configure Start Pages policy. @@ -2309,6 +2315,7 @@ If disabled or not configured, and you enable the Disable Lockdown of Start Page Default setting: A specific page or pages (default) Related policies: + -Disable Lockdown of Start Pages -Configure Start Pages. @@ -2462,6 +2469,7 @@ If disabled or not configured, the Start pages configured in the Configure Start Supported devices: Domain-joined or MDM-enrolled Related policy: + - Configure Start Pages - Configure Open Microsoft Edge With. @@ -2769,6 +2777,7 @@ If enabled, and you select either Start page, New Tab page, or previous page in Supported devices: Domain-joined or MDM-enrolled Related policy: + - Configure Open Microsoft Edge With - Disable Lockdown of Start Pages. @@ -2831,7 +2840,7 @@ This policy setting lets you decide whether employees can add, import, sort, or - If you enable this setting, employees won't be able to add, import, or change anything in the Favorites list. Also as part of this, Save a Favorite, Import settings, and the context menu items (such as, Create a new folder) are all turned off. -**Important** +Important Don't enable both this setting and the Keep favorites in sync between Internet Explorer and Microsoft Edge setting. Enabling both settings stops employees from syncing their favorites between Internet Explorer and Microsoft Edge. - If you disable or don't configure this setting (default), employees can add, import and make changes to the Favorites list. @@ -3472,7 +3481,7 @@ This policy setting allows you to configure a default set of favorites, which wi - If you enable this setting, you can set favorite URL's and favorite folders to appear on top of users' favorites list (either in the Hub or Favorites Bar). The user favorites will appear after these provisioned favorites. -**Important** +Important Don't enable both this setting and the Keep favorites in sync between Internet Explorer and Microsoft Edge setting. Enabling both settings stops employees from syncing their favorites between Internet Explorer and Microsoft Edge. - If you disable or don't configure this setting, employees will see the favorites they set in the Hub and Favorites Bar. @@ -3498,7 +3507,7 @@ Don't enable both this setting and the Keep favorites in sync between Internet E |:--|:--| | Name | ConfiguredFavorites | | Friendly Name | Provision Favorites | -| Element Name | Specify the URL which points to the file that has all the data for provisioning favorites (in html format). You can export a set of favorites from Microsoft Edge and use that html file for provisioning user machines.

URL can be specified as

1. HTTP location: https://localhost:8080/URLs.html
2. Local network: \\network\shares\URLs.html
3. Local file: file:///c:\\Users\\``\\Documents\\URLs.html or C:\\Users\\``\\Documents\\URLs.html. | +| Element Name | Specify the URL which points to the file that has all the data for provisioning favorites (in html format). You can export a set of favorites from Microsoft Edge and use that html file for provisioning user machines.

URL can be specified as

1. HTTP location: https://localhost:8080/URLs.html
2. Local network: \\network\shares\URLs.html

3. Local file: file:///c:\\Users\\``\\Documents\\URLs.html or C:\\Users\\``\\Documents\\URLs.html. | | Location | Computer and User Configuration | | Path | Windows Components > Microsoft Edge | | Registry Key Name | Software\Policies\Microsoft\MicrosoftEdge\Favorites | @@ -3612,14 +3621,14 @@ This policy setting lets you decide whether your intranet sites should all open This policy setting lets you configure the default search engine for your employees. Your employees can change the default search engine at any time. -**Important** +Important This setting can only be used with domain-joined or MDM-enrolled devices. For more info, see the Microsoft browser extension policy (aka.ms/browserpolicy). - If you enable this setting, you can choose a default search engine for your employees. - If this setting is enabled, you must also add the default engine to the "Set default search engine" setting, by adding a link to your OpenSearch XML file, including at least the short name and https: URL of the search engine. For more info about creating the OpenSearch XML file, see the Understanding OpenSearch Standards (https://msdn.microsoft.com/library/dd163546.aspx) topic. Use this format to specify the link you wish to add: `` -**Note** +Note If you'd like your employees to use the default Microsoft Edge settings for each market, you can set the string to EDGEDEFAULT. If you'd like your employees to use Microsoft Bing as the default search engine, you can set the string to EDGEBING. Employees can change the default search engine at any time, unless you disable the "Allow search engine customization" setting, which restricts any changes. @@ -3817,6 +3826,7 @@ If disabled or not configured, the default app behavior occurs and no additional Default setting: Disabled or not configured Related policies: + -Configure the Enterprise Mode Site List -Send all intranet sites to Internet Explorer 11. @@ -3973,6 +3983,7 @@ If disabled or not configured, the UI settings for the home button are disabled Default setting: Disabled or not configured Related policy: + -Configure Home Button -Set Home Button URL. diff --git a/windows/client-management/mdm/policy-csp-cellular.md b/windows/client-management/mdm/policy-csp-cellular.md index aee369d5ea..cad8cc1ea3 100644 --- a/windows/client-management/mdm/policy-csp-cellular.md +++ b/windows/client-management/mdm/policy-csp-cellular.md @@ -4,7 +4,7 @@ description: Learn more about the Cellular Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 03/23/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - Cellular -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -344,8 +341,7 @@ This policy setting configures the visibility of the link to the per-application -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-clouddesktop.md b/windows/client-management/mdm/policy-csp-clouddesktop.md index 5bee8f32ce..fc9dfec2ac 100644 --- a/windows/client-management/mdm/policy-csp-clouddesktop.md +++ b/windows/client-management/mdm/policy-csp-clouddesktop.md @@ -4,7 +4,7 @@ description: Learn more about the CloudDesktop Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 03/23/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,8 +16,7 @@ ms.topic: reference # Policy CSP - CloudDesktop -> [!IMPORTANT] -> This CSP contains preview policies that are under development and only applicable for [Windows Insider Preview builds](/windows-insider/). These policies are subject to change and may have dependencies on other features or services in preview. +[!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)] diff --git a/windows/client-management/mdm/policy-csp-connectivity.md b/windows/client-management/mdm/policy-csp-connectivity.md index 8bc1fb0fda..9bfced5845 100644 --- a/windows/client-management/mdm/policy-csp-connectivity.md +++ b/windows/client-management/mdm/policy-csp-connectivity.md @@ -4,7 +4,7 @@ description: Learn more about the Connectivity Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 03/23/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - Connectivity -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -574,8 +571,7 @@ Also, see the "Web-based printing" policy setting in Computer Configuration/Admi -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -639,8 +635,7 @@ To set up HTTP printing, non-inbox drivers need to be downloaded over HTTP. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -703,8 +698,7 @@ See the documentation for the web publishing and online ordering wizards for mor -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -831,8 +825,7 @@ For more information, see [MS15-011: Vulnerability in Group Policy could allow r -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -893,8 +886,7 @@ If you disable this setting or do not configure it, the user will be able to cre -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-credentialproviders.md b/windows/client-management/mdm/policy-csp-credentialproviders.md index 395755ed2e..7d393397fe 100644 --- a/windows/client-management/mdm/policy-csp-credentialproviders.md +++ b/windows/client-management/mdm/policy-csp-credentialproviders.md @@ -4,7 +4,7 @@ description: Learn more about the CredentialProviders Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 01/09/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - CredentialProviders -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -68,8 +65,7 @@ To configure Windows Hello for Business, use the Administrative Template policie -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -113,7 +109,7 @@ This policy setting allows you to control whether a domain user can sign in usin - If you disable or don't configure this policy setting, a domain user can set up and use a picture password. -**Note** that the user's domain password will be cached in the system vault when using this feature. +Note that the user's domain password will be cached in the system vault when using this feature. @@ -130,8 +126,7 @@ This policy setting allows you to control whether a domain user can sign in usin -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-credentialsdelegation.md b/windows/client-management/mdm/policy-csp-credentialsdelegation.md index 36ad871eab..c5bf99ea6c 100644 --- a/windows/client-management/mdm/policy-csp-credentialsdelegation.md +++ b/windows/client-management/mdm/policy-csp-credentialsdelegation.md @@ -4,7 +4,7 @@ description: Learn more about the CredentialsDelegation Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 01/09/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - CredentialsDelegation -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -65,8 +62,7 @@ When using credential delegation, devices provide an exportable version of crede -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-credentialsui.md b/windows/client-management/mdm/policy-csp-credentialsui.md index 060389719e..fe656db7c8 100644 --- a/windows/client-management/mdm/policy-csp-credentialsui.md +++ b/windows/client-management/mdm/policy-csp-credentialsui.md @@ -4,7 +4,7 @@ description: Learn more about the CredentialsUI Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 01/09/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - CredentialsUI -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -71,8 +68,7 @@ The policy applies to all Windows components and applications that use the Windo -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -131,8 +127,7 @@ This policy setting controls whether administrator accounts are displayed when a -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-datausage.md b/windows/client-management/mdm/policy-csp-datausage.md index f01d83375c..bab0720b95 100644 --- a/windows/client-management/mdm/policy-csp-datausage.md +++ b/windows/client-management/mdm/policy-csp-datausage.md @@ -4,7 +4,7 @@ description: Learn more about the DataUsage Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 01/09/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - DataUsage -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -71,8 +68,7 @@ This policy setting configures the cost of 3G connections on the local machine. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -136,8 +132,7 @@ This policy setting configures the cost of 4G connections on the local machine. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-defender.md b/windows/client-management/mdm/policy-csp-defender.md index 3e6b64b062..e4ba13552a 100644 --- a/windows/client-management/mdm/policy-csp-defender.md +++ b/windows/client-management/mdm/policy-csp-defender.md @@ -4,7 +4,7 @@ description: Learn more about the Defender Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 04/26/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -898,6 +898,7 @@ Exclude files and paths from Attack Surface Reduction (ASR) rules. Enabled: Specify the folders or files and resources that should be excluded from ASR rules in the Options section. Enter each rule on a new line as a name-value pair: + - Name column: Enter a folder path or a fully qualified resource name. For example, "C:\Windows" will exclude all files in that directory. "C:\Windows\App.exe" will exclude only that specific file in that specific folder - Value column: Enter "0" for each item @@ -964,6 +965,7 @@ You can configure ASR rules in the Configure Attack Surface Reduction rules GP s Set the state for each Attack Surface Reduction (ASR) rule. After enabling this setting, you can set each rule to the following in the Options section: + - Block: the rule will be applied - Audit Mode: if the rule would normally cause an event, then it will be recorded (although the rule will not actually be applied) - Off: the rule will not be applied @@ -975,10 +977,12 @@ Unless the ASR rule is disabled, a subsample of audit events are collected for A Enabled: Specify the state for each ASR rule under the Options section for this setting. Enter each rule on a new line as a name-value pair: + - Name column: Enter a valid ASR rule ID - Value column: Enter the status ID that relates to state you want to specify for the associated rule The following status IDs are permitted under the value column: + - 1 (Block) - 0 (Off) - 2 (Audit) @@ -1655,6 +1659,7 @@ This policy setting allows you to configure catch-up scans for scheduled quick s Enable or disable controlled folder access for untrusted applications. You can choose to block, audit, or allow attempts by untrusted apps to: + - Modify or delete files in protected folders, such as the Documents folder - Write to disk sectors @@ -1665,33 +1670,39 @@ Default system folders are automatically protected, but you can add folders in t Block: The following will be blocked: + - Attempts by untrusted apps to modify or delete files in protected folders - Attempts by untrusted apps to write to disk sectors The Windows event log will record these blocks under Applications and Services Logs > Microsoft > Windows > Windows Defender > Operational > ID 1123. Disabled: The following will not be blocked and will be allowed to run: + - Attempts by untrusted apps to modify or delete files in protected folders - Attempts by untrusted apps to write to disk sectors These attempts will not be recorded in the Windows event log. Audit Mode: The following will not be blocked and will be allowed to run: + - Attempts by untrusted apps to modify or delete files in protected folders - Attempts by untrusted apps to write to disk sectors The Windows event log will record these attempts under Applications and Services Logs > Microsoft > Windows > Windows Defender > Operational > ID 1124. Block disk modification only: The following will be blocked: + - Attempts by untrusted apps to write to disk sectors The Windows event log will record these attempts under Applications and Services Logs > Microsoft > Windows > Windows Defender > Operational > ID 1123. The following will not be blocked and will be allowed to run: + - Attempts by untrusted apps to modify or delete files in protected folders These attempts will not be recorded in the Windows event log. Audit disk modification only: The following will not be blocked and will be allowed to run: + - Attempts by untrusted apps to write to disk sectors - Attempts by untrusted apps to modify or delete files in protected folders Only attempts to write to protected disk sectors will be recorded in the Windows event log (under Applications and Services Logs > Microsoft > Windows > Windows Defender > Operational > ID 1124). @@ -1832,6 +1843,7 @@ Enable or disable Microsoft Defender Exploit Guard network protection to prevent Enabled: Specify the mode in the Options section: + -Block: Users and applications will not be able to access dangerous domains -Audit Mode: Users and applications can connect to dangerous domains, however if this feature would have blocked access if it were set to Block, then a record of the event will be in the event logs. @@ -2077,6 +2089,7 @@ Enable or disable detection for potentially unwanted applications. You can choos Enabled: Specify the mode in the Options section: + -Block: Potentially unwanted software will be blocked. -Audit Mode: Potentially unwanted software will not be blocked, however if this feature would have blocked access if it were set to Block, then a record of the event will be in the event logs. @@ -2149,7 +2162,7 @@ Same as Disabled. This policy setting allows you to configure monitoring for incoming and outgoing files, without having to turn off monitoring entirely. It is recommended for use on servers where there is a lot of incoming and outgoing file activity but for performance reasons need to have scanning disabled for a particular scan direction. The appropriate configuration should be evaluated based on the server role. -**Note** that this configuration is only honored for NTFS volumes. For any other file system type, full monitoring of file and program activity will be present on those volumes. +Note that this configuration is only honored for NTFS volumes. For any other file system type, full monitoring of file and program activity will be present on those volumes. The options for this setting are mutually exclusive: 0 = Scan incoming and outgoing files (default) diff --git a/windows/client-management/mdm/policy-csp-deliveryoptimization.md b/windows/client-management/mdm/policy-csp-deliveryoptimization.md index 0a0eeb6f78..d4cd618ac6 100644 --- a/windows/client-management/mdm/policy-csp-deliveryoptimization.md +++ b/windows/client-management/mdm/policy-csp-deliveryoptimization.md @@ -4,7 +4,7 @@ description: Learn more about the DeliveryOptimization Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 03/23/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - DeliveryOptimization -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -293,7 +290,7 @@ This policy allows you to delay the use of an HTTP source in a background downlo After the max delay has reached, the download will resume using HTTP, either downloading the entire payload or complementing the bytes that could not be downloaded from Peers. -**Note** that a download that is waiting for peer sources, will appear to be stuck for the end user. +Note that a download that is waiting for peer sources, will appear to be stuck for the end user. The recommended value is 1 hour (3600). @@ -350,7 +347,7 @@ The recommended value is 1 hour (3600). -Specifies the time in seconds to delay the fallback from Cache Server to the HTTP source for a background content download. **Note** that the DODelayBackgroundDownloadFromHttp policy takes precedence over this policy to allow downloads from peers first. +Specifies the time in seconds to delay the fallback from Cache Server to the HTTP source for a background content download. Note that the DODelayBackgroundDownloadFromHttp policy takes precedence over this policy to allow downloads from peers first. @@ -405,7 +402,7 @@ Specifies the time in seconds to delay the fallback from Cache Server to the HTT -Specifies the time in seconds to delay the fallback from Cache Server to the HTTP source for foreground content download. **Note** that the DODelayForegroundDownloadFromHttp policy takes precedence over this policy to allow downloads from peers first. +Specifies the time in seconds to delay the fallback from Cache Server to the HTTP source for foreground content download. Note that the DODelayForegroundDownloadFromHttp policy takes precedence over this policy to allow downloads from peers first. @@ -464,7 +461,7 @@ This policy allows you to delay the use of an HTTP source in a foreground (inter After the max delay has reached, the download will resume using HTTP, either downloading the entire payload or complementing the bytes that could not be downloaded from Peers. -**Note** that a download that is waiting for peer sources, will appear to be stuck for the end user. +Note that a download that is waiting for peer sources, will appear to be stuck for the end user. The recommended value is 1 minute (60). @@ -653,7 +650,7 @@ Group ID must be set as a GUID. This Policy specifies an arbitrary group ID that Use this if you need to create a single group for Local Network Peering for branches that are on different domains or are not on the same LAN. -**Note** this is a best effort optimization and should not be relied on for an authentication of identity. +Note this is a best effort optimization and should not be relied on for an authentication of identity. @@ -1602,8 +1599,7 @@ Specifies the maximum background download bandwidth that Delivery Optimization u -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1662,8 +1658,7 @@ This policy allows an IT Admin to define the following details: -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-desktop.md b/windows/client-management/mdm/policy-csp-desktop.md index e0eeb748b5..dd8db44630 100644 --- a/windows/client-management/mdm/policy-csp-desktop.md +++ b/windows/client-management/mdm/policy-csp-desktop.md @@ -4,7 +4,7 @@ description: Learn more about the Desktop Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 03/23/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - Desktop -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -63,8 +60,7 @@ If you enable this setting, users are unable to type a new location in the Targe -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-desktopappinstaller.md b/windows/client-management/mdm/policy-csp-desktopappinstaller.md index c2e602fd7a..62c204d4b2 100644 --- a/windows/client-management/mdm/policy-csp-desktopappinstaller.md +++ b/windows/client-management/mdm/policy-csp-desktopappinstaller.md @@ -4,7 +4,7 @@ description: Learn more about the DesktopAppInstaller Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 03/23/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - DesktopAppInstaller -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -65,8 +62,7 @@ This policy controls additional sources provided by the enterprise IT administra -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -127,8 +123,7 @@ This policy controls additional sources allowed by the enterprise IT administrat -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -188,8 +183,7 @@ Users will still be able to execute the *winget* command. The default help will -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -244,8 +238,7 @@ Users will still be able to execute the *winget* command. The default help will -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -301,8 +294,7 @@ This policy controls the default source included with the [Windows Package Manag -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -362,8 +354,7 @@ Experimental features are used during Windows Package Manager development cycle -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -422,8 +413,7 @@ This policy controls whether or not the [Windows Package Manager](/windows/packa -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -478,8 +468,7 @@ This policy controls whether or not the [Windows Package Manager](/windows/packa -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -533,8 +522,7 @@ This policy controls whether users can install packages with local manifest file -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -595,8 +583,7 @@ This policy controls the Microsoft Store source included with the [Windows Packa -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -655,8 +642,7 @@ This policy controls whether users can install packages from a website that is u -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -716,8 +702,7 @@ The settings are stored inside of a .json file on the user’s system. It may be -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -777,8 +762,7 @@ The default source for Windows Package Manager is configured such that an index -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-deviceinstallation.md b/windows/client-management/mdm/policy-csp-deviceinstallation.md index c86a89adff..8a142cb391 100644 --- a/windows/client-management/mdm/policy-csp-deviceinstallation.md +++ b/windows/client-management/mdm/policy-csp-deviceinstallation.md @@ -4,7 +4,7 @@ description: Learn more about the DeviceInstallation Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 04/26/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - DeviceInstallation -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -45,6 +42,7 @@ ms.topic: reference This policy setting allows you to specify a list of Plug and Play hardware IDs and compatible IDs for devices that Windows is allowed to install. This policy setting is intended to be used only when the "Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria" policy setting is enabled, however it may also be used with the "Prevent installation of devices not described by other policy settings" policy setting for legacy policy definitions. When this policy setting is enabled together with the "Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria" policy setting, Windows is allowed to install or update any device whose Plug and Play hardware ID or compatible ID appears in the list you create, unless another policy setting at the same or higher layer in the hierarchy specifically prevents that installation, such as the following policy settings: + - Prevent installation of devices that match these device IDs - Prevent installation of devices that match any of these device instance IDs If the "Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria" policy setting is not enabled with this policy setting, then any other policy settings specifically preventing installation will take precedence. @@ -74,8 +72,7 @@ Peripherals can be specified by their [hardware identity](/windows-hardware/driv -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -147,6 +144,7 @@ To verify that the policy is applied, check C:\windows\INF\setupapi.dev.log and This policy setting allows you to specify a list of Plug and Play device instance IDs for devices that Windows is allowed to install. This policy setting is intended to be used only when the "Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria" policy setting is enabled, however it may also be used with the "Prevent installation of devices not described by other policy settings" policy setting for legacy policy definitions. When this policy setting is enabled together with the "Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria" policy setting, Windows is allowed to install or update any device whose Plug and Play device instance ID appears in the list you create, unless another policy setting at the same or higher layer in the hierarchy specifically prevents that installation, such as the following policy settings: + - Prevent installation of devices that match any of these device instance IDs If the "Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria" policy setting is not enabled with this policy setting, then any other policy settings specifically preventing installation will take precedence. @@ -175,8 +173,7 @@ Peripherals can be specified by their [device instance ID](/windows-hardware/dri -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -250,6 +247,7 @@ To verify the policy is applied, check C:\windows\INF\setupapi.dev.log and see i This policy setting allows you to specify a list of device setup class globally unique identifiers (GUIDs) for driver packages that Windows is allowed to install. This policy setting is intended to be used only when the "Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria" policy setting is enabled, however it may also be used with the "Prevent installation of devices not described by other policy settings" policy setting for legacy policy definitions. When this policy setting is enabled together with the "Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria" policy setting, Windows is allowed to install or update driver packages whose device setup class GUIDs appear in the list you create, unless another policy setting at the same or higher layer in the hierarchy specifically prevents that installation, such as the following policy settings: + - Prevent installation of devices for these device classes - Prevent installation of devices that match these device IDs - Prevent installation of devices that match any of these device instance IDs @@ -280,8 +278,7 @@ Peripherals can be specified by their [hardware identity](/windows-hardware/driv -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -401,8 +398,7 @@ If you disable or do not configure this policy setting, the default evaluation i -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -496,8 +492,7 @@ This policy setting allows you to prevent Windows from retrieving device metadat -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -559,8 +554,7 @@ This policy setting allows you to prevent the installation of devices that are n -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -662,8 +656,7 @@ Peripherals can be specified by their [hardware identity](/windows-hardware/driv -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -764,8 +757,7 @@ Peripherals can be specified by their [device instance ID](/windows-hardware/dri -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -879,8 +871,7 @@ Peripherals can be specified by their [hardware identity](/windows-hardware/driv -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-devicelock.md b/windows/client-management/mdm/policy-csp-devicelock.md index 80e5d67f50..cdee8174aa 100644 --- a/windows/client-management/mdm/policy-csp-devicelock.md +++ b/windows/client-management/mdm/policy-csp-devicelock.md @@ -4,7 +4,7 @@ description: Learn more about the DeviceLock Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/01/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,13 +16,9 @@ ms.topic: reference # Policy CSP - DeviceLock -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] -> [!IMPORTANT] -> This CSP contains preview policies that are under development and only applicable for [Windows Insider Preview builds](/windows-insider/). These policies are subject to change and may have dependencies on other features or services in preview. +[!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)] @@ -1179,8 +1175,7 @@ If you enable this setting, users will no longer be able to enable or disable lo -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1239,8 +1234,7 @@ If you enable this setting, users will no longer be able to modify slide show se -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-dmaguard.md b/windows/client-management/mdm/policy-csp-dmaguard.md index 8901e92cae..5827ede22b 100644 --- a/windows/client-management/mdm/policy-csp-dmaguard.md +++ b/windows/client-management/mdm/policy-csp-dmaguard.md @@ -4,7 +4,7 @@ description: Learn more about the DmaGuard Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 01/09/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -37,7 +37,7 @@ ms.topic: reference -Enumeration policy for external DMA-capable devices incompatible with DMA remapping. This policy only takes effect when Kernel DMA Protection is enabled and supported by the system. **Note** this policy does not apply to 1394, PCMCIA or ExpressCard devices. +Enumeration policy for external DMA-capable devices incompatible with DMA remapping. This policy only takes effect when Kernel DMA Protection is enabled and supported by the system. Note this policy does not apply to 1394, PCMCIA or ExpressCard devices. diff --git a/windows/client-management/mdm/policy-csp-errorreporting.md b/windows/client-management/mdm/policy-csp-errorreporting.md index 2c1178445b..dba5efc34f 100644 --- a/windows/client-management/mdm/policy-csp-errorreporting.md +++ b/windows/client-management/mdm/policy-csp-errorreporting.md @@ -4,7 +4,7 @@ description: Learn more about the ErrorReporting Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 01/09/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ErrorReporting -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -73,8 +70,7 @@ This policy setting determines the consent behavior of Windows Error Reporting f -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -132,8 +128,7 @@ This policy setting turns off Windows Error Reporting, so that reports are not c -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -196,8 +191,7 @@ See also the Configure Error Reporting policy setting. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -256,8 +250,7 @@ This policy setting controls whether additional data in support of error reports -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -316,8 +309,7 @@ This policy setting prevents the display of the user interface for critical erro -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-eventlogservice.md b/windows/client-management/mdm/policy-csp-eventlogservice.md index dd4e120109..0d042d9a21 100644 --- a/windows/client-management/mdm/policy-csp-eventlogservice.md +++ b/windows/client-management/mdm/policy-csp-eventlogservice.md @@ -4,7 +4,7 @@ description: Learn more about the EventLogService Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 01/09/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - EventLogService -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -66,8 +63,7 @@ This policy setting controls Event Log behavior when the log file reaches its ma -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -126,8 +122,7 @@ This policy setting specifies the maximum size of the log file in kilobytes. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -185,8 +180,7 @@ This policy setting specifies the maximum size of the log file in kilobytes. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -244,8 +238,7 @@ This policy setting specifies the maximum size of the log file in kilobytes. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-experience.md b/windows/client-management/mdm/policy-csp-experience.md index 6505002489..81806e561d 100644 --- a/windows/client-management/mdm/policy-csp-experience.md +++ b/windows/client-management/mdm/policy-csp-experience.md @@ -4,7 +4,7 @@ description: Learn more about the Experience Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 03/23/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,8 +16,7 @@ ms.topic: reference # Policy CSP - Experience -> [!IMPORTANT] -> This CSP contains preview policies that are under development and only applicable for [Windows Insider Preview builds](/windows-insider/). These policies are subject to change and may have dependencies on other features or services in preview. +[!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)] diff --git a/windows/client-management/mdm/policy-csp-fileexplorer.md b/windows/client-management/mdm/policy-csp-fileexplorer.md index cb839593b8..5ba1b3a809 100644 --- a/windows/client-management/mdm/policy-csp-fileexplorer.md +++ b/windows/client-management/mdm/policy-csp-fileexplorer.md @@ -4,7 +4,7 @@ description: Learn more about the FileExplorer Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 01/09/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - FileExplorer -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -344,8 +341,7 @@ Disabling data execution prevention can allow certain legacy plug-in application -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -400,8 +396,7 @@ Disabling heap termination on corruption can allow certain legacy plug-in applic -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-humanpresence.md b/windows/client-management/mdm/policy-csp-humanpresence.md index 66486d9057..a7f792145a 100644 --- a/windows/client-management/mdm/policy-csp-humanpresence.md +++ b/windows/client-management/mdm/policy-csp-humanpresence.md @@ -4,7 +4,7 @@ description: Learn more about the HumanPresence Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 03/23/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,8 +16,7 @@ ms.topic: reference # Policy CSP - HumanPresence -> [!IMPORTANT] -> This CSP contains preview policies that are under development and only applicable for [Windows Insider Preview builds](/windows-insider/). These policies are subject to change and may have dependencies on other features or services in preview. +[!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)] diff --git a/windows/client-management/mdm/policy-csp-internetexplorer.md b/windows/client-management/mdm/policy-csp-internetexplorer.md index d8938e641c..9c07168c29 100644 --- a/windows/client-management/mdm/policy-csp-internetexplorer.md +++ b/windows/client-management/mdm/policy-csp-internetexplorer.md @@ -4,7 +4,7 @@ description: Learn more about the InternetExplorer Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 04/26/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - InternetExplorer -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -70,8 +67,7 @@ This policy setting allows you to add a specific list of search providers to the -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -134,8 +130,7 @@ This policy setting controls the ActiveX Filtering feature for websites that are -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -204,8 +199,7 @@ Value - A number indicating whether Internet Explorer should deny or allow the a -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -266,8 +260,7 @@ This AutoComplete feature can remember and suggest User names and passwords on F -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -330,8 +323,7 @@ This policy setting allows you to turn on the certificate address mismatch secur -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -398,8 +390,7 @@ If the "Prevent access to Delete Browsing History" policy setting is enabled, th -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -464,8 +455,7 @@ Enhanced Protected Mode provides additional protection against malicious website -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -530,8 +520,7 @@ This policy setting allows Internet Explorer to provide enhanced suggestions as -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -594,8 +583,7 @@ If you disable or don't configure this policy setting, the menu option won't app -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -657,8 +645,7 @@ This policy setting lets you specify where to find the list of websites you want -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -718,8 +705,7 @@ If you disable this policy, system defaults will be used. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -781,8 +767,7 @@ This policy setting allows you to add specific sites that must be viewed in Inte -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -846,8 +831,7 @@ This policy setting controls how Internet Explorer displays local intranet conte -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -916,8 +900,7 @@ Note. It is recommended to configure template policy settings in one Group Polic -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -986,8 +969,7 @@ Note. It is recommended to configure template policy settings in one Group Polic -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1056,8 +1038,7 @@ Note. It is recommended to configure template policy settings in one Group Polic -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1126,8 +1107,7 @@ Note. It is recommended to configure template policy settings in one Group Polic -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1196,8 +1176,7 @@ Note. It is recommended to configure template policy settings in one Group Polic -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1266,8 +1245,7 @@ Note. It is recommended to configure template policy settings in one Group Polic -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1336,8 +1314,7 @@ Note. It is recommended to configure template policy settings in one Group Polic -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1400,8 +1377,7 @@ This policy allows the user to go directly to an intranet site for a one-word en -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1466,8 +1442,7 @@ For more information, see -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1552,8 +1527,7 @@ Value - A number indicating the zone with which this site should be associated f -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1648,8 +1622,7 @@ Note. It is recommended to configure template policy settings in one Group Polic -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1714,8 +1687,7 @@ This policy setting allows you to manage whether software, such as ActiveX contr -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1784,8 +1756,7 @@ Note. It is recommended to configure template policy settings in one Group Polic -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1850,8 +1821,7 @@ This policy setting controls the Suggested Sites feature, which recommends websi -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1920,8 +1890,7 @@ Note. It is recommended to configure template policy settings in one Group Polic -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1986,8 +1955,7 @@ This policy setting allows you to manage whether Internet Explorer will check re -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2052,8 +2020,7 @@ This policy setting allows you to manage whether Internet Explorer checks for di -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2098,6 +2065,7 @@ This policy setting allows you to manage whether Internet Explorer checks for di Enables you to configure up to three versions of Microsoft Edge to open a redirected site (in order of preference). Use this policy if your environment is configured to redirect sites from Internet Explorer 11 to Microsoft Edge. If any of the chosen versions are not installed on the device, that preference will be bypassed. If both the Windows Update for the next version of Microsoft Edge* and Microsoft Edge Stable channel are installed, the following behaviors occur: + - If you disable or don't configure this policy, Microsoft Edge Stable channel is used. This is the default behavior. - If you enable this policy, you can configure redirected sites to open in up to three of the following channels where: 1 = Microsoft Edge Stable @@ -2106,6 +2074,7 @@ If both the Windows Update for the next version of Microsoft Edge* and Microsoft 4 = Microsoft Edge Canary version 77 or later If the Windows Update for the next version of Microsoft Edge* or Microsoft Edge Stable channel are not installed, the following behaviors occur: + - If you disable or don't configure this policy, Microsoft Edge version 45 or earlier is automatically used. This is the default behavior. - If you enable this policy, you can configure redirected sites to open in up to three of the following channels where: 0 = Microsoft Edge version 45 or earlier @@ -2131,8 +2100,7 @@ If the Windows Update for the next version of Microsoft Edge* or Microsoft Edge -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2405,8 +2373,7 @@ This policy setting determines whether Internet Explorer requires that all file- -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2466,8 +2433,7 @@ For more information, see "Out-of-date ActiveX control blocking" in the Internet -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2530,8 +2496,7 @@ This policy setting determines whether the user can bypass warnings from SmartSc -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2594,8 +2559,7 @@ This policy setting determines whether the user can bypass warnings from SmartSc -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2658,8 +2622,7 @@ This policy setting controls the Compatibility View feature, which allows the us -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2722,8 +2685,7 @@ This setting specifies the number of days that Internet Explorer tracks views of -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2786,8 +2748,7 @@ This policy setting allows you to manage the crash detection feature of add-on M -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2852,8 +2813,7 @@ This policy setting prevents the user from participating in the Customer Experie -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2920,8 +2880,7 @@ If the "Prevent access to Delete Browsing History" policy setting is enabled, th -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2984,8 +2943,7 @@ This policy setting prevents the user from having enclosures (file attachments) -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -3051,8 +3009,7 @@ This policy setting allows you to turn off support for Transport Layer Security -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -3114,8 +3071,7 @@ This policy setting controls whether to have background synchronization for feed -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -3160,6 +3116,7 @@ This policy setting controls whether to have background synchronization for feed This policy setting prevents Internet Explorer from running the First Run wizard the first time a user starts the browser after installing Internet Explorer or Windows. - If you enable this policy setting, you must make one of the following choices: + - Skip the First Run wizard, and go directly to the user's home page. - Skip the First Run wizard, and go directly to the "Welcome to Internet Explorer" webpage. @@ -3182,8 +3139,7 @@ Starting with Windows 8, the "Welcome to Internet Explorer" webpage is not avail -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -3249,8 +3205,7 @@ Microsoft collects your browsing history to improve how flip ahead with page pre -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -3315,8 +3270,7 @@ This policy setting allows you to disable browser geolocation support. This will -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -3375,8 +3329,7 @@ The Home page specified on the General tab of the Internet Options dialog box is -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -3439,8 +3392,7 @@ This policy setting specifies if running the HTML Application (HTA file) is bloc -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -3503,8 +3455,7 @@ This policy setting prevents the user from ignoring Secure Sockets Layer/Transpo -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -3571,8 +3522,7 @@ InPrivate Browsing prevents Internet Explorer from storing data about a user's b -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -3617,6 +3567,7 @@ InPrivate Browsing prevents Internet Explorer from storing data about a user's b This policy lets you restrict launching of Internet Explorer as a standalone browser. If you enable this policy, it: + - Prevents Internet Explorer 11 from launching as a standalone browser. - Restricts Internet Explorer's usage to Microsoft Edge's native 'Internet Explorer mode'. - Redirects all attempts at launching Internet Explorer 11 to Microsoft Edge Stable Channel browser. @@ -3642,8 +3593,7 @@ If you disable, or don't configure this policy, all sites are opened using the c -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -3733,8 +3683,7 @@ This policy setting determines whether Internet Explorer 11 uses 64-bit processe -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -3797,8 +3746,7 @@ This policy setting specifies if a user can change proxy settings. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -3861,8 +3809,7 @@ This policy setting prevents the user from changing the default search provider -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -3928,8 +3875,7 @@ Secondary home pages are the default Web pages that Internet Explorer loads in s -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -3991,8 +3937,7 @@ This policy setting turns off the Security Settings Check feature, which checks -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -4053,8 +3998,7 @@ This policy is intended to help the administrator maintain version control for I -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -4119,8 +4063,7 @@ This AutoComplete feature suggests possible matches when users are entering Web -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -4187,8 +4130,7 @@ When Enhanced Protected Mode is enabled, and a user encounters a website that at -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -4254,8 +4196,7 @@ Also, see the "Security zones: Use only machine settings" policy. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -4321,8 +4262,7 @@ Also, see the "Security zones: Use only machine settings" policy. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -4387,8 +4327,7 @@ For more information, see "Outdated ActiveX Controls" in the Internet Explorer T -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -4458,8 +4397,7 @@ For more information, see "Outdated ActiveX Controls" in the Internet Explorer T -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -4524,8 +4462,7 @@ For more information, see -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -4592,8 +4529,7 @@ To learn more about disabling Internet Explorer 11 as a standalone browser, see -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -4658,8 +4594,7 @@ This policy setting controls whether local sites which are not explicitly mapped -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -4724,8 +4659,7 @@ This policy setting controls whether URLs representing UNCs are mapped into the -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -4790,8 +4724,7 @@ This policy setting allows you to manage whether Internet Explorer can access da -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -4855,8 +4788,7 @@ This policy setting manages whether users will be automatically prompted for Act -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -4918,8 +4850,7 @@ This policy setting determines whether users will be prompted for non user-initi -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -4985,8 +4916,7 @@ If you select Prompt in the drop-down box, users are queried as to whether to pe -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -5050,8 +4980,7 @@ This policy setting allows you to manage whether users can drag files or copy an -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -5117,8 +5046,7 @@ This policy setting allows you to manage whether pages of the zone may download -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -5182,8 +5110,7 @@ This policy setting allows you to manage whether Web sites from less privileged -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -5247,8 +5174,7 @@ This policy setting allows you to manage the loading of Extensible Application M -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -5312,8 +5238,7 @@ This policy setting allows you to manage whether . NET Framework components that -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -5375,8 +5300,7 @@ This policy setting controls whether or not the user is prompted to allow Active -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -5438,8 +5362,7 @@ This policy setting controls whether or not the user is allowed to run the TDC A -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -5503,8 +5426,7 @@ This policy setting determines whether a page can control embedded WebBrowser co -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -5568,8 +5490,7 @@ This policy setting allows you to manage restrictions on script-initiated pop-up -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -5633,8 +5554,7 @@ This policy setting allows you to manage whether the user can run scriptlets. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -5701,8 +5621,7 @@ This policy setting controls whether SmartScreen Filter scans pages in this zone -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -5764,8 +5683,7 @@ This policy setting allows you to manage whether script is allowed to update the -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -5829,8 +5747,7 @@ This policy setting allows you to manage the preservation of information in the -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -5896,8 +5813,7 @@ If you do not configure or disable this policy setting, VBScript is prevented fr -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -5961,8 +5877,7 @@ This policy setting determines whether Internet Explorer runs antimalware progra -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -6026,8 +5941,7 @@ This policy setting allows you to manage whether users may download signed Activ -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -6091,8 +6005,7 @@ This policy setting allows you to manage whether users may download unsigned Act -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -6154,8 +6067,7 @@ This policy controls whether or not the Cross-Site Scripting (XSS) Filter will d -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -6198,9 +6110,9 @@ This policy controls whether or not the Cross-Site Scripting (XSS) Filter will d This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows. -- If you enable this policy setting and click Enable, users can drag content from one domain to a different domain when the source and destination are in different windows. Users cannot change this setting. +If you enable this policy setting and click Enable, users can drag content from one domain to a different domain when the source and destination are in different windows. Users cannot change this setting. -- If you enable this policy setting and click Disable, users cannot drag content from one domain to a different domain when both the source and destination are in different windows. Users cannot change this setting. +If you enable this policy setting and click Disable, users cannot drag content from one domain to a different domain when both the source and destination are in different windows. Users cannot change this setting. In Internet Explorer 10, if you disable this policy setting or do not configure it, users cannot drag content from one domain to a different domain when the source and destination are in different windows. Users can change this setting in the Internet Options dialog. @@ -6221,8 +6133,7 @@ In Internet Explorer 9 and earlier versions, if you disable this policy or do no -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -6265,9 +6176,9 @@ In Internet Explorer 9 and earlier versions, if you disable this policy or do no This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window. -- If you enable this policy setting and click Enable, users can drag content from one domain to a different domain when the source and destination are in the same window. Users cannot change this setting. +If you enable this policy setting and click Enable, users can drag content from one domain to a different domain when the source and destination are in the same window. Users cannot change this setting. -- If you enable this policy setting and click Disable, users cannot drag content from one domain to a different domain when the source and destination are in the same window. Users cannot change this setting in the Internet Options dialog. +If you enable this policy setting and click Disable, users cannot drag content from one domain to a different domain when the source and destination are in the same window. Users cannot change this setting in the Internet Options dialog. In Internet Explorer 10, if you disable this policy setting or do not configure it, users cannot drag content from one domain to a different domain when the source and destination are in the same window. Users can change this setting in the Internet Options dialog. @@ -6288,8 +6199,7 @@ In Internet Explorer 9 and earlier versions, if you disable this policy setting -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -6353,8 +6263,7 @@ This policy setting allows you to manage MIME sniffing for file promotion from o -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -6418,8 +6327,7 @@ This policy setting allows you to turn on Protected Mode. Protected Mode helps p -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -6483,8 +6391,7 @@ This policy setting controls whether or not local path information is sent when -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -6550,8 +6457,7 @@ This policy setting allows you to manage ActiveX controls not marked as safe. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -6621,8 +6527,7 @@ High Safety enables applets to run in their sandbox. Disable Java to prevent any -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -6686,8 +6591,7 @@ This policy setting allows you to manage whether applications may be run and fil -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -6759,8 +6663,7 @@ Automatic logon with current user name and password to attempt logon using Windo -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -6803,11 +6706,11 @@ Automatic logon with current user name and password to attempt logon using Windo This policy setting allows you to manage the opening of windows and frames and access of applications across different domains. -- If you enable this policy setting, users can open windows and frames from othe domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow windows and frames to access applications from other domains. +- If you enable this policy setting, users can open windows and frames from other domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow windows and frames to access applications from other domains. - If you disable this policy setting, users cannot open windows and frames to access applications from different domains. -- If you do not configure this policy setting, users can open windows and frames from othe domains and access applications from other domains. +- If you do not configure this policy setting, users can open windows and frames from other domains and access applications from other domains. @@ -6824,8 +6727,7 @@ This policy setting allows you to manage the opening of windows and frames and a -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -6889,8 +6791,7 @@ This policy setting allows you to manage whether . NET Framework components that -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -6954,8 +6855,7 @@ This policy setting controls whether or not the "Open File - Security Warning" m -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -7019,8 +6919,7 @@ This policy setting allows you to manage whether unwanted pop-up windows appear. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -7084,8 +6983,7 @@ This policy setting allows you to manage whether Internet Explorer can access da -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -7149,8 +7047,7 @@ This policy setting manages whether users will be automatically prompted for Act -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -7212,8 +7109,7 @@ This policy setting determines whether users will be prompted for non user-initi -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -7279,8 +7175,7 @@ This policy setting allows you to manage whether pages of the zone may download -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -7344,8 +7239,7 @@ This policy setting allows you to manage whether Web sites from less privileged -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -7409,8 +7303,7 @@ This policy setting allows you to manage whether . NET Framework components that -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -7474,8 +7367,7 @@ This policy setting allows you to manage whether the user can run scriptlets. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -7542,8 +7434,7 @@ This policy setting controls whether SmartScreen Filter scans pages in this zone -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -7607,8 +7498,7 @@ This policy setting allows you to manage the preservation of information in the -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -7672,8 +7562,7 @@ This policy setting determines whether Internet Explorer runs antimalware progra -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -7739,8 +7628,7 @@ This policy setting allows you to manage ActiveX controls not marked as safe. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -7810,8 +7698,7 @@ High Safety enables applets to run in their sandbox. Disable Java to prevent any -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -7854,11 +7741,11 @@ High Safety enables applets to run in their sandbox. Disable Java to prevent any This policy setting allows you to manage the opening of windows and frames and access of applications across different domains. -- If you enable this policy setting, users can open windows and frames from othe domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow windows and frames to access applications from other domains. +- If you enable this policy setting, users can open windows and frames from other domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow windows and frames to access applications from other domains. - If you disable this policy setting, users cannot open windows and frames to access applications from different domains. -- If you do not configure this policy setting, users can open windows and frames from othe domains and access applications from other domains. +- If you do not configure this policy setting, users can open windows and frames from other domains and access applications from other domains. @@ -7875,8 +7762,7 @@ This policy setting allows you to manage the opening of windows and frames and a -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -7940,8 +7826,7 @@ This policy setting specifies whether JScript or JScript9Legacy is loaded for MS -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -7992,6 +7877,7 @@ Prevents intranet sites from being opened in any browser except Internet Explore We strongly recommend keeping this policy in sync with the 'Send all intranet sites to Internet Explorer' ('SendIntranetToInternetExplorer') policy. Additionally, it's best to enable this policy only if your intranet sites have known compatibility problems with Microsoft Edge. Related policies: + - Send all intranet sites to Internet Explorer ('SendIntranetToInternetExplorer') - Send all sites not included in the Enterprise Mode Site List to Microsoft Edge ('RestrictIE') @@ -8012,8 +7898,7 @@ For more info about how to use this policy together with other related policies -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -8101,8 +7986,7 @@ This policy setting allows you to manage whether Internet Explorer can access da -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -8166,8 +8050,7 @@ This policy setting manages whether users will be automatically prompted for Act -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -8229,8 +8112,7 @@ This policy setting determines whether users will be prompted for non user-initi -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -8296,8 +8178,7 @@ This policy setting allows you to manage whether pages of the zone may download -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -8361,8 +8242,7 @@ This policy setting allows you to manage whether Web sites from less privileged -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -8426,8 +8306,7 @@ This policy setting allows you to manage whether . NET Framework components that -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -8491,8 +8370,7 @@ This policy setting allows you to manage whether the user can run scriptlets. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -8559,8 +8437,7 @@ This policy setting controls whether SmartScreen Filter scans pages in this zone -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -8624,8 +8501,7 @@ This policy setting allows you to manage the preservation of information in the -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -8689,8 +8565,7 @@ This policy setting determines whether Internet Explorer runs antimalware progra -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -8756,8 +8631,7 @@ This policy setting allows you to manage ActiveX controls not marked as safe. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -8827,8 +8701,7 @@ High Safety enables applets to run in their sandbox. Disable Java to prevent any -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -8871,11 +8744,11 @@ High Safety enables applets to run in their sandbox. Disable Java to prevent any This policy setting allows you to manage the opening of windows and frames and access of applications across different domains. -- If you enable this policy setting, users can open windows and frames from othe domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow windows and frames to access applications from other domains. +- If you enable this policy setting, users can open windows and frames from other domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow windows and frames to access applications from other domains. - If you disable this policy setting, users cannot open windows and frames to access applications from different domains. -- If you do not configure this policy setting, users can open windows and frames from othe domains and access applications from other domains. +- If you do not configure this policy setting, users can open windows and frames from other domains and access applications from other domains. @@ -8892,8 +8765,7 @@ This policy setting allows you to manage the opening of windows and frames and a -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -8957,8 +8829,7 @@ This policy setting allows you to manage whether Internet Explorer can access da -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -9022,8 +8893,7 @@ This policy setting manages whether users will be automatically prompted for Act -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -9085,8 +8955,7 @@ This policy setting determines whether users will be prompted for non user-initi -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -9152,8 +9021,7 @@ This policy setting allows you to manage whether pages of the zone may download -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -9217,8 +9085,7 @@ This policy setting allows you to manage whether Web sites from less privileged -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -9282,8 +9149,7 @@ This policy setting allows you to manage whether . NET Framework components that -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -9347,8 +9213,7 @@ This policy setting allows you to manage whether the user can run scriptlets. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -9415,8 +9280,7 @@ This policy setting controls whether SmartScreen Filter scans pages in this zone -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -9480,8 +9344,7 @@ This policy setting allows you to manage the preservation of information in the -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -9547,8 +9410,7 @@ This policy setting allows you to manage ActiveX controls not marked as safe. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -9618,8 +9480,7 @@ High Safety enables applets to run in their sandbox. Disable Java to prevent any -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -9662,11 +9523,11 @@ High Safety enables applets to run in their sandbox. Disable Java to prevent any This policy setting allows you to manage the opening of windows and frames and access of applications across different domains. -- If you enable this policy setting, users can open windows and frames from othe domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow windows and frames to access applications from other domains. +- If you enable this policy setting, users can open windows and frames from other domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow windows and frames to access applications from other domains. - If you disable this policy setting, users cannot open windows and frames to access applications from different domains. -- If you do not configure this policy setting, users can open windows and frames from othe domains and access applications from other domains. +- If you do not configure this policy setting, users can open windows and frames from other domains and access applications from other domains. @@ -9683,8 +9544,7 @@ This policy setting allows you to manage the opening of windows and frames and a -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -9754,8 +9614,7 @@ High Safety enables applets to run in their sandbox. Disable Java to prevent any -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -9819,8 +9678,7 @@ This policy setting allows you to manage whether Internet Explorer can access da -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -9884,8 +9742,7 @@ This policy setting manages whether users will be automatically prompted for Act -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -9947,8 +9804,7 @@ This policy setting determines whether users will be prompted for non user-initi -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -10014,8 +9870,7 @@ This policy setting allows you to manage whether pages of the zone may download -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -10079,8 +9934,7 @@ This policy setting allows you to manage whether Web sites from less privileged -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -10144,8 +9998,7 @@ This policy setting allows you to manage whether . NET Framework components that -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -10209,8 +10062,7 @@ This policy setting allows you to manage whether the user can run scriptlets. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -10277,8 +10129,7 @@ This policy setting controls whether SmartScreen Filter scans pages in this zone -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -10342,8 +10193,7 @@ This policy setting allows you to manage the preservation of information in the -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -10409,8 +10259,7 @@ This policy setting allows you to manage ActiveX controls not marked as safe. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -10453,11 +10302,11 @@ This policy setting allows you to manage ActiveX controls not marked as safe. This policy setting allows you to manage the opening of windows and frames and access of applications across different domains. -- If you enable this policy setting, users can open windows and frames from othe domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow windows and frames to access applications from other domains. +- If you enable this policy setting, users can open windows and frames from other domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow windows and frames to access applications from other domains. - If you disable this policy setting, users cannot open windows and frames to access applications from different domains. -- If you do not configure this policy setting, users can open windows and frames from othe domains and access applications from other domains. +- If you do not configure this policy setting, users can open windows and frames from other domains and access applications from other domains. @@ -10474,8 +10323,7 @@ This policy setting allows you to manage the opening of windows and frames and a -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -10539,8 +10387,7 @@ This policy setting allows you to manage whether Internet Explorer can access da -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -10604,8 +10451,7 @@ This policy setting manages whether users will be automatically prompted for Act -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -10667,8 +10513,7 @@ This policy setting determines whether users will be prompted for non user-initi -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -10734,8 +10579,7 @@ This policy setting allows you to manage whether pages of the zone may download -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -10799,8 +10643,7 @@ This policy setting allows you to manage whether Web sites from less privileged -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -10864,8 +10707,7 @@ This policy setting allows you to manage whether . NET Framework components that -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -10929,8 +10771,7 @@ This policy setting allows you to manage whether the user can run scriptlets. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -10997,8 +10838,7 @@ This policy setting controls whether SmartScreen Filter scans pages in this zone -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -11062,8 +10902,7 @@ This policy setting allows you to manage the preservation of information in the -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -11129,8 +10968,7 @@ This policy setting allows you to manage ActiveX controls not marked as safe. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -11200,8 +11038,7 @@ High Safety enables applets to run in their sandbox. Disable Java to prevent any -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -11244,11 +11081,11 @@ High Safety enables applets to run in their sandbox. Disable Java to prevent any This policy setting allows you to manage the opening of windows and frames and access of applications across different domains. -- If you enable this policy setting, users can open windows and frames from othe domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow windows and frames to access applications from other domains. +- If you enable this policy setting, users can open windows and frames from other domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow windows and frames to access applications from other domains. - If you disable this policy setting, users cannot open windows and frames to access applications from different domains. -- If you do not configure this policy setting, users can open windows and frames from othe domains and access applications from other domains. +- If you do not configure this policy setting, users can open windows and frames from other domains and access applications from other domains. @@ -11265,8 +11102,7 @@ This policy setting allows you to manage the opening of windows and frames and a -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -11330,8 +11166,7 @@ This policy setting allows you to manage whether Internet Explorer can access da -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -11395,8 +11230,7 @@ This policy setting manages whether users will be automatically prompted for Act -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -11458,8 +11292,7 @@ This policy setting determines whether users will be prompted for non user-initi -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -11525,8 +11358,7 @@ This policy setting allows you to manage whether pages of the zone may download -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -11590,8 +11422,7 @@ This policy setting allows you to manage whether Web sites from less privileged -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -11655,8 +11486,7 @@ This policy setting allows you to manage whether . NET Framework components that -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -11720,8 +11550,7 @@ This policy setting allows you to manage whether the user can run scriptlets. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -11788,8 +11617,7 @@ This policy setting controls whether SmartScreen Filter scans pages in this zone -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -11853,8 +11681,7 @@ This policy setting allows you to manage the preservation of information in the -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -11920,8 +11747,7 @@ This policy setting allows you to manage ActiveX controls not marked as safe. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -11991,8 +11817,7 @@ High Safety enables applets to run in their sandbox. Disable Java to prevent any -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -12056,8 +11881,7 @@ This policy setting allows you to manage the opening of windows and frames and a -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -12121,8 +11945,7 @@ This policy setting allows you to manage whether Internet Explorer can access da -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -12186,8 +12009,7 @@ This policy setting manages whether users will be automatically prompted for Act -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -12249,8 +12071,7 @@ This policy setting determines whether users will be prompted for non user-initi -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -12316,8 +12137,7 @@ This policy setting allows you to manage whether pages of the zone may download -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -12381,8 +12201,7 @@ This policy setting allows you to manage whether Web sites from less privileged -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -12446,8 +12265,7 @@ This policy setting allows you to manage whether . NET Framework components that -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -12511,8 +12329,7 @@ This policy setting allows you to manage whether the user can run scriptlets. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -12579,8 +12396,7 @@ This policy setting controls whether SmartScreen Filter scans pages in this zone -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -12644,8 +12460,7 @@ This policy setting allows you to manage the preservation of information in the -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -12711,8 +12526,7 @@ This policy setting allows you to manage ActiveX controls not marked as safe. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -12782,8 +12596,7 @@ High Safety enables applets to run in their sandbox. Disable Java to prevent any -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -12826,11 +12639,11 @@ High Safety enables applets to run in their sandbox. Disable Java to prevent any This policy setting allows you to manage the opening of windows and frames and access of applications across different domains. -- If you enable this policy setting, users can open windows and frames from othe domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow windows and frames to access applications from other domains. +- If you enable this policy setting, users can open windows and frames from other domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow windows and frames to access applications from other domains. - If you disable this policy setting, users cannot open windows and frames to access applications from different domains. -- If you do not configure this policy setting, users can open windows and frames from othe domains and access applications from other domains. +- If you do not configure this policy setting, users can open windows and frames from other domains and access applications from other domains. @@ -12847,8 +12660,7 @@ This policy setting allows you to manage the opening of windows and frames and a -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -12912,8 +12724,7 @@ This policy setting determines whether Internet Explorer MIME sniffing will prev -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -12977,8 +12788,7 @@ The MK Protocol Security Restriction policy setting reduces attack surface area -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -13040,8 +12850,7 @@ This policy setting allows you to specify what is displayed when the user opens -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -13105,8 +12914,7 @@ This policy setting allows you to manage whether the Notification bar is display -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -13168,8 +12976,7 @@ This policy setting prevents the user from managing SmartScreen Filter, which wa -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -13231,8 +13038,7 @@ This policy setting allows you to prevent the installation of ActiveX controls o -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -13297,8 +13103,7 @@ Internet Explorer places restrictions on each Web page it opens. The restriction -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -13362,8 +13167,7 @@ For more information, see "Outdated ActiveX Controls" in the Internet Explorer T -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -13428,8 +13232,7 @@ For more information, see -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -13494,8 +13297,7 @@ This policy setting enables blocking of ActiveX control installation prompts for -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -13559,8 +13361,7 @@ This policy setting allows you to manage whether Internet Explorer can access da -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -13624,8 +13425,7 @@ This policy setting allows you to manage whether script code on pages in the zon -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -13689,8 +13489,7 @@ This policy setting manages whether users will be automatically prompted for Act -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -13752,8 +13551,7 @@ This policy setting determines whether users will be prompted for non user-initi -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -13817,8 +13615,7 @@ This policy setting allows you to manage dynamic binary and script behaviors: co -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -13884,8 +13681,7 @@ If you select Prompt in the drop-down box, users are queried as to whether to pe -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -13949,8 +13745,7 @@ This policy setting allows you to manage whether users can drag files or copy an -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -14014,8 +13809,7 @@ This policy setting allows you to manage whether file downloads are permitted fr -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -14081,8 +13875,7 @@ This policy setting allows you to manage whether pages of the zone may download -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -14146,8 +13939,7 @@ This policy setting allows you to manage whether Web sites from less privileged -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -14211,8 +14003,7 @@ This policy setting allows you to manage the loading of Extensible Application M -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -14276,8 +14067,7 @@ This policy setting allows you to manage whether a user's browser can be redirec -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -14341,8 +14131,7 @@ This policy setting allows you to manage whether . NET Framework components that -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -14404,8 +14193,7 @@ This policy setting controls whether or not the user is prompted to allow Active -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -14467,8 +14255,7 @@ This policy setting controls whether or not the user is allowed to run the TDC A -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -14532,8 +14319,7 @@ This policy setting determines whether a page can control embedded WebBrowser co -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -14597,8 +14383,7 @@ This policy setting allows you to manage restrictions on script-initiated pop-up -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -14662,8 +14447,7 @@ This policy setting allows you to manage whether the user can run scriptlets. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -14730,8 +14514,7 @@ This policy setting controls whether SmartScreen Filter scans pages in this zone -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -14793,8 +14576,7 @@ This policy setting allows you to manage whether script is allowed to update the -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -14858,8 +14640,7 @@ This policy setting allows you to manage the preservation of information in the -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -14925,8 +14706,7 @@ If you do not configure or disable this policy setting, VBScript is prevented fr -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -14990,8 +14770,7 @@ This policy setting determines whether Internet Explorer runs antimalware progra -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -15055,8 +14834,7 @@ This policy setting allows you to manage whether users may download signed Activ -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -15120,8 +14898,7 @@ This policy setting allows you to manage whether users may download unsigned Act -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -15183,8 +14960,7 @@ This policy controls whether or not the Cross-Site Scripting (XSS) Filter will d -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -15227,9 +15003,9 @@ This policy controls whether or not the Cross-Site Scripting (XSS) Filter will d This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows. -- If you enable this policy setting and click Enable, users can drag content from one domain to a different domain when the source and destination are in different windows. Users cannot change this setting. +If you enable this policy setting and click Enable, users can drag content from one domain to a different domain when the source and destination are in different windows. Users cannot change this setting. -- If you enable this policy setting and click Disable, users cannot drag content from one domain to a different domain when both the source and destination are in different windows. Users cannot change this setting. +If you enable this policy setting and click Disable, users cannot drag content from one domain to a different domain when both the source and destination are in different windows. Users cannot change this setting. In Internet Explorer 10, if you disable this policy setting or do not configure it, users cannot drag content from one domain to a different domain when the source and destination are in different windows. Users can change this setting in the Internet Options dialog. @@ -15250,8 +15026,7 @@ In Internet Explorer 9 and earlier versions, if you disable this policy or do no -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -15294,9 +15069,9 @@ In Internet Explorer 9 and earlier versions, if you disable this policy or do no This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window. -- If you enable this policy setting and click Enable, users can drag content from one domain to a different domain when the source and destination are in the same window. Users cannot change this setting. +If you enable this policy setting and click Enable, users can drag content from one domain to a different domain when the source and destination are in the same window. Users cannot change this setting. -- If you enable this policy setting and click Disable, users cannot drag content from one domain to a different domain when the source and destination are in the same window. Users cannot change this setting in the Internet Options dialog. +If you enable this policy setting and click Disable, users cannot drag content from one domain to a different domain when the source and destination are in the same window. Users cannot change this setting in the Internet Options dialog. In Internet Explorer 10, if you disable this policy setting or do not configure it, users cannot drag content from one domain to a different domain when the source and destination are in the same window. Users can change this setting in the Internet Options dialog. @@ -15317,8 +15092,7 @@ In Internet Explorer 9 and earlier versions, if you disable this policy setting -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -15382,8 +15156,7 @@ This policy setting allows you to manage MIME sniffing for file promotion from o -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -15447,8 +15220,7 @@ This policy setting controls whether or not local path information is sent when -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -15514,8 +15286,7 @@ This policy setting allows you to manage ActiveX controls not marked as safe. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -15585,8 +15356,7 @@ High Safety enables applets to run in their sandbox. Disable Java to prevent any -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -15650,8 +15420,7 @@ This policy setting allows you to manage whether applications may be run and fil -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -15723,8 +15492,7 @@ Automatic logon with current user name and password to attempt logon using Windo -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -15788,8 +15556,7 @@ This policy setting allows you to manage the opening of windows and frames and a -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -15855,8 +15622,7 @@ If you selected Prompt in the drop-down box, users are asked to choose whether t -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -15920,8 +15686,7 @@ This policy setting allows you to manage whether . NET Framework components that -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -15987,8 +15752,7 @@ If you select Prompt in the drop-down box, users are queried to choose whether t -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -16054,8 +15818,7 @@ If you select Prompt in the drop-down box, users are queried to choose whether t -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -16119,8 +15882,7 @@ This policy setting controls whether or not the "Open File - Security Warning" m -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -16184,8 +15946,7 @@ This policy setting allows you to turn on Protected Mode. Protected Mode helps p -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -16249,8 +16010,7 @@ This policy setting allows you to manage whether unwanted pop-up windows appear. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -16314,8 +16074,7 @@ This policy setting enables blocking of file download prompts that are not user -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -16379,8 +16138,7 @@ Internet Explorer allows scripts to programmatically open, resize, and repositio -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -16445,8 +16203,7 @@ This policy setting allows you to restrict the search providers that appear in t -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -16509,8 +16266,7 @@ Also, see the "Security zones: Do not allow users to change policies" policy. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -16578,8 +16334,7 @@ Disabling, or not configuring this setting, opens all sites based on the current -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -16665,8 +16420,7 @@ This policy setting allows you to specify how ActiveX controls are installed. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -16731,8 +16485,7 @@ This policy setting allows you to manage whether Internet Explorer can access da -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -16796,8 +16549,7 @@ This policy setting manages whether users will be automatically prompted for Act -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -16859,8 +16611,7 @@ This policy setting determines whether users will be prompted for non user-initi -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -16926,8 +16677,7 @@ This policy setting allows you to manage whether pages of the zone may download -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -16991,8 +16741,7 @@ This policy setting allows you to manage whether Web sites from less privileged -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -17056,8 +16805,7 @@ This policy setting allows you to manage whether . NET Framework components that -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -17121,8 +16869,7 @@ This policy setting allows you to manage whether the user can run scriptlets. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -17189,8 +16936,7 @@ This policy setting controls whether SmartScreen Filter scans pages in this zone -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -17254,8 +17000,7 @@ This policy setting allows you to manage the preservation of information in the -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -17319,8 +17064,7 @@ This policy setting determines whether Internet Explorer runs antimalware progra -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -17386,8 +17130,7 @@ This policy setting allows you to manage ActiveX controls not marked as safe. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -17457,8 +17200,7 @@ High Safety enables applets to run in their sandbox. Disable Java to prevent any -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -17501,11 +17243,11 @@ High Safety enables applets to run in their sandbox. Disable Java to prevent any This policy setting allows you to manage the opening of windows and frames and access of applications across different domains. -- If you enable this policy setting, users can open windows and frames from othe domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow windows and frames to access applications from other domains. +- If you enable this policy setting, users can open windows and frames from other domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow windows and frames to access applications from other domains. - If you disable this policy setting, users cannot open windows and frames to access applications from different domains. -- If you do not configure this policy setting, users can open windows and frames from othe domains and access applications from other domains. +- If you do not configure this policy setting, users can open windows and frames from other domains and access applications from other domains. @@ -17522,8 +17264,7 @@ This policy setting allows you to manage the opening of windows and frames and a -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-kerberos.md b/windows/client-management/mdm/policy-csp-kerberos.md index 16587b8ce0..2083db2928 100644 --- a/windows/client-management/mdm/policy-csp-kerberos.md +++ b/windows/client-management/mdm/policy-csp-kerberos.md @@ -4,7 +4,7 @@ description: Learn more about the Kerberos Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 04/26/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - Kerberos -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -63,8 +60,7 @@ This policy setting defines the list of trusting forests that the Kerberos clien -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -190,8 +186,7 @@ This policy setting controls whether a device will request claims and compound a -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -625,8 +620,7 @@ This policy setting controls whether a computer requires that Kerberos message e -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -685,8 +679,7 @@ This policy setting controls the Kerberos client's behavior in validating the KD -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -750,8 +743,7 @@ The size of the context token buffer determines the maximum size of SSPI context -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-licensing.md b/windows/client-management/mdm/policy-csp-licensing.md index 4ece74db51..21a0f1510f 100644 --- a/windows/client-management/mdm/policy-csp-licensing.md +++ b/windows/client-management/mdm/policy-csp-licensing.md @@ -4,7 +4,7 @@ description: Learn more about the Licensing Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 03/23/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -39,6 +39,7 @@ ms.topic: reference This policy setting controls whether OS Reactivation is blocked on a device. Policy Options: + - Not Configured (default -- Windows registration and reactivation is allowed) - Disabled (Windows registration and reactivation is not allowed) - Enabled (Windows registration is allowed) @@ -107,6 +108,7 @@ Policy Options: This policy setting lets you opt-out of sending KMS client activation data to Microsoft automatically. Enabling this setting prevents this computer from sending data to Microsoft regarding its activation state. If you disable or do not configure this policy setting, KMS client activation data will be sent to Microsoft services when this device activates. Policy Options: + - Not Configured (default -- data will be automatically sent to Microsoft) - Disabled (data will be automatically sent to Microsoft) - Enabled (data will not be sent to Microsoft) diff --git a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md index b85c550c26..8c594a8378 100644 --- a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md +++ b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md @@ -4,7 +4,7 @@ description: Learn more about the LocalPoliciesSecurityOptions Area in Policy CS author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 03/23/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,8 +16,7 @@ ms.topic: reference # Policy CSP - LocalPoliciesSecurityOptions -> [!IMPORTANT] -> This CSP contains preview policies that are under development and only applicable for [Windows Insider Preview builds](/windows-insider/). These policies are subject to change and may have dependencies on other features or services in preview. +[!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)] diff --git a/windows/client-management/mdm/policy-csp-lsa.md b/windows/client-management/mdm/policy-csp-lsa.md index 44b1d9a8ae..3eeee4eaa8 100644 --- a/windows/client-management/mdm/policy-csp-lsa.md +++ b/windows/client-management/mdm/policy-csp-lsa.md @@ -4,7 +4,7 @@ description: Learn more about the LocalSecurityAuthority Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 01/09/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - LocalSecurityAuthority -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -63,8 +60,7 @@ This policy controls the configuration under which LSASS loads custom SSPs and A -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-mixedreality.md b/windows/client-management/mdm/policy-csp-mixedreality.md index ad926281b0..1eb8c7115d 100644 --- a/windows/client-management/mdm/policy-csp-mixedreality.md +++ b/windows/client-management/mdm/policy-csp-mixedreality.md @@ -4,7 +4,7 @@ description: Learn more about the MixedReality Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 04/26/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - MixedReality -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -401,7 +398,7 @@ This policy setting specifies a set of parameters for controlling the Windows NT - If you enable this policy setting, you can specify the following parameters for the Windows NTP Client. -- If you disable or do not configure this policy setting, the WIndows NTP Client uses the defaults of each of the following parameters. +- If you disable or do not configure this policy setting, the Windows NTP Client uses the defaults of each of the following parameters. NtpServer The Domain Name System (DNS) name or IP address of an NTP time source. This value is in the form of "dnsName,flags" where "flags" is a hexadecimal bitmask of the flags for that host. For more information, see the NTP Client Group Policy Settings Associated with Windows Time section of the Windows Time Service Group Policy Settings. The default value is "time.windows.com,0x09". @@ -449,8 +446,7 @@ For more information, see [ADMX_W32Time Policy CSP - W32Time_Policy_Configure_NT -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -821,8 +817,7 @@ For more information, see the [ConfigureNtpClient](#configurentpclient) policy. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -867,7 +862,7 @@ The following example XML string shows the value to enable this policy: -This policy configures whether the device will take the user through the eye tracking calibration process during device setup and first time user setup. If this policy is enabled, the device will not show the eye tracking calibration process during device setup and first time user setup. **Note** that until the user goes through the calibration process, eye tracking will not work on the device. If an app requires eye tracking and the user has not gone through the calibration process, the user will be prompted to do so. +This policy configures whether the device will take the user through the eye tracking calibration process during device setup and first time user setup. If this policy is enabled, the device will not show the eye tracking calibration process during device setup and first time user setup. Note that until the user goes through the calibration process, eye tracking will not work on the device. If an app requires eye tracking and the user has not gone through the calibration process, the user will be prompted to do so. diff --git a/windows/client-management/mdm/policy-csp-mssecurityguide.md b/windows/client-management/mdm/policy-csp-mssecurityguide.md index 98481bddc4..f7b38e8274 100644 --- a/windows/client-management/mdm/policy-csp-mssecurityguide.md +++ b/windows/client-management/mdm/policy-csp-mssecurityguide.md @@ -4,7 +4,7 @@ description: Learn more about the MSSecurityGuide Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 02/17/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - MSSecurityGuide -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -59,8 +56,7 @@ ms.topic: reference -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -110,8 +106,7 @@ ms.topic: reference -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -161,8 +156,7 @@ ms.topic: reference -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -212,8 +206,7 @@ ms.topic: reference -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -263,8 +256,7 @@ ms.topic: reference -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -314,8 +306,7 @@ ms.topic: reference -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-msslegacy.md b/windows/client-management/mdm/policy-csp-msslegacy.md index c164d07e12..c91e8380b3 100644 --- a/windows/client-management/mdm/policy-csp-msslegacy.md +++ b/windows/client-management/mdm/policy-csp-msslegacy.md @@ -4,7 +4,7 @@ description: Learn more about the MSSLegacy Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 01/09/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - MSSLegacy -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -60,8 +57,7 @@ Allow ICMP redirects to override OSPF generated routes. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -112,8 +108,7 @@ Allow the computer to ignore NetBIOS name release requests except from WINS serv -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -164,8 +159,7 @@ IP source routing protection level (protects against packet spoofing). -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -216,8 +210,7 @@ IPv6 source routing protection level (protects against packet spoofing). -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-power.md b/windows/client-management/mdm/policy-csp-power.md index a8a8f001c3..fae68da678 100644 --- a/windows/client-management/mdm/policy-csp-power.md +++ b/windows/client-management/mdm/policy-csp-power.md @@ -4,7 +4,7 @@ description: Learn more about the Power Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 03/23/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - Power -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -112,8 +109,7 @@ This policy setting manages whether or not Windows is allowed to use standby sta -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -172,8 +168,7 @@ This policy setting manages whether or not Windows is allowed to use standby sta -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -234,8 +229,7 @@ If the user has configured a slide show to run on the lock screen when the machi -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -295,8 +289,7 @@ If the user has configured a slide show to run on the lock screen when the machi -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -474,8 +467,7 @@ If the user has configured a slide show to run on the lock screen when the machi -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -535,8 +527,7 @@ If the user has configured a slide show to run on the lock screen when the machi -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -594,8 +585,7 @@ This policy setting specifies whether or not the user is prompted for a password -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -654,8 +644,7 @@ This policy setting specifies whether or not the user is prompted for a password -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -696,6 +685,7 @@ This policy setting specifies whether or not the user is prompted for a password This policy setting specifies the action that Windows takes when a user closes the lid on a mobile PC. Possible actions include: + -Take no action -Sleep -Hibernate @@ -771,6 +761,7 @@ Possible actions include: This policy setting specifies the action that Windows takes when a user closes the lid on a mobile PC. Possible actions include: + -Take no action -Sleep -Hibernate @@ -846,6 +837,7 @@ Possible actions include: This policy setting specifies the action that Windows takes when a user presses the power button. Possible actions include: + -Take no action -Sleep -Hibernate @@ -921,6 +913,7 @@ Possible actions include: This policy setting specifies the action that Windows takes when a user presses the power button. Possible actions include: + -Take no action -Sleep -Hibernate @@ -996,6 +989,7 @@ Possible actions include: This policy setting specifies the action that Windows takes when a user presses the sleep button. Possible actions include: + -Take no action -Sleep -Hibernate @@ -1071,6 +1065,7 @@ Possible actions include: This policy setting specifies the action that Windows takes when a user presses the sleep button. Possible actions include: + -Take no action -Sleep -Hibernate @@ -1166,8 +1161,7 @@ If the user has configured a slide show to run on the lock screen when the machi -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1227,8 +1221,7 @@ If the user has configured a slide show to run on the lock screen when the machi -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-printers.md b/windows/client-management/mdm/policy-csp-printers.md index 61ca4d4ecc..2efba00c84 100644 --- a/windows/client-management/mdm/policy-csp-printers.md +++ b/windows/client-management/mdm/policy-csp-printers.md @@ -4,7 +4,7 @@ description: Learn more about the Printers Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 03/23/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - Printers -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -64,8 +61,7 @@ The format of this setting is `/[,/]`. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -124,8 +120,7 @@ The format of this setting is `/[,/]`. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -194,8 +189,7 @@ The following are the supported values: -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -276,8 +270,7 @@ The following are the supported values: -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -341,8 +334,7 @@ The following are the supported values: -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -388,11 +380,11 @@ You can enable this setting to configure the Redirection Guard policy being appl - If you enable this setting you may select the following options: -- Enabled : Redirection Guard will prevent any file redirections from being followed +- Enabled: Redirection Guard will prevent any file redirections from being followed -- Disabled : Redirection Guard will not be enabled and file redirections may be used within the spooler process +- Disabled: Redirection Guard will not be enabled and file redirections may be used within the spooler process -- Audit : Redirection Guard will log events as though it were enabled but will not actually prevent file redirections from being used within the spooler. +- Audit: Redirection Guard will log events as though it were enabled but will not actually prevent file redirections from being used within the spooler. @@ -414,8 +406,7 @@ The following are the supported values: -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -469,8 +460,7 @@ The following are the supported values: -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -508,10 +498,12 @@ This policy setting controls which protocol and protocol settings to use for out By default, RPC over TCP is used and authentication is always enabled. For RPC over named pipes, authentication is always enabled for domain joined machines but disabled for non domain joined machines. Protocol to use for outgoing RPC connections: + - "RPC over TCP": Use RPC over TCP for outgoing RPC connections to a remote print spooler - "RPC over named pipes": Use RPC over named pipes for outgoing RPC connections to a remote print spooler Use authentication for outgoing RPC over named pipes connections: + - "Default": By default domain joined computers enable RPC authentication for RPC over named pipes while non domain joined computers disable RPC authentication for RPC over named pipes - "Authentication enabled": RPC authentication will be used for outgoing RPC over named pipes connections - "Authentication disabled": RPC authentication will not be used for outgoing RPC over named pipes connections @@ -533,8 +525,7 @@ If you disable or do not configure this policy setting, the above defaults will -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -576,11 +567,13 @@ This policy setting controls which protocols incoming RPC connections to the pri By default, RPC over TCP is enabled and Negotiate is used for the authentication protocol. Protocols to allow for incoming RPC connections: + - "RPC over named pipes": Incoming RPC connections are only allowed over named pipes - "RPC over TCP": Incoming RPC connections are only allowed over TCP (the default option) - "RPC over named pipes and TCP": Incoming RPC connections will be allowed over TCP and named pipes Authentication protocol to use for incoming RPC connections: + - "Negotiate": Use the Negotiate authentication protocol (the default option) - "Kerberos": Use the Kerberos authentication protocol @@ -601,8 +594,7 @@ If you disable or do not configure this policy setting, the above defaults will -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -644,6 +636,7 @@ This policy setting controls which port is used for RPC over TCP for incoming co By default dynamic TCP ports are used. RPC over TCP port: + - The port to use for RPC over TCP. A value of 0 is the default and indicates that dynamic TCP ports will be used If you disable or do not configure this policy setting, dynamic TCP ports are used. @@ -663,8 +656,7 @@ If you disable or do not configure this policy setting, dynamic TCP ports are us -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -724,8 +716,7 @@ By default, there are no restrictions to printing based on connection type or pr -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -786,8 +777,7 @@ By default, there are no restrictions to printing based on connection type or pr -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -848,8 +838,7 @@ If you disable or do not configure this policy setting, the registry key and val -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -889,16 +878,19 @@ If you disable or do not configure this policy setting, the registry key and val This policy setting controls the client Point and Print behavior, including the security prompts for Windows Vista computers. The policy setting applies only to non-Print Administrator clients, and only to computers that are members of a domain. - If you enable this policy setting: + -Windows XP and later clients will only download print driver components from a list of explicitly named servers. If a compatible print driver is available on the client, a printer connection will be made. If a compatible print driver is not available on the client, no connection will be made. -You can configure Windows Vista clients so that security warnings and elevated command prompts do not appear when users Point and Print, or when printer connection drivers need to be updated. - If you do not configure this policy setting: + -Windows Vista client computers can point and print to any server. -Windows Vista computers will show a warning and an elevated command prompt when users create a printer connection to any server using Point and Print. -Windows Vista computers will show a warning and an elevated command prompt when an existing printer connection driver needs to be updated. -Windows Server 2003 and Windows XP client computers can create a printer connection to any server in their forest using Point and Print. - If you disable this policy setting: + -Windows Vista client computers can create a printer connection to any server using Point and Print. -Windows Vista computers will not show a warning or an elevated command prompt when users create a printer connection to any server using Point and Print. -Windows Vista computers will not show a warning or an elevated command prompt when an existing printer connection driver needs to be updated. @@ -920,8 +912,7 @@ This policy setting controls the client Point and Print behavior, including the -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -962,16 +953,19 @@ This policy setting controls the client Point and Print behavior, including the This policy setting controls the client Point and Print behavior, including the security prompts for Windows Vista computers. The policy setting applies only to non-Print Administrator clients, and only to computers that are members of a domain. - If you enable this policy setting: + -Windows XP and later clients will only download print driver components from a list of explicitly named servers. If a compatible print driver is available on the client, a printer connection will be made. If a compatible print driver is not available on the client, no connection will be made. -You can configure Windows Vista clients so that security warnings and elevated command prompts do not appear when users Point and Print, or when printer connection drivers need to be updated. - If you do not configure this policy setting: + -Windows Vista client computers can point and print to any server. -Windows Vista computers will show a warning and an elevated command prompt when users create a printer connection to any server using Point and Print. -Windows Vista computers will show a warning and an elevated command prompt when an existing printer connection driver needs to be updated. -Windows Server 2003 and Windows XP client computers can create a printer connection to any server in their forest using Point and Print. - If you disable this policy setting: + -Windows Vista client computers can create a printer connection to any server using Point and Print. -Windows Vista computers will not show a warning or an elevated command prompt when users create a printer connection to any server using Point and Print. -Windows Vista computers will not show a warning or an elevated command prompt when an existing printer connection driver needs to be updated. @@ -993,8 +987,7 @@ This policy setting controls the client Point and Print behavior, including the -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1056,8 +1049,7 @@ Determines whether the computer's shared printers can be published in Active Dir -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1118,8 +1110,7 @@ By default, users that aren't Administrators can't install print drivers on this -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-remoteassistance.md b/windows/client-management/mdm/policy-csp-remoteassistance.md index 247dadacdb..0e564b40f5 100644 --- a/windows/client-management/mdm/policy-csp-remoteassistance.md +++ b/windows/client-management/mdm/policy-csp-remoteassistance.md @@ -4,7 +4,7 @@ description: Learn more about the RemoteAssistance Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 03/23/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - RemoteAssistance -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -69,8 +66,7 @@ The "Display warning message before connecting" policy setting allows you to spe -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -131,8 +127,7 @@ This policy setting allows you to turn logging on or off. Log files are located -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -201,8 +196,7 @@ The "Select the method for sending email invitations" setting specifies which em -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -294,8 +288,7 @@ Allow Remote Desktop Exception. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-remotedesktopservices.md b/windows/client-management/mdm/policy-csp-remotedesktopservices.md index 2a7bf33c7f..c8aa5f13b5 100644 --- a/windows/client-management/mdm/policy-csp-remotedesktopservices.md +++ b/windows/client-management/mdm/policy-csp-remotedesktopservices.md @@ -4,7 +4,7 @@ description: Learn more about the RemoteDesktopServices Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 01/09/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - RemoteDesktopServices -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -70,8 +67,7 @@ You can limit the number of users who can connect simultaneously by configuring -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -120,7 +116,7 @@ Specifies whether to require the use of a specific encryption level to secure co - If you disable or do not configure this setting, the encryption level to be used for remote connections to RD Session Host servers is not enforced through Group Policy. -**Important** +Important FIPS compliance can be configured through the System cryptography. Use FIPS compliant algorithms for encryption, hashing, and signing settings in Group Policy (under Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options.) The FIPS compliant setting encrypts and decrypts data sent from the client to the server and from the server to the client, with the Federal Information Processing Standard (FIPS) 140 encryption algorithms, by using Microsoft cryptographic modules. Use this encryption level when communications between clients and RD Session Host servers requires the highest level of encryption. @@ -139,8 +135,7 @@ FIPS compliance can be configured through the System cryptography. Use FIPS comp -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -202,8 +197,7 @@ By default, an RD Session Host server maps client drives automatically upon conn -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -262,8 +256,7 @@ Controls whether passwords can be saved on this computer from Remote Desktop Con -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -324,8 +317,7 @@ By default, Remote Desktop allows redirection of WebAuthn requests. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -390,8 +382,7 @@ By default, Remote Desktop Services allows users to automatically log on by ente -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -457,8 +448,7 @@ If the status is set to Not Configured, unsecured communication is allowed. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-remotemanagement.md b/windows/client-management/mdm/policy-csp-remotemanagement.md index 1025e2c4b0..1c99376bd4 100644 --- a/windows/client-management/mdm/policy-csp-remotemanagement.md +++ b/windows/client-management/mdm/policy-csp-remotemanagement.md @@ -4,7 +4,7 @@ description: Learn more about the RemoteManagement Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 03/23/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - RemoteManagement -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -63,8 +60,7 @@ This policy setting allows you to manage whether the Windows Remote Management ( -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -123,8 +119,7 @@ This policy setting allows you to manage whether the Windows Remote Management ( -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -183,8 +178,7 @@ This policy setting allows you to manage whether the Windows Remote Management ( -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -243,8 +237,7 @@ This policy setting allows you to manage whether the Windows Remote Management ( -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -316,8 +309,7 @@ Example IPv6 filters:\n3FFE:FFFF:7654:FEDA:1245:BA98:0000:0000-3. FFE:FFFF:7654: -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -376,8 +368,7 @@ This policy setting allows you to manage whether the Windows Remote Management ( -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -436,8 +427,7 @@ This policy setting allows you to manage whether the Windows Remote Management ( -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -496,8 +486,7 @@ This policy setting allows you to manage whether the Windows Remote Management ( -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -556,8 +545,7 @@ This policy setting allows you to manage whether the Windows Remote Management ( -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -616,8 +604,7 @@ This policy setting allows you to manage whether the Windows Remote Management ( -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -678,8 +665,7 @@ If you enable and then disable this policy setting,any values that were previous -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -744,8 +730,7 @@ If HardeningLevel is set to None, all requests are accepted (though they are not -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -804,8 +789,7 @@ This policy setting allows you to manage whether the Windows Remote Management ( -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -868,8 +852,7 @@ A listener might be automatically created on port 80 to ensure backward compatib -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -932,8 +915,7 @@ A listener might be automatically created on port 443 to ensure backward compati -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-remoteprocedurecall.md b/windows/client-management/mdm/policy-csp-remoteprocedurecall.md index fc904f741b..1661c9101c 100644 --- a/windows/client-management/mdm/policy-csp-remoteprocedurecall.md +++ b/windows/client-management/mdm/policy-csp-remoteprocedurecall.md @@ -4,7 +4,7 @@ description: Learn more about the RemoteProcedureCall Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 01/09/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - RemoteProcedureCall -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -76,8 +73,7 @@ This policy setting impacts all RPC applications. In a domain environment this p -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -140,8 +136,7 @@ This policy setting controls whether RPC clients authenticate with the Endpoint -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-remoteshell.md b/windows/client-management/mdm/policy-csp-remoteshell.md index f0153f08b7..c7a1cff498 100644 --- a/windows/client-management/mdm/policy-csp-remoteshell.md +++ b/windows/client-management/mdm/policy-csp-remoteshell.md @@ -4,7 +4,7 @@ description: Learn more about the RemoteShell Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 03/23/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - RemoteShell -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -63,8 +60,7 @@ If you set this policy to 'disabled', new remote shell connections are rejected -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -125,8 +121,7 @@ The value can be any number from 1 to 100. -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -186,8 +181,7 @@ Any value from 0 to 0x7FFFFFFF can be set. A minimum of 60000 milliseconds (1 mi -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -247,8 +241,7 @@ Any value from 0 to 0x7FFFFFFF can be set, where 0 equals unlimited memory, whic -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -306,8 +299,7 @@ This policy setting configures the maximum number of processes a remote shell is -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -367,8 +359,7 @@ Any number from 0 to 0x7FFFFFFF cand be set, where 0 means unlimited number of s -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -422,8 +413,7 @@ This policy setting is deprecated and has no effect when set to any state: Enabl -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-search.md b/windows/client-management/mdm/policy-csp-search.md index dc4d67697d..badb2712d0 100644 --- a/windows/client-management/mdm/policy-csp-search.md +++ b/windows/client-management/mdm/policy-csp-search.md @@ -4,7 +4,7 @@ description: Learn more about the Search Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 03/23/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,8 +16,7 @@ ms.topic: reference # Policy CSP - Search -> [!IMPORTANT] -> This CSP contains preview policies that are under development and only applicable for [Windows Insider Preview builds](/windows-insider/). These policies are subject to change and may have dependencies on other features or services in preview. +[!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)] diff --git a/windows/client-management/mdm/policy-csp-servicecontrolmanager.md b/windows/client-management/mdm/policy-csp-servicecontrolmanager.md index bec3edbcd6..92e2b28765 100644 --- a/windows/client-management/mdm/policy-csp-servicecontrolmanager.md +++ b/windows/client-management/mdm/policy-csp-servicecontrolmanager.md @@ -4,7 +4,7 @@ description: Learn more about the ServiceControlManager Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 01/09/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - ServiceControlManager -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -70,8 +67,7 @@ If you enable this policy, it adds code integrity guard (CIG) and arbitrary code -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-settingssync.md b/windows/client-management/mdm/policy-csp-settingssync.md index c879d37038..6b07bd1695 100644 --- a/windows/client-management/mdm/policy-csp-settingssync.md +++ b/windows/client-management/mdm/policy-csp-settingssync.md @@ -4,7 +4,7 @@ description: Learn more about the SettingsSync Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 03/23/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,13 +16,9 @@ ms.topic: reference # Policy CSP - SettingsSync -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] -> [!IMPORTANT] -> This CSP contains preview policies that are under development and only applicable for [Windows Insider Preview builds](/windows-insider/). These policies are subject to change and may have dependencies on other features or services in preview. +[!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)] @@ -68,8 +64,7 @@ If you do not set or disable this setting, syncing of the "accessibility" group -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -124,8 +119,7 @@ If you do not set or disable this setting, syncing of the "accessibility" group -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-start.md b/windows/client-management/mdm/policy-csp-start.md index 040fb1fed2..2907090931 100644 --- a/windows/client-management/mdm/policy-csp-start.md +++ b/windows/client-management/mdm/policy-csp-start.md @@ -4,7 +4,7 @@ description: Learn more about the Start Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/01/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -2059,8 +2059,7 @@ To validate this policy, do the following steps: - -- If you enable this policy setting, you can configure Start menu to show or hide the list of user's most used apps, regardless of user settings. +If you enable this policy setting, you can configure Start menu to show or hide the list of user's most used apps, regardless of user settings. Selecting "Show" will force the "Most used" list to be shown, and user cannot change to hide it using the Settings app. @@ -2068,7 +2067,7 @@ Selecting "Hide" will force the "Most used" list to be hidden, and user cannot c Selecting "Not Configured", or if you disable or do not configure this policy setting, all will allow users to turn on or off the display of "Most used" list using the Settings app. This is default behavior. -**Note** configuring this policy to "Show" or "Hide" on supported versions of Windows 10 will supercede any policy setting of "Remove frequent programs list from the Start Menu" (which manages same part of Start menu but with fewer options). +Note configuring this policy to "Show" or "Hide" on supported versions of Windows 10 will supercede any policy setting of "Remove frequent programs list from the Start Menu" (which manages same part of Start menu but with fewer options). diff --git a/windows/client-management/mdm/policy-csp-storage.md b/windows/client-management/mdm/policy-csp-storage.md index bbf0efadb7..598a78f960 100644 --- a/windows/client-management/mdm/policy-csp-storage.md +++ b/windows/client-management/mdm/policy-csp-storage.md @@ -4,7 +4,7 @@ description: Learn more about the Storage Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 01/09/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - Storage -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -539,8 +536,7 @@ This policy setting configures whether or not Windows will activate an Enhanced -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -679,8 +675,7 @@ To enable this policy, the minimum OS requirement is Windows 10, version 1809 an -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -750,8 +745,7 @@ To enable this policy, the minimum OS requirement is Windows 10, version 1809 an -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -821,8 +815,7 @@ To enable this policy, the minimum OS requirement is Windows 10, version 1809 an -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -892,8 +885,7 @@ To enable this policy, the minimum OS requirement is Windows 10, version 1809 an -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-system.md b/windows/client-management/mdm/policy-csp-system.md index 3af6abb66f..6b4ab26843 100644 --- a/windows/client-management/mdm/policy-csp-system.md +++ b/windows/client-management/mdm/policy-csp-system.md @@ -4,7 +4,7 @@ description: Learn more about the System Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 03/23/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,13 +16,9 @@ ms.topic: reference # Policy CSP - System -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] -> [!IMPORTANT] -> This CSP contains preview policies that are under development and only applicable for [Windows Insider Preview builds](/windows-insider/). These policies are subject to change and may have dependencies on other features or services in preview. +[!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)] @@ -684,7 +680,7 @@ By configuring this policy setting you can adjust what diagnostic data is collec If you disable or do not configure this policy setting, the device will send required diagnostic data and the end user can choose whether to send optional diagnostic data from the Settings app. -**Note**: +Note: The "Configure diagnostic data opt-in settings user interface" group policy can be used to prevent end users from changing their data collection settings. @@ -945,6 +941,7 @@ If you disable or do not configure this policy setting, devices enrolled to the This policy setting allows you to specify which boot-start drivers are initialized based on a classification determined by an Early Launch Antimalware boot-start driver. The Early Launch Antimalware boot-start driver can return the following classifications for each boot-start driver: + - Good: The driver has been signed and has not been tampered with. - Bad: The driver has been identified as malware. It is recommended that you do not allow known bad drivers to be initialized. - Bad, but required for boot: The driver has been identified as malware, but the computer cannot successfully boot without loading this driver. @@ -971,8 +968,7 @@ If your malware detection application does not include an Early Launch Antimalwa -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1138,7 +1134,7 @@ If you set this policy setting to "Disable diagnostic data opt-in settings", dia If you don't configure this policy setting, or you set it to "Enable diagnostic data opt-in settings", end users can change the device diagnostic settings in the Settings app. -**Note**: +Note: To set a limit on the amount of diagnostic data that is sent to Microsoft by your organization, use the "Allow Diagnostic Data" policy setting. @@ -1619,8 +1615,7 @@ Also, see the "Turn off System Restore configuration" policy setting. If the "Tu -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -2048,7 +2043,7 @@ If you disable or do not configure this policy setting, diagnostic data collecti With this policy setting, you can forward Connected User Experience and Telemetry requests to a proxy server. -- If you enable this policy setting, you can specify the FQDN or IP address of the destination device within your organization's network (and optionally a port number, if desired). The connection will be made over a Secure Sockets Layer (SSL) connection. If the named proxy fails, or if you disable or do not configure this policy setting, Connected User Experience and Telemetry data will be sent to Microsoft using the default proxy configuration. +If you enable this policy setting, you can specify the FQDN or IP address of the destination device within your organization's network (and optionally a port number, if desired). The connection will be made over a Secure Sockets Layer (SSL) connection. If the named proxy fails, or if you disable or do not configure this policy setting, Connected User Experience and Telemetry data will be sent to Microsoft using the default proxy configuration. The format for this setting is ``:`` diff --git a/windows/client-management/mdm/policy-csp-tenantrestrictions.md b/windows/client-management/mdm/policy-csp-tenantrestrictions.md index 96f488a077..6741a05f01 100644 --- a/windows/client-management/mdm/policy-csp-tenantrestrictions.md +++ b/windows/client-management/mdm/policy-csp-tenantrestrictions.md @@ -4,7 +4,7 @@ description: Learn more about the TenantRestrictions Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 04/26/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - TenantRestrictions -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -69,8 +66,7 @@ For details about setting up WDAC with tenant restrictions, see -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-textinput.md b/windows/client-management/mdm/policy-csp-textinput.md index 7832fbfb73..d8aa0c4571 100644 --- a/windows/client-management/mdm/policy-csp-textinput.md +++ b/windows/client-management/mdm/policy-csp-textinput.md @@ -4,7 +4,7 @@ description: Learn more about the TextInput Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/01/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -429,7 +429,7 @@ Allows the Japanese user dictionary. Most restricted value is 0. -Specifies whether text prediction is enabled or disabled for the on-screen keyboard, touch keyboard, and handwriting recognition tool. When this policy is set to disabled, text prediction is disabled. Most restricted value is 0. + Specifies whether text prediction is enabled or disabled for the on-screen keyboard, touch keyboard, and handwriting recognition tool. When this policy is set to disabled, text prediction is disabled. Most restricted value is 0. diff --git a/windows/client-management/mdm/policy-csp-update.md b/windows/client-management/mdm/policy-csp-update.md index a5d3afb700..64420bd95f 100644 --- a/windows/client-management/mdm/policy-csp-update.md +++ b/windows/client-management/mdm/policy-csp-update.md @@ -4,7 +4,7 @@ description: Learn more about the Update Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 04/26/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,8 +16,7 @@ ms.topic: reference # Policy CSP - Update -> [!IMPORTANT] -> This CSP contains preview policies that are under development and only applicable for [Windows Insider Preview builds](/windows-insider/). These policies are subject to change and may have dependencies on other features or services in preview. +[!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)] @@ -1886,7 +1885,7 @@ Specifies an alternate intranet server to host updates from Microsoft Update. Yo - If you enable this policy, the PC will not automatically restart after updates during active hours. The PC will attempt to restart outside of active hours. -**Note** that the PC must restart for certain updates to take effect. +Note that the PC must restart for certain updates to take effect. - If you disable or do not configure this policy and have no other reboot group policies, the user selected active hours will be in effect. @@ -1895,7 +1894,7 @@ If any of the following two policies are enabled, this policy has no effect: 1. No auto-restart with logged on users for scheduled automatic updates installations. 2. Always automatically restart at scheduled time. -**Note** that the default max active hours range is 18 hours from the active hours start time unless otherwise configured via the Specify active hours range for auto-restarts policy. +Note that the default max active hours range is 18 hours from the active hours start time unless otherwise configured via the Specify active hours range for auto-restarts policy. @@ -2012,7 +2011,7 @@ If you disable or do not configure this policy, the default max active hours ran - If you enable this policy, the PC will not automatically restart after updates during active hours. The PC will attempt to restart outside of active hours. -**Note** that the PC must restart for certain updates to take effect. +Note that the PC must restart for certain updates to take effect. - If you disable or do not configure this policy and have no other reboot group policies, the user selected active hours will be in effect. @@ -2021,7 +2020,7 @@ If any of the following two policies are enabled, this policy has no effect: 1. No auto-restart with logged on users for scheduled automatic updates installations. 2. Always automatically restart at scheduled time. -**Note** that the default max active hours range is 18 hours from the active hours start time unless otherwise configured via the Specify active hours range for auto-restarts policy. +Note that the default max active hours range is 18 hours from the active hours start time unless otherwise configured via the Specify active hours range for auto-restarts policy. @@ -2750,7 +2749,7 @@ Enable enterprises/IT admin to configure feature update uninstall period. This policy allows you to define what Windows Update notifications users see. This policy doesn't control how and when updates are downloaded and installed. -**Important** if you choose not to get update notifications and also define other Group policy so that devices aren't automatically getting updates, neither you nor device users will be aware of critical security, quality, or feature updates, and your devices may be at risk. +Important if you choose not to get update notifications and also define other Group policy so that devices aren't automatically getting updates, neither you nor device users will be aware of critical security, quality, or feature updates, and your devices may be at risk. If you select "Apply only during active hours" in conjunction with Option 1 or 2, then notifications will only be disabled during active hours. You can set active hours by setting "Turn off auto-restart for updates during active hours" or allow the device to set active hours based on user behavior. To ensure that the device stays secure, a notification will still be shown if this option is selected once "Specify deadlines for automatic updates and restarts" deadline has been reached if configured, regardless of active hours. @@ -3748,7 +3747,7 @@ These settings are designed for education devices that remain in carts overnight This policy allows you to define what Windows Update notifications users see. This policy doesn't control how and when updates are downloaded and installed. -**Important** if you choose not to get update notifications and also define other Group policy so that devices aren't automatically getting updates, neither you nor device users will be aware of critical security, quality, or feature updates, and your devices may be at risk. +Important if you choose not to get update notifications and also define other Group policy so that devices aren't automatically getting updates, neither you nor device users will be aware of critical security, quality, or feature updates, and your devices may be at risk. If you select "Apply only during active hours" in conjunction with Option 1 or 2, then notifications will only be disabled during active hours. You can set active hours by setting "Turn off auto-restart for updates during active hours" or allow the device to set active hours based on user behavior. To ensure that the device stays secure, a notification will still be shown if this option is selected once "Specify deadlines for automatic updates and restarts" deadline has been reached if configured, regardless of active hours. @@ -4335,7 +4334,7 @@ Enabling any of the following policies will override the above policy: |:--|:--| | Name | EngagedRestartTransitionSchedule | | Friendly Name | Specify Engaged restart transition and notification schedule for updates | -| Element Name | Deadline (days) | +| Element Name | Deadline (days) | | Location | Computer Configuration | | Path | Windows Components > Windows Update > Legacy Policies | | Registry Key Name | Software\Policies\Microsoft\Windows\WindowsUpdate | @@ -4405,7 +4404,7 @@ Enabling any of the following policies will override the above policy: |:--|:--| | Name | EngagedRestartTransitionSchedule | | Friendly Name | Specify Engaged restart transition and notification schedule for updates | -| Element Name | Deadline (days) | +| Element Name | Deadline (days) | | Location | Computer Configuration | | Path | Windows Components > Windows Update > Legacy Policies | | Registry Key Name | Software\Policies\Microsoft\Windows\WindowsUpdate | @@ -4475,7 +4474,7 @@ Enabling any of the following policies will override the above policy: |:--|:--| | Name | EngagedRestartTransitionSchedule | | Friendly Name | Specify Engaged restart transition and notification schedule for updates | -| Element Name | Snooze (days) | +| Element Name | Snooze (days) | | Location | Computer Configuration | | Path | Windows Components > Windows Update > Legacy Policies | | Registry Key Name | Software\Policies\Microsoft\Windows\WindowsUpdate | @@ -4545,7 +4544,7 @@ Enabling any of the following policies will override the above policy: |:--|:--| | Name | EngagedRestartTransitionSchedule | | Friendly Name | Specify Engaged restart transition and notification schedule for updates | -| Element Name | Snooze (days) | +| Element Name | Snooze (days) | | Location | Computer Configuration | | Path | Windows Components > Windows Update > Legacy Policies | | Registry Key Name | Software\Policies\Microsoft\Windows\WindowsUpdate | @@ -4615,7 +4614,7 @@ Enabling any of the following policies will override the above policy: |:--|:--| | Name | EngagedRestartTransitionSchedule | | Friendly Name | Specify Engaged restart transition and notification schedule for updates | -| Element Name | Transition (days) | +| Element Name | Transition (days) | | Location | Computer Configuration | | Path | Windows Components > Windows Update > Legacy Policies | | Registry Key Name | Software\Policies\Microsoft\Windows\WindowsUpdate | @@ -4685,7 +4684,7 @@ Enabling any of the following policies will override the above policy: |:--|:--| | Name | EngagedRestartTransitionSchedule | | Friendly Name | Specify Engaged restart transition and notification schedule for updates | -| Element Name | Transition (days) | +| Element Name | Transition (days) | | Location | Computer Configuration | | Path | Windows Components > Windows Update > Legacy Policies | | Registry Key Name | Software\Policies\Microsoft\Windows\WindowsUpdate | diff --git a/windows/client-management/mdm/policy-csp-userrights.md b/windows/client-management/mdm/policy-csp-userrights.md index d901a34a02..f5abeb78ce 100644 --- a/windows/client-management/mdm/policy-csp-userrights.md +++ b/windows/client-management/mdm/policy-csp-userrights.md @@ -4,7 +4,7 @@ description: Learn more about the UserRights Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/01/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,8 +16,7 @@ ms.topic: reference # Policy CSP - UserRights -> [!IMPORTANT] -> This CSP contains preview policies that are under development and only applicable for [Windows Insider Preview builds](/windows-insider/). These policies are subject to change and may have dependencies on other features or services in preview. +[!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)] @@ -173,10 +172,7 @@ This user right is used by Credential Manager during Backup/Restore. No accounts -This user right determines which users and groups are allowed to connect to the computer over the network. Remote Desktop Services are not affected by this user right. - -> [!NOTE] -> Remote Desktop Services was called Terminal Services in previous versions of Windows Server. +This user right determines which users and groups are allowed to connect to the computer over the network. Remote Desktop Services are not affected by this user right. Note: Remote Desktop Services was called Terminal Services in previous versions of Windows Server. @@ -1660,10 +1656,7 @@ This user right determines which users and groups can run maintenance tasks on a -This user right determines who can modify firmware environment values. Firmware environment variables are settings stored in the nonvolatile RAM of non-x86-based computers. The effect of the setting depends on the processor. On x86-based computers, the only firmware environment value that can be modified by assigning this user right is the Last Known Good Configuration setting, which should only be modified by the system. On Itanium-based computers, boot information is stored in nonvolatile RAM. Users must be assigned this user right to run bootcfg.exe and to change the Default Operating System setting on Startup and Recovery in System Properties. On all computers, this user right is required to install or upgrade Windows. - -> [!NOTE] -> This security setting does not affect who can modify the system environment variables and user environment variables that are displayed on the Advanced tab of System Properties. +This user right determines who can modify firmware environment values. Firmware environment variables are settings stored in the nonvolatile RAM of non-x86-based computers. The effect of the setting depends on the processor. On x86-based computers, the only firmware environment value that can be modified by assigning this user right is the Last Known Good Configuration setting, which should only be modified by the system. On Itanium-based computers, boot information is stored in nonvolatile RAM. Users must be assigned this user right to run bootcfg.exe and to change the Default Operating System setting on Startup and Recovery in System Properties. On all computers, this user right is required to install or upgrade Windows. Note: This security setting does not affect who can modify the system environment variables and user environment variables that are displayed on the Advanced tab of System Properties. diff --git a/windows/client-management/mdm/policy-csp-webthreatdefense.md b/windows/client-management/mdm/policy-csp-webthreatdefense.md index d92837b542..6636dccdfb 100644 --- a/windows/client-management/mdm/policy-csp-webthreatdefense.md +++ b/windows/client-management/mdm/policy-csp-webthreatdefense.md @@ -4,7 +4,7 @@ description: Learn more about the WebThreatDefense Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/01/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,8 +16,7 @@ ms.topic: reference # Policy CSP - WebThreatDefense -> [!IMPORTANT] -> This CSP contains preview policies that are under development and only applicable for [Windows Insider Preview builds](/windows-insider/). These policies are subject to change and may have dependencies on other features or services in preview. +[!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)] diff --git a/windows/client-management/mdm/policy-csp-wifi.md b/windows/client-management/mdm/policy-csp-wifi.md index e538a7928c..ddbe42c056 100644 --- a/windows/client-management/mdm/policy-csp-wifi.md +++ b/windows/client-management/mdm/policy-csp-wifi.md @@ -4,7 +4,7 @@ description: Learn more about the Wifi Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/01/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -130,7 +130,7 @@ By default, ICS is disabled when you create a remote access connection, but admi > Nonadministrators are already prohibited from configuring Internet Connection Sharing, regardless of this setting. > [!NOTE] -> Disabling this setting does not prevent Wireless Hosted Networking from using the ICS service for DHCP services. To prevent the ICS service from running, on the Network Permissions tab in the network's policy properties, select the "Don't use hosted networks" check box. +> Disabling this setting does not prevent Wireless Hosted Networking from using the ICS service for DHCP services. To prevent the ICS service from running, on the Network Permissions tab in the network's policy properties, select the "Do not use hosted networks" check box. diff --git a/windows/client-management/mdm/policy-csp-windowsconnectionmanager.md b/windows/client-management/mdm/policy-csp-windowsconnectionmanager.md index 3b51c6bc44..fe7ad2b015 100644 --- a/windows/client-management/mdm/policy-csp-windowsconnectionmanager.md +++ b/windows/client-management/mdm/policy-csp-windowsconnectionmanager.md @@ -4,7 +4,7 @@ description: Learn more about the WindowsConnectionManager Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 01/09/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - WindowsConnectionManager -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -71,8 +68,7 @@ Manual connection attempts -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md b/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md index bbe80dfd19..fb3028ad8d 100644 --- a/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md +++ b/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md @@ -4,7 +4,7 @@ description: Learn more about the WindowsDefenderSecurityCenter Area in Policy C author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 03/23/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -1035,6 +1035,7 @@ Enabled: Your company contact information will be displayed in notifications that come from Windows Security. After setting this to Enabled, you must configure the Specify contact company name GP setting and at least one of the following GP settings: + -Specify contact phone number or Skype ID -Specify contact email number or email ID -Specify contact website @@ -1113,6 +1114,7 @@ Enabled: Your company contact information will be displayed in a flyout menu in Windows Security. After setting this to Enabled, you must configure the Specify contact company name GP setting and at least one of the following GP settings: + -Specify contact phone number or Skype ID -Specify contact email number or email ID -Specify contact website diff --git a/windows/client-management/mdm/policy-csp-windowslogon.md b/windows/client-management/mdm/policy-csp-windowslogon.md index 3969e76da3..b6368f9893 100644 --- a/windows/client-management/mdm/policy-csp-windowslogon.md +++ b/windows/client-management/mdm/policy-csp-windowslogon.md @@ -4,7 +4,7 @@ description: Learn more about the WindowsLogon Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 03/23/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,13 +16,9 @@ ms.topic: reference # Policy CSP - WindowsLogon -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] -> [!IMPORTANT] -> This CSP contains preview policies that are under development and only applicable for [Windows Insider Preview builds](/windows-insider/). These policies are subject to change and may have dependencies on other features or services in preview. +[!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)] @@ -72,8 +68,7 @@ After enabling this policy, you can configure its settings through the ConfigAut -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -117,6 +112,7 @@ This policy setting controls the configuration under which an automatic restart 1. "Enabled if BitLocker is on and not suspended" specifies that automatic sign on and lock will only occur if BitLocker is active and not suspended during the reboot or shutdown. Personal data can be accessed on the device's hard drive at this time if BitLocker is not on or suspended during an update. BitLocker suspension temporarily removes protection for system components and data but may be needed in certain circumstances to successfully update boot-critical components. BitLocker is suspended during updates if: + - The device doesn't have TPM 2.0 and PCR7, or - The device doesn't use a TPM-only protector @@ -139,8 +135,7 @@ BitLocker is suspended during updates if: -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -198,8 +193,7 @@ This policy setting allows you to prevent app notifications from appearing on th -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -258,8 +252,7 @@ This policy setting allows you to control whether anyone can interact with avail -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -416,8 +409,7 @@ This policy controls the configuration under which winlogon sends MPR notificati -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -476,8 +468,7 @@ This policy setting allows local users to be enumerated on domain-joined compute -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-windowspowershell.md b/windows/client-management/mdm/policy-csp-windowspowershell.md index 982bf3c027..e8f69c71f2 100644 --- a/windows/client-management/mdm/policy-csp-windowspowershell.md +++ b/windows/client-management/mdm/policy-csp-windowspowershell.md @@ -4,7 +4,7 @@ description: Learn more about the WindowsPowerShell Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 03/23/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,10 +16,7 @@ ms.topic: reference # Policy CSP - WindowsPowerShell -> [!TIP] -> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] @@ -74,8 +71,7 @@ starts or stops. Enabling Invocation Logging generates a high volume of event lo -> [!TIP] -> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: diff --git a/windows/client-management/mdm/policy-csp-windowssandbox.md b/windows/client-management/mdm/policy-csp-windowssandbox.md index 9dcfc90191..9113c5049b 100644 --- a/windows/client-management/mdm/policy-csp-windowssandbox.md +++ b/windows/client-management/mdm/policy-csp-windowssandbox.md @@ -4,7 +4,7 @@ description: Learn more about the WindowsSandbox Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 01/09/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -45,7 +45,7 @@ This policy setting enables or disables audio input to the Sandbox. - If you do not configure this policy setting, audio input will be enabled. -**Note** that there may be security implications of exposing host audio input to the container. +Note that there may be security implications of exposing host audio input to the container. @@ -173,7 +173,7 @@ This policy setting enables or disables networking in the sandbox. You can disab - If you do not configure this policy setting, networking will be enabled. -**Note** that enabling networking can expose untrusted applications to the internal network. +Note that enabling networking can expose untrusted applications to the internal network. @@ -301,7 +301,7 @@ This policy setting is to enable or disable the virtualized GPU. - If you do not configure this policy setting, vGPU will be enabled. -**Note** that enabling virtualized GPU can potentially increase the attack surface of the sandbox. +Note that enabling virtualized GPU can potentially increase the attack surface of the sandbox. @@ -366,7 +366,7 @@ This policy setting enables or disables video input to the Sandbox. - If you do not configure this policy setting, video input will be disabled. Applications that use video input may not function properly in Windows Sandbox. -**Note** that there may be security implications of exposing host video input to the container. +Note that there may be security implications of exposing host video input to the container. diff --git a/windows/client-management/mdm/printerprovisioning-csp.md b/windows/client-management/mdm/printerprovisioning-csp.md index ff490d38c4..8a3d772e6f 100644 --- a/windows/client-management/mdm/printerprovisioning-csp.md +++ b/windows/client-management/mdm/printerprovisioning-csp.md @@ -4,7 +4,7 @@ description: Learn more about the PrinterProvisioning CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 02/28/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -89,7 +89,7 @@ This setting will take the action on the specified user account to install or un -Identifies the Universal Print printer, by its Share ID, you wish to install on the targeted user account. The printer's Share ID can be found in the printer's properties via the Universal Print portal. **Note** the targeted user account must have access rights to both the printer and to the Universal Print service. +Identifies the Universal Print printer, by its Share ID, you wish to install on the targeted user account. The printer's Share ID can be found in the printer's properties via the Universal Print portal. Note the targeted user account must have access rights to both the printer and to the Universal Print service. @@ -129,7 +129,7 @@ Identifies the Universal Print printer, by its Share ID, you wish to install on -Identifies the Universal Print printer, by its Printer ID, you wish to install on the targeted user account. The printer's Printer ID can be found in the printer's properties via the Universal Print portal. **Note** the targeted user account must have access rights to both the printer and to the Universal Print service. +Identifies the Universal Print printer, by its Printer ID, you wish to install on the targeted user account. The printer's Printer ID can be found in the printer's properties via the Universal Print portal. Note the targeted user account must have access rights to both the printer and to the Universal Print service. @@ -246,7 +246,7 @@ Support async execute. Install Universal Print printer. -Identifies the Universal Print printer, by its Share Name, you wish to install on the targeted user account. The printer's Share Name can be found in the printer's properties via the Universal Print portal. **Note** the targeted user account must have access rights to both the printer and to the Universal Print service. +Identifies the Universal Print printer, by its Share Name, you wish to install on the targeted user account. The printer's Share Name can be found in the printer's properties via the Universal Print portal. Note the targeted user account must have access rights to both the printer and to the Universal Print service. diff --git a/windows/client-management/mdm/supl-csp.md b/windows/client-management/mdm/supl-csp.md index ddfda20a6b..7abf6ccc77 100644 --- a/windows/client-management/mdm/supl-csp.md +++ b/windows/client-management/mdm/supl-csp.md @@ -4,7 +4,7 @@ description: Learn more about the SUPL CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 04/26/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -392,7 +392,7 @@ Optional. Specifies the positioning method that the SUPL client will use for mob -This setting is deprecated in Windows 10. Optional. Boolean. Specifies whether the location toggle on the location screen in Settings is also used to manage SUPL network-initiated (NI) requests for location. If the value is set to 0, the NI behavior is independent from the current location toggle setting. If the value is set to 1, the NI behavior follows the current location toggle setting. The default value is 1. **Note** that most clients do not support this behavior. This value manages the settings for both SUPL and v2 UPL. If a phone is configured for both SUPL and V2 UPL and these values differ, the SUPL setting will always be used. +This setting is deprecated in Windows 10. Optional. Boolean. Specifies whether the location toggle on the location screen in Settings is also used to manage SUPL network-initiated (NI) requests for location. If the value is set to 0, the NI behavior is independent from the current location toggle setting. If the value is set to 1, the NI behavior follows the current location toggle setting. The default value is 1. Note that most clients do not support this behavior. This value manages the settings for both SUPL and v2 UPL. If a phone is configured for both SUPL and V2 UPL and these values differ, the SUPL setting will always be used. diff --git a/windows/client-management/mdm/surfacehub-csp.md b/windows/client-management/mdm/surfacehub-csp.md index 46e9609e96..0f7ea67116 100644 --- a/windows/client-management/mdm/surfacehub-csp.md +++ b/windows/client-management/mdm/surfacehub-csp.md @@ -4,7 +4,7 @@ description: Learn more about the SurfaceHub CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 03/27/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,8 +16,7 @@ ms.topic: reference # SurfaceHub CSP -> [!IMPORTANT] -> This CSP contains preview policies that are under development and only applicable for [Windows Insider Preview builds](/windows-insider/). These policies are subject to change and may have dependencies on other features or services in preview. +[!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)] diff --git a/windows/client-management/mdm/vpnv2-csp.md b/windows/client-management/mdm/vpnv2-csp.md index 84b7a6c4ec..dadf9c0cbd 100644 --- a/windows/client-management/mdm/vpnv2-csp.md +++ b/windows/client-management/mdm/vpnv2-csp.md @@ -4,7 +4,7 @@ description: Learn more about the VPNv2 CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 04/26/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -870,8 +870,8 @@ Returns the type of App/Id. This value can be either of the following: PackageFa -False : Do not Bypass for Local traffic -True : ByPass VPN Interface for Local Traffic +False: Do not Bypass for Local traffic +True: ByPass VPN Interface for Local Traffic Optional. When this setting is True, requests to local resources that are available on the same Wi-Fi network as the VPN client can bypass the VPN. For example, if enterprise policy for VPN requires force tunnel for VPN, but enterprise intends to allow the remote user to connect locally to media center in their home, then this option should be set to True. The user can bypass VPN for local subnet traffic. When this is set to False, the setting is disabled and no subnet exceptions are allowed. @@ -5148,8 +5148,8 @@ Returns the type of App/Id. This value can be either of the following: PackageFa -False : Do not Bypass for Local traffic -True : ByPass VPN Interface for Local Traffic +False: Do not Bypass for Local traffic +True: ByPass VPN Interface for Local Traffic Optional. When this setting is True, requests to local resources that are available on the same Wi-Fi network as the VPN client can bypass the VPN. For example, if enterprise policy for VPN requires force tunnel for VPN, but enterprise intends to allow the remote user to connect locally to media center in their home, then this option should be set to True. The user can bypass VPN for local subnet traffic. When this is set to False, the setting is disabled and no subnet exceptions are allowed. @@ -7906,8 +7906,8 @@ Boolean value (true or false) for caching credentials. Applicable only to AppContainer profiles. -False : Do not show profile in Settings UI. -True : Show profile in Settings UI. +False: Do not show profile in Settings UI. +True: Show profile in Settings UI. Optional. This node is only relevant for AppContainer profiles (i.e. using the VpnManagementAgent::AddProfileFromXmlAsync method). From 061e59cbfef4ec1c599018b36c0228b50c48383e Mon Sep 17 00:00:00 2001 From: Vinay Pamnani <37223378+vinaypamnani-msft@users.noreply.github.com> Date: Wed, 10 May 2023 17:59:45 -0400 Subject: [PATCH 116/258] =?UTF-8?q?Change=20=E2=9C=94=EF=B8=8F=20to=20?= =?UTF-8?q?=E2=9C=85,=20remove=20Home=20edition,=20codeblock=20chr?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../mdm/Language-pack-management-csp.md | 52 +- .../client-management/mdm/activesync-csp.md | 106 +- .../mdm/applicationcontrol-csp.md | 74 +- .../client-management/mdm/applocker-csp.md | 174 +-- .../mdm/assignedaccess-csp.md | 22 +- .../client-management/mdm/bitlocker-csp.md | 120 +- .../mdm/certificatestore-csp.md | 300 ++--- .../mdm/clientcertificateinstall-csp.md | 296 ++--- windows/client-management/mdm/defender-csp.md | 338 +++--- .../client-management/mdm/devdetail-csp.md | 142 +-- .../mdm/devicemanageability-csp.md | 30 +- .../mdm/devicepreparation-csp.md | 40 +- .../client-management/mdm/devicestatus-csp.md | 202 ++-- windows/client-management/mdm/devinfo-csp.md | 30 +- .../mdm/diagnosticlog-csp.md | 154 +-- windows/client-management/mdm/dmacc-csp.md | 140 +-- windows/client-management/mdm/dmclient-csp.md | 428 +++---- windows/client-management/mdm/email2-csp.md | 134 +-- .../mdm/enterprisedesktopappmanagement-csp.md | 106 +- .../mdm/enterprisemodernappmanagement-csp.md | 890 +++++++------- windows/client-management/mdm/euiccs-csp.md | 98 +- windows/client-management/mdm/firewall-csp.md | 544 ++++----- .../mdm/healthattestation-csp.md | 62 +- windows/client-management/mdm/laps-csp.md | 60 +- .../client-management/mdm/networkproxy-csp.md | 30 +- .../mdm/networkqospolicy-csp.md | 34 +- .../client-management/mdm/nodecache-csp.md | 74 +- windows/client-management/mdm/office-csp.md | 50 +- .../mdm/passportforwork-csp.md | 200 ++-- .../mdm/personaldataencryption-csp.md | 14 +- .../mdm/personalization-csp.md | 18 +- .../policy-configuration-service-provider.md | 84 +- .../mdm/policy-csp-abovelock.md | 14 +- .../mdm/policy-csp-accounts.md | 22 +- .../mdm/policy-csp-activexcontrols.md | 4 +- .../policy-csp-admx-activexinstallservice.md | 4 +- .../mdm/policy-csp-admx-addremoveprograms.md | 44 +- .../mdm/policy-csp-admx-admpwd.md | 16 +- .../mdm/policy-csp-admx-appcompat.md | 36 +- .../mdm/policy-csp-admx-appxpackagemanager.md | 4 +- .../mdm/policy-csp-admx-appxruntime.md | 16 +- .../mdm/policy-csp-admx-attachmentmanager.md | 20 +- .../mdm/policy-csp-admx-auditsettings.md | 4 +- .../mdm/policy-csp-admx-bits.md | 56 +- .../mdm/policy-csp-admx-ciphersuiteorder.md | 8 +- .../mdm/policy-csp-admx-com.md | 8 +- .../mdm/policy-csp-admx-controlpanel.md | 16 +- .../policy-csp-admx-controlpaneldisplay.md | 96 +- .../mdm/policy-csp-admx-cpls.md | 4 +- .../policy-csp-admx-credentialproviders.md | 12 +- .../mdm/policy-csp-admx-credssp.md | 44 +- .../mdm/policy-csp-admx-credui.md | 8 +- .../mdm/policy-csp-admx-ctrlaltdel.md | 16 +- .../mdm/policy-csp-admx-datacollection.md | 4 +- .../mdm/policy-csp-admx-dcom.md | 8 +- .../mdm/policy-csp-admx-desktop.md | 116 +- .../mdm/policy-csp-admx-devicecompat.md | 8 +- .../mdm/policy-csp-admx-deviceguard.md | 4 +- .../mdm/policy-csp-admx-deviceinstallation.md | 32 +- .../mdm/policy-csp-admx-devicesetup.md | 8 +- .../mdm/policy-csp-admx-dfs.md | 4 +- .../mdm/policy-csp-admx-digitallocker.md | 8 +- .../mdm/policy-csp-admx-diskdiagnostic.md | 8 +- .../mdm/policy-csp-admx-disknvcache.md | 16 +- .../mdm/policy-csp-admx-diskquota.md | 24 +- ...policy-csp-admx-distributedlinktracking.md | 4 +- .../mdm/policy-csp-admx-dnsclient.md | 88 +- .../mdm/policy-csp-admx-dwm.md | 24 +- .../mdm/policy-csp-admx-eaime.md | 48 +- .../mdm/policy-csp-admx-encryptfilesonmove.md | 4 +- .../mdm/policy-csp-admx-enhancedstorage.md | 24 +- .../mdm/policy-csp-admx-errorreporting.md | 116 +- .../mdm/policy-csp-admx-eventforwarding.md | 8 +- .../mdm/policy-csp-admx-eventlog.md | 84 +- .../mdm/policy-csp-admx-eventlogging.md | 4 +- .../mdm/policy-csp-admx-eventviewer.md | 12 +- .../mdm/policy-csp-admx-explorer.md | 20 +- .../mdm/policy-csp-admx-externalboot.md | 12 +- .../mdm/policy-csp-admx-filerecovery.md | 4 +- .../mdm/policy-csp-admx-filerevocation.md | 4 +- .../policy-csp-admx-fileservervssprovider.md | 4 +- .../mdm/policy-csp-admx-filesys.md | 32 +- .../mdm/policy-csp-admx-folderredirection.md | 28 +- .../mdm/policy-csp-admx-framepanes.md | 8 +- .../mdm/policy-csp-admx-fthsvc.md | 4 +- .../mdm/policy-csp-admx-globalization.md | 96 +- .../mdm/policy-csp-admx-grouppolicy.md | 172 +-- .../mdm/policy-csp-admx-help.md | 16 +- .../mdm/policy-csp-admx-helpandsupport.md | 16 +- .../mdm/policy-csp-admx-hotspotauth.md | 4 +- .../mdm/policy-csp-admx-icm.md | 104 +- .../mdm/policy-csp-admx-iis.md | 4 +- .../mdm/policy-csp-admx-iscsi.md | 40 +- .../mdm/policy-csp-admx-kdc.md | 24 +- .../mdm/policy-csp-admx-kerberos.md | 32 +- .../mdm/policy-csp-admx-lanmanserver.md | 16 +- .../mdm/policy-csp-admx-lanmanworkstation.md | 12 +- .../mdm/policy-csp-admx-leakdiagnostic.md | 4 +- ...icy-csp-admx-linklayertopologydiscovery.md | 8 +- .../policy-csp-admx-locationprovideradm.md | 4 +- .../mdm/policy-csp-admx-logon.md | 60 +- ...icy-csp-admx-microsoftdefenderantivirus.md | 372 +++--- .../mdm/policy-csp-admx-mmc.md | 20 +- .../mdm/policy-csp-admx-mmcsnapins.md | 416 +++---- .../policy-csp-admx-mobilepcmobilitycenter.md | 8 +- ...y-csp-admx-mobilepcpresentationsettings.md | 8 +- .../mdm/policy-csp-admx-msapolicy.md | 4 +- .../mdm/policy-csp-admx-msched.md | 8 +- .../mdm/policy-csp-admx-msdt.md | 12 +- .../mdm/policy-csp-admx-msi.md | 96 +- .../mdm/policy-csp-admx-msifilerecovery.md | 4 +- .../mdm/policy-csp-admx-mss-legacy.md | 72 +- .../mdm/policy-csp-admx-nca.md | 32 +- .../mdm/policy-csp-admx-ncsi.md | 28 +- .../mdm/policy-csp-admx-netlogon.md | 140 +-- .../mdm/policy-csp-admx-networkconnections.md | 108 +- .../mdm/policy-csp-admx-offlinefiles.md | 184 +-- .../mdm/policy-csp-admx-pca.md | 28 +- .../mdm/policy-csp-admx-peertopeercaching.md | 36 +- .../mdm/policy-csp-admx-pentraining.md | 8 +- .../policy-csp-admx-performancediagnostics.md | 16 +- .../mdm/policy-csp-admx-power.md | 100 +- ...licy-csp-admx-powershellexecutionpolicy.md | 16 +- .../mdm/policy-csp-admx-previousversions.md | 48 +- .../mdm/policy-csp-admx-printing.md | 104 +- .../mdm/policy-csp-admx-printing2.md | 36 +- .../mdm/policy-csp-admx-programs.md | 28 +- .../mdm/policy-csp-admx-pushtoinstall.md | 4 +- .../mdm/policy-csp-admx-qos.md | 76 +- .../mdm/policy-csp-admx-radar.md | 4 +- .../mdm/policy-csp-admx-reliability.md | 16 +- .../mdm/policy-csp-admx-remoteassistance.md | 8 +- .../mdm/policy-csp-admx-removablestorage.md | 128 +- .../mdm/policy-csp-admx-rpc.md | 16 +- .../mdm/policy-csp-admx-sam.md | 4 +- .../mdm/policy-csp-admx-scripts.md | 48 +- .../mdm/policy-csp-admx-sdiageng.md | 12 +- .../mdm/policy-csp-admx-sdiagschd.md | 4 +- .../mdm/policy-csp-admx-securitycenter.md | 4 +- .../mdm/policy-csp-admx-sensors.md | 20 +- .../mdm/policy-csp-admx-servermanager.md | 16 +- .../mdm/policy-csp-admx-servicing.md | 4 +- .../mdm/policy-csp-admx-settingsync.md | 36 +- .../mdm/policy-csp-admx-sharedfolders.md | 8 +- .../mdm/policy-csp-admx-sharing.md | 8 +- ...csp-admx-shellcommandpromptregedittools.md | 16 +- .../mdm/policy-csp-admx-smartcard.md | 64 +- .../mdm/policy-csp-admx-snmp.md | 12 +- .../mdm/policy-csp-admx-soundrec.md | 8 +- .../mdm/policy-csp-admx-srmfci.md | 16 +- .../mdm/policy-csp-admx-startmenu.md | 268 ++--- .../mdm/policy-csp-admx-systemrestore.md | 4 +- .../mdm/policy-csp-admx-tabletpcinputpanel.md | 64 +- .../mdm/policy-csp-admx-tabletshell.md | 88 +- .../mdm/policy-csp-admx-taskbar.md | 88 +- .../mdm/policy-csp-admx-tcpip.md | 52 +- .../mdm/policy-csp-admx-terminalserver.md | 360 +++--- .../mdm/policy-csp-admx-thumbnails.md | 12 +- .../mdm/policy-csp-admx-touchinput.md | 16 +- .../mdm/policy-csp-admx-tpm.md | 40 +- ...y-csp-admx-userexperiencevirtualization.md | 504 ++++---- .../mdm/policy-csp-admx-userprofiles.md | 32 +- .../mdm/policy-csp-admx-w32time.md | 16 +- .../mdm/policy-csp-admx-wcm.md | 12 +- .../mdm/policy-csp-admx-wdi.md | 8 +- .../mdm/policy-csp-admx-wincal.md | 8 +- .../mdm/policy-csp-admx-windowscolorsystem.md | 8 +- .../mdm/policy-csp-admx-windowsconnectnow.md | 12 +- .../mdm/policy-csp-admx-windowsexplorer.md | 284 ++--- .../mdm/policy-csp-admx-windowsmediadrm.md | 4 +- .../mdm/policy-csp-admx-windowsmediaplayer.md | 84 +- ...policy-csp-admx-windowsremotemanagement.md | 8 +- .../mdm/policy-csp-admx-windowsstore.md | 20 +- .../mdm/policy-csp-admx-wininit.md | 12 +- .../mdm/policy-csp-admx-winlogon.md | 24 +- .../mdm/policy-csp-admx-winsrv.md | 4 +- .../mdm/policy-csp-admx-wlansvc.md | 12 +- .../mdm/policy-csp-admx-wordwheel.md | 4 +- .../mdm/policy-csp-admx-workfoldersclient.md | 12 +- .../mdm/policy-csp-admx-wpn.md | 24 +- .../mdm/policy-csp-applicationdefaults.md | 10 +- .../mdm/policy-csp-applicationmanagement.md | 68 +- .../mdm/policy-csp-appruntime.md | 4 +- .../mdm/policy-csp-appvirtualization.md | 112 +- .../mdm/policy-csp-attachmentmanager.md | 12 +- .../client-management/mdm/policy-csp-audit.md | 236 ++-- .../mdm/policy-csp-authentication.md | 40 +- .../mdm/policy-csp-autoplay.md | 12 +- .../mdm/policy-csp-bitlocker.md | 6 +- .../client-management/mdm/policy-csp-bits.md | 24 +- .../mdm/policy-csp-bluetooth.md | 30 +- .../mdm/policy-csp-browser.md | 228 ++-- .../mdm/policy-csp-camera.md | 6 +- .../mdm/policy-csp-cellular.md | 20 +- .../mdm/policy-csp-clouddesktop.md | 4 +- .../mdm/policy-csp-connectivity.md | 60 +- .../mdm/policy-csp-controlpolicyconflict.md | 6 +- .../mdm/policy-csp-credentialproviders.md | 12 +- .../mdm/policy-csp-credentialsdelegation.md | 4 +- .../mdm/policy-csp-credentialsui.md | 8 +- .../mdm/policy-csp-cryptography.md | 10 +- .../mdm/policy-csp-dataprotection.md | 10 +- .../mdm/policy-csp-datausage.md | 8 +- .../mdm/policy-csp-defender.md | 168 +-- .../mdm/policy-csp-deliveryoptimization.md | 116 +- .../mdm/policy-csp-desktop.md | 4 +- .../mdm/policy-csp-desktopappinstaller.md | 52 +- .../mdm/policy-csp-deviceguard.md | 18 +- .../mdm/policy-csp-devicehealthmonitoring.md | 18 +- .../mdm/policy-csp-deviceinstallation.md | 36 +- .../mdm/policy-csp-devicelock.md | 96 +- .../mdm/policy-csp-display.md | 22 +- .../mdm/policy-csp-dmaguard.md | 4 +- .../client-management/mdm/policy-csp-eap.md | 6 +- .../mdm/policy-csp-education.md | 26 +- .../mdm/policy-csp-enterprisecloudprint.md | 26 +- .../mdm/policy-csp-errorreporting.md | 20 +- .../mdm/policy-csp-eventlogservice.md | 16 +- .../mdm/policy-csp-experience.md | 128 +- .../mdm/policy-csp-exploitguard.md | 6 +- .../mdm/policy-csp-federatedauthentication.md | 6 +- .../mdm/policy-csp-fileexplorer.md | 28 +- .../client-management/mdm/policy-csp-games.md | 6 +- .../mdm/policy-csp-handwriting.md | 6 +- .../mdm/policy-csp-humanpresence.md | 32 +- .../mdm/policy-csp-internetexplorer.md | 1044 ++++++++--------- .../mdm/policy-csp-kerberos.md | 48 +- .../mdm/policy-csp-kioskbrowser.md | 30 +- .../mdm/policy-csp-lanmanworkstation.md | 6 +- .../mdm/policy-csp-licensing.md | 8 +- ...policy-csp-localpoliciessecurityoptions.md | 204 ++-- .../mdm/policy-csp-localusersandgroups.md | 6 +- .../mdm/policy-csp-lockdown.md | 6 +- .../client-management/mdm/policy-csp-lsa.md | 8 +- .../client-management/mdm/policy-csp-maps.md | 10 +- .../mdm/policy-csp-memorydump.md | 10 +- .../mdm/policy-csp-messaging.md | 14 +- .../mdm/policy-csp-mixedreality.md | 76 +- .../mdm/policy-csp-mssecurityguide.md | 24 +- .../mdm/policy-csp-msslegacy.md | 16 +- .../mdm/policy-csp-multitasking.md | 6 +- .../mdm/policy-csp-networkisolation.md | 34 +- .../mdm/policy-csp-networklistmanager.md | 10 +- .../mdm/policy-csp-newsandinterests.md | 6 +- .../mdm/policy-csp-notifications.md | 22 +- .../client-management/mdm/policy-csp-power.md | 92 +- .../mdm/policy-csp-printers.md | 68 +- .../mdm/policy-csp-privacy.md | 410 +++---- .../mdm/policy-csp-remoteassistance.md | 16 +- .../mdm/policy-csp-remotedesktop.md | 10 +- .../mdm/policy-csp-remotedesktopservices.md | 28 +- .../mdm/policy-csp-remotemanagement.md | 60 +- .../mdm/policy-csp-remoteprocedurecall.md | 8 +- .../mdm/policy-csp-remoteshell.md | 28 +- .../mdm/policy-csp-restrictedgroups.md | 6 +- .../mdm/policy-csp-search.md | 72 +- .../mdm/policy-csp-security.md | 46 +- .../mdm/policy-csp-servicecontrolmanager.md | 4 +- .../mdm/policy-csp-settings.md | 58 +- .../mdm/policy-csp-settingssync.md | 8 +- .../mdm/policy-csp-smartscreen.md | 14 +- .../mdm/policy-csp-speech.md | 6 +- .../client-management/mdm/policy-csp-start.md | 152 +-- .../mdm/policy-csp-stickers.md | 6 +- .../mdm/policy-csp-storage.md | 52 +- .../mdm/policy-csp-system.md | 132 +-- .../mdm/policy-csp-systemservices.md | 26 +- .../mdm/policy-csp-taskmanager.md | 6 +- .../mdm/policy-csp-taskscheduler.md | 6 +- .../mdm/policy-csp-tenantdefinedtelemetry.md | 6 +- .../mdm/policy-csp-tenantrestrictions.md | 4 +- .../mdm/policy-csp-textinput.md | 112 +- .../mdm/policy-csp-timelanguagesettings.md | 22 +- .../mdm/policy-csp-troubleshooting.md | 6 +- .../mdm/policy-csp-update.md | 296 ++--- .../mdm/policy-csp-userrights.md | 156 +-- ...olicy-csp-virtualizationbasedtechnology.md | 10 +- .../mdm/policy-csp-webthreatdefense.md | 20 +- .../client-management/mdm/policy-csp-wifi.md | 32 +- .../mdm/policy-csp-windowsautopilot.md | 6 +- .../policy-csp-windowsconnectionmanager.md | 4 +- ...olicy-csp-windowsdefendersecuritycenter.md | 88 +- .../mdm/policy-csp-windowsinkworkspace.md | 10 +- .../mdm/policy-csp-windowslogon.md | 36 +- .../mdm/policy-csp-windowspowershell.md | 4 +- .../mdm/policy-csp-windowssandbox.md | 24 +- .../mdm/policy-csp-wirelessdisplay.md | 46 +- .../mdm/printerprovisioning-csp.md | 28 +- windows/client-management/mdm/reboot-csp.md | 22 +- .../client-management/mdm/remotewipe-csp.md | 46 +- .../mdm/rootcacertificates-csp.md | 354 +++--- windows/client-management/mdm/sharedpc-csp.md | 74 +- windows/client-management/mdm/supl-csp.md | 152 +-- .../client-management/mdm/surfacehub-csp.md | 236 ++-- windows/client-management/mdm/vpnv2-csp.md | 808 ++++++------- windows/client-management/mdm/wifi-csp.md | 66 +- .../windowsdefenderapplicationguard-csp.md | 66 +- .../mdm/windowslicensing-csp.md | 106 +- .../client-management/mdm/wirednetwork-csp.md | 18 +- 299 files changed, 9480 insertions(+), 9480 deletions(-) diff --git a/windows/client-management/mdm/Language-pack-management-csp.md b/windows/client-management/mdm/Language-pack-management-csp.md index 9daeb51cec..d8723cac5f 100644 --- a/windows/client-management/mdm/Language-pack-management-csp.md +++ b/windows/client-management/mdm/Language-pack-management-csp.md @@ -48,7 +48,7 @@ The following list shows the LanguagePackManagement configuration service provid | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows Insider Preview [99.9.9999] | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows Insider Preview [99.9.9999] | @@ -71,7 +71,7 @@ Language to be installed or being installed. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -87,7 +87,7 @@ Language to be installed or being installed. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows Insider Preview [99.9.9999] | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows Insider Preview [99.9.9999] | @@ -110,7 +110,7 @@ Language tag of the language to be installed or being installed. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Delete, Get | | Dynamic Node Naming | UniqueName: Language tag of the language to be installed or being installed. | @@ -127,7 +127,7 @@ Language tag of the language to be installed or being installed. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows Insider Preview [99.9.9999] | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows Insider Preview [99.9.9999] | @@ -150,7 +150,7 @@ Copies the language to the international settings (i.e., locale, input layout, s | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Add, Delete, Get, Replace | | Default Value | false | @@ -176,7 +176,7 @@ Copies the language to the international settings (i.e., locale, input layout, s | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows Insider Preview [99.9.9999] | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows Insider Preview [99.9.9999] | @@ -199,7 +199,7 @@ Enables installations of all available language features when the value is true. | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Add, Delete, Get, Replace | | Default Value | true | @@ -225,7 +225,7 @@ Enables installations of all available language features when the value is true. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows Insider Preview [99.9.9999] | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows Insider Preview [99.9.9999] | @@ -248,7 +248,7 @@ Error code of queued language installation. 0 if there is no error. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | @@ -264,7 +264,7 @@ Error code of queued language installation. 0 if there is no error. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows Insider Preview [99.9.9999] | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows Insider Preview [99.9.9999] | @@ -287,7 +287,7 @@ Execution node to queue a language for installation on the device. | Property name | Property value | |:--|:--| -| Format | null | +| Format | `null` | | Access Type | Exec | @@ -303,7 +303,7 @@ Execution node to queue a language for installation on the device. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows Insider Preview [99.9.9999] | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows Insider Preview [99.9.9999] | @@ -326,7 +326,7 @@ Status of the language queued for install. 0 - not started; 1 - in progress; 2 - | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | @@ -342,7 +342,7 @@ Status of the language queued for install. 0 - not started; 1 - in progress; 2 - | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows Insider Preview [99.9.9999] | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows Insider Preview [99.9.9999] | @@ -365,7 +365,7 @@ Languages currently installed on the device. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -381,7 +381,7 @@ Languages currently installed on the device. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows Insider Preview [99.9.9999] | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows Insider Preview [99.9.9999] | @@ -404,7 +404,7 @@ Language tag of an installed language on the device. Delete to uninstall. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Delete, Get | | Dynamic Node Naming | ClientInventory | @@ -421,7 +421,7 @@ Language tag of an installed language on the device. Delete to uninstall. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows Insider Preview [99.9.9999] | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows Insider Preview [99.9.9999] | @@ -444,7 +444,7 @@ Numeric representation of the language features installed. Basic Typing - 1 (0x1 | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | @@ -460,7 +460,7 @@ Numeric representation of the language features installed. Basic Typing - 1 (0x1 | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows Insider Preview [99.9.9999] | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows Insider Preview [99.9.9999] | @@ -483,7 +483,7 @@ Numeric representation of how a language is installed. 1 - The system language p | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | @@ -499,7 +499,7 @@ Numeric representation of how a language is installed. 1 - The system language p | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows Insider Preview [99.9.9999] | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows Insider Preview [99.9.9999] | @@ -522,7 +522,7 @@ Language settings of the device. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -538,7 +538,7 @@ Language settings of the device. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows Insider Preview [99.9.9999] | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows Insider Preview [99.9.9999] | @@ -561,7 +561,7 @@ System Preferred UI Language of the device. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get, Replace | diff --git a/windows/client-management/mdm/activesync-csp.md b/windows/client-management/mdm/activesync-csp.md index beefa0c052..2ddd6377b1 100644 --- a/windows/client-management/mdm/activesync-csp.md +++ b/windows/client-management/mdm/activesync-csp.md @@ -4,7 +4,7 @@ description: Learn more about the ActiveSync CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 02/28/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -64,7 +64,7 @@ The following list shows the ActiveSync configuration service provider nodes: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -87,7 +87,7 @@ The parent node group all active sync accounts. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -103,7 +103,7 @@ The parent node group all active sync accounts. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -127,7 +127,7 @@ When managing over OMA DM, make sure to always use a unique GUID. Provisioning w | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Delete, Get, Replace | | Dynamic Node Naming | ServerGeneratedUniqueIdentifier | | Allowed Values | Regular Expression: `\{[0-9A-Fa-f]{8}\-[0-9A-Fa-f]{4}\-[0-9A-Fa-f]{4}\-[0-9A-Fa-f]{4}\-[0-9A-Fa-f]{12}\}` | @@ -162,7 +162,7 @@ For OMA DM, you must use the ASCII values of %7B and %7D for the opening and clo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -186,7 +186,7 @@ The account icon can be used as a tile in the Start list or an icon in the appli | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -202,7 +202,7 @@ The account icon can be used as a tile in the Start list or an icon in the appli | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -225,7 +225,7 @@ The name that refers to the account on the device. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -241,7 +241,7 @@ The name that refers to the account on the device. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -264,7 +264,7 @@ Specify the account type. This value is entered during setup and cannot be modif | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -280,7 +280,7 @@ Specify the account type. This value is entered during setup and cannot be modif | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -303,7 +303,7 @@ Domain name of the Exchange server. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -319,7 +319,7 @@ Domain name of the Exchange server. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -343,7 +343,7 @@ This email address is entered by the user during setup and must be in the fully | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -359,7 +359,7 @@ This email address is entered by the user during setup and must be in the fully | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -382,7 +382,7 @@ Specifies whether email, contacts, and calendar need to synchronize by default, | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Delete, Get, Replace | @@ -398,7 +398,7 @@ Specifies whether email, contacts, and calendar need to synchronize by default, | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -421,7 +421,7 @@ Specifies the time window used for syncing calendar items to the phone. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -437,7 +437,7 @@ Specifies the time window used for syncing calendar items to the phone. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -460,7 +460,7 @@ Interior node for Content Types. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Delete, Get, Replace | @@ -476,7 +476,7 @@ Interior node for Content Types. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -499,7 +499,7 @@ Enables or disables syncing email, contacts, task, and calendar. Each is represe | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Delete, Get, Replace | | Dynamic Node Naming | UniqueName: The GUID values allowed are one of the following: Email: "{c6d47067-6e92-480e-b0fc-4ba82182fac7}". Contacts: "{0dd8685c-e272-4fcb-9ecf-2ead7ea2497b}". Calendar: "{4a5d9fe0-f139-4a63-a5a4-4f31ceea02ad}". Tasks: "{783ae4f6-4c12-4423-8270-66361260d4f1}". | @@ -516,7 +516,7 @@ Enables or disables syncing email, contacts, task, and calendar. Each is represe | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -539,7 +539,7 @@ Enables or disables Sync for Email, contacts, calendar, and Tasks. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -565,7 +565,7 @@ Enables or disables Sync for Email, contacts, calendar, and Tasks. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -588,7 +588,7 @@ The name of the content type. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -604,7 +604,7 @@ The name of the content type. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -627,7 +627,7 @@ Specifies whether diagnostic logging is enabled and at what level. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -654,7 +654,7 @@ Specifies whether diagnostic logging is enabled and at what level. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -677,7 +677,7 @@ Specifies the time window used for syncing email items to the phone. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Default Value | 3 | @@ -708,7 +708,7 @@ Specifies the time window used for syncing email items to the phone. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -731,7 +731,7 @@ Indicates format type of the Email. Supported values are 0 (none), 1 (text), 2 ( | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -759,7 +759,7 @@ Indicates format type of the Email. Supported values are 0 (none), 1 (text), 2 ( | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -782,7 +782,7 @@ This setting specifies the size beyond which HTML-formatted e-mail messages are | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -798,7 +798,7 @@ This setting specifies the size beyond which HTML-formatted e-mail messages are | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -821,7 +821,7 @@ This setting specifies the size beyond which text-formatted e-mail messages are | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -837,7 +837,7 @@ This setting specifies the size beyond which text-formatted e-mail messages are | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -860,7 +860,7 @@ Specifies the time until the next sync is performed in minutes. If -1 is chosen, | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[(-1)-4294967295]` | | Default Value | -1 | @@ -878,7 +878,7 @@ Specifies the time until the next sync is performed in minutes. If -1 is chosen, | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -901,7 +901,7 @@ Specifies whether SSL is used. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -927,7 +927,7 @@ Specifies whether SSL is used. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -950,7 +950,7 @@ A character string that specifies the password for the account. For the Get comm | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -966,7 +966,7 @@ A character string that specifies the password for the account. For the Get comm | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -989,7 +989,7 @@ Specifies the mail body type and email age filter. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Delete, Get, Replace | @@ -1005,7 +1005,7 @@ Specifies the mail body type and email age filter. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -1028,7 +1028,7 @@ Specifies the email body type. HTML or plain. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1053,7 +1053,7 @@ Specifies the email body type. HTML or plain. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -1076,7 +1076,7 @@ Specifies the time window used for syncing mail items to the device. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1092,7 +1092,7 @@ Specifies the time window used for syncing mail items to the device. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -1115,7 +1115,7 @@ Specifies the server name used by the account. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1131,7 +1131,7 @@ Specifies the server name used by the account. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -1154,7 +1154,7 @@ Specifies the user name for the account. The user name cannot be changed after a | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/applicationcontrol-csp.md b/windows/client-management/mdm/applicationcontrol-csp.md index f500aff927..24af4a6e2c 100644 --- a/windows/client-management/mdm/applicationcontrol-csp.md +++ b/windows/client-management/mdm/applicationcontrol-csp.md @@ -4,7 +4,7 @@ description: Learn more about the ApplicationControl CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 02/28/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -53,7 +53,7 @@ The following list shows the ApplicationControl configuration service provider n | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1903 [10.0.18362] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later | @@ -77,7 +77,7 @@ Each policy is identified by their globally unique identifier (GUID). | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -93,7 +93,7 @@ Each policy is identified by their globally unique identifier (GUID). | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1903 [10.0.18362] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later | @@ -117,7 +117,7 @@ Each Policy GUID node contains a Policy node and a corresponding PolicyInfo node | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | | Dynamic Node Naming | UniqueName: The ApplicationControl CSP enforces that the "ID" segment of a given policy URI is the same GUID as the policy ID in the policy blob. | @@ -134,7 +134,7 @@ Each Policy GUID node contains a Policy node and a corresponding PolicyInfo node | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1903 [10.0.18362] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later | @@ -158,7 +158,7 @@ Default value is empty. | Property name | Property value | |:--|:--| -| Format | b64 | +| Format | `b64` | | Access Type | Add, Delete, Get, Replace | @@ -174,7 +174,7 @@ Default value is empty. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1903 [10.0.18362] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later | @@ -197,7 +197,7 @@ Information Describing the Policy indicated by the GUID. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -213,7 +213,7 @@ Information Describing the Policy indicated by the GUID. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1903 [10.0.18362] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later | @@ -236,7 +236,7 @@ The FriendlyName of the Policy Indicated by the Policy GUID. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -252,7 +252,7 @@ The FriendlyName of the Policy Indicated by the Policy GUID. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1903 [10.0.18362] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later | @@ -279,7 +279,7 @@ Supported values are as follows: | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Get | @@ -295,7 +295,7 @@ Supported values are as follows: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1903 [10.0.18362] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later | @@ -318,7 +318,7 @@ TRUE/FALSE if the Policy is a Base Policy versus a Supplemental Policy. | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Get | @@ -334,7 +334,7 @@ TRUE/FALSE if the Policy is a Base Policy versus a Supplemental Policy. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1903 [10.0.18362] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later | @@ -361,7 +361,7 @@ Supported values are as follows: | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Get | @@ -377,7 +377,7 @@ Supported values are as follows: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1903 [10.0.18362] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later | @@ -404,7 +404,7 @@ Supported values are as follows: | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Get | @@ -420,7 +420,7 @@ Supported values are as follows: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1903 [10.0.18362] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later | @@ -443,7 +443,7 @@ TRUE/FALSE if the Policy is a System Policy, that is a policy managed by Microso | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Get | @@ -459,7 +459,7 @@ TRUE/FALSE if the Policy is a System Policy, that is a policy managed by Microso | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1903 [10.0.18362] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later | @@ -483,7 +483,7 @@ Default value is 0, which indicates that the policy status is `OK`. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | @@ -499,7 +499,7 @@ Default value is 0, which indicates that the policy status is `OK`. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1903 [10.0.18362] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later | @@ -522,7 +522,7 @@ Version of the Policy indicated by the GUID, as a string. When parsing use a uin | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -538,7 +538,7 @@ Version of the Policy indicated by the GUID, as a string. When parsing use a uin | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1903 [10.0.18362] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later | @@ -561,7 +561,7 @@ Beginning of a Subtree that contains all tokens. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -577,7 +577,7 @@ Beginning of a Subtree that contains all tokens. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1903 [10.0.18362] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later | @@ -600,7 +600,7 @@ Arbitrary ID used to differentiate tokens. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | | Dynamic Node Naming | UniqueName: The ApplicationControl CSP enforces that the "ID" segment of a given token URI is unique. | @@ -617,7 +617,7 @@ Arbitrary ID used to differentiate tokens. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1903 [10.0.18362] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later | @@ -640,7 +640,7 @@ The token binary encoded as base64. Supported value is a binary file, obtained f | Property name | Property value | |:--|:--| -| Format | b64 | +| Format | `b64` | | Access Type | Add, Delete, Get, Replace | @@ -656,7 +656,7 @@ The token binary encoded as base64. Supported value is a binary file, obtained f | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1903 [10.0.18362] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later | @@ -679,7 +679,7 @@ Information Describing the Token indicated by the corresponding ID. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -695,7 +695,7 @@ Information Describing the Token indicated by the corresponding ID. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1903 [10.0.18362] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later | @@ -718,7 +718,7 @@ The Current Status of the Token Indicated by the Token ID. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | @@ -734,7 +734,7 @@ The Current Status of the Token Indicated by the Token ID. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1903 [10.0.18362] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later | @@ -757,7 +757,7 @@ The Type of Token Indicated by the Token ID. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | diff --git a/windows/client-management/mdm/applocker-csp.md b/windows/client-management/mdm/applocker-csp.md index bfc85fbfa9..8d475b120c 100644 --- a/windows/client-management/mdm/applocker-csp.md +++ b/windows/client-management/mdm/applocker-csp.md @@ -4,7 +4,7 @@ description: Learn more about the AppLocker CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 02/28/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -76,7 +76,7 @@ The following list shows the AppLocker configuration service provider nodes: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -106,7 +106,7 @@ Defines restrictions for applications. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -122,7 +122,7 @@ Defines restrictions for applications. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -145,7 +145,7 @@ Grouping nodes are dynamic nodes, and there may be any number of them for a give | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Delete, Get, Replace | | Dynamic Node Naming | ServerGeneratedUniqueIdentifier | @@ -162,7 +162,7 @@ Grouping nodes are dynamic nodes, and there may be any number of them for a give | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -184,7 +184,7 @@ Grouping nodes are dynamic nodes, and there may be any number of them for a give | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Delete, Get, Replace | @@ -200,7 +200,7 @@ Grouping nodes are dynamic nodes, and there may be any number of them for a give | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -225,7 +225,7 @@ Policy nodes define the policy for launching executables, Windows Installer file | Property name | Property value | |:--|:--| -| Format | b64 | +| Format | `b64` | | Access Type | Add, Delete, Get, Replace | | Reboot Behavior | Automatic | @@ -242,7 +242,7 @@ Policy nodes define the policy for launching executables, Windows Installer file | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -265,7 +265,7 @@ Defines restrictions for processing DLL files. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Delete, Get, Replace | @@ -281,7 +281,7 @@ Defines restrictions for processing DLL files. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -304,7 +304,7 @@ The EnforcementMode node for Windows Information Protection (formerly known as E | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -320,7 +320,7 @@ The EnforcementMode node for Windows Information Protection (formerly known as E | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -342,7 +342,7 @@ The EnforcementMode node for Windows Information Protection (formerly known as E | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -358,7 +358,7 @@ The EnforcementMode node for Windows Information Protection (formerly known as E | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -381,7 +381,7 @@ Policy nodes define the policy for launching executables, Windows Installer file | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Reboot Behavior | Automatic | | Allowed Values | See [Policy XSD Schema](#policy-xsd-schema) | @@ -399,7 +399,7 @@ Policy nodes define the policy for launching executables, Windows Installer file | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -422,7 +422,7 @@ Defines restrictions for launching executable applications. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Delete, Get, Replace | @@ -438,7 +438,7 @@ Defines restrictions for launching executable applications. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -461,7 +461,7 @@ The EnforcementMode node for Windows Information Protection (formerly known as E | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -477,7 +477,7 @@ The EnforcementMode node for Windows Information Protection (formerly known as E | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -499,7 +499,7 @@ The EnforcementMode node for Windows Information Protection (formerly known as E | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -515,7 +515,7 @@ The EnforcementMode node for Windows Information Protection (formerly known as E | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -538,7 +538,7 @@ Policy nodes define the policy for launching executables, Windows Installer file | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Reboot Behavior | Automatic | | Allowed Values | See [Policy XSD Schema](#policy-xsd-schema) | @@ -556,7 +556,7 @@ Policy nodes define the policy for launching executables, Windows Installer file | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -579,7 +579,7 @@ Defines restrictions for executing Windows Installer files. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Delete, Get, Replace | @@ -595,7 +595,7 @@ Defines restrictions for executing Windows Installer files. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -618,7 +618,7 @@ The EnforcementMode node for Windows Information Protection (formerly known as E | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -634,7 +634,7 @@ The EnforcementMode node for Windows Information Protection (formerly known as E | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -657,7 +657,7 @@ Policy nodes define the policy for launching executables, Windows Installer file | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Reboot Behavior | Automatic | | Allowed Values | See [Policy XSD Schema](#policy-xsd-schema) | @@ -675,7 +675,7 @@ Policy nodes define the policy for launching executables, Windows Installer file | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -698,7 +698,7 @@ Defines restrictions for running scripts. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Delete, Get, Replace | @@ -714,7 +714,7 @@ Defines restrictions for running scripts. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -737,7 +737,7 @@ The EnforcementMode node for Windows Information Protection (formerly known as E | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -753,7 +753,7 @@ The EnforcementMode node for Windows Information Protection (formerly known as E | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -776,7 +776,7 @@ Policy nodes define the policy for launching executables, Windows Installer file | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Reboot Behavior | Automatic | | Allowed Values | See [Policy XSD Schema](#policy-xsd-schema) | @@ -794,7 +794,7 @@ Policy nodes define the policy for launching executables, Windows Installer file | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -817,7 +817,7 @@ Defines restrictions for running apps from the Microsoft Store. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Delete, Get, Replace | @@ -833,7 +833,7 @@ Defines restrictions for running apps from the Microsoft Store. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -856,7 +856,7 @@ The EnforcementMode node for Windows Information Protection (formerly known as E | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -872,7 +872,7 @@ The EnforcementMode node for Windows Information Protection (formerly known as E | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -895,7 +895,7 @@ Policy nodes define the policy for launching executables, Windows Installer file | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Reboot Behavior | Automatic | | Allowed Values | See [Policy XSD Schema](#policy-xsd-schema) | @@ -913,7 +913,7 @@ Policy nodes define the policy for launching executables, Windows Installer file | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -956,7 +956,7 @@ Additional information: | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -972,7 +972,7 @@ Additional information: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -995,7 +995,7 @@ Grouping nodes are dynamic nodes, and there may be any number of them for a give | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Delete, Get, Replace | | Dynamic Node Naming | ServerGeneratedUniqueIdentifier | @@ -1012,7 +1012,7 @@ Grouping nodes are dynamic nodes, and there may be any number of them for a give | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1035,7 +1035,7 @@ Defines restrictions for launching executable applications. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Delete, Get, Replace | @@ -1051,7 +1051,7 @@ Defines restrictions for launching executable applications. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1074,7 +1074,7 @@ Policy nodes define the policy for launching executables, Windows Installer file | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Reboot Behavior | Automatic | | Allowed Values | See [Policy XSD Schema](#policy-xsd-schema) | @@ -1092,7 +1092,7 @@ Policy nodes define the policy for launching executables, Windows Installer file | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1115,7 +1115,7 @@ Defines restrictions for running apps from the Microsoft Store. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Delete, Get, Replace | @@ -1131,7 +1131,7 @@ Defines restrictions for running apps from the Microsoft Store. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1154,7 +1154,7 @@ Policy nodes define the policy for launching executables, Windows Installer file | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Reboot Behavior | Automatic | | Allowed Values | See [Policy XSD Schema](#policy-xsd-schema) | @@ -1172,7 +1172,7 @@ Policy nodes define the policy for launching executables, Windows Installer file | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1194,7 +1194,7 @@ Policy nodes define the policy for launching executables, Windows Installer file | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -1210,7 +1210,7 @@ Policy nodes define the policy for launching executables, Windows Installer file | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1232,7 +1232,7 @@ Policy nodes define the policy for launching executables, Windows Installer file | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Delete, Get, Replace | | Dynamic Node Naming | ServerGeneratedUniqueIdentifier | @@ -1249,7 +1249,7 @@ Policy nodes define the policy for launching executables, Windows Installer file | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1271,7 +1271,7 @@ Policy nodes define the policy for launching executables, Windows Installer file | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Delete, Get, Replace | @@ -1287,7 +1287,7 @@ Policy nodes define the policy for launching executables, Windows Installer file | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1310,7 +1310,7 @@ The EnforcementMode node for Windows Information Protection (formerly known as E | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1326,7 +1326,7 @@ The EnforcementMode node for Windows Information Protection (formerly known as E | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1349,7 +1349,7 @@ Policy nodes define the policy for launching executables, Windows Installer file | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Reboot Behavior | Automatic | | Allowed Values | See [Policy XSD Schema](#policy-xsd-schema) | @@ -1367,7 +1367,7 @@ Policy nodes define the policy for launching executables, Windows Installer file | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1389,7 +1389,7 @@ Policy nodes define the policy for launching executables, Windows Installer file | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Delete, Get, Replace | @@ -1405,7 +1405,7 @@ Policy nodes define the policy for launching executables, Windows Installer file | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1428,7 +1428,7 @@ The EnforcementMode node for Windows Information Protection (formerly known as E | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1444,7 +1444,7 @@ The EnforcementMode node for Windows Information Protection (formerly known as E | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1467,7 +1467,7 @@ Policy nodes define the policy for launching executables, Windows Installer file | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Reboot Behavior | Automatic | | Allowed Values | See [Policy XSD Schema](#policy-xsd-schema) | @@ -1485,7 +1485,7 @@ Policy nodes define the policy for launching executables, Windows Installer file | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1507,7 +1507,7 @@ Policy nodes define the policy for launching executables, Windows Installer file | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -1523,7 +1523,7 @@ Policy nodes define the policy for launching executables, Windows Installer file | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1545,7 +1545,7 @@ Policy nodes define the policy for launching executables, Windows Installer file | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Delete, Get, Replace | | Dynamic Node Naming | ServerGeneratedUniqueIdentifier | @@ -1562,7 +1562,7 @@ Policy nodes define the policy for launching executables, Windows Installer file | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1584,7 +1584,7 @@ Policy nodes define the policy for launching executables, Windows Installer file | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Delete, Get, Replace | @@ -1600,7 +1600,7 @@ Policy nodes define the policy for launching executables, Windows Installer file | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1623,7 +1623,7 @@ The EnforcementMode node for Windows Information Protection (formerly known as E | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get, Replace | @@ -1639,7 +1639,7 @@ The EnforcementMode node for Windows Information Protection (formerly known as E | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1662,7 +1662,7 @@ Policy nodes define the policy for launching executables, Windows Installer file | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get, Replace | | Reboot Behavior | Automatic | | Allowed Values | See [Policy XSD Schema](#policy-xsd-schema) | @@ -1680,7 +1680,7 @@ Policy nodes define the policy for launching executables, Windows Installer file | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1702,7 +1702,7 @@ Policy nodes define the policy for launching executables, Windows Installer file | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Delete, Get, Replace | @@ -1718,7 +1718,7 @@ Policy nodes define the policy for launching executables, Windows Installer file | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1741,7 +1741,7 @@ The EnforcementMode node for Windows Information Protection (formerly known as E | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get, Replace | @@ -1757,7 +1757,7 @@ The EnforcementMode node for Windows Information Protection (formerly known as E | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1780,7 +1780,7 @@ Policy nodes define the policy for launching executables, Windows Installer file | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get, Replace | | Reboot Behavior | Automatic | | Allowed Values | See [Policy XSD Schema](#policy-xsd-schema) | diff --git a/windows/client-management/mdm/assignedaccess-csp.md b/windows/client-management/mdm/assignedaccess-csp.md index 59a54a27da..f4fa075231 100644 --- a/windows/client-management/mdm/assignedaccess-csp.md +++ b/windows/client-management/mdm/assignedaccess-csp.md @@ -4,7 +4,7 @@ description: Learn more about the AssignedAccess CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 02/28/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -50,7 +50,7 @@ The following list shows the AssignedAccess configuration service provider nodes | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -85,7 +85,7 @@ In **Windows 10, version 1909**, Microsoft Edge kiosk mode support was added. Th | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -143,7 +143,7 @@ For more examples, see [AssignedAccessConfiguration examples](#assignedaccesscon | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -185,7 +185,7 @@ This node supports Add, Delete, Replace and Get methods. When there's no configu | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -282,7 +282,7 @@ This node supports Add, Delete, Replace and Get methods. When there's no configu | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:x: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:x: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ❌ Pro
✅ Enterprise
✅ Education
❌ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -316,7 +316,7 @@ For more information, see [Shell Launcher](/windows/configuration/kiosk-shelllau | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -718,7 +718,7 @@ For more information, see [Shell Launcher](/windows/configuration/kiosk-shelllau | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -757,7 +757,7 @@ Additionally, the Status payload includes the following fields: | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -852,7 +852,7 @@ Additionally, the Status payload includes the following fields: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -891,7 +891,7 @@ By default, the StatusConfiguration node doesn't exist, and it implies this feat | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/bitlocker-csp.md b/windows/client-management/mdm/bitlocker-csp.md index f660ac2ba8..5a2a1cbdf3 100644 --- a/windows/client-management/mdm/bitlocker-csp.md +++ b/windows/client-management/mdm/bitlocker-csp.md @@ -76,7 +76,7 @@ The following list shows the BitLocker configuration service provider nodes: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later | @@ -108,7 +108,7 @@ will not try to enable encryption on any drive. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | | Dependency [AllowWarningForOtherDiskEncryptionDependency] | Dependency Type: `DependsOn`
Dependency URI: `Device/Vendor/MSFT/Bitlocker/AllowWarningForOtherDiskEncryption`
Dependency Allowed Value: `[0]`
Dependency Allowed Value Type: `Range`
| @@ -153,7 +153,7 @@ To disable this policy, use the following SyncML: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows Insider Preview | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows Insider Preview | @@ -184,7 +184,7 @@ The expected values for this policy are: | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -210,7 +210,7 @@ The expected values for this policy are: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -258,7 +258,7 @@ Windows will attempt to silently enable BitLocker for value 0. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -299,7 +299,7 @@ Windows will attempt to silently enable BitLocker for value 0. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1909 [10.0.18363] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1909 [10.0.18363] and later | @@ -330,7 +330,7 @@ Supported Values: 0 - Numeric Recovery Passwords rotation OFF. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -357,7 +357,7 @@ Supported Values: 0 - Numeric Recovery Passwords rotation OFF. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -413,7 +413,7 @@ Sample value for this node to enable this policy and set the encryption methods | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -463,7 +463,7 @@ To disable this policy, use the following SyncML: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -506,7 +506,7 @@ Possible values: | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -538,7 +538,7 @@ Possible values: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -615,7 +615,7 @@ The possible values for 'zz' are: | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -665,7 +665,7 @@ To disable this policy, use the following SyncML: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -693,7 +693,7 @@ Sample value for this node to enable this policy is: `` | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -743,7 +743,7 @@ To disable this policy, use hte following SyncML: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -791,7 +791,7 @@ Sample value for this node to enable this policy is: | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -823,7 +823,7 @@ Sample value for this node to enable this policy is: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -864,7 +864,7 @@ Sample value for this node to enable this policy is: | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -896,7 +896,7 @@ Sample value for this node to enable this policy is: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -934,7 +934,7 @@ Possible values: | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Dependency [BDEAllowed] | Dependency Type: `DependsOn`
Dependency URI: `Device/Vendor/MSFT/Bitlocker/RemovableDrivesConfigureBDE`
Dependency Allowed Value Type: `ADMX`
| @@ -967,7 +967,7 @@ Possible values: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -990,7 +990,7 @@ When enabled, allows you to exclude removable drives and devices connected over | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `,`) | @@ -1007,7 +1007,7 @@ When enabled, allows you to exclude removable drives and devices connected over | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -1053,7 +1053,7 @@ The possible values for 'xx' are: | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1103,7 +1103,7 @@ To disable this policy, use the following SyncML: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -1144,7 +1144,7 @@ Encryptable fixed data volumes are treated similarly to OS volumes. However, fix | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -1195,7 +1195,7 @@ To disable RequireDeviceEncryption: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -1224,7 +1224,7 @@ Disabling the policy will not turn off the encryption on the storage card. But w | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -1250,7 +1250,7 @@ Disabling the policy will not turn off the encryption on the storage card. But w | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1909 [10.0.18363] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1909 [10.0.18363] and later | @@ -1303,7 +1303,7 @@ Supported Values: String form of request ID. Example format of request ID is GUI | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Exec | @@ -1319,7 +1319,7 @@ Supported Values: String form of request ID. Example format of request ID is GUI | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1903 [10.0.18362] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later | @@ -1341,7 +1341,7 @@ Supported Values: String form of request ID. Example format of request ID is GUI | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -1357,7 +1357,7 @@ Supported Values: String form of request ID. Example format of request ID is GUI | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1903 [10.0.18362] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later | @@ -1402,7 +1402,7 @@ This value represents a bitmask with each bit and the corresponding error code d | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | @@ -1418,7 +1418,7 @@ This value represents a bitmask with each bit and the corresponding error code d | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1441,7 +1441,7 @@ This node reports compliance state of removal drive encryption. "0" Value means | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | @@ -1457,7 +1457,7 @@ This node reports compliance state of removal drive encryption. "0" Value means | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1909 [10.0.18363] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1909 [10.0.18363] and later | @@ -1482,7 +1482,7 @@ To ensure the status is correctly matched to the request ID. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -1498,7 +1498,7 @@ To ensure the status is correctly matched to the request ID. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1909 [10.0.18363] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1909 [10.0.18363] and later | @@ -1523,7 +1523,7 @@ NotStarted(2), Pending (1), Pass (0), Other error codes in case of failure. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | @@ -1539,7 +1539,7 @@ NotStarted(2), Pending (1), Pass (0), Other error codes in case of failure. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1572,7 +1572,7 @@ Sample value for this node to disable this policy is: `` | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1604,7 +1604,7 @@ Sample value for this node to disable this policy is: `` | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1640,7 +1640,7 @@ Sample value for this node to enable this policy is: `` | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1672,7 +1672,7 @@ Sample value for this node to enable this policy is: `` | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1700,7 +1700,7 @@ Sample value for this node to enable this policy is: `` | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1732,7 +1732,7 @@ Sample value for this node to enable this policy is: `` | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1776,7 +1776,7 @@ Possible values: | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1808,7 +1808,7 @@ Possible values: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1841,7 +1841,7 @@ Sample value for this node to enable this policy is: `` | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1873,7 +1873,7 @@ Sample value for this node to enable this policy is: `` | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -1911,7 +1911,7 @@ Sample value for this node to enable this policy is: | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1960,7 +1960,7 @@ To disable this policy, use the following SyncML: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -2020,7 +2020,7 @@ The possible value for 'yy' and 'zz' is a string of max length 900 and 500 respe | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2069,7 +2069,7 @@ To disable this policy, use the following SyncML: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -2145,7 +2145,7 @@ The possible values for 'zz' are: | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2195,7 +2195,7 @@ To disable this policy, use the following SyncML: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -2265,7 +2265,7 @@ The possible values for 'yy' are: | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/certificatestore-csp.md b/windows/client-management/mdm/certificatestore-csp.md index 377db193e9..34c73c0b7f 100644 --- a/windows/client-management/mdm/certificatestore-csp.md +++ b/windows/client-management/mdm/certificatestore-csp.md @@ -113,7 +113,7 @@ The following list shows the CertificateStore configuration service provider nod | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -136,7 +136,7 @@ This cryptographic store contains intermediary certification authorities. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -152,7 +152,7 @@ This cryptographic store contains intermediary certification authorities. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -175,7 +175,7 @@ The SHA1 hash for the certificate. The 20-byte SHA1 hash of the certificate is s | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Delete, Get | | Dynamic Node Naming | UniqueName: The SHA1 hash for the certificate. | @@ -192,7 +192,7 @@ The SHA1 hash for the certificate. The 20-byte SHA1 hash of the certificate is s | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -215,7 +215,7 @@ The base64 Encoded X.509 certificate. | Property name | Property value | |:--|:--| -| Format | b64 | +| Format | `b64` | | Access Type | Add, Get, Replace | @@ -231,7 +231,7 @@ The base64 Encoded X.509 certificate. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -254,7 +254,7 @@ The name of the certificate issuer. This node is implicitly created only when th | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -270,7 +270,7 @@ The name of the certificate issuer. This node is implicitly created only when th | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -293,7 +293,7 @@ The name of the certificate subject. This node is implicitly created only when t | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -309,7 +309,7 @@ The name of the certificate subject. This node is implicitly created only when t | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -332,7 +332,7 @@ Returns the certificate template name. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -348,7 +348,7 @@ Returns the certificate template name. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -371,7 +371,7 @@ The starting date of the certificate's validity. This node is implicitly created | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -387,7 +387,7 @@ The starting date of the certificate's validity. This node is implicitly created | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -410,7 +410,7 @@ The expiration date of the certificate. This node is implicitly created only whe | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -426,7 +426,7 @@ The expiration date of the certificate. This node is implicitly created only whe | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -451,7 +451,7 @@ This store holds the System portion of the CA store. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -467,7 +467,7 @@ This store holds the System portion of the CA store. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -490,7 +490,7 @@ The SHA1 hash for the certificate. The 20-byte SHA1 hash of the certificate is s | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Delete, Get | | Dynamic Node Naming | UniqueName: The SHA1 hash for the certificate. | @@ -507,7 +507,7 @@ The SHA1 hash for the certificate. The 20-byte SHA1 hash of the certificate is s | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -530,7 +530,7 @@ The base64 Encoded X.509 certificate. | Property name | Property value | |:--|:--| -| Format | b64 | +| Format | `b64` | | Access Type | Add, Get, Replace | @@ -546,7 +546,7 @@ The base64 Encoded X.509 certificate. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -569,7 +569,7 @@ The name of the certificate issuer. This node is implicitly created only when th | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -585,7 +585,7 @@ The name of the certificate issuer. This node is implicitly created only when th | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -608,7 +608,7 @@ The name of the certificate subject. This node is implicitly created only when t | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -624,7 +624,7 @@ The name of the certificate subject. This node is implicitly created only when t | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -647,7 +647,7 @@ Returns the certificate template name. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -663,7 +663,7 @@ Returns the certificate template name. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -686,7 +686,7 @@ The starting date of the certificate's validity. This node is implicitly created | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -702,7 +702,7 @@ The starting date of the certificate's validity. This node is implicitly created | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -725,7 +725,7 @@ The expiration date of the certificate. This node is implicitly created only whe | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -741,7 +741,7 @@ The expiration date of the certificate. This node is implicitly created only whe | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -764,7 +764,7 @@ This store keeps all end-user personal certificates. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -783,7 +783,7 @@ This store keeps all end-user personal certificates. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -808,7 +808,7 @@ This store holds the SCEP portion of the MY store and handle operations related | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -824,7 +824,7 @@ This store holds the SCEP portion of the MY store and handle operations related | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -847,7 +847,7 @@ The UniqueID for the SCEP enrollment request. Each client certificate should hav | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Delete, Get | @@ -863,7 +863,7 @@ The UniqueID for the SCEP enrollment request. Each client certificate should hav | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -887,7 +887,7 @@ Specify the current cert's thumbprint. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -903,7 +903,7 @@ Specify the current cert's thumbprint. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -926,7 +926,7 @@ Specify the last hresult in case enroll action failed. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | @@ -942,7 +942,7 @@ Specify the last hresult in case enroll action failed. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -967,7 +967,7 @@ The group to represent the install request. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -983,7 +983,7 @@ The group to represent the install request. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1007,7 +1007,7 @@ Specify root CA thumbprint. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Get | @@ -1023,7 +1023,7 @@ Specify root CA thumbprint. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1047,7 +1047,7 @@ The value must be base64 encoded. Challenge is deleted shortly after the Exec co | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Get | @@ -1063,7 +1063,7 @@ The value must be base64 encoded. Challenge is deleted shortly after the Exec co | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1086,7 +1086,7 @@ Specify extended key usages. The list of OIDs are separated by plus "+". | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Get | @@ -1102,7 +1102,7 @@ Specify extended key usages. The list of OIDs are separated by plus "+". | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1126,7 +1126,7 @@ The MDM server can later query the device to find out whether the new certificat | Property name | Property value | |:--|:--| -| Format | null | +| Format | `null` | | Access Type | Exec | @@ -1142,7 +1142,7 @@ The MDM server can later query the device to find out whether the new certificat | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1166,7 +1166,7 @@ Hash algorithm family (SHA-1, SHA-2, SHA-3) specified by the MDM server. If mult | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Get | @@ -1182,7 +1182,7 @@ Hash algorithm family (SHA-1, SHA-2, SHA-3) specified by the MDM server. If mult | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1206,7 +1206,7 @@ Valid values are 1024, 2048, 4096. NGC key lengths supported should be specified | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Get | @@ -1222,7 +1222,7 @@ Valid values are 1024, 2048, 4096. NGC key lengths supported should be specified | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1250,7 +1250,7 @@ Although the private key is protected by TPM, it isn't protected with TPM PIN. S | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Get | @@ -1266,7 +1266,7 @@ Although the private key is protected by TPM, it isn't protected with TPM PIN. S | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1290,7 +1290,7 @@ The value must be specified in decimal format and should at least have second (0 | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Get | @@ -1306,7 +1306,7 @@ The value must be specified in decimal format and should at least have second (0 | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1330,7 +1330,7 @@ Default value is 3. Max value can't be larger than 30. If it's larger than 30, t | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Get | @@ -1346,7 +1346,7 @@ Default value is 3. Max value can't be larger than 30. If it's larger than 30, t | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1370,7 +1370,7 @@ Default value is 5 and the minimum value is 1. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Get | @@ -1386,7 +1386,7 @@ Default value is 5 and the minimum value is 1. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1409,7 +1409,7 @@ Specify the cert enrollment server. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Get | @@ -1425,7 +1425,7 @@ Specify the cert enrollment server. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1449,7 +1449,7 @@ or example, multiple subject alternative names are presented in the format ` @@ -1465,7 +1465,7 @@ or example, multiple subject alternative names are presented in the format ` | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1489,7 +1489,7 @@ The SubjectName value is quoted if it contains leading or trailing white space o | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Get | @@ -1505,7 +1505,7 @@ The SubjectName value is quoted if it contains leading or trailing white space o | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1528,7 +1528,7 @@ Certificate Template Name OID (As in AD used by PKI infrastructure. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Get | @@ -1544,7 +1544,7 @@ Certificate Template Name OID (As in AD used by PKI infrastructure. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1572,7 +1572,7 @@ Valid values are one of the following: | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -1588,7 +1588,7 @@ Valid values are one of the following: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1611,7 +1611,7 @@ Specify valid period unit type. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Get | @@ -1631,7 +1631,7 @@ Default is 0. The period is defined in ValidPeriod node. The valid period specif | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1660,7 +1660,7 @@ Valid values are one of the following values: | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | @@ -1676,7 +1676,7 @@ Valid values are one of the following values: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1699,7 +1699,7 @@ This store holds the User portion of the MY store. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -1715,7 +1715,7 @@ This store holds the User portion of the MY store. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1738,7 +1738,7 @@ The SHA1 hash for the certificate. The 20-byte SHA1 hash of the certificate is s | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Delete, Get | | Dynamic Node Naming | UniqueName: The SHA1 hash for the certificate. | @@ -1755,7 +1755,7 @@ The SHA1 hash for the certificate. The 20-byte SHA1 hash of the certificate is s | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1778,7 +1778,7 @@ The base64 Encoded X.509 certificate. Note that though during MDM enrollment, en | Property name | Property value | |:--|:--| -| Format | b64 | +| Format | `b64` | | Access Type | Add, Get, Replace | @@ -1794,7 +1794,7 @@ The base64 Encoded X.509 certificate. Note that though during MDM enrollment, en | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1817,7 +1817,7 @@ The name of the certificate issuer. This node is implicitly created only when th | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -1833,7 +1833,7 @@ The name of the certificate issuer. This node is implicitly created only when th | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1856,7 +1856,7 @@ The name of the certificate subject. This node is implicitly created only when t | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -1872,7 +1872,7 @@ The name of the certificate subject. This node is implicitly created only when t | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1895,7 +1895,7 @@ Returns the certificate template name. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -1911,7 +1911,7 @@ Returns the certificate template name. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1934,7 +1934,7 @@ The starting date of the certificate's validity. This node is implicitly created | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -1950,7 +1950,7 @@ The starting date of the certificate's validity. This node is implicitly created | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1973,7 +1973,7 @@ The expiration date of the certificate. This node is implicitly created only whe | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -1989,7 +1989,7 @@ The expiration date of the certificate. This node is implicitly created only whe | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -2013,7 +2013,7 @@ The nodes under WSTEP are mostly for MDM client certificate renew requests. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -2029,7 +2029,7 @@ The nodes under WSTEP are mostly for MDM client certificate renew requests. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -2053,7 +2053,7 @@ If renewal succeeds, it shows the renewed certificate thumbprint. If renewal fai | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -2069,7 +2069,7 @@ If renewal succeeds, it shows the renewed certificate thumbprint. If renewal fai | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -2092,7 +2092,7 @@ The parent node to group renewal related settings. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | | Atomic Required | True | @@ -2109,7 +2109,7 @@ The parent node to group renewal related settings. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -2132,7 +2132,7 @@ If certificate renew fails, this node provide the last hresult code during renew | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | @@ -2148,7 +2148,7 @@ If certificate renew fails, this node provide the last hresult code during renew | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -2171,7 +2171,7 @@ Time of last attempted renew. | Property name | Property value | |:--|:--| -| Format | time | +| Format | `time` | | Access Type | Get | @@ -2187,7 +2187,7 @@ Time of last attempted renew. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -2210,7 +2210,7 @@ Initiate a renew now. | Property name | Property value | |:--|:--| -| Format | null | +| Format | `null` | | Access Type | Exec | @@ -2226,7 +2226,7 @@ Initiate a renew now. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -2255,7 +2255,7 @@ The default value is 42 and the valid values are 1-1000. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[1-1000]` | | Default Value | 42 | @@ -2273,7 +2273,7 @@ The default value is 42 and the valid values are 1-1000. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -2296,7 +2296,7 @@ How long after the enrollment cert has expiried to keep trying to renew. | Property name | Property value | |:--|:--| -| Format | time | +| Format | `time` | | Access Type | Add, Get, Replace | @@ -2312,7 +2312,7 @@ How long after the enrollment cert has expiried to keep trying to renew. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -2337,7 +2337,7 @@ Optional. This parameter specifies retry interval when previous renew failed (in | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[1-1000]` | | Default Value | 7 | @@ -2355,7 +2355,7 @@ Optional. This parameter specifies retry interval when previous renew failed (in | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -2380,7 +2380,7 @@ Optional. Notify the client whether enrollment server supports ROBO auto certifi | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Add, Delete, Get, Replace | | Default Value | true | @@ -2405,7 +2405,7 @@ Optional. Notify the client whether enrollment server supports ROBO auto certifi | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -2432,7 +2432,7 @@ If this node doesn't exist, the client uses the initial certificate enrollment U | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2448,7 +2448,7 @@ If this node doesn't exist, the client uses the initial certificate enrollment U | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -2471,7 +2471,7 @@ Show the latest action status for this certificate. Supported values are one of | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | @@ -2487,7 +2487,7 @@ Show the latest action status for this certificate. Supported values are one of | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -2510,7 +2510,7 @@ This store holds only root (self-signed) certificates. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -2526,7 +2526,7 @@ This store holds only root (self-signed) certificates. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -2549,7 +2549,7 @@ The SHA1 hash for the certificate. The 20-byte SHA1 hash of the certificate is s | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Delete, Get | | Dynamic Node Naming | UniqueName: The SHA1 hash for the certificate. | @@ -2566,7 +2566,7 @@ The SHA1 hash for the certificate. The 20-byte SHA1 hash of the certificate is s | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -2589,7 +2589,7 @@ The base64 Encoded X.509 certificate. | Property name | Property value | |:--|:--| -| Format | b64 | +| Format | `b64` | | Access Type | Add, Get, Replace | @@ -2605,7 +2605,7 @@ The base64 Encoded X.509 certificate. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -2628,7 +2628,7 @@ The name of the certificate issuer. This node is implicitly created only when th | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -2644,7 +2644,7 @@ The name of the certificate issuer. This node is implicitly created only when th | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -2667,7 +2667,7 @@ The name of the certificate subject. This node is implicitly created only when t | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -2683,7 +2683,7 @@ The name of the certificate subject. This node is implicitly created only when t | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -2706,7 +2706,7 @@ Returns the certificate template name. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -2722,7 +2722,7 @@ Returns the certificate template name. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -2745,7 +2745,7 @@ The starting date of the certificate's validity. This node is implicitly created | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -2761,7 +2761,7 @@ The starting date of the certificate's validity. This node is implicitly created | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -2784,7 +2784,7 @@ The expiration date of the certificate. This node is implicitly created only whe | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -2800,7 +2800,7 @@ The expiration date of the certificate. This node is implicitly created only whe | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -2823,7 +2823,7 @@ This store holds the System portion of the root store. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -2839,7 +2839,7 @@ This store holds the System portion of the root store. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -2862,7 +2862,7 @@ The SHA1 hash for the certificate. The 20-byte SHA1 hash of the certificate is s | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Delete, Get | | Dynamic Node Naming | UniqueName: The SHA1 hash for the certificate. | @@ -2879,7 +2879,7 @@ The SHA1 hash for the certificate. The 20-byte SHA1 hash of the certificate is s | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -2902,7 +2902,7 @@ The base64 Encoded X.509 certificate. | Property name | Property value | |:--|:--| -| Format | b64 | +| Format | `b64` | | Access Type | Add, Get, Replace | @@ -2918,7 +2918,7 @@ The base64 Encoded X.509 certificate. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -2941,7 +2941,7 @@ The name of the certificate issuer. This node is implicitly created only when th | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -2957,7 +2957,7 @@ The name of the certificate issuer. This node is implicitly created only when th | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -2980,7 +2980,7 @@ The name of the certificate subject. This node is implicitly created only when t | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -2996,7 +2996,7 @@ The name of the certificate subject. This node is implicitly created only when t | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -3019,7 +3019,7 @@ Returns the certificate template name. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -3035,7 +3035,7 @@ Returns the certificate template name. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -3058,7 +3058,7 @@ The starting date of the certificate's validity. This node is implicitly created | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -3074,7 +3074,7 @@ The starting date of the certificate's validity. This node is implicitly created | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -3097,7 +3097,7 @@ The expiration date of the certificate. This node is implicitly created only whe | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | diff --git a/windows/client-management/mdm/clientcertificateinstall-csp.md b/windows/client-management/mdm/clientcertificateinstall-csp.md index 40ffe17423..4f5e1ec3f9 100644 --- a/windows/client-management/mdm/clientcertificateinstall-csp.md +++ b/windows/client-management/mdm/clientcertificateinstall-csp.md @@ -111,7 +111,7 @@ The following list shows the ClientCertificateInstall configuration service prov | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -134,7 +134,7 @@ Required for PFX certificate installation. The parent node grouping the PFX cert | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -150,7 +150,7 @@ Required for PFX certificate installation. The parent node grouping the PFX cert | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -175,7 +175,7 @@ Calling Delete on the this node, should delete the certificates and the keys tha | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Delete, Get, Replace | | Atomic Required | True | | Dynamic Node Naming | ServerGeneratedUniqueIdentifier | @@ -193,7 +193,7 @@ Calling Delete on the this node, should delete the certificates and the keys tha | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -217,7 +217,7 @@ Specifies the NGC container name (if NGC KSP is chosen for above node). If this | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Get, Replace | @@ -233,7 +233,7 @@ Specifies the NGC container name (if NGC KSP is chosen for above node). If this | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -256,7 +256,7 @@ Required for PFX certificate installation. Indicates the KeyStorage provider to | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Get, Replace | @@ -283,7 +283,7 @@ Required for PFX certificate installation. Indicates the KeyStorage provider to | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -310,7 +310,7 @@ In other words, using Replace or Add will result in the effect of either overwri | Property name | Property value | |:--|:--| -| Format | bin | +| Format | `bin` | | Access Type | Add, Get, Replace | @@ -326,7 +326,7 @@ In other words, using Replace or Add will result in the effect of either overwri | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -349,7 +349,7 @@ Password that protects the PFX blob. This is required if the PFX is password pro | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Get, Replace | @@ -365,7 +365,7 @@ Password that protects the PFX blob. This is required if the PFX is password pro | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -389,7 +389,7 @@ When a value of "2" is contained iin PFXCertPasswordEncryptionType, specify the | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Get, Replace | | Dependency [EncryptionTypeDependency] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/ClientCertificateInstall/PFXCertInstall/[UniqueID]/PFXCertPasswordEncryptionType`
Dependency Allowed Value: `[2]`
Dependency Allowed Value Type: `Range`
| @@ -406,7 +406,7 @@ When a value of "2" is contained iin PFXCertPasswordEncryptionType, specify the | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -433,7 +433,7 @@ If the value is | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Get, Replace | | Default Value | 0 | @@ -460,7 +460,7 @@ If the value is | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -487,7 +487,7 @@ The PFX isn't exportable when it's installed to TPM. | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Add, Get, Replace | | Default Value | true | | Dependency [KeyLocationDependency] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/ClientCertificateInstall/PFXCertInstall/[UniqueID]/KeyLocation`
Dependency Allowed Value: `[3]`
Dependency Allowed Value Type: `Range`
| @@ -514,7 +514,7 @@ The PFX isn't exportable when it's installed to TPM. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -537,7 +537,7 @@ Returns the error code of the PFX installation from the GetLastError command cal | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | @@ -553,7 +553,7 @@ Returns the error code of the PFX installation from the GetLastError command cal | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -576,7 +576,7 @@ Returns the thumbprint of the PFX certificate installed. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -592,7 +592,7 @@ Returns the thumbprint of the PFX certificate installed. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -615,7 +615,7 @@ Node for SCEP. An alert is sent after the SCEP certificate is installed. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -631,7 +631,7 @@ Node for SCEP. An alert is sent after the SCEP certificate is installed. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -655,7 +655,7 @@ Calling Delete on the this node, should delete the corresponding SCEP certificat | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Delete, Get, Replace | | Atomic Required | True | | Dynamic Node Naming | ServerGeneratedUniqueIdentifier | @@ -673,7 +673,7 @@ Calling Delete on the this node, should delete the corresponding SCEP certificat | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -698,7 +698,7 @@ Optional. Specify the current cert's thumbprint if certificate enrollment succee | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -714,7 +714,7 @@ Optional. Specify the current cert's thumbprint if certificate enrollment succee | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -737,7 +737,7 @@ Optional. The integer value that indicates the HRESULT of the last enrollment er | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | @@ -753,7 +753,7 @@ Optional. The integer value that indicates the HRESULT of the last enrollment er | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -776,7 +776,7 @@ Required for SCEP certificate enrollment. Parent node to group SCEP cert install | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Delete, Get, Replace | @@ -792,7 +792,7 @@ Required for SCEP certificate enrollment. Parent node to group SCEP cert install | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -815,7 +815,7 @@ Optional. Specify the AAD Key Identifier List as a semicolon separated values. O | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -831,7 +831,7 @@ Optional. Specify the AAD Key Identifier List as a semicolon separated values. O | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -854,7 +854,7 @@ Required. Specify root CA thumbprint. It is a 20-byte value of the SHA1 certific | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -870,7 +870,7 @@ Required. Specify root CA thumbprint. It is a 20-byte value of the SHA1 certific | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -893,7 +893,7 @@ Required for SCEP certificate enrollment. B64 encoded SCEP enrollment challenge. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -909,7 +909,7 @@ Required for SCEP certificate enrollment. B64 encoded SCEP enrollment challenge. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -933,7 +933,7 @@ Specifies the NGC container name (if NGC KSP is chosen for above node). If this | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -949,7 +949,7 @@ Specifies the NGC container name (if NGC KSP is chosen for above node). If this | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -972,7 +972,7 @@ Optional. Specifies the custom text to show on the NGC PIN prompt during certifi | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -988,7 +988,7 @@ Optional. Specifies the custom text to show on the NGC PIN prompt during certifi | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1011,7 +1011,7 @@ Required. Specify extended key usages. Subjected to SCEP server configuration. T | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1027,7 +1027,7 @@ Required. Specify extended key usages. Subjected to SCEP server configuration. T | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1050,7 +1050,7 @@ Required. Trigger the device to start the cert enrollment. The device will not n | Property name | Property value | |:--|:--| -| Format | null | +| Format | `null` | | Access Type | Exec | @@ -1066,7 +1066,7 @@ Required. Trigger the device to start the cert enrollment. The device will not n | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1091,7 +1091,7 @@ For NGC, only SHA256 is supported as the supported algorithm. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1107,7 +1107,7 @@ For NGC, only SHA256 is supported as the supported algorithm. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1133,7 +1133,7 @@ Valid value: 1024, 2048, 4096. For NGC, only 2048 is the supported keylength. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | @@ -1159,7 +1159,7 @@ Valid value: 1024, 2048, 4096. For NGC, only 2048 is the supported keylength. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1183,7 +1183,7 @@ SCEP enrolled cert doesn't support TPM PIN protection. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 3 | @@ -1211,7 +1211,7 @@ SCEP enrolled cert doesn't support TPM PIN protection. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1234,7 +1234,7 @@ Required for enrollment. Specify the key usage bits (0x80, 0x20, 0xA0, etc.) for | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | @@ -1250,7 +1250,7 @@ Required for enrollment. Specify the key usage bits (0x80, 0x20, 0xA0, etc.) for | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1274,7 +1274,7 @@ The min value is 0 which means no retry. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[0-30]` | | Default Value | 3 | @@ -1292,7 +1292,7 @@ The min value is 0 which means no retry. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1318,7 +1318,7 @@ The min value is 1. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[0-4294967295]` | | Default Value | 5 | @@ -1336,7 +1336,7 @@ The min value is 1. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1359,7 +1359,7 @@ Required for SCEP certificate enrollment. Specify the cert enrollment server. Th | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1375,7 +1375,7 @@ Required for SCEP certificate enrollment. Specify the cert enrollment server. Th | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1398,7 +1398,7 @@ Optional. Specify subject alternative name. Multiple alternative names could be | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1414,7 +1414,7 @@ Optional. Specify subject alternative name. Multiple alternative names could be | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1438,7 +1438,7 @@ For more information, see [CertNameToStrA function](/windows/win32/api/wincrypt/ | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1454,7 +1454,7 @@ For more information, see [CertNameToStrA function](/windows/win32/api/wincrypt/ | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1477,7 +1477,7 @@ Optional. OID of certificate template name. Note that this name is typically ign | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1493,7 +1493,7 @@ Optional. OID of certificate template name. Note that this name is typically ign | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1517,7 +1517,7 @@ MDM server expected certificate validation period (ValidPeriodUnits + ValidPerio | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Default Value | Days | @@ -1544,7 +1544,7 @@ MDM server expected certificate validation period (ValidPeriodUnits + ValidPerio | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1570,7 +1570,7 @@ Optional. Specify desired number of units used in validity period. Subjected to | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -1587,7 +1587,7 @@ Optional. Specify desired number of units used in validity period. Subjected to | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1610,7 +1610,7 @@ Required. Returns the URL of the SCEP server that responded to the enrollment re | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -1626,7 +1626,7 @@ Required. Returns the URL of the SCEP server that responded to the enrollment re | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1654,7 +1654,7 @@ Valid values are: | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | @@ -1670,7 +1670,7 @@ Valid values are: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1693,7 +1693,7 @@ Required for PFX certificate installation. The parent node grouping the PFX cert | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -1709,7 +1709,7 @@ Required for PFX certificate installation. The parent node grouping the PFX cert | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1734,7 +1734,7 @@ Calling Delete on the this node, should delete the certificates and the keys tha | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Delete, Get, Replace | | Atomic Required | True | | Dynamic Node Naming | ServerGeneratedUniqueIdentifier | @@ -1752,7 +1752,7 @@ Calling Delete on the this node, should delete the certificates and the keys tha | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1776,7 +1776,7 @@ Specifies the NGC container name (if NGC KSP is chosen for above node). If this | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Get, Replace | @@ -1792,7 +1792,7 @@ Specifies the NGC container name (if NGC KSP is chosen for above node). If this | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1815,7 +1815,7 @@ Required for PFX certificate installation. Indicates the KeyStorage provider to | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Get, Replace | @@ -1842,7 +1842,7 @@ Required for PFX certificate installation. Indicates the KeyStorage provider to | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1869,7 +1869,7 @@ In other words, using Replace or Add will result in the effect of either overwri | Property name | Property value | |:--|:--| -| Format | bin | +| Format | `bin` | | Access Type | Add, Get, Replace | @@ -1885,7 +1885,7 @@ In other words, using Replace or Add will result in the effect of either overwri | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1908,7 +1908,7 @@ Password that protects the PFX blob. This is required if the PFX is password pro | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Get, Replace | @@ -1924,7 +1924,7 @@ Password that protects the PFX blob. This is required if the PFX is password pro | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1948,7 +1948,7 @@ When a value of "2" is contained iin PFXCertPasswordEncryptionType, specify the | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Get, Replace | | Dependency [EncryptionTypeDependency] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/ClientCertificateInstall/PFXCertInstall/[UniqueID]/PFXCertPasswordEncryptionType`
Dependency Allowed Value: `[2]`
Dependency Allowed Value Type: `Range`
| @@ -1965,7 +1965,7 @@ When a value of "2" is contained iin PFXCertPasswordEncryptionType, specify the | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1992,7 +1992,7 @@ If the value is | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Get, Replace | | Default Value | 0 | @@ -2019,7 +2019,7 @@ If the value is | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -2044,7 +2044,7 @@ Optional. Used to specify if the private key installed is exportable (can be exp | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Add, Get, Replace | | Default Value | true | | Dependency [KeyLocationDependency] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/ClientCertificateInstall/PFXCertInstall/[UniqueID]/KeyLocation`
Dependency Allowed Value: `[3]`
Dependency Allowed Value Type: `Range`
| @@ -2071,7 +2071,7 @@ Optional. Used to specify if the private key installed is exportable (can be exp | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -2094,7 +2094,7 @@ Returns the error code of the PFX installation from the GetLastError command cal | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | @@ -2110,7 +2110,7 @@ Returns the error code of the PFX installation from the GetLastError command cal | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -2133,7 +2133,7 @@ Returns the thumbprint of the PFX certificate installed. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -2149,7 +2149,7 @@ Returns the thumbprint of the PFX certificate installed. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -2172,7 +2172,7 @@ Node for SCEP. An alert is sent after the SCEP certificate is installed. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -2188,7 +2188,7 @@ Node for SCEP. An alert is sent after the SCEP certificate is installed. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -2212,7 +2212,7 @@ Calling Delete on the this node, should delete the corresponding SCEP certificat | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Delete, Get, Replace | | Atomic Required | True | | Dynamic Node Naming | ServerGeneratedUniqueIdentifier | @@ -2230,7 +2230,7 @@ Calling Delete on the this node, should delete the corresponding SCEP certificat | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -2255,7 +2255,7 @@ Optional. Specify the current cert's thumbprint if certificate enrollment succee | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -2271,7 +2271,7 @@ Optional. Specify the current cert's thumbprint if certificate enrollment succee | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -2294,7 +2294,7 @@ Optional. The integer value that indicates the HRESULT of the last enrollment er | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | @@ -2310,7 +2310,7 @@ Optional. The integer value that indicates the HRESULT of the last enrollment er | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -2333,7 +2333,7 @@ Required for SCEP certificate enrollment. Parent node to group SCEP cert install | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Delete, Get, Replace | @@ -2349,7 +2349,7 @@ Required for SCEP certificate enrollment. Parent node to group SCEP cert install | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -2372,7 +2372,7 @@ Optional. Specify the AAD Key Identifier List as a semicolon separated values. O | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2388,7 +2388,7 @@ Optional. Specify the AAD Key Identifier List as a semicolon separated values. O | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -2411,7 +2411,7 @@ Required. Specify root CA thumbprint. It is a 20-byte value of the SHA1 certific | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2427,7 +2427,7 @@ Required. Specify root CA thumbprint. It is a 20-byte value of the SHA1 certific | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -2450,7 +2450,7 @@ Required for SCEP certificate enrollment. B64 encoded SCEP enrollment challenge. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2466,7 +2466,7 @@ Required for SCEP certificate enrollment. B64 encoded SCEP enrollment challenge. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -2490,7 +2490,7 @@ Specifies the NGC container name (if NGC KSP is chosen for above node). If this | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2506,7 +2506,7 @@ Specifies the NGC container name (if NGC KSP is chosen for above node). If this | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -2529,7 +2529,7 @@ Optional. Specifies the custom text to show on the NGC PIN prompt during certifi | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2545,7 +2545,7 @@ Optional. Specifies the custom text to show on the NGC PIN prompt during certifi | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -2568,7 +2568,7 @@ Required. Specify extended key usages. Subjected to SCEP server configuration. T | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2584,7 +2584,7 @@ Required. Specify extended key usages. Subjected to SCEP server configuration. T | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -2607,7 +2607,7 @@ Required. Trigger the device to start the cert enrollment. The device will not n | Property name | Property value | |:--|:--| -| Format | null | +| Format | `null` | | Access Type | Exec | @@ -2623,7 +2623,7 @@ Required. Trigger the device to start the cert enrollment. The device will not n | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -2648,7 +2648,7 @@ For NGC, only SHA256 is supported as the supported algorithm. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2664,7 +2664,7 @@ For NGC, only SHA256 is supported as the supported algorithm. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -2690,7 +2690,7 @@ Valid value: 1024, 2048, 4096. For NGC, only 2048 is the supported keylength. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | @@ -2716,7 +2716,7 @@ Valid value: 1024, 2048, 4096. For NGC, only 2048 is the supported keylength. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -2740,7 +2740,7 @@ SCEP enrolled cert doesn't support TPM PIN protection. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 3 | @@ -2768,7 +2768,7 @@ SCEP enrolled cert doesn't support TPM PIN protection. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -2791,7 +2791,7 @@ Required for enrollment. Specify the key usage bits (0x80, 0x20, 0xA0, etc.) for | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | @@ -2807,7 +2807,7 @@ Required for enrollment. Specify the key usage bits (0x80, 0x20, 0xA0, etc.) for | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -2831,7 +2831,7 @@ The min value is 0 which means no retry. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[0-30]` | | Default Value | 3 | @@ -2849,7 +2849,7 @@ The min value is 0 which means no retry. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -2875,7 +2875,7 @@ The min value is 1. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[0-4294967295]` | | Default Value | 5 | @@ -2893,7 +2893,7 @@ The min value is 1. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -2916,7 +2916,7 @@ Required for SCEP certificate enrollment. Specify the cert enrollment server. Th | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2932,7 +2932,7 @@ Required for SCEP certificate enrollment. Specify the cert enrollment server. Th | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -2955,7 +2955,7 @@ Optional. Specify subject alternative name. Multiple alternative names could be | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2971,7 +2971,7 @@ Optional. Specify subject alternative name. Multiple alternative names could be | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -2995,7 +2995,7 @@ For more information, see [CertNameToStrA function](/windows/win32/api/wincrypt/ | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -3011,7 +3011,7 @@ For more information, see [CertNameToStrA function](/windows/win32/api/wincrypt/ | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -3034,7 +3034,7 @@ Optional. OID of certificate template name. Note that this name is typically ign | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -3050,7 +3050,7 @@ Optional. OID of certificate template name. Note that this name is typically ign | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -3074,7 +3074,7 @@ MDM server expected certificate validation period (ValidPeriodUnits + ValidPerio | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Default Value | Days | @@ -3101,7 +3101,7 @@ MDM server expected certificate validation period (ValidPeriodUnits + ValidPerio | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -3127,7 +3127,7 @@ Optional. Specify desired number of units used in validity period. Subjected to | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -3144,7 +3144,7 @@ Optional. Specify desired number of units used in validity period. Subjected to | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -3167,7 +3167,7 @@ Required. Returns the URL of the SCEP server that responded to the enrollment re | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -3183,7 +3183,7 @@ Required. Returns the URL of the SCEP server that responded to the enrollment re | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -3211,7 +3211,7 @@ Valid values are: | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | diff --git a/windows/client-management/mdm/defender-csp.md b/windows/client-management/mdm/defender-csp.md index a94f1eed2e..6289df39cf 100644 --- a/windows/client-management/mdm/defender-csp.md +++ b/windows/client-management/mdm/defender-csp.md @@ -4,7 +4,7 @@ description: Learn more about the Defender CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/01/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -118,7 +118,7 @@ The following list shows the Defender configuration service provider nodes: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1903 [10.0.18362] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later | @@ -141,7 +141,7 @@ An interior node to group Windows Defender configuration information. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -157,7 +157,7 @@ An interior node to group Windows Defender configuration information. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -180,7 +180,7 @@ This settings controls whether Network Protection is allowed to enable datagram | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -206,7 +206,7 @@ This settings controls whether Network Protection is allowed to enable datagram | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -229,7 +229,7 @@ This settings controls whether Network Protection is allowed to be configured in | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -255,7 +255,7 @@ This settings controls whether Network Protection is allowed to be configured in | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -278,7 +278,7 @@ This settings controls whether Network Protection is allowed to be configured in | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -304,7 +304,7 @@ This settings controls whether Network Protection is allowed to be configured in | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -327,7 +327,7 @@ Apply ASR only per rule exclusions. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -343,7 +343,7 @@ Apply ASR only per rule exclusions. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later | @@ -366,7 +366,7 @@ Define data duplication directory for device control. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -382,7 +382,7 @@ Define data duplication directory for device control. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later | @@ -405,7 +405,7 @@ Define the retention period in days of how much time the evidence data will be k | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[1-120]` | | Default Value | 60 | @@ -423,7 +423,7 @@ Define the retention period in days of how much time the evidence data will be k | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later | @@ -446,7 +446,7 @@ Define data duplication remote location for device control. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -462,7 +462,7 @@ Define data duplication remote location for device control. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later | @@ -485,7 +485,7 @@ Control Device Control default enforcement. This is the enforcement applied if t | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -511,7 +511,7 @@ Control Device Control default enforcement. This is the enforcement applied if t | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later | @@ -533,7 +533,7 @@ Control Device Control default enforcement. This is the enforcement applied if t | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -549,7 +549,7 @@ Control Device Control default enforcement. This is the enforcement applied if t | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later | @@ -571,7 +571,7 @@ Control Device Control default enforcement. This is the enforcement applied if t | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -587,7 +587,7 @@ Control Device Control default enforcement. This is the enforcement applied if t | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later | @@ -609,7 +609,7 @@ Control Device Control default enforcement. This is the enforcement applied if t | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Delete, Get, Replace | @@ -625,7 +625,7 @@ Control Device Control default enforcement. This is the enforcement applied if t | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later | @@ -648,7 +648,7 @@ For more information, see [Microsoft Defender for Endpoint Device Control Remova | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -664,7 +664,7 @@ For more information, see [Microsoft Defender for Endpoint Device Control Remova | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later | @@ -686,7 +686,7 @@ For more information, see [Microsoft Defender for Endpoint Device Control Remova | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -702,7 +702,7 @@ For more information, see [Microsoft Defender for Endpoint Device Control Remova | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later | @@ -724,7 +724,7 @@ For more information, see [Microsoft Defender for Endpoint Device Control Remova | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Delete, Get, Replace | @@ -740,7 +740,7 @@ For more information, see [Microsoft Defender for Endpoint Device Control Remova | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later | @@ -763,7 +763,7 @@ For more information, see [Microsoft Defender for Endpoint Device Control Remova | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -779,7 +779,7 @@ For more information, see [Microsoft Defender for Endpoint Device Control Remova | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later | @@ -802,7 +802,7 @@ Control Device Control feature. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -828,7 +828,7 @@ Control Device Control feature. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -851,7 +851,7 @@ Indicates whether the CPU will be throttled for scheduled scans while the device | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -877,7 +877,7 @@ Indicates whether the CPU will be throttled for scheduled scans while the device | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -900,7 +900,7 @@ This setting disables DNS over TCP Parsing for Network Protection. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -926,7 +926,7 @@ This setting disables DNS over TCP Parsing for Network Protection. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -949,7 +949,7 @@ This setting disables DNS Parsing for Network Protection. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -975,7 +975,7 @@ This setting disables DNS Parsing for Network Protection. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -998,7 +998,7 @@ This setting disables FTP Parsing for Network Protection. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -1024,7 +1024,7 @@ This setting disables FTP Parsing for Network Protection. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -1047,7 +1047,7 @@ Enable this policy to disable gradual rollout of Defender updates. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -1073,7 +1073,7 @@ Enable this policy to disable gradual rollout of Defender updates. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -1096,7 +1096,7 @@ This setting disables HTTP Parsing for Network Protection. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -1122,7 +1122,7 @@ This setting disables HTTP Parsing for Network Protection. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -1145,7 +1145,7 @@ This setting disables Inbound connection filtering for Network Protection. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -1171,7 +1171,7 @@ This setting disables Inbound connection filtering for Network Protection. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -1194,7 +1194,7 @@ When this value is set to false, it allows a local admin the ability to specify | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -1220,7 +1220,7 @@ When this value is set to false, it allows a local admin the ability to specify | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -1243,7 +1243,7 @@ This setting disables the gathering and send of performance telemetry from Netwo | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -1269,7 +1269,7 @@ This setting disables the gathering and send of performance telemetry from Netwo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -1292,7 +1292,7 @@ This setting disables RDP Parsing for Network Protection. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -1318,7 +1318,7 @@ This setting disables RDP Parsing for Network Protection. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -1341,7 +1341,7 @@ This setting disables SMTP Parsing for Network Protection. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -1367,7 +1367,7 @@ This setting disables SMTP Parsing for Network Protection. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -1390,7 +1390,7 @@ This setting disables SSH Parsing for Network Protection. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -1416,7 +1416,7 @@ This setting disables SSH Parsing for Network Protection. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -1439,7 +1439,7 @@ This setting disables TLS Parsing for Network Protection. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -1465,7 +1465,7 @@ This setting disables TLS Parsing for Network Protection. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -1488,7 +1488,7 @@ This setting enables the DNS Sinkhole feature for Network Protection, respecting | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -1514,7 +1514,7 @@ This setting enables the DNS Sinkhole feature for Network Protection, respecting | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1903 [10.0.18362] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later | @@ -1537,7 +1537,7 @@ Enables or disables file hash computation feature. When this feature is enabled | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -1563,7 +1563,7 @@ Enables or disables file hash computation feature. When this feature is enabled | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -1586,7 +1586,7 @@ Enable this policy to specify when devices receive Microsoft Defender engine upd | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -1616,7 +1616,7 @@ Enable this policy to specify when devices receive Microsoft Defender engine upd | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later | @@ -1641,7 +1641,7 @@ This policy setting controls whether or not exclusions are visible to local admi | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -1667,7 +1667,7 @@ This policy setting controls whether or not exclusions are visible to local admi | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later | @@ -1690,7 +1690,7 @@ This policy setting controls whether or not exclusions are visible to local user | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -1716,7 +1716,7 @@ This policy setting controls whether or not exclusions are visible to local user | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041] and later | @@ -1739,7 +1739,7 @@ This policy setting configures the Intel TDT integration level for Intel TDT-cap | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -1766,7 +1766,7 @@ This policy setting configures the Intel TDT integration level for Intel TDT-cap | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -1789,7 +1789,7 @@ Allow managed devices to update through metered connections. Default is 0 - not | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -1815,7 +1815,7 @@ Allow managed devices to update through metered connections. Default is 0 - not | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -1838,7 +1838,7 @@ This setting allows you to configure whether real-time protection and Security I | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -1864,7 +1864,7 @@ This setting allows you to configure whether real-time protection and Security I | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -1887,7 +1887,7 @@ Setting to control automatic remediation for Sense scans. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -1914,7 +1914,7 @@ Setting to control automatic remediation for Sense scans. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -1937,7 +1937,7 @@ Enable this policy to specify when devices receive Microsoft Defender platform u | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -1967,7 +1967,7 @@ Enable this policy to specify when devices receive Microsoft Defender platform u | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -1990,7 +1990,7 @@ In Microsoft Defender Antivirus, randomize the start time of the scan to any int | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -2016,7 +2016,7 @@ In Microsoft Defender Antivirus, randomize the start time of the scan to any int | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -2039,7 +2039,7 @@ In Microsoft Defender Antivirus, this setting will run scheduled scans only if t | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -2065,7 +2065,7 @@ In Microsoft Defender Antivirus, this setting will run scheduled scans only if t | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -2088,7 +2088,7 @@ This setting allows you to configure the scheduler randomization in hours. The r | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[1-23]` | | Default Value | 4 | @@ -2106,7 +2106,7 @@ This setting allows you to configure the scheduler randomization in hours. The r | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later | @@ -2129,7 +2129,7 @@ Defines what are the devices primary ids that should be secured by Defender Devi | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2145,7 +2145,7 @@ Defines what are the devices primary ids that should be secured by Defender Devi | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -2168,7 +2168,7 @@ Enable this policy to specify when devices receive Microsoft Defender security i | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -2195,7 +2195,7 @@ Enable this policy to specify when devices receive Microsoft Defender security i | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -2230,7 +2230,7 @@ More details: | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2246,7 +2246,7 @@ More details: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1903 [10.0.18362] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later | @@ -2271,7 +2271,7 @@ Tamper protection helps protect important security features from unwanted change | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -2288,7 +2288,7 @@ Tamper protection helps protect important security features from unwanted change | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -2311,7 +2311,7 @@ A CPU usage limit can be applied to scheduled scans only, or to scheduled and cu | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -2337,7 +2337,7 @@ A CPU usage limit can be applied to scheduled scans only, or to scheduled and cu | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -2360,7 +2360,7 @@ An interior node to group all threats detected by Windows Defender. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -2376,7 +2376,7 @@ An interior node to group all threats detected by Windows Defender. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -2399,7 +2399,7 @@ The ID of a threat that has been detected by Windows Defender. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | | Dynamic Node Naming | ClientInventory | @@ -2416,7 +2416,7 @@ The ID of a threat that has been detected by Windows Defender. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -2492,7 +2492,7 @@ Threat category ID. Supported values: | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | @@ -2508,7 +2508,7 @@ Threat category ID. Supported values: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -2545,7 +2545,7 @@ Information about the current status of the threat. The following list shows the | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | @@ -2561,7 +2561,7 @@ Information about the current status of the threat. The following list shows the | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -2584,7 +2584,7 @@ Information about the execution status of the threat. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | @@ -2600,7 +2600,7 @@ Information about the execution status of the threat. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -2623,7 +2623,7 @@ The first time this particular threat was detected. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -2639,7 +2639,7 @@ The first time this particular threat was detected. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -2662,7 +2662,7 @@ The last time this particular threat was changed. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -2678,7 +2678,7 @@ The last time this particular threat was changed. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -2701,7 +2701,7 @@ The name of the specific threat. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -2717,7 +2717,7 @@ The name of the specific threat. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -2740,7 +2740,7 @@ Number of times this threat has been detected on a particular client. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | @@ -2756,7 +2756,7 @@ Number of times this threat has been detected on a particular client. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -2787,7 +2787,7 @@ Threat severity ID. The following list shows the supported values: | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | @@ -2803,7 +2803,7 @@ Threat severity ID. The following list shows the supported values: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -2826,7 +2826,7 @@ URL link for additional threat information. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -2842,7 +2842,7 @@ URL link for additional threat information. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -2865,7 +2865,7 @@ An interior node to group information about Windows Defender health status. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -2881,7 +2881,7 @@ An interior node to group information about Windows Defender health status. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -2913,7 +2913,7 @@ Provide the current state of the device. The following list shows the supported | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | @@ -2929,7 +2929,7 @@ Provide the current state of the device. The following list shows the supported | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -2952,7 +2952,7 @@ Indicates whether the Windows Defender service is running. | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Get | @@ -2968,7 +2968,7 @@ Indicates whether the Windows Defender service is running. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -2991,7 +2991,7 @@ Version number of Windows Defender on the device. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -3007,7 +3007,7 @@ Version number of Windows Defender on the device. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -3030,7 +3030,7 @@ Version number of the current Windows Defender engine on the device. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -3046,7 +3046,7 @@ Version number of the current Windows Defender engine on the device. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -3069,7 +3069,7 @@ Indicates whether a Windows Defender full scan is overdue for the device. A Full | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Get | @@ -3085,7 +3085,7 @@ Indicates whether a Windows Defender full scan is overdue for the device. A Full | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -3108,7 +3108,7 @@ Indicates whether a Windows Defender full scan is required. | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Get | @@ -3124,7 +3124,7 @@ Indicates whether a Windows Defender full scan is required. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -3147,7 +3147,7 @@ Signature version used for the last full scan of the device. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -3163,7 +3163,7 @@ Signature version used for the last full scan of the device. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -3186,7 +3186,7 @@ Time of the last Windows Defender full scan of the device. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -3202,7 +3202,7 @@ Time of the last Windows Defender full scan of the device. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1903 [10.0.18362] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later | @@ -3225,7 +3225,7 @@ Indicates whether the device is a virtual machine. | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Get | @@ -3241,7 +3241,7 @@ Indicates whether the device is a virtual machine. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -3264,7 +3264,7 @@ Indicates whether network protection is running. | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Get | @@ -3280,7 +3280,7 @@ Indicates whether network protection is running. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later | @@ -3332,7 +3332,7 @@ Provide the current state of the product. This is a bitmask flag value that can | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | @@ -3365,7 +3365,7 @@ Provide the current state of the product. This is a bitmask flag value that can | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -3388,7 +3388,7 @@ Indicates whether a Windows Defender quick scan is overdue for the device. A Qui | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Get | @@ -3404,7 +3404,7 @@ Indicates whether a Windows Defender quick scan is overdue for the device. A Qui | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -3427,7 +3427,7 @@ Signature version used for the last quick scan of the device. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -3443,7 +3443,7 @@ Signature version used for the last quick scan of the device. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -3466,7 +3466,7 @@ Time of the last Windows Defender quick scan of the device. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -3482,7 +3482,7 @@ Time of the last Windows Defender quick scan of the device. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -3505,7 +3505,7 @@ Indicates whether a device reboot is needed. | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Get | @@ -3521,7 +3521,7 @@ Indicates whether a device reboot is needed. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -3544,7 +3544,7 @@ Indicates whether real-time protection is running. | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Get | @@ -3560,7 +3560,7 @@ Indicates whether real-time protection is running. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -3583,7 +3583,7 @@ Indicates whether the Windows Defender signature is outdated. | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Get | @@ -3599,7 +3599,7 @@ Indicates whether the Windows Defender signature is outdated. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -3622,7 +3622,7 @@ Version number of the current Windows Defender signatures on the device. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -3638,7 +3638,7 @@ Version number of the current Windows Defender signatures on the device. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1903 [10.0.18362] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later | @@ -3661,7 +3661,7 @@ Indicates whether the Windows Defender tamper protection feature is enabled. | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Get | @@ -3677,7 +3677,7 @@ Indicates whether the Windows Defender tamper protection feature is enabled. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -3700,7 +3700,7 @@ OfflineScan action starts a Microsoft Defender Offline scan on the computer wher | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Exec, Get | | Reboot Behavior | ServerInitiated | @@ -3717,7 +3717,7 @@ OfflineScan action starts a Microsoft Defender Offline scan on the computer wher | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -3740,7 +3740,7 @@ RollbackEngine action rolls back Microsoft Defender engine to it's last known go | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Exec, Get | | Reboot Behavior | ServerInitiated | @@ -3757,7 +3757,7 @@ RollbackEngine action rolls back Microsoft Defender engine to it's last known go | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -3780,7 +3780,7 @@ RollbackPlatform action rolls back Microsoft Defender to it's last known good in | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Exec, Get | | Reboot Behavior | ServerInitiated | @@ -3797,7 +3797,7 @@ RollbackPlatform action rolls back Microsoft Defender to it's last known good in | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -3820,7 +3820,7 @@ Node that can be used to start a Windows Defender scan on a device. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Exec, Get | @@ -3845,7 +3845,7 @@ Node that can be used to start a Windows Defender scan on a device. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -3868,7 +3868,7 @@ Node that can be used to perform signature updates for Windows Defender. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Exec, Get | diff --git a/windows/client-management/mdm/devdetail-csp.md b/windows/client-management/mdm/devdetail-csp.md index 4b35dd3c12..458d71677a 100644 --- a/windows/client-management/mdm/devdetail-csp.md +++ b/windows/client-management/mdm/devdetail-csp.md @@ -4,7 +4,7 @@ description: Learn more about the DevDetail CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 02/28/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -73,7 +73,7 @@ The following list shows the DevDetail configuration service provider nodes: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -96,7 +96,7 @@ Returns the device model name /SystemProductName as a string. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -112,7 +112,7 @@ Returns the device model name /SystemProductName as a string. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -135,7 +135,7 @@ Subtree to hold vendor-specific parameters. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -151,7 +151,7 @@ Subtree to hold vendor-specific parameters. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -176,7 +176,7 @@ Added in Windows 10 version 1703. Returns a base64 encoded string of the hardwar | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -192,7 +192,7 @@ Added in Windows 10 version 1703. Returns a base64 encoded string of the hardwar | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -215,7 +215,7 @@ Subtree to hold vendor-specific parameters. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -231,7 +231,7 @@ Subtree to hold vendor-specific parameters. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -254,7 +254,7 @@ Returns the name of the mobile operator if it exists; otherwise it returns 404. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -270,7 +270,7 @@ Returns the name of the mobile operator if it exists; otherwise it returns 404. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -293,7 +293,7 @@ Contains the user-specified device name. Support for Replace operation for Windo | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get, Replace | | Reboot Behavior | Automatic | @@ -310,7 +310,7 @@ Contains the user-specified device name. Support for Replace operation for Windo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041] and later | @@ -339,7 +339,7 @@ On desktop PCs, this setting specifies the DNS hostname of the computer (Compute | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get, Replace | | Reboot Behavior | ServerInitiated | @@ -356,7 +356,7 @@ On desktop PCs, this setting specifies the DNS hostname of the computer (Compute | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -379,7 +379,7 @@ Total free storage in MB from first internal drive on the device. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | @@ -395,7 +395,7 @@ Total free storage in MB from first internal drive on the device. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -418,7 +418,7 @@ Returns the client local time in ISO 8601 format. Example: 2003-06-16. T18:37:44 | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -434,7 +434,7 @@ Returns the client local time in ISO 8601 format. Example: 2003-06-16. T18:37:44 | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -457,7 +457,7 @@ Returns the mobile device ID associated with the cellular network. Returns 404 f | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -473,7 +473,7 @@ Returns the mobile device ID associated with the cellular network. Returns 404 f | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -496,7 +496,7 @@ Returns the OS platform of the device. For Windows 10 for desktop editions, it r | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -512,7 +512,7 @@ Returns the OS platform of the device. For Windows 10 for desktop editions, it r | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -535,7 +535,7 @@ Returns the processor architecture of the device as "arm" or "x86". | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | @@ -551,7 +551,7 @@ Returns the processor architecture of the device as "arm" or "x86". | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -574,7 +574,7 @@ Returns the processor type of the device as documented in SYSTEM_INFO. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | @@ -590,7 +590,7 @@ Returns the processor type of the device as documented in SYSTEM_INFO. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -613,7 +613,7 @@ Returns the radio stack software version number. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -629,7 +629,7 @@ Returns the radio stack software version number. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -652,7 +652,7 @@ Resolution of the device in the format of WidthxLength (e.g., "400x800"). | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -668,7 +668,7 @@ Resolution of the device in the format of WidthxLength (e.g., "400x800"). | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later | @@ -691,7 +691,7 @@ SMBIOS Serial Number of the device. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -707,7 +707,7 @@ SMBIOS Serial Number of the device. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1387] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1387] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1387] and later
:heavy_check_mark: Windows 10, version 21H2 [10.0.19044.1387] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1387] and later
✅ Windows 10, version 2009 [10.0.19042.1387] and later
✅ Windows 10, version 21H1 [10.0.19043.1387] and later
✅ Windows 10, version 21H2 [10.0.19044.1387] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -730,7 +730,7 @@ SMBIOS version of the device. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -746,7 +746,7 @@ SMBIOS version of the device. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -769,7 +769,7 @@ Returns the System SKU, as defined in the registry key HKEY_LOCAL_MACHINE\HARDWA | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -785,7 +785,7 @@ Returns the System SKU, as defined in the registry key HKEY_LOCAL_MACHINE\HARDWA | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -808,7 +808,7 @@ Total available memory in MB on the device (may be less than total physical memo | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | @@ -824,7 +824,7 @@ Total available memory in MB on the device (may be less than total physical memo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -847,7 +847,7 @@ Total available storage in MB from first internal drive on the device (may be le | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | @@ -863,7 +863,7 @@ Total available storage in MB from first internal drive on the device (may be le | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -886,7 +886,7 @@ The VoLTE service setting on or off. Only exposed to Mobile Operator-based OMA-D | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Get | @@ -902,7 +902,7 @@ The VoLTE service setting on or off. Only exposed to Mobile Operator-based OMA-D | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -925,7 +925,7 @@ The DNS suffix of the active WiFi connection. Only exposed to Enterprise-based O | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -941,7 +941,7 @@ The DNS suffix of the active WiFi connection. Only exposed to Enterprise-based O | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -964,7 +964,7 @@ The IPv4 address of the active WiFi connection. Only exposed to Enterprise-based | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -980,7 +980,7 @@ The IPv4 address of the active WiFi connection. Only exposed to Enterprise-based | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1003,7 +1003,7 @@ The IPv6 address of the active WiFi connection. Only exposed to Enterprise-based | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -1019,7 +1019,7 @@ The IPv6 address of the active WiFi connection. Only exposed to Enterprise-based | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1044,7 +1044,7 @@ The MAC address of the active WiFi connection. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -1060,7 +1060,7 @@ The MAC address of the active WiFi connection. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1083,7 +1083,7 @@ The subnet mask for the active WiFi connection. Only exposed to Enterprise-based | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -1099,7 +1099,7 @@ The subnet mask for the active WiFi connection. Only exposed to Enterprise-based | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1122,7 +1122,7 @@ Returns the firmware version, as defined in the registry key HKEY_LOCAL_MACHINE\ | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -1138,7 +1138,7 @@ Returns the firmware version, as defined in the registry key HKEY_LOCAL_MACHINE\ | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1161,7 +1161,7 @@ Returns the hardware version, as defined in the registry key HKEY_LOCAL_MACHINE\ | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -1177,7 +1177,7 @@ Returns the hardware version, as defined in the registry key HKEY_LOCAL_MACHINE\ | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1200,7 +1200,7 @@ Returns whether the device uses OMA DM Large Object Handling, as defined in the | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Get | @@ -1216,7 +1216,7 @@ Returns whether the device uses OMA DM Large Object Handling, as defined in the | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1239,7 +1239,7 @@ Returns the name of the Original Equipment Manufacturer (OEM) as a string, as de | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -1255,7 +1255,7 @@ Returns the name of the Original Equipment Manufacturer (OEM) as a string, as de | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1278,7 +1278,7 @@ Returns the Windows 10 OS software version in the format MajorVersion. MinorVers | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -1294,7 +1294,7 @@ Returns the Windows 10 OS software version in the format MajorVersion. MinorVers | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1316,7 +1316,7 @@ Returns the Windows 10 OS software version in the format MajorVersion. MinorVers | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -1332,7 +1332,7 @@ Returns the Windows 10 OS software version in the format MajorVersion. MinorVers | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1355,7 +1355,7 @@ Returns the maximum depth of the management tree that the device supports. The d | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -1371,7 +1371,7 @@ Returns the maximum depth of the management tree that the device supports. The d | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1394,7 +1394,7 @@ Returns the total length of any URI segment in a URI that addresses a node or no | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -1410,7 +1410,7 @@ Returns the total length of any URI segment in a URI that addresses a node or no | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1433,7 +1433,7 @@ Returns the maximum total length of any URI used to address a node or node prope | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | diff --git a/windows/client-management/mdm/devicemanageability-csp.md b/windows/client-management/mdm/devicemanageability-csp.md index 8ce716e6e3..4052d4cdeb 100644 --- a/windows/client-management/mdm/devicemanageability-csp.md +++ b/windows/client-management/mdm/devicemanageability-csp.md @@ -4,7 +4,7 @@ description: Learn more about the DeviceManageability CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 02/28/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -42,7 +42,7 @@ The following list shows the DeviceManageability configuration service provider | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -64,7 +64,7 @@ The following list shows the DeviceManageability configuration service provider | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -80,7 +80,7 @@ The following list shows the DeviceManageability configuration service provider | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -103,7 +103,7 @@ Returns the versions of all configuration service providers (CSP) for MDM. | Property name | Property value | |:--|:--| -| Format | xml | +| Format | `xml` | | Access Type | Get | @@ -119,7 +119,7 @@ Returns the versions of all configuration service providers (CSP) for MDM. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -141,7 +141,7 @@ Returns the versions of all configuration service providers (CSP) for MDM. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -157,7 +157,7 @@ Returns the versions of all configuration service providers (CSP) for MDM. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -181,7 +181,7 @@ Provider ID should be unique among the different config sources. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Delete, Get | | Dynamic Node Naming | UniqueName: Provider ID String of the Configuration Source | @@ -198,7 +198,7 @@ Provider ID should be unique among the different config sources. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -221,7 +221,7 @@ Configuration Info string value set by the config source. Recommended to be used | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -237,7 +237,7 @@ Configuration Info string value set by the config source. Recommended to be used | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -260,7 +260,7 @@ Enrollment Info string value set by the config source. Recommended to sent to se | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -276,7 +276,7 @@ Enrollment Info string value set by the config source. Recommended to sent to se | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2009 [10.0.19042.2193] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.2193] and later
:heavy_check_mark: Windows 10, version 21H2 [10.0.19044.2193] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000.918] and later
:heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2009 [10.0.19042.2193] and later
✅ Windows 10, version 21H1 [10.0.19043.2193] and later
✅ Windows 10, version 21H2 [10.0.19044.2193] and later
✅ Windows 11, version 21H2 [10.0.22000.918] and later
✅ Windows 11, version 22H2 [10.0.22621] and later | @@ -299,7 +299,7 @@ Payload Transfer string value set by the config source. Recommended to be used d | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/devicepreparation-csp.md b/windows/client-management/mdm/devicepreparation-csp.md index 18d2b86d9b..fce4abf9e4 100644 --- a/windows/client-management/mdm/devicepreparation-csp.md +++ b/windows/client-management/mdm/devicepreparation-csp.md @@ -44,7 +44,7 @@ The following list shows the DevicePreparation configuration service provider no | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows Insider Preview | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows Insider Preview | @@ -67,7 +67,7 @@ The subnodes configure settings for the Bootstrapper Agent. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -83,7 +83,7 @@ The subnodes configure settings for the Bootstrapper Agent. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows Insider Preview | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows Insider Preview | @@ -106,7 +106,7 @@ This node stores the class ID for the Bootstrapper Agent WinRT object. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get, Replace | @@ -122,7 +122,7 @@ This node stores the class ID for the Bootstrapper Agent WinRT object. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows Insider Preview | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows Insider Preview | @@ -145,7 +145,7 @@ This node holds opaque data that will be passed to the Bootstrapper Agent as a p | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get, Replace | @@ -161,7 +161,7 @@ This node holds opaque data that will be passed to the Bootstrapper Agent as a p | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows Insider Preview | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows Insider Preview | @@ -184,7 +184,7 @@ This node holds a URI that can be queried for the status of the Bootstrapper Age | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get, Replace | @@ -200,7 +200,7 @@ This node holds a URI that can be queried for the status of the Bootstrapper Age | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows Insider Preview | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows Insider Preview | @@ -223,7 +223,7 @@ This node indicates whether the MDM agent was installed or not. When set to true | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Get, Replace | | Default Value | false | @@ -240,7 +240,7 @@ This node indicates whether the MDM agent was installed or not. When set to true | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows Insider Preview | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows Insider Preview | @@ -263,7 +263,7 @@ The subnode configures the settings for the MDMProvider. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -279,7 +279,7 @@ The subnode configures the settings for the MDMProvider. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows Insider Preview | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows Insider Preview | @@ -302,7 +302,7 @@ Node for reporting progress status as opaque data. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get, Replace | @@ -318,7 +318,7 @@ Node for reporting progress status as opaque data. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows Insider Preview | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows Insider Preview | @@ -341,7 +341,7 @@ This node determines whether to enable or show the Device Preparation page. | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Get, Replace | | Default Value | false | @@ -367,7 +367,7 @@ This node determines whether to enable or show the Device Preparation page. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows Insider Preview | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows Insider Preview | @@ -390,7 +390,7 @@ This node configures specific settings for the Device Preparation page. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get, Replace | @@ -406,7 +406,7 @@ This node configures specific settings for the Device Preparation page. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows Insider Preview | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows Insider Preview | @@ -429,7 +429,7 @@ This node provides status of the Device Preparation page. Values are an enum: 0 | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | diff --git a/windows/client-management/mdm/devicestatus-csp.md b/windows/client-management/mdm/devicestatus-csp.md index dc7f201767..2b438f74a0 100644 --- a/windows/client-management/mdm/devicestatus-csp.md +++ b/windows/client-management/mdm/devicestatus-csp.md @@ -4,7 +4,7 @@ description: Learn more about the DeviceStatus CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 02/28/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -82,7 +82,7 @@ The following list shows the DeviceStatus configuration service provider nodes: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -105,7 +105,7 @@ Node for the antispyware query. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -121,7 +121,7 @@ Node for the antispyware query. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -145,7 +145,7 @@ This node also returns 0 when no anti-spyware provider is active. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | | Default Value | 1 | @@ -162,7 +162,7 @@ This node also returns 0 when no anti-spyware provider is active. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -185,7 +185,7 @@ Integer that specifies the status of the antispyware. Valid values: 0 - The stat | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | | Default Value | 3 | @@ -202,7 +202,7 @@ Integer that specifies the status of the antispyware. Valid values: 0 - The stat | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -225,7 +225,7 @@ Node for the antivirus query. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -241,7 +241,7 @@ Node for the antivirus query. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -265,7 +265,7 @@ This node also returns 0 when no antivirus provider is active. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | | Default Value | 1 | @@ -282,7 +282,7 @@ This node also returns 0 when no antivirus provider is active. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -305,7 +305,7 @@ Integer that specifies the status of the antivirus. Valid values: 0 - Antivirus | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | | Default Value | 3 | @@ -322,7 +322,7 @@ Integer that specifies the status of the antivirus. Valid values: 0 - Antivirus | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -345,7 +345,7 @@ Node for the battery query. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -361,7 +361,7 @@ Node for the battery query. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -384,7 +384,7 @@ Integer that specifies the estimated battery charge remaining. This is the value | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | | Default Value | 0 | @@ -401,7 +401,7 @@ Integer that specifies the estimated battery charge remaining. This is the value | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -424,7 +424,7 @@ Integer that specifies the estimated runtime of the battery. This is the value r | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | | Default Value | 0 | @@ -441,7 +441,7 @@ Integer that specifies the estimated runtime of the battery. This is the value r | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -464,7 +464,7 @@ Integer that specifies the status of the battery. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | | Default Value | 0 | @@ -481,7 +481,7 @@ Integer that specifies the status of the battery. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -506,7 +506,7 @@ Node for queries on the SIM cards. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -522,7 +522,7 @@ Node for queries on the SIM cards. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -545,7 +545,7 @@ The unique International Mobile Station Equipment Identity (IMEI) number of the | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | | Dynamic Node Naming | ClientInventory | @@ -562,7 +562,7 @@ The unique International Mobile Station Equipment Identity (IMEI) number of the | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -585,7 +585,7 @@ The mobile service provider or mobile operator associated with the specific IMEI | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -601,7 +601,7 @@ The mobile service provider or mobile operator associated with the specific IMEI | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -624,7 +624,7 @@ The Integrated Circuit Card ID (ICCID) of the SIM card associated with the speci | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -640,7 +640,7 @@ The Integrated Circuit Card ID (ICCID) of the SIM card associated with the speci | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -663,7 +663,7 @@ The International Mobile Subscriber Identity (IMSI) associated with the IMEI num | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -679,7 +679,7 @@ The International Mobile Subscriber Identity (IMSI) associated with the IMEI num | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -702,7 +702,7 @@ Phone number associated with the specific IMEI number. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -718,7 +718,7 @@ Phone number associated with the specific IMEI number. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -741,7 +741,7 @@ Boolean value that indicates compliance with the enforced enterprise roaming pol | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Get | @@ -757,7 +757,7 @@ Boolean value that indicates compliance with the enforced enterprise roaming pol | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -780,7 +780,7 @@ Indicates whether the SIM card associated with the specific IMEI number is roami | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Get | @@ -796,7 +796,7 @@ Indicates whether the SIM card associated with the specific IMEI number is roami | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000.1165] and later
:heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000.1165] and later
✅ Windows 11, version 22H2 [10.0.22621] and later | @@ -819,7 +819,7 @@ Node for Certificate Attestation. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -835,7 +835,7 @@ Node for Certificate Attestation. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000.1165] and later
:heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000.1165] and later
✅ Windows 11, version 22H2 [10.0.22621] and later | @@ -858,7 +858,7 @@ MDM Certificate attestation information. This will return an XML blob containing | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -874,7 +874,7 @@ MDM Certificate attestation information. This will return an XML blob containing | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -897,7 +897,7 @@ Node for the compliance query. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -913,7 +913,7 @@ Node for the compliance query. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -936,7 +936,7 @@ Boolean value that indicates compliance with the enterprise encryption policy fo | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Get | @@ -952,7 +952,7 @@ Boolean value that indicates compliance with the enterprise encryption policy fo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -975,7 +975,7 @@ Node for Device Guard query. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -991,7 +991,7 @@ Node for Device Guard query. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1014,7 +1014,7 @@ Hypervisor Enforced Code Integrity (HVCI) status. 0 - Running, 1 - Reboot requir | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | @@ -1030,7 +1030,7 @@ Hypervisor Enforced Code Integrity (HVCI) status. 0 - Running, 1 - Reboot requir | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -1053,7 +1053,7 @@ Local System Authority (LSA) credential guard status. 0 - Running, 1 - Reboot re | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | @@ -1069,7 +1069,7 @@ Local System Authority (LSA) credential guard status. 0 - Running, 1 - Reboot re | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1092,7 +1092,7 @@ System Guard status. 0 - Running, 1 - Reboot required, 2 - Not configured, 3 - S | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | @@ -1108,7 +1108,7 @@ System Guard status. 0 - Running, 1 - Reboot required, 2 - Not configured, 3 - S | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -1131,7 +1131,7 @@ Virtualization-based security hardware requirement status. The value is a 256 va | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | @@ -1147,7 +1147,7 @@ Virtualization-based security hardware requirement status. The value is a 256 va | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -1170,7 +1170,7 @@ Virtualization-based security status. Value is one of the following: 0 - Running | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | @@ -1186,7 +1186,7 @@ Virtualization-based security status. Value is one of the following: 0 - Running | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1209,7 +1209,7 @@ Node for DMA query. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -1225,7 +1225,7 @@ Node for DMA query. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1248,7 +1248,7 @@ Boot DMA Protection status. 1 - Enabled, 2 - Disabled. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | @@ -1264,7 +1264,7 @@ Boot DMA Protection status. 1 - Enabled, 2 - Disabled. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -1287,7 +1287,7 @@ Returns the fully qualified domain name of the device(if any). | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -1303,7 +1303,7 @@ Returns the fully qualified domain name of the device(if any). | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -1326,7 +1326,7 @@ Node for the firewall query. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -1342,7 +1342,7 @@ Node for the firewall query. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -1365,7 +1365,7 @@ Integer that specifies the status of the firewall. Valid values: 0 - Firewall is | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | | Default Value | 3 | @@ -1382,7 +1382,7 @@ Integer that specifies the status of the firewall. Valid values: 0 - Firewall is | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1405,7 +1405,7 @@ Node for queries on network and device properties. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -1421,7 +1421,7 @@ Node for queries on network and device properties. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1444,7 +1444,7 @@ MAC address of the wireless network card. A MAC address is present for each netw | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | | Dynamic Node Naming | ClientInventory | @@ -1461,7 +1461,7 @@ MAC address of the wireless network card. A MAC address is present for each netw | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1484,7 +1484,7 @@ IPv4 address of the network card associated with the MAC address. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -1500,7 +1500,7 @@ IPv4 address of the network card associated with the MAC address. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1523,7 +1523,7 @@ IPv6 address of the network card associated with the MAC address. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -1539,7 +1539,7 @@ IPv6 address of the network card associated with the MAC address. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1562,7 +1562,7 @@ Boolean value that indicates whether the network card associated with the MAC ad | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Get | @@ -1578,7 +1578,7 @@ Boolean value that indicates whether the network card associated with the MAC ad | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1601,7 +1601,7 @@ Type of network connection. The value is one of the following: 2 - WLAN (or othe | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | @@ -1617,7 +1617,7 @@ Type of network connection. The value is one of the following: 2 - WLAN (or othe | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -1640,7 +1640,7 @@ Node for the OS query. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -1656,7 +1656,7 @@ Node for the OS query. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -1679,7 +1679,7 @@ String that specifies the OS edition. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | | Default Value | Not available | @@ -1696,7 +1696,7 @@ String that specifies the OS edition. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -1719,7 +1719,7 @@ Read only node that specifies the device mode. Valid values: 0 - the device is i | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | | Default Value | Not available | @@ -1736,7 +1736,7 @@ Read only node that specifies the device mode. Valid values: 0 - the device is i | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1759,7 +1759,7 @@ Indicates whether secure boot is enabled. The value is one of the following: 0 - | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | @@ -1775,7 +1775,7 @@ Indicates whether secure boot is enabled. The value is one of the following: 0 - | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -1798,7 +1798,7 @@ Node for the TPM query. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -1814,7 +1814,7 @@ Node for the TPM query. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1387] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1387] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1387] and later
:heavy_check_mark: Windows 10, version 21H2 [10.0.19044.1387] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1387] and later
✅ Windows 10, version 2009 [10.0.19042.1387] and later
✅ Windows 10, version 21H1 [10.0.19043.1387] and later
✅ Windows 10, version 21H2 [10.0.19044.1387] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1837,7 +1837,7 @@ String that specifies the TPM manufacturer ID as a number. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | | Default Value | Not available | @@ -1854,7 +1854,7 @@ String that specifies the TPM manufacturer ID as a number. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1387] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1387] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1387] and later
:heavy_check_mark: Windows 10, version 21H2 [10.0.19044.1387] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1387] and later
✅ Windows 10, version 2009 [10.0.19042.1387] and later
✅ Windows 10, version 21H1 [10.0.19043.1387] and later
✅ Windows 10, version 21H2 [10.0.19044.1387] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1877,7 +1877,7 @@ String that specifies the TPM manufacturer ID as text. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | | Default Value | Not available | @@ -1894,7 +1894,7 @@ String that specifies the TPM manufacturer ID as text. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1387] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1387] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1387] and later
:heavy_check_mark: Windows 10, version 21H2 [10.0.19044.1387] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1387] and later
✅ Windows 10, version 2009 [10.0.19042.1387] and later
✅ Windows 10, version 21H1 [10.0.19043.1387] and later
✅ Windows 10, version 21H2 [10.0.19044.1387] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1917,7 +1917,7 @@ String that specifies the manufacturer version. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | | Default Value | Not available | @@ -1934,7 +1934,7 @@ String that specifies the manufacturer version. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -1957,7 +1957,7 @@ String that specifies the specification version. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | | Default Value | Not available | @@ -1974,7 +1974,7 @@ String that specifies the specification version. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -1997,7 +1997,7 @@ Node for the UAC query. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -2013,7 +2013,7 @@ Node for the UAC query. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -2036,7 +2036,7 @@ Integer that specifies the status of the UAC. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | diff --git a/windows/client-management/mdm/devinfo-csp.md b/windows/client-management/mdm/devinfo-csp.md index 8f4dd5b955..b7c8a992e9 100644 --- a/windows/client-management/mdm/devinfo-csp.md +++ b/windows/client-management/mdm/devinfo-csp.md @@ -4,7 +4,7 @@ description: Learn more about the DevInfo CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 02/28/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -45,7 +45,7 @@ The following list shows the DevInfo configuration service provider nodes: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -74,7 +74,7 @@ An unique device identifier. An application-specific global unique device identi | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -90,7 +90,7 @@ An unique device identifier. An application-specific global unique device identi | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -113,7 +113,7 @@ The current management client revision of the device. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -129,7 +129,7 @@ The current management client revision of the device. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -152,7 +152,7 @@ Parent node for nodes extended by Microsoft. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -168,7 +168,7 @@ Parent node for nodes extended by Microsoft. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -191,7 +191,7 @@ Retrieves the ICCID of the first adapter. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -207,7 +207,7 @@ Retrieves the ICCID of the first adapter. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -230,7 +230,7 @@ Returns the current user interface (UI) language setting of the device as define | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -246,7 +246,7 @@ Returns the current user interface (UI) language setting of the device as define | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -269,7 +269,7 @@ Returns the name of the OEM. For Windows 10 for desktop editions, it returns the | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -285,7 +285,7 @@ Returns the name of the OEM. For Windows 10 for desktop editions, it returns the | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -308,7 +308,7 @@ Returns the name of the hardware device model as specified by the mobile operato | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | diff --git a/windows/client-management/mdm/diagnosticlog-csp.md b/windows/client-management/mdm/diagnosticlog-csp.md index 19f240cd0e..d48459cfcc 100644 --- a/windows/client-management/mdm/diagnosticlog-csp.md +++ b/windows/client-management/mdm/diagnosticlog-csp.md @@ -4,7 +4,7 @@ description: Learn more about the DiagnosticLog CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 02/28/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -70,7 +70,7 @@ The following list shows the DiagnosticLog configuration service provider nodes: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -94,7 +94,7 @@ The DeviceStateData functionality within the DiagnosticLog CSP provides extra de | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -110,7 +110,7 @@ The DeviceStateData functionality within the DiagnosticLog CSP provides extra de | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -133,7 +133,7 @@ This node is to trigger snapping of the Device Management state data with "SNAP" | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Exec, Get | @@ -171,7 +171,7 @@ This node is to trigger snapping of the Device Management state data with "SNAP" | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1903 [10.0.18362] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later | @@ -200,7 +200,7 @@ DiagnosticArchive is designed for ad-hoc troubleshooting scenarios, such as an I | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -216,7 +216,7 @@ DiagnosticArchive is designed for ad-hoc troubleshooting scenarios, such as an I | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1903 [10.0.18362] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later | @@ -323,7 +323,7 @@ Additionally, the XML may include **One or more data gathering directives, which | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Exec, Get, Replace | @@ -339,7 +339,7 @@ Additionally, the XML may include **One or more data gathering directives, which | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1903 [10.0.18362] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later | @@ -362,7 +362,7 @@ Pull up the results of the last archive run. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -427,7 +427,7 @@ To learn how to read the resulting data, see [How to review ArchiveResults](#how | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -456,7 +456,7 @@ The ETW log feature is designed for advanced usage, and assumes developers' fami | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -472,7 +472,7 @@ The ETW log feature is designed for advanced usage, and assumes developers' fami | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -506,7 +506,7 @@ For more information about using DiagnosticLog to collect logs remotely from a P | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -522,7 +522,7 @@ For more information about using DiagnosticLog to collect logs remotely from a P | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -545,7 +545,7 @@ Each dynamic node represents a registered 'Channel' node. The node name must be | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Delete, Get | | Dynamic Node Naming | UniqueName: The node name must be a valid Windows event log channel name, such as "Microsoft-Client-Licensing-Platform%2FAdmin" | @@ -604,7 +604,7 @@ Each dynamic node represents a registered 'Channel' node. The node name must be | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -627,7 +627,7 @@ This node is to trigger exporting events into a log file from this node's associ | Property name | Property value | |:--|:--| -| Format | null | +| Format | `null` | | Access Type | Exec, Get | @@ -661,7 +661,7 @@ This node is to trigger exporting events into a log file from this node's associ | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -684,7 +684,7 @@ This node is used for setting or getting the xpath query string to filter the ev | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get, Replace | | Default Value | "" | @@ -719,7 +719,7 @@ This node is used for setting or getting the xpath query string to filter the ev | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -742,7 +742,7 @@ This node is used for setting or getting the 'Enabled' state of this node's asso | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Get, Replace | @@ -810,7 +810,7 @@ This node is used for setting or getting the 'Enabled' state of this node's asso | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -858,7 +858,7 @@ The changes on **State**, **Keywords**, and **TraceLevel** takes effect immediat | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -890,7 +890,7 @@ To gather diagnostics using this CSP: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -913,7 +913,7 @@ Each dynamic node represents a registered 'Collector' node. CSP will maintain an | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Delete, Get | | Dynamic Node Naming | ServerGeneratedUniqueIdentifier | @@ -972,7 +972,7 @@ Each dynamic node represents a registered 'Collector' node. CSP will maintain an | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -995,7 +995,7 @@ This node is used for setting or getting the trace log file size limit(in Megaby | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get, Replace | | Allowed Values | Range: `[1-2048]` | | Default Value | 4 | @@ -1013,7 +1013,7 @@ This node is used for setting or getting the trace log file size limit(in Megaby | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1036,7 +1036,7 @@ Root node of all providers registered in this collector node. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -1052,7 +1052,7 @@ Root node of all providers registered in this collector node. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1075,7 +1075,7 @@ Each dynamic node represents an ETW provider registered in this collector node. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Delete, Get | | Dynamic Node Naming | UniqueName: The node name must be a valid provider GUID. | @@ -1134,7 +1134,7 @@ Each dynamic node represents an ETW provider registered in this collector node. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1157,7 +1157,7 @@ This node is used for setting or getting the keywords of the event provider in t | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get, Replace | | Default Value | "0" | @@ -1220,7 +1220,7 @@ This node is used for setting or getting the keywords of the event provider in t | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1243,7 +1243,7 @@ This node is used for setting or getting the state of the event provider in this | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Get, Replace | | Default Value | true | @@ -1293,7 +1293,7 @@ Set provider State: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1316,7 +1316,7 @@ This node is used for setting or getting the trace level of this event provider | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get, Replace | | Default Value | 5 | @@ -1369,7 +1369,7 @@ Set provider TraceLevel: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1392,7 +1392,7 @@ This node is to trigger "start" and "stop" of this collector node's associated t | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Exec, Get | @@ -1466,7 +1466,7 @@ After you've added a logging task, you can start/stop a trace by running an Exec | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1489,7 +1489,7 @@ This node is used for setting or getting the trace log file mode of this collect | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get, Replace | | Default Value | 1 | @@ -1515,7 +1515,7 @@ This node is used for setting or getting the trace log file mode of this collect | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1538,7 +1538,7 @@ This node is used for getting the status of this collector node's associated tra | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | @@ -1554,7 +1554,7 @@ This node is used for getting the status of this collector node's associated tra | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1589,7 +1589,7 @@ The FileDownload feature of the DiagnosticLog CSP enables a management server to | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -1605,7 +1605,7 @@ The FileDownload feature of the DiagnosticLog CSP enables a management server to | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1628,7 +1628,7 @@ Root node of all csp nodes that are used for controlling file download for their | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -1644,7 +1644,7 @@ Root node of all csp nodes that are used for controlling file download for their | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1667,7 +1667,7 @@ Each dynamic node represents a 'FileContext' node corresponding to a log file ge | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | | Dynamic Node Naming | UniqueName: The node name must be the name of a registered 'Provider', 'Collector' or 'Channel' node. | @@ -1684,7 +1684,7 @@ Each dynamic node represents a 'FileContext' node corresponding to a log file ge | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1707,7 +1707,7 @@ This node is used for getting the total number of blocks for the associated log | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | @@ -1741,7 +1741,7 @@ This node is used for getting the total number of blocks for the associated log | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1764,7 +1764,7 @@ This node is used to get the binary data of the block that 'BlockIndexToRead' no | Property name | Property value | |:--|:--| -| Format | b64 | +| Format | `b64` | | Access Type | Get | @@ -1798,7 +1798,7 @@ This node is used to get the binary data of the block that 'BlockIndexToRead' no | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1868,7 +1868,7 @@ This node is used for setting and getting the block index that points to the dat | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get, Replace | @@ -1884,7 +1884,7 @@ This node is used for setting and getting the block index that points to the dat | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1907,7 +1907,7 @@ This node is used for setting or getting the block size (in Kilobytes) for the d | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get, Replace | | Allowed Values | Range: `[1-16]` | | Default Value | 4 | @@ -1968,7 +1968,7 @@ This node is used for setting or getting the block size (in Kilobytes) for the d | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1991,7 +1991,7 @@ Root node of all 'BlockNumber' nodes for the associated log file. The number of | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -2007,7 +2007,7 @@ Root node of all 'BlockNumber' nodes for the associated log file. The number of | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -2030,7 +2030,7 @@ Each dynamic node represents a 'BlockNumber' node. The node name is an integer e | Property name | Property value | |:--|:--| -| Format | b64 | +| Format | `b64` | | Access Type | Get | | Dynamic Node Naming | ClientInventory | @@ -2047,7 +2047,7 @@ Each dynamic node represents a 'BlockNumber' node. The node name is an integer e | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1903 [10.0.18362] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later | @@ -2071,7 +2071,7 @@ This can be used to configure Windows event log policies, such as maximum log si | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -2087,7 +2087,7 @@ This can be used to configure Windows event log policies, such as maximum log si | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1903 [10.0.18362] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later | @@ -2110,7 +2110,7 @@ Contains policy for Event Log channel settings. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -2126,7 +2126,7 @@ Contains policy for Event Log channel settings. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1903 [10.0.18362] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later | @@ -2149,7 +2149,7 @@ Each dynamic node represents a registered 'Channel' node. The node name must be | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Delete, Get | | Dynamic Node Naming | UniqueName: The node name must be a valid Windows event log channel name, such as Microsoft-Client-Licensing-Platform%2FAdmin. When specifying the name in the LocURI, it must be URL encoded, otherwise it may unexpectedly translate into a different URI. | @@ -2231,7 +2231,7 @@ Each dynamic node represents a registered 'Channel' node. The node name must be | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1903 [10.0.18362] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later | @@ -2255,7 +2255,7 @@ If you disable or don't configure this policy setting, the locally configured va | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2372,7 +2372,7 @@ If you disable or don't configure this policy setting, the locally configured va | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1903 [10.0.18362] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later | @@ -2396,7 +2396,7 @@ If you disable or don't configure this policy setting, the locally configured va | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Add, Delete, Get, Replace | @@ -2512,7 +2512,7 @@ If you disable or don't configure this policy setting, the locally configured va | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1903 [10.0.18362] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later | @@ -2537,7 +2537,7 @@ Maximum size of the channel log file in MB. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[1-2000000]` | | Default Value | 1 | @@ -2646,7 +2646,7 @@ Maximum size of the channel log file in MB. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1903 [10.0.18362] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later | @@ -2669,7 +2669,7 @@ SDDL String controlling access to the channel. For more information, see [Channe | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Case Sensitive | True | diff --git a/windows/client-management/mdm/dmacc-csp.md b/windows/client-management/mdm/dmacc-csp.md index 838664e59a..6791909bda 100644 --- a/windows/client-management/mdm/dmacc-csp.md +++ b/windows/client-management/mdm/dmacc-csp.md @@ -73,7 +73,7 @@ The following list shows the DMAcc configuration service provider nodes: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -97,7 +97,7 @@ node is generated from the 256-bit version of SHA-2 hash of the w7 PROVIDER-ID p | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Delete, Get, Replace | | Dynamic Node Naming | ClientInventory | @@ -114,7 +114,7 @@ node is generated from the 256-bit version of SHA-2 hash of the w7 PROVIDER-ID p | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -137,7 +137,7 @@ Specifies the application authentication preference. Supported values: BASIC, DI | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Get, Replace | @@ -162,7 +162,7 @@ Specifies the application authentication preference. Supported values: BASIC, DI | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -185,7 +185,7 @@ Interior node for DM server address. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Get | @@ -201,7 +201,7 @@ Interior node for DM server address. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -224,7 +224,7 @@ Defines the OMA DM server address. Only one server address can be configured. Wh | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Get | | Dynamic Node Naming | ClientInventory | @@ -241,7 +241,7 @@ Defines the OMA DM server address. Only one server address can be configured. Wh | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -264,7 +264,7 @@ Specifies the address of the OMA DM account. The type of address stored is speci | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Get, Replace | @@ -280,7 +280,7 @@ Specifies the address of the OMA DM account. The type of address stored is speci | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -303,7 +303,7 @@ Specifies the format and interpretation of the Addr node value. The default is " | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Get, Replace | | Default Value | URI | @@ -329,7 +329,7 @@ Specifies the format and interpretation of the Addr node value. The default is " | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -352,7 +352,7 @@ Interior node for port information. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Get | @@ -368,7 +368,7 @@ Interior node for port information. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -391,7 +391,7 @@ Only one port number can be configured. When mapping the [w7 APPLICATION](w7-app | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Get, Replace | | Dynamic Node Naming | ClientInventory | @@ -408,7 +408,7 @@ Only one port number can be configured. When mapping the [w7 APPLICATION](w7-app | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -431,7 +431,7 @@ Specifies the port number of the OMA MD account address. This must be a decimal | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Get, Replace | @@ -447,7 +447,7 @@ Specifies the port number of the OMA MD account address. This must be a decimal | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -470,7 +470,7 @@ Defines authentication settings. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Get | @@ -486,7 +486,7 @@ Defines authentication settings. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -509,7 +509,7 @@ Defines one set of authentication settings. When mapping the [w7 APPLICATION](w7 | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Get | | Dynamic Node Naming | ClientInventory | @@ -526,7 +526,7 @@ Defines one set of authentication settings. When mapping the [w7 APPLICATION](w7 | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -549,7 +549,7 @@ Specifies the next nonce used for authentication. "Nonce" refers to a number use | Property name | Property value | |:--|:--| -| Format | bin | +| Format | `bin` | | Access Type | Add, Replace | @@ -565,7 +565,7 @@ Specifies the next nonce used for authentication. "Nonce" refers to a number use | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -588,7 +588,7 @@ Specifies the application authentication level. A value of "CLCRED" indicates th | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Get, Replace | @@ -613,7 +613,7 @@ Specifies the application authentication level. A value of "CLCRED" indicates th | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -636,7 +636,7 @@ Specifies the authentication name. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Get, Replace | @@ -652,7 +652,7 @@ Specifies the authentication name. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -675,7 +675,7 @@ Specifies the password or secret used for authentication. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Replace | @@ -691,7 +691,7 @@ Specifies the password or secret used for authentication. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -714,7 +714,7 @@ Specifies the authentication type. If AAuthLevel is CLCRED, the supported types | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Get, Replace | | Dependency [AAuthlevelDependency] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/DMAcc/[AccountUID]/AppAuth/[ObjectName]/AAuthLevel`
Dependency Allowed Value: `SRVCRED`
Dependency Allowed Value Type: `ENUM`
| @@ -740,7 +740,7 @@ Specifies the authentication type. If AAuthLevel is CLCRED, the supported types | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -763,7 +763,7 @@ Specifies the application identifier for the OMA DM account.. The only supported | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Get, Replace | | Default Value | w7 | @@ -788,7 +788,7 @@ Specifies the application identifier for the OMA DM account.. The only supported | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -811,7 +811,7 @@ Defines a set of extended parameters. This element holds vendor-specific informa | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -827,7 +827,7 @@ Defines a set of extended parameters. This element holds vendor-specific informa | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -850,7 +850,7 @@ Defines a set of Microsoft-specific extended parameters. This element is created | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -866,7 +866,7 @@ Defines a set of Microsoft-specific extended parameters. This element is created | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -892,7 +892,7 @@ true -- Compatibility with down-level servers is disabled. | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Add, Get, Replace | | Default Value | 0 | @@ -918,7 +918,7 @@ true -- Compatibility with down-level servers is disabled. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -941,7 +941,7 @@ This node specifies how many times DM client will retry a connection to the serv | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Get, Replace | | Default Value | 3 | @@ -958,7 +958,7 @@ This node specifies how many times DM client will retry a connection to the serv | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -981,7 +981,7 @@ Allows connection to the DM server to check the Certificate Revocation List (CRL | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Add, Get, Replace | @@ -1006,7 +1006,7 @@ Allows connection to the DM server to check the Certificate Revocation List (CRL | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1030,7 +1030,7 @@ This node specifies the encoding that the OMA-DM client will use to encode its f | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Get, Replace | @@ -1055,7 +1055,7 @@ This node specifies the encoding that the OMA-DM client will use to encode its f | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1078,7 +1078,7 @@ Determines whether the OMA DM client should be launched when roaming. | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Add, Get, Replace | @@ -1103,7 +1103,7 @@ Determines whether the OMA DM client should be launched when roaming. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1127,7 +1127,7 @@ time grows exponentially. The default value is 16000 milliseconds. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Get, Replace | | Default Value | 16000 | @@ -1144,7 +1144,7 @@ time grows exponentially. The default value is 16000 milliseconds. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -1167,7 +1167,7 @@ When this node is added, a session is started with the MDM server. | Property name | Property value | |:--|:--| -| Format | null | +| Format | `null` | | Access Type | Add, Replace | @@ -1183,7 +1183,7 @@ When this node is added, a session is started with the MDM server. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1206,7 +1206,7 @@ This node specifies the maximum number of milliseconds to wait before attempting | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Get, Replace | | Default Value | 86400000 | @@ -1223,7 +1223,7 @@ This node specifies the maximum number of milliseconds to wait before attempting | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1248,7 +1248,7 @@ The protocol version set by this element will match the protocol version that th | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Get, Replace | @@ -1273,7 +1273,7 @@ The protocol version set by this element will match the protocol version that th | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1298,7 +1298,7 @@ The acceptable access roles for this node can't be more than the roles assigned | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get, Replace | @@ -1325,7 +1325,7 @@ The acceptable access roles for this node can't be more than the roles assigned | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1352,7 +1352,7 @@ The SSLCLIENTCERTSEARCHCRITERIA parameter is used to specify the client certific | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Get, Replace | @@ -1368,7 +1368,7 @@ The SSLCLIENTCERTSEARCHCRITERIA parameter is used to specify the client certific | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1393,7 +1393,7 @@ the UUID of the device. | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Add, Get, Replace | | Default Value | 0 | @@ -1419,7 +1419,7 @@ the UUID of the device. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1446,7 +1446,7 @@ true: Nonce resynchronization is enabled. | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Add, Get, Replace | | Default Value | 0 | @@ -1472,7 +1472,7 @@ true: Nonce resynchronization is enabled. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1495,7 +1495,7 @@ Specifies the display name of the application. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Get, Replace | @@ -1511,7 +1511,7 @@ Specifies the display name of the application. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1535,7 +1535,7 @@ will use the default connection provided by connection manager. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Get, Replace | @@ -1551,7 +1551,7 @@ will use the default connection provided by connection manager. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1574,7 +1574,7 @@ Specifies the OMA DM server's unique identifier for the current OMA DM account. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Get, Replace | diff --git a/windows/client-management/mdm/dmclient-csp.md b/windows/client-management/mdm/dmclient-csp.md index 4b4fbefe7c..a5dbfdc64f 100644 --- a/windows/client-management/mdm/dmclient-csp.md +++ b/windows/client-management/mdm/dmclient-csp.md @@ -143,7 +143,7 @@ The following list shows the DMClient configuration service provider nodes: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -166,7 +166,7 @@ Returns the hardware device ID. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -182,7 +182,7 @@ Returns the hardware device ID. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -205,7 +205,7 @@ The root node for all settings that belong to a single management server. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -221,7 +221,7 @@ The root node for all settings that belong to a single management server. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -244,7 +244,7 @@ This node contains the URI-encoded value of the bootstrapped device management a | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Delete, Get | | Dynamic Node Naming | ServerGeneratedUniqueIdentifier | @@ -261,7 +261,7 @@ This node contains the URI-encoded value of the bootstrapped device management a | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -284,7 +284,7 @@ Device ID used for AAD device registration. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -300,7 +300,7 @@ Device ID used for AAD device registration. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -324,7 +324,7 @@ For more information about Azure AD enrollment, see [Azure Active Directory inte | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Get, Replace | @@ -340,7 +340,7 @@ For more information about Azure AD enrollment, see [Azure Active Directory inte | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -363,7 +363,7 @@ For Azure AD backed enrollments, this will cause the client to send a Device Tok | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Add, Delete, Get, Replace | @@ -388,7 +388,7 @@ For Azure AD backed enrollments, this will cause the client to send a Device Tok | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -411,7 +411,7 @@ The time in OMA DM standard time format. This node is designed to reduce the ris | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -427,7 +427,7 @@ The time in OMA DM standard time format. This node is designed to reduce the ris | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -450,7 +450,7 @@ Configures the identifier used to uniquely associate this diagnostic data of thi | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -466,7 +466,7 @@ Configures the identifier used to uniquely associate this diagnostic data of thi | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -492,7 +492,7 @@ This node enables [Config Lock](../config-lock.md) feature. If enabled, policies | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -508,7 +508,7 @@ This node enables [Config Lock](../config-lock.md) feature. If enabled, policies | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -531,7 +531,7 @@ This node specifies how the client will perform the lock mode for SecureCore PC. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -557,7 +557,7 @@ This node specifies how the client will perform the lock mode for SecureCore PC. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -580,7 +580,7 @@ The node returns the boolean value whether the device is a SecureCore PC. | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Get | @@ -596,7 +596,7 @@ The node returns the boolean value whether the device is a SecureCore PC. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -619,7 +619,7 @@ This node, when it is set, tells the client to set how many minutes the device s | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 480 | @@ -636,7 +636,7 @@ This node, when it is set, tells the client to set how many minutes the device s | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows Insider Preview | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows Insider Preview | @@ -659,7 +659,7 @@ Parent node for ConfigRefresh nodes. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Delete, Get | @@ -675,7 +675,7 @@ Parent node for ConfigRefresh nodes. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows Insider Preview | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows Insider Preview | @@ -698,7 +698,7 @@ This node determines the number of minutes between refreshes. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[30-1440]` | | Default Value | 90 | @@ -716,7 +716,7 @@ This node determines the number of minutes between refreshes. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows Insider Preview | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows Insider Preview | @@ -739,7 +739,7 @@ This node determines whether or not a periodic settings refresh for MDM policies | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Add, Delete, Get, Replace | | Default Value | false | @@ -765,7 +765,7 @@ This node determines whether or not a periodic settings refresh for MDM policies | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows Insider Preview | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows Insider Preview | @@ -788,7 +788,7 @@ This node determines the number of minutes ConfigRefresh should be paused for. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[0-1440]` | | Default Value | 0 | @@ -806,7 +806,7 @@ This node determines the number of minutes ConfigRefresh should be paused for. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -829,7 +829,7 @@ These nodes provision custom text for the enrollment page. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Delete, Get | @@ -845,7 +845,7 @@ These nodes provision custom text for the enrollment page. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -868,7 +868,7 @@ Specifies the body text of the all done page that appears at the end of the MDM | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -884,7 +884,7 @@ Specifies the body text of the all done page that appears at the end of the MDM | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -907,7 +907,7 @@ Specifies the URL that is shown at the end of the MDM enrollment flow. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -923,7 +923,7 @@ Specifies the URL that is shown at the end of the MDM enrollment flow. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -946,7 +946,7 @@ Specifies the display text for the URL that is shown at the end of the MDM enrol | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -962,7 +962,7 @@ Specifies the display text for the URL that is shown at the end of the MDM enrol | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -985,7 +985,7 @@ Specifies the title of the all done page that appears at the end of the MDM enro | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1001,7 +1001,7 @@ Specifies the title of the all done page that appears at the end of the MDM enro | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1024,7 +1024,7 @@ A boolean value that specifies whether the DM client should send out a request p | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Get, Replace | | Default Value | false | @@ -1082,7 +1082,7 @@ Here's an example of DM message sent by the device when it's in pending state: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -1104,7 +1104,7 @@ Here's an example of DM message sent by the device when it's in pending state: | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -1120,7 +1120,7 @@ Here's an example of DM message sent by the device when it's in pending state: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -1143,7 +1143,7 @@ The node contains the primary certificate - the public key to use. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1159,7 +1159,7 @@ The node contains the primary certificate - the public key to use. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -1182,7 +1182,7 @@ The node contains the secondary certificate - the public key to use. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1198,7 +1198,7 @@ The node contains the secondary certificate - the public key to use. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -1221,7 +1221,7 @@ This node specifies how the client will perform the app layer signing and encryp | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -1249,7 +1249,7 @@ This node specifies how the client will perform the app layer signing and encryp | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -1272,7 +1272,7 @@ This node, when it is set, tells the client to use the certificate even when the | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Add, Delete, Get, Replace | | Default Value | false | @@ -1298,7 +1298,7 @@ This node, when it is set, tells the client to use the certificate even when the | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -1321,7 +1321,7 @@ Type of MDM enrollment (Device or Full). | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -1337,7 +1337,7 @@ Type of MDM enrollment (Device or Full). | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -1360,7 +1360,7 @@ Character string that contains the user-friendly device name used by the IT admi | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1376,7 +1376,7 @@ Character string that contains the user-friendly device name used by the IT admi | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -1401,7 +1401,7 @@ Character string that contains the unique enterprise device ID. The value is set | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1417,7 +1417,7 @@ Character string that contains the unique enterprise device ID. The value is set | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -1442,7 +1442,7 @@ Character string that contains the unique Exchange device ID used by the Outlook | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1470,7 +1470,7 @@ Character string that contains the unique Exchange device ID used by the Outlook | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -1492,7 +1492,7 @@ Character string that contains the unique Exchange device ID used by the Outlook | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Delete, Get | @@ -1508,7 +1508,7 @@ Character string that contains the unique Exchange device ID used by the Outlook | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -1531,7 +1531,7 @@ This node decides whether or not the MDM progress page displays the Collect Logs | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Get, Replace | | Default Value | false | @@ -1557,7 +1557,7 @@ This node decides whether or not the MDM progress page displays the Collect Logs | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -1580,7 +1580,7 @@ Device Only. This node determines whether or not the MDM progress page is blocki | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get, Replace | | Default Value | 0 | @@ -1608,7 +1608,7 @@ Device Only. This node determines whether or not the MDM progress page is blocki | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -1631,7 +1631,7 @@ This node allows the MDM to set custom error text, detailing what the user needs | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1647,7 +1647,7 @@ This node allows the MDM to set custom error text, detailing what the user needs | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -1670,7 +1670,7 @@ This node contains a list of LocURIs that refer to App Packages the ISV expects | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `\xF000`) | @@ -1687,7 +1687,7 @@ This node contains a list of LocURIs that refer to App Packages the ISV expects | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -1710,7 +1710,7 @@ This node contains a list of LocURIs that refer to App Packages the ISV expects | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `\xF000`) | @@ -1727,7 +1727,7 @@ This node contains a list of LocURIs that refer to App Packages the ISV expects | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -1750,7 +1750,7 @@ This node contains a list of LocURIs that refer to Wi-Fi profiles and VPN profil | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `\xF000`) | @@ -1767,7 +1767,7 @@ This node contains a list of LocURIs that refer to Wi-Fi profiles and VPN profil | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -1790,7 +1790,7 @@ This node contains a list of LocURIs that refer to certs the ISV expects to prov | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `\xF000`) | @@ -1807,7 +1807,7 @@ This node contains a list of LocURIs that refer to certs the ISV expects to prov | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -1830,7 +1830,7 @@ This node contains a list of LocURIs that refer to Policies the ISV expects to p | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `\xF000`) | @@ -1847,7 +1847,7 @@ This node contains a list of LocURIs that refer to Policies the ISV expects to p | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -1870,7 +1870,7 @@ This node contains a list of LocURIs that refer to SCEP certs the ISV expects to | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `\xF000`) | @@ -1887,7 +1887,7 @@ This node contains a list of LocURIs that refer to SCEP certs the ISV expects to | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -1910,7 +1910,7 @@ This node, when doing a get, tells the server if the "First Syncs" are done and | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Get, Replace | @@ -1935,7 +1935,7 @@ This node, when doing a get, tells the server if the "First Syncs" are done and | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -1958,7 +1958,7 @@ This node is set by the server to inform the UX that the server has finished pro | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Get, Replace | @@ -1983,7 +1983,7 @@ This node is set by the server to inform the UX that the server has finished pro | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -2006,7 +2006,7 @@ Device only. This node decides whether or not the MDM device progress page skips | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Get, Replace | | Default Value | true | @@ -2032,7 +2032,7 @@ Device only. This node decides whether or not the MDM device progress page skips | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -2055,7 +2055,7 @@ Device only. This node decides whether or not the MDM user progress page skips a | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Get, Replace | | Default Value | true | @@ -2081,7 +2081,7 @@ Device only. This node decides whether or not the MDM user progress page skips a | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -2104,7 +2104,7 @@ This node determines how long we will poll until we surface an error message to | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get, Replace | | Allowed Values | Range: `[1-1440]` | | Default Value | 60 | @@ -2122,7 +2122,7 @@ This node determines how long we will poll until we surface an error message to | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -2145,7 +2145,7 @@ Integer node determining if a Device was Successfully provisioned. 0 is failure, | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get, Replace | @@ -2171,7 +2171,7 @@ Integer node determining if a Device was Successfully provisioned. 0 is failure, | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2009 [10.0.19042.1766] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1766] and later
:heavy_check_mark: Windows 10, version 21H2 [10.0.19044.1766] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000.739] and later
:heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2009 [10.0.19042.1766] and later
✅ Windows 10, version 21H1 [10.0.19043.1766] and later
✅ Windows 10, version 21H2 [10.0.19044.1766] and later
✅ Windows 11, version 21H2 [10.0.22000.739] and later
✅ Windows 11, version 22H2 [10.0.22621] and later | @@ -2194,7 +2194,7 @@ Force device to send device AAD token during check-in as a separate header. | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Add, Delete, Get, Replace | @@ -2222,7 +2222,7 @@ Force device to send device AAD token during check-in as a separate header. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -2245,7 +2245,7 @@ The character string that allows the user experience to include a customized hel | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2261,7 +2261,7 @@ The character string that allows the user experience to include a customized hel | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -2284,7 +2284,7 @@ The character string that allows the user experience to include a customized hel | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2300,7 +2300,7 @@ The character string that allows the user experience to include a customized hel | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -2323,7 +2323,7 @@ The character string that allows the user experience to include a customized hel | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2339,7 +2339,7 @@ The character string that allows the user experience to include a customized hel | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -2362,7 +2362,7 @@ Returns the hardware device ID. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -2378,7 +2378,7 @@ Returns the hardware device ID. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2009 [10.0.19042.2193] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.2193] and later
:heavy_check_mark: Windows 10, version 21H2 [10.0.19044.2193] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000.918] and later
:heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2009 [10.0.19042.2193] and later
✅ Windows 10, version 21H1 [10.0.19043.2193] and later
✅ Windows 10, version 21H2 [10.0.19044.2193] and later
✅ Windows 11, version 21H2 [10.0.22000.918] and later
✅ Windows 11, version 22H2 [10.0.22621] and later | @@ -2401,7 +2401,7 @@ The interior node for linked enrollment. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -2417,7 +2417,7 @@ The interior node for linked enrollment. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2009 [10.0.19042.2193] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.2193] and later
:heavy_check_mark: Windows 10, version 21H2 [10.0.19044.2193] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000.918] and later
:heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2009 [10.0.19042.2193] and later
✅ Windows 10, version 21H1 [10.0.19043.2193] and later
✅ Windows 10, version 21H2 [10.0.19044.2193] and later
✅ Windows 11, version 21H2 [10.0.22000.918] and later
✅ Windows 11, version 22H2 [10.0.22621] and later | @@ -2441,7 +2441,7 @@ This is an execution node and will trigger a silent MMP-C enrollment, using the | Property name | Property value | |:--|:--| -| Format | null | +| Format | `null` | | Access Type | Exec | @@ -2457,7 +2457,7 @@ This is an execution node and will trigger a silent MMP-C enrollment, using the | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2009 [10.0.19042.2193] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.2193] and later
:heavy_check_mark: Windows 10, version 21H2 [10.0.19044.2193] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000.918] and later
:heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2009 [10.0.19042.2193] and later
✅ Windows 10, version 21H1 [10.0.19043.2193] and later
✅ Windows 10, version 21H2 [10.0.19044.2193] and later
✅ Windows 11, version 21H2 [10.0.22000.918] and later
✅ Windows 11, version 22H2 [10.0.22621] and later | @@ -2480,7 +2480,7 @@ Returns the current enrollment or un-enrollment status of the linked enrollment. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | @@ -2512,7 +2512,7 @@ Returns the current enrollment or un-enrollment status of the linked enrollment. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2009 [10.0.19042.2193] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.2193] and later
:heavy_check_mark: Windows 10, version 21H2 [10.0.19044.2193] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000.918] and later
:heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2009 [10.0.19042.2193] and later
✅ Windows 10, version 21H1 [10.0.19043.2193] and later
✅ Windows 10, version 21H2 [10.0.19044.2193] and later
✅ Windows 11, version 21H2 [10.0.22000.918] and later
✅ Windows 11, version 22H2 [10.0.22621] and later | @@ -2535,7 +2535,7 @@ return the last error for enroll/unenroll. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | @@ -2551,7 +2551,7 @@ return the last error for enroll/unenroll. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2009 [10.0.19042.2193] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.2193] and later
:heavy_check_mark: Windows 10, version 21H2 [10.0.19044.2193] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000.918] and later
:heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2009 [10.0.19042.2193] and later
✅ Windows 10, version 21H1 [10.0.19043.2193] and later
✅ Windows 10, version 21H2 [10.0.19044.2193] and later
✅ Windows 11, version 21H2 [10.0.22000.918] and later
✅ Windows 11, version 22H2 [10.0.22621] and later | @@ -2574,7 +2574,7 @@ Optional. Allowed value is 0 or 1. 0 means the main enrollment has authority for | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | @@ -2599,7 +2599,7 @@ Optional. Allowed value is 0 or 1. 0 means the main enrollment has authority for | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2009 [10.0.19042.2193] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.2193] and later
:heavy_check_mark: Windows 10, version 21H2 [10.0.19044.2193] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000.918] and later
:heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2009 [10.0.19042.2193] and later
✅ Windows 10, version 21H1 [10.0.19043.2193] and later
✅ Windows 10, version 21H2 [10.0.19044.2193] and later
✅ Windows 11, version 21H2 [10.0.22000.918] and later
✅ Windows 11, version 22H2 [10.0.22621] and later | @@ -2623,7 +2623,7 @@ This is an execution node and will trigger a silent MMP-C unenroll, there is no | Property name | Property value | |:--|:--| -| Format | null | +| Format | `null` | | Access Type | Exec | @@ -2639,7 +2639,7 @@ This is an execution node and will trigger a silent MMP-C unenroll, there is no | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -2662,7 +2662,7 @@ The list of management server URLs in the format `` `` ``, and | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get, Replace | @@ -2693,7 +2693,7 @@ The list of management server URLs in the format `` `` ``, and | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -2716,7 +2716,7 @@ Specify the Discovery server URL of the MDM server to upgrade to for a MAM enrol | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2732,7 +2732,7 @@ Specify the Discovery server URL of the MDM server to upgrade to for a MAM enrol | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -2757,7 +2757,7 @@ The character string that contains the device management server address. It can | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get, Replace | | Dependency [ManageServerAddressListBlock] | Dependency Type: `Not`
Dependency URI: `Device/Vendor/MSFT/DMClient/Provider/[ProviderID]/ManagementServerAddressList`
Dependency Allowed Value Type: `None`
| @@ -2774,7 +2774,7 @@ The character string that contains the device management server address. It can | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -2797,7 +2797,7 @@ Used by the client to indicate the latest DM session version that it supports. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -2813,7 +2813,7 @@ Used by the client to indicate the latest DM session version that it supports. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:x: Pro
:x: Enterprise
:x: Education
:x: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2837,7 +2837,7 @@ Used by the client to indicate the latest DM session version that it supports. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -2853,7 +2853,7 @@ Used by the client to indicate the latest DM session version that it supports. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:x: Pro
:x: Enterprise
:x: Education
:x: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2878,7 +2878,7 @@ The waiting time (in minutes) for the initial set of retries as specified by the | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | @@ -2894,7 +2894,7 @@ The waiting time (in minutes) for the initial set of retries as specified by the | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:x: Pro
:x: Enterprise
:x: Education
:x: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2919,7 +2919,7 @@ Optional. Maximum number of concurrent user sync sessions at User Login. Default | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | @@ -2935,7 +2935,7 @@ Optional. Maximum number of concurrent user sync sessions at User Login. Default | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:x: Pro
:x: Enterprise
:x: Education
:x: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2960,7 +2960,7 @@ Optional. Maximum number of concurrent user sync sessions in background. Default | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | @@ -2976,7 +2976,7 @@ Optional. Maximum number of concurrent user sync sessions in background. Default | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:x: Pro
:x: Enterprise
:x: Education
:x: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -3001,7 +3001,7 @@ The number of times the DM client should retry connecting to the server when the | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | @@ -3017,7 +3017,7 @@ The number of times the DM client should retry connecting to the server when the | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -3040,7 +3040,7 @@ Number of days after last successful sync to unenroll. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | @@ -3056,7 +3056,7 @@ Number of days after last successful sync to unenroll. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -3079,7 +3079,7 @@ Polling schedules must utilize the DMClient CSP. The Registry paths previously a | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Delete, Get | @@ -3095,7 +3095,7 @@ Polling schedules must utilize the DMClient CSP. The Registry paths previously a | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -3118,7 +3118,7 @@ Boolean value that allows the IT admin to require the device to start a manageme | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Add, Delete, Get, Replace | | Default Value | false | @@ -3144,7 +3144,7 @@ Boolean value that allows the IT admin to require the device to start a manageme | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -3167,7 +3167,7 @@ The waiting time (in minutes) for the initial set of retries as specified by the | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | @@ -3183,7 +3183,7 @@ The waiting time (in minutes) for the initial set of retries as specified by the | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -3206,7 +3206,7 @@ The waiting time (in minutes) for the initial set of retries as specified by the | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | @@ -3222,7 +3222,7 @@ The waiting time (in minutes) for the initial set of retries as specified by the | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -3245,7 +3245,7 @@ The waiting time (in minutes) for the second set of retries as specified by the | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | @@ -3261,7 +3261,7 @@ The waiting time (in minutes) for the second set of retries as specified by the | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -3284,7 +3284,7 @@ The number of times the DM client should retry to connect to the server when the | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | @@ -3300,7 +3300,7 @@ The number of times the DM client should retry to connect to the server when the | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -3323,7 +3323,7 @@ The number of times the DM client should retry connecting to the server when the | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | @@ -3339,7 +3339,7 @@ The number of times the DM client should retry connecting to the server when the | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -3362,7 +3362,7 @@ The number of times the DM client should retry a second round of connecting to t | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | @@ -3378,7 +3378,7 @@ The number of times the DM client should retry a second round of connecting to t | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -3401,7 +3401,7 @@ Boolean value that allows the IT admin to require the device to start a manageme | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Add, Delete, Get, Replace | | Default Value | false | @@ -3427,7 +3427,7 @@ Boolean value that allows the IT admin to require the device to start a manageme | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -3450,7 +3450,7 @@ The PublisherDeviceID is a device-unique ID created based on the enterprise Publ | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -3466,7 +3466,7 @@ The PublisherDeviceID is a device-unique ID created based on the enterprise Publ | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -3489,7 +3489,7 @@ Not configurable during WAP Provisioning XML. If removed, DM sessions triggered | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Delete, Get | @@ -3505,7 +3505,7 @@ Not configurable during WAP Provisioning XML. If removed, DM sessions triggered | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -3528,7 +3528,7 @@ A string that contains the channel that the WNS client has negotiated for the OM | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -3544,7 +3544,7 @@ A string that contains the channel that the WNS client has negotiated for the OM | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -3567,7 +3567,7 @@ A string provided by the Windows 10 ecosystem for an MDM solution. Used to regis | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -3583,7 +3583,7 @@ A string provided by the Windows 10 ecosystem for an MDM solution. Used to regis | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -3606,7 +3606,7 @@ An integer that maps to a known error state or condition on the system. Valid va | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | @@ -3622,7 +3622,7 @@ An integer that maps to a known error state or condition on the system. Valid va | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000.1165] and later
:heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000.1165] and later
✅ Windows 11, version 22H2 [10.0.22621] and later | @@ -3645,7 +3645,7 @@ Parent node for Recovery nodes. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -3661,7 +3661,7 @@ Parent node for Recovery nodes. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000.1165] and later
:heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000.1165] and later
✅ Windows 11, version 22H2 [10.0.22621] and later | @@ -3684,7 +3684,7 @@ This node determines whether or not the client will automatically initiate a MDM | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get, Replace | | Default Value | 0 | @@ -3710,7 +3710,7 @@ This node determines whether or not the client will automatically initiate a MDM | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000.1165] and later
:heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000.1165] and later
✅ Windows 11, version 22H2 [10.0.22621] and later | @@ -3733,7 +3733,7 @@ This node initiates a recovery action. The server can specify prerequisites befo | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Exec | | Default Value | 0 | @@ -3759,7 +3759,7 @@ This node initiates a recovery action. The server can specify prerequisites befo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000.1165] and later
:heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000.1165] and later
✅ Windows 11, version 22H2 [10.0.22621] and later | @@ -3782,7 +3782,7 @@ This node tracks the status of a Recovery request from the InitiateRecovery node | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | | Default Value | 0 | @@ -3799,7 +3799,7 @@ This node tracks the status of a Recovery request from the InitiateRecovery node | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -3822,7 +3822,7 @@ Primarily used for SSL bridging mode where firewalls and proxies are deployed an | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Add, Delete, Get, Replace | | Default Value | false | @@ -3848,7 +3848,7 @@ Primarily used for SSL bridging mode where firewalls and proxies are deployed an | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -3871,7 +3871,7 @@ Character string that contains the device ID. This node and the nodes CertRenewT | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -3887,7 +3887,7 @@ Character string that contains the device ID. This node and the nodes CertRenewT | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -3912,7 +3912,7 @@ Used by the management server to set the DM session version that the server and | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Regular Expression: `^(\d\.)?(\d)$` | | Default Value | 1.0 | @@ -3930,7 +3930,7 @@ Used by the management server to set the DM session version that the server and | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -3955,7 +3955,7 @@ The node accepts unenrollment requests by way of the OMA DM Exec command and cal | Property name | Property value | |:--|:--| -| Format | null | +| Format | `null` | | Access Type | Exec, Get | @@ -3990,7 +3990,7 @@ The following SyncML shows how to remotely unenroll the device. This command sho | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -4013,7 +4013,7 @@ Allows the management server to update the User Principal Name (UPN) of the enro | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Get, Replace | @@ -4029,7 +4029,7 @@ Allows the management server to update the User Principal Name (UPN) of the enro | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -4052,7 +4052,7 @@ The node accepts unenrollment requests by way of the OMA DM Exec command and cal | Property name | Property value | |:--|:--| -| Format | null | +| Format | `null` | | Access Type | Exec, Get | @@ -4068,7 +4068,7 @@ The node accepts unenrollment requests by way of the OMA DM Exec command and cal | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -4091,7 +4091,7 @@ For provisioning packages only. Specifies the list of servers (semicolon delimit | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get, Replace | | Allowed Values | List (Delimiter: `;`) | @@ -4108,7 +4108,7 @@ For provisioning packages only. Specifies the list of servers (semicolon delimit | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -4131,7 +4131,7 @@ The root node for all settings that belong to a single management server. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -4147,7 +4147,7 @@ The root node for all settings that belong to a single management server. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -4170,7 +4170,7 @@ This node contains the URI-encoded value of the bootstrapped device management a | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Delete, Get | | Dynamic Node Naming | ServerGeneratedUniqueIdentifier | @@ -4187,7 +4187,7 @@ This node contains the URI-encoded value of the bootstrapped device management a | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -4209,7 +4209,7 @@ This node contains the URI-encoded value of the bootstrapped device management a | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Delete, Get | @@ -4225,7 +4225,7 @@ This node contains the URI-encoded value of the bootstrapped device management a | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -4248,7 +4248,7 @@ This node decides whether or not the MDM progress page displays the Collect Logs | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Get, Replace | | Default Value | false | @@ -4274,7 +4274,7 @@ This node decides whether or not the MDM progress page displays the Collect Logs | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -4297,7 +4297,7 @@ This node allows the MDM to set custom error text, detailing what the user needs | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get, Replace | @@ -4313,7 +4313,7 @@ This node allows the MDM to set custom error text, detailing what the user needs | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -4336,7 +4336,7 @@ This node contains a list of LocURIs that refer to App Packages the ISV expects | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `\xF000`) | @@ -4353,7 +4353,7 @@ This node contains a list of LocURIs that refer to App Packages the ISV expects | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -4376,7 +4376,7 @@ This node contains a list of LocURIs that refer to App Packages the ISV expects | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `\xF000`) | @@ -4393,7 +4393,7 @@ This node contains a list of LocURIs that refer to App Packages the ISV expects | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -4416,7 +4416,7 @@ This node contains a list of LocURIs that refer to Wi-Fi profiles and VPN profil | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `\xF000`) | @@ -4433,7 +4433,7 @@ This node contains a list of LocURIs that refer to Wi-Fi profiles and VPN profil | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -4456,7 +4456,7 @@ This node contains a list of LocURIs that refer to certs the ISV expects to prov | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `\xF000`) | @@ -4473,7 +4473,7 @@ This node contains a list of LocURIs that refer to certs the ISV expects to prov | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -4496,7 +4496,7 @@ This node contains a list of LocURIs that refer to Policies the ISV expects to p | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `\xF000`) | @@ -4513,7 +4513,7 @@ This node contains a list of LocURIs that refer to Policies the ISV expects to p | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -4536,7 +4536,7 @@ This node contains a list of LocURIs that refer to SCEP certs the ISV expects to | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `\xF000`) | @@ -4553,7 +4553,7 @@ This node contains a list of LocURIs that refer to SCEP certs the ISV expects to | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -4576,7 +4576,7 @@ This node, when doing a get, tells the server if the "First Syncs" are done and | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Get, Replace | @@ -4601,7 +4601,7 @@ This node, when doing a get, tells the server if the "First Syncs" are done and | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -4624,7 +4624,7 @@ This node is set by the server to inform the UX that the server has finished pro | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Get, Replace | @@ -4649,7 +4649,7 @@ This node is set by the server to inform the UX that the server has finished pro | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -4672,7 +4672,7 @@ Integer node determining if a Device was Successfully provisioned. 0 is failure, | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get, Replace | diff --git a/windows/client-management/mdm/email2-csp.md b/windows/client-management/mdm/email2-csp.md index 877d121472..3bae4eda3c 100644 --- a/windows/client-management/mdm/email2-csp.md +++ b/windows/client-management/mdm/email2-csp.md @@ -4,7 +4,7 @@ description: Learn more about the EMAIL2 CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 02/28/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -72,7 +72,7 @@ The following list shows the EMAIL2 configuration service provider nodes: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -101,7 +101,7 @@ The braces {} around the GUID are required in the EMAIL2 configuration service p | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Delete, Get, Replace | | Dynamic Node Naming | ServerGeneratedUniqueIdentifier | | Allowed Values | Regular Expression: `\{[0-9A-Fa-f]{8}\-[0-9A-Fa-f]{4}\-[0-9A-Fa-f]{4}\-[0-9A-Fa-f]{4}\-[0-9A-Fa-f]{12}\}` | @@ -119,7 +119,7 @@ The braces {} around the GUID are required in the EMAIL2 configuration service p | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -142,7 +142,7 @@ The location of the icon associated with the account. The account icon can be us | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -158,7 +158,7 @@ The location of the icon associated with the account. The account icon can be us | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -181,7 +181,7 @@ Specifies the type of account. Valid values are: Email - normal email, VVM - vis | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -206,7 +206,7 @@ Specifies the type of account. Valid values are: Email - normal email, VVM - vis | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -229,7 +229,7 @@ Character string that specifies the name used to authorize the user to a specifi | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -245,7 +245,7 @@ Character string that specifies the name used to authorize the user to a specifi | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -273,7 +273,7 @@ Character string that specifies whether the outgoing server requires authenticat | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -298,7 +298,7 @@ Character string that specifies whether the outgoing server requires authenticat | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -321,7 +321,7 @@ Character string that specifies the user's password. The same password is used f | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -337,7 +337,7 @@ Character string that specifies the user's password. The same password is used f | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -360,7 +360,7 @@ Server for calendar sync if it is different from the email server. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -376,7 +376,7 @@ Server for calendar sync if it is different from the email server. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -399,7 +399,7 @@ Indicates if the connection to the calendar server requires SSL. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -415,7 +415,7 @@ Indicates if the connection to the calendar server requires SSL. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -438,7 +438,7 @@ Sets the schedule for syncing calendar items. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -454,7 +454,7 @@ Sets the schedule for syncing calendar items. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -477,7 +477,7 @@ If this flag is set, the account only uses the cellular network and not Wi-Fi. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -493,7 +493,7 @@ If this flag is set, the account only uses the cellular network and not Wi-Fi. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -516,7 +516,7 @@ Server for contact sync if it is different from the email server. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -532,7 +532,7 @@ Server for contact sync if it is different from the email server. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -555,7 +555,7 @@ Indicates if the connection to the contact server requires SSL. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -571,7 +571,7 @@ Indicates if the connection to the contact server requires SSL. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -594,7 +594,7 @@ Sets the schedule for syncing contact items. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -610,7 +610,7 @@ Sets the schedule for syncing contact items. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -633,7 +633,7 @@ Character string that specifies the incoming server credentials domain. Limited | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -649,7 +649,7 @@ Character string that specifies the incoming server credentials domain. Limited | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -672,7 +672,7 @@ Character string that specifies how many days' worth of email should be download | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -700,7 +700,7 @@ Character string that specifies how many days' worth of email should be download | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -723,7 +723,7 @@ Character string that specifies how many days' worth of email should be download | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -739,7 +739,7 @@ Character string that specifies how many days' worth of email should be download | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -762,7 +762,7 @@ Specifies the maximum size for a message attachment. Attachments beyond this siz | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -791,7 +791,7 @@ Specifies the maximum size for a message attachment. Attachments beyond this siz | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -814,7 +814,7 @@ Character string that specifies the length of time between email send/receive up | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[(-1)-2147483647]` | | Default Value | 15 | @@ -832,7 +832,7 @@ Character string that specifies the length of time between email send/receive up | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -855,7 +855,7 @@ Character string that specifies the name of the sender displayed on a sent email | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -871,7 +871,7 @@ Character string that specifies the name of the sender displayed on a sent email | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -894,7 +894,7 @@ Character string that specifies the name of the messaging service's outgoing ema | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -910,7 +910,7 @@ Character string that specifies the name of the messaging service's outgoing ema | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -933,7 +933,7 @@ Character string that specifies the reply email address of the user (usually the | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -949,7 +949,7 @@ Character string that specifies the reply email address of the user (usually the | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -972,7 +972,7 @@ Specifies the maximum size in bytes for messages retrieved from the incoming ema | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[(-1)-2147483647]` | @@ -989,7 +989,7 @@ Specifies the maximum size in bytes for messages retrieved from the incoming ema | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -1012,7 +1012,7 @@ Character string that specifies how message is deleted on server. The default ac | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1037,7 +1037,7 @@ Character string that specifies how message is deleted on server. The default ac | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -1060,7 +1060,7 @@ Character string that specifies the name of the email service to create or edit | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1078,7 +1078,7 @@ Character string that specifies the name of the email service to create or edit | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -1103,7 +1103,7 @@ Character string that specifies the type of email service to create or edit (for | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1119,7 +1119,7 @@ Character string that specifies the type of email service to create or edit (for | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -1142,7 +1142,7 @@ Character string that specifies the display name associated with the user's alte | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1158,7 +1158,7 @@ Character string that specifies the display name associated with the user's alte | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -1181,7 +1181,7 @@ Character string that specifies the domain name for the user's alternative SMTP | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1197,7 +1197,7 @@ Character string that specifies the domain name for the user's alternative SMTP | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -1220,7 +1220,7 @@ Character string that specifies if the user's alternate SMTP account is enabled. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1245,7 +1245,7 @@ Character string that specifies if the user's alternate SMTP account is enabled. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -1268,7 +1268,7 @@ Character string that specifies the password for the user's alternate SMTP accou | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1284,7 +1284,7 @@ Character string that specifies the password for the user's alternate SMTP accou | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -1307,7 +1307,7 @@ Specifies a bitmask for which content types are supported for syncing (eg: Mail, | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1343,7 +1343,7 @@ Specifies a bitmask for which content types are supported for syncing (eg: Mail, | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -1366,7 +1366,7 @@ Specifies that stated parameter element name attributes is nonstandard tag prope | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Delete, Get, Replace | @@ -1382,7 +1382,7 @@ Specifies that stated parameter element name attributes is nonstandard tag prope | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -1405,7 +1405,7 @@ Character string that specifies if the incoming email server requires SSL. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1430,7 +1430,7 @@ Character string that specifies if the incoming email server requires SSL. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -1453,7 +1453,7 @@ Character string that specifies if the outgoing email server requires SSL. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/enterprisedesktopappmanagement-csp.md b/windows/client-management/mdm/enterprisedesktopappmanagement-csp.md index 394eabf465..49e9c5e78f 100644 --- a/windows/client-management/mdm/enterprisedesktopappmanagement-csp.md +++ b/windows/client-management/mdm/enterprisedesktopappmanagement-csp.md @@ -4,7 +4,7 @@ description: Learn more about the EnterpriseDesktopAppManagement CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 02/27/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -62,7 +62,7 @@ The following list shows the EnterpriseDesktopAppManagement configuration servic | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -85,7 +85,7 @@ Product Type is MSI. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -101,7 +101,7 @@ Product Type is MSI. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -124,7 +124,7 @@ The MSI product code for the application. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Delete, Get | | Atomic Required | True | | Dynamic Node Naming | UniqueName: The MSI product code for the application. | @@ -142,7 +142,7 @@ The MSI product code for the application. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -178,7 +178,7 @@ For more information, see [DownloadInstall XSD Schema](#downloadinstall-xsd-sche | Property name | Property value | |:--|:--| -| Format | xml | +| Format | `xml` | | Access Type | Add, Delete, Exec, Get | @@ -194,7 +194,7 @@ For more information, see [DownloadInstall XSD Schema](#downloadinstall-xsd-sche | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -217,7 +217,7 @@ Installation date of the application. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -233,7 +233,7 @@ Installation date of the application. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -256,7 +256,7 @@ Installation path of the application. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -272,7 +272,7 @@ Installation path of the application. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -295,7 +295,7 @@ The last error code during the application installation process. This is typical | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | @@ -311,7 +311,7 @@ The last error code during the application installation process. This is typical | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -334,7 +334,7 @@ Contains the last error code description. The LastErrorDesc value is looked up f | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -350,7 +350,7 @@ Contains the last error code description. The LastErrorDesc value is looked up f | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -373,7 +373,7 @@ Name of the application. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -389,7 +389,7 @@ Name of the application. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -412,7 +412,7 @@ Publisher of application. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -428,7 +428,7 @@ Publisher of application. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -451,7 +451,7 @@ Status of the application. Valid values: 10-Initialized, 20-Download In Progress | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | @@ -467,7 +467,7 @@ Status of the application. Valid values: 10-Initialized, 20-Download In Progress | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -490,7 +490,7 @@ MSI Product Version. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -506,7 +506,7 @@ MSI Product Version. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -528,7 +528,7 @@ MSI Product Version. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | | Case Sensitive | True | @@ -545,7 +545,7 @@ MSI Product Version. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -568,7 +568,7 @@ A gateway (or device management server) uses this method to detect matching upgr | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | | Dynamic Node Naming | ClientInventory | @@ -585,7 +585,7 @@ A gateway (or device management server) uses this method to detect matching upgr | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -608,7 +608,7 @@ Product Type is MSI. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -624,7 +624,7 @@ Product Type is MSI. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -647,7 +647,7 @@ The MSI product code for the application. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Delete, Get | | Atomic Required | True | | Dynamic Node Naming | UniqueName: The MSI product code for the application. | @@ -665,7 +665,7 @@ The MSI product code for the application. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -701,7 +701,7 @@ For more information, see [DownloadInstall XSD Schema](#downloadinstall-xsd-sche | Property name | Property value | |:--|:--| -| Format | xml | +| Format | `xml` | | Access Type | Add, Delete, Exec, Get | @@ -717,7 +717,7 @@ For more information, see [DownloadInstall XSD Schema](#downloadinstall-xsd-sche | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -740,7 +740,7 @@ Installation date of the application. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -756,7 +756,7 @@ Installation date of the application. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -779,7 +779,7 @@ Installation path of the application. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -795,7 +795,7 @@ Installation path of the application. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -818,7 +818,7 @@ The last error code during the application installation process. This is typical | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | @@ -834,7 +834,7 @@ The last error code during the application installation process. This is typical | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -857,7 +857,7 @@ Contains the last error code description. The LastErrorDesc value is looked up f | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -873,7 +873,7 @@ Contains the last error code description. The LastErrorDesc value is looked up f | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -896,7 +896,7 @@ Name of the application. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -912,7 +912,7 @@ Name of the application. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -935,7 +935,7 @@ Publisher of application. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -951,7 +951,7 @@ Publisher of application. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -974,7 +974,7 @@ Status of the application. Valid values: 10-Initialized, 20-Download In Progress | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | @@ -990,7 +990,7 @@ Status of the application. Valid values: 10-Initialized, 20-Download In Progress | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1013,7 +1013,7 @@ MSI Product Version. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -1029,7 +1029,7 @@ MSI Product Version. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -1051,7 +1051,7 @@ MSI Product Version. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | | Case Sensitive | True | @@ -1068,7 +1068,7 @@ MSI Product Version. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -1091,7 +1091,7 @@ A gateway (or device management server) uses this method to detect matching upgr | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | | Dynamic Node Naming | ClientInventory | diff --git a/windows/client-management/mdm/enterprisemodernappmanagement-csp.md b/windows/client-management/mdm/enterprisemodernappmanagement-csp.md index 9d5ec3342a..255c2497a4 100644 --- a/windows/client-management/mdm/enterprisemodernappmanagement-csp.md +++ b/windows/client-management/mdm/enterprisemodernappmanagement-csp.md @@ -4,7 +4,7 @@ description: Learn more about the EnterpriseModernAppManagement CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 04/26/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -259,7 +259,7 @@ The following list shows the EnterpriseModernAppManagement configuration service | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -283,7 +283,7 @@ This is a required node. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -299,7 +299,7 @@ This is a required node. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -326,7 +326,7 @@ This is an optional node. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Delete, Get, Replace | | Dynamic Node Naming | UniqueName: Package family name (PFN) of the app. | @@ -363,7 +363,7 @@ Here's an example for uninstalling an app: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -398,7 +398,7 @@ This is a required node. The following list shows the supported deployment optio | Property name | Property value | |:--|:--| -| Format | xml | +| Format | `xml` | | Access Type | Add, Delete, Exec, Get | @@ -414,7 +414,7 @@ This is a required node. The following list shows the supported deployment optio | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -439,7 +439,7 @@ Last error relating to the app installation. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | @@ -455,7 +455,7 @@ Last error relating to the app installation. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -480,7 +480,7 @@ Description of last error relating to the app installation. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -496,7 +496,7 @@ Description of last error relating to the app installation. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -521,7 +521,7 @@ An integer the indicates the progress of the app installation. For https locatio | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | @@ -537,7 +537,7 @@ An integer the indicates the progress of the app installation. For https locatio | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -562,7 +562,7 @@ Status of app installation. The following values are returned: NOT_INSTALLED (0) | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | @@ -578,7 +578,7 @@ Status of app installation. The following values are returned: NOT_INSTALLED (0) | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -601,7 +601,7 @@ Command to perform an install of an app and a license from the Microsoft Store. | Property name | Property value | |:--|:--| -| Format | xml | +| Format | `xml` | | Access Type | Add, Delete, Exec, Get | @@ -617,7 +617,7 @@ Command to perform an install of an app and a license from the Microsoft Store. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -640,7 +640,7 @@ Used to manage licenses for app scenarios. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -656,7 +656,7 @@ Used to manage licenses for app scenarios. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -680,7 +680,7 @@ This is a required node. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -696,7 +696,7 @@ This is a required node. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -720,7 +720,7 @@ This is an optional node. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Delete, Get | | Dynamic Node Naming | UniqueName: License ID for a store installed app. The license ID is generally the PFN of the app. | @@ -737,7 +737,7 @@ This is an optional node. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -761,7 +761,7 @@ This is a required node. | Property name | Property value | |:--|:--| -| Format | xml | +| Format | `xml` | | Access Type | Exec | @@ -777,7 +777,7 @@ This is a required node. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -801,7 +801,7 @@ This is a required node. | Property name | Property value | |:--|:--| -| Format | xml | +| Format | `xml` | | Access Type | Exec | @@ -817,7 +817,7 @@ This is a required node. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -840,7 +840,7 @@ Category of license that is used to classify various license sources. Valid valu | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -856,7 +856,7 @@ Category of license that is used to classify various license sources. Valid valu | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -879,7 +879,7 @@ Indicates the allowed usage for the license. Valid values: Unknown - usage is un | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -895,7 +895,7 @@ Indicates the allowed usage for the license. Valid values: Unknown - usage is un | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -918,7 +918,7 @@ Identifier for the entity that requested the license, such as the client who acq | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -934,7 +934,7 @@ Identifier for the entity that requested the license, such as the client who acq | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -958,7 +958,7 @@ This is a required node. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -974,7 +974,7 @@ This is a required node. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1026,7 +1026,7 @@ This is a required node. Query parameters: | Property name | Property value | |:--|:--| -| Format | xml | +| Format | `xml` | | Access Type | Get, Replace | @@ -1058,7 +1058,7 @@ The following example sets the inventory query for the package names and checks | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1082,7 +1082,7 @@ This is a required node. | Property name | Property value | |:--|:--| -| Format | xml | +| Format | `xml` | | Access Type | Get | @@ -1112,7 +1112,7 @@ Here's an example of AppInventoryResults operation. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1135,7 +1135,7 @@ This is a required node. Used for managing apps from the Microsoft Store. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Delete, Get | @@ -1151,7 +1151,7 @@ This is a required node. Used for managing apps from the Microsoft Store. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1176,7 +1176,7 @@ Package family name (PFN) of the app. There is one for each PFN on the device wh | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Delete, Get | | Dynamic Node Naming | ClientInventory | @@ -1213,7 +1213,7 @@ Here's an example for uninstalling an app: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1236,7 +1236,7 @@ Full name of the package installed. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Delete, Get | | Dynamic Node Naming | ClientInventory | @@ -1253,7 +1253,7 @@ Full name of the package installed. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1278,7 +1278,7 @@ Architecture of installed package. Value type is string. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -1294,7 +1294,7 @@ Architecture of installed package. Value type is string. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1318,7 +1318,7 @@ This is a required node. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -1334,7 +1334,7 @@ This is a required node. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1359,7 +1359,7 @@ Install location of the app on the device. Value type is string. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -1375,7 +1375,7 @@ Install location of the app on the device. Value type is string. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1398,7 +1398,7 @@ The value is 1 if the package is an app bundle and 0 (zero) for all other cases. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | @@ -1414,7 +1414,7 @@ The value is 1 if the package is an app bundle and 0 (zero) for all other cases. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1439,7 +1439,7 @@ Whether or not the app is a framework package. Value type is int. The value is 1 | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | @@ -1455,7 +1455,7 @@ Whether or not the app is a framework package. Value type is int. The value is 1 | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1478,7 +1478,7 @@ The value is 0 or 1 that indicates if the app is provisioned on the device. The | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | @@ -1494,7 +1494,7 @@ The value is 0 or 1 that indicates if the app is provisioned on the device. The | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041] and later | @@ -1518,7 +1518,7 @@ The value is 1 if the package is a stub package and 0 (zero) for all other cases | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | @@ -1534,7 +1534,7 @@ The value is 1 if the package is a stub package and 0 (zero) for all other cases | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1557,7 +1557,7 @@ Name of the app. Value type is string. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -1573,7 +1573,7 @@ Name of the app. Value type is string. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1598,7 +1598,7 @@ Provides information about the status of the package. Value type is int. Valid v | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | @@ -1614,7 +1614,7 @@ Provides information about the status of the package. Value type is int. Valid v | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1637,7 +1637,7 @@ Publisher name of the app. Value type is string. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -1653,7 +1653,7 @@ Publisher name of the app. Value type is string. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1680,7 +1680,7 @@ This is a required node. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | @@ -1696,7 +1696,7 @@ This is a required node. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1721,7 +1721,7 @@ Resource ID of the app. This is null for the main app, ~ for a bundle, and conta | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -1737,7 +1737,7 @@ Resource ID of the app. This is null for the main app, ~ for a bundle, and conta | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1766,7 +1766,7 @@ This is a required node. Possible values: | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -1782,7 +1782,7 @@ This is a required node. Possible values: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1805,7 +1805,7 @@ Version of the app. Value type is string. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -1821,7 +1821,7 @@ Version of the app. Value type is string. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1845,7 +1845,7 @@ This is a required node. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | @@ -1870,7 +1870,7 @@ This is a required node. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041] and later | @@ -1901,7 +1901,7 @@ Expected Behavior on an AMD64 machine that has x86 flavor of an app installed (M | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | @@ -1926,7 +1926,7 @@ Expected Behavior on an AMD64 machine that has x86 flavor of an app installed (M | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later | @@ -1950,7 +1950,7 @@ NonRemovable requires admin permission. This setting can only be defined per dev | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Get, Replace | @@ -2038,7 +2038,7 @@ NonRemovable requires admin permission. This setting can only be defined per dev | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -2063,7 +2063,7 @@ Interior node for the managing updates through the Microsoft Store. These settin | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get, Replace | @@ -2079,7 +2079,7 @@ Interior node for the managing updates through the Microsoft Store. These settin | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -2102,7 +2102,7 @@ Identifier for the app or set of apps. If there is only one app, it is the Packa | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get, Replace | | Dynamic Node Naming | UniqueName: If there is only one app, the name is the PackageFamilyName. If it is for a set of apps, the name is the PackageFamilyName of the main app. | @@ -2119,7 +2119,7 @@ Identifier for the app or set of apps. If there is only one app, it is the Packa | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -2142,7 +2142,7 @@ Specifies the app channel ID. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2158,7 +2158,7 @@ Specifies the app channel ID. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -2181,7 +2181,7 @@ Interior node used to specify the effective app release to use when multiple use | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -2197,7 +2197,7 @@ Interior node used to specify the effective app release to use when multiple use | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -2220,7 +2220,7 @@ Returns the last user channel ID on the device. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -2236,7 +2236,7 @@ Returns the last user channel ID on the device. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -2259,7 +2259,7 @@ Returns the last user release ID on the device. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -2275,7 +2275,7 @@ Returns the last user release ID on the device. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -2298,7 +2298,7 @@ The IT admin can specify a release ID to indicate a specific release that they w | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2314,7 +2314,7 @@ The IT admin can specify a release ID to indicate a specific release that they w | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -2338,7 +2338,7 @@ This is a required node. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | @@ -2354,7 +2354,7 @@ This is a required node. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -2377,7 +2377,7 @@ Used to manage enterprise apps or developer apps that weren't acquired from the | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Delete, Get | @@ -2393,7 +2393,7 @@ Used to manage enterprise apps or developer apps that weren't acquired from the | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -2418,7 +2418,7 @@ Package family name (PFN) of the app. There is one for each PFN on the device wh | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Delete, Get | | Dynamic Node Naming | ClientInventory | @@ -2455,7 +2455,7 @@ Here's an example for uninstalling an app: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -2478,7 +2478,7 @@ Full name of the package installed. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Delete, Get | | Dynamic Node Naming | ClientInventory | @@ -2495,7 +2495,7 @@ Full name of the package installed. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -2520,7 +2520,7 @@ Architecture of installed package. Value type is string. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -2536,7 +2536,7 @@ Architecture of installed package. Value type is string. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -2560,7 +2560,7 @@ This is a required node. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -2576,7 +2576,7 @@ This is a required node. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -2601,7 +2601,7 @@ Install location of the app on the device. Value type is string. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -2617,7 +2617,7 @@ Install location of the app on the device. Value type is string. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -2640,7 +2640,7 @@ The value is 1 if the package is an app bundle and 0 (zero) for all other cases. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | @@ -2656,7 +2656,7 @@ The value is 1 if the package is an app bundle and 0 (zero) for all other cases. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -2681,7 +2681,7 @@ Whether or not the app is a framework package. Value type is int. The value is 1 | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | @@ -2697,7 +2697,7 @@ Whether or not the app is a framework package. Value type is int. The value is 1 | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -2720,7 +2720,7 @@ The value is 0 or 1 that indicates if the app is provisioned on the device. The | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | @@ -2736,7 +2736,7 @@ The value is 0 or 1 that indicates if the app is provisioned on the device. The | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041] and later | @@ -2760,7 +2760,7 @@ The value is 1 if the package is a stub package and 0 (zero) for all other cases | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | @@ -2776,7 +2776,7 @@ The value is 1 if the package is a stub package and 0 (zero) for all other cases | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -2799,7 +2799,7 @@ Name of the app. Value type is string. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -2815,7 +2815,7 @@ Name of the app. Value type is string. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -2840,7 +2840,7 @@ Provides information about the status of the package. Value type is int. Valid v | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | @@ -2856,7 +2856,7 @@ Provides information about the status of the package. Value type is int. Valid v | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -2879,7 +2879,7 @@ Publisher name of the app. Value type is string. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -2895,7 +2895,7 @@ Publisher name of the app. Value type is string. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -2922,7 +2922,7 @@ This is a required node. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | @@ -2938,7 +2938,7 @@ This is a required node. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -2963,7 +2963,7 @@ Resource ID of the app. This is null for the main app, ~ for a bundle, and conta | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -2979,7 +2979,7 @@ Resource ID of the app. This is null for the main app, ~ for a bundle, and conta | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -3008,7 +3008,7 @@ This is a required node. Possible values: | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -3024,7 +3024,7 @@ This is a required node. Possible values: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -3047,7 +3047,7 @@ Version of the app. Value type is string. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -3063,7 +3063,7 @@ Version of the app. Value type is string. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -3087,7 +3087,7 @@ This is a required node. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | @@ -3112,7 +3112,7 @@ This is a required node. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041] and later | @@ -3143,7 +3143,7 @@ Expected Behavior on an AMD64 machine that has x86 flavor of an app installed (M | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | @@ -3168,7 +3168,7 @@ Expected Behavior on an AMD64 machine that has x86 flavor of an app installed (M | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later | @@ -3192,7 +3192,7 @@ NonRemovable requires admin permission. This setting can only be defined per dev | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Get, Replace | @@ -3280,7 +3280,7 @@ NonRemovable requires admin permission. This setting can only be defined per dev | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -3303,7 +3303,7 @@ Interior node for the managing updates through the Microsoft Store. These settin | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get, Replace | @@ -3319,7 +3319,7 @@ Interior node for the managing updates through the Microsoft Store. These settin | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -3342,7 +3342,7 @@ Identifier for the app or set of apps. If there is only one app, it is the Packa | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get, Replace | | Dynamic Node Naming | UniqueName: If there is only one app, the name is the PackageFamilyName. If it is for a set of apps, the name is the PackageFamilyName of the main app. | @@ -3359,7 +3359,7 @@ Identifier for the app or set of apps. If there is only one app, it is the Packa | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -3382,7 +3382,7 @@ Specifies the app channel ID. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -3398,7 +3398,7 @@ Specifies the app channel ID. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -3421,7 +3421,7 @@ Interior node used to specify the effective app release to use when multiple use | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -3437,7 +3437,7 @@ Interior node used to specify the effective app release to use when multiple use | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -3460,7 +3460,7 @@ Returns the last user channel ID on the device. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -3476,7 +3476,7 @@ Returns the last user channel ID on the device. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -3499,7 +3499,7 @@ Returns the last user release ID on the device. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -3515,7 +3515,7 @@ Returns the last user release ID on the device. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -3538,7 +3538,7 @@ The IT admin can specify a release ID to indicate a specific release that they w | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -3554,7 +3554,7 @@ The IT admin can specify a release ID to indicate a specific release that they w | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -3577,7 +3577,7 @@ Used to restore the Windows app to its initial configuration. | Property name | Property value | |:--|:--| -| Format | xml | +| Format | `xml` | | Access Type | Exec, Get | @@ -3593,7 +3593,7 @@ Used to restore the Windows app to its initial configuration. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -3616,7 +3616,7 @@ Reports apps installed as part of the operating system. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Delete, Get | @@ -3632,7 +3632,7 @@ Reports apps installed as part of the operating system. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -3657,7 +3657,7 @@ Package family name (PFN) of the app. There is one for each PFN on the device wh | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Delete, Get | | Dynamic Node Naming | ClientInventory | @@ -3674,7 +3674,7 @@ Package family name (PFN) of the app. There is one for each PFN on the device wh | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -3697,7 +3697,7 @@ Full name of the package installed. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Delete, Get | | Dynamic Node Naming | ClientInventory | @@ -3714,7 +3714,7 @@ Full name of the package installed. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -3739,7 +3739,7 @@ Architecture of installed package. Value type is string. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -3755,7 +3755,7 @@ Architecture of installed package. Value type is string. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -3779,7 +3779,7 @@ This is a required node. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -3795,7 +3795,7 @@ This is a required node. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -3820,7 +3820,7 @@ Install location of the app on the device. Value type is string. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -3836,7 +3836,7 @@ Install location of the app on the device. Value type is string. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -3859,7 +3859,7 @@ The value is 1 if the package is an app bundle and 0 (zero) for all other cases. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | @@ -3875,7 +3875,7 @@ The value is 1 if the package is an app bundle and 0 (zero) for all other cases. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -3900,7 +3900,7 @@ Whether or not the app is a framework package. Value type is int. The value is 1 | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | @@ -3916,7 +3916,7 @@ Whether or not the app is a framework package. Value type is int. The value is 1 | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -3939,7 +3939,7 @@ The value is 0 or 1 that indicates if the app is provisioned on the device. The | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | @@ -3955,7 +3955,7 @@ The value is 0 or 1 that indicates if the app is provisioned on the device. The | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041] and later | @@ -3979,7 +3979,7 @@ The value is 1 if the package is a stub package and 0 (zero) for all other cases | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | @@ -3995,7 +3995,7 @@ The value is 1 if the package is a stub package and 0 (zero) for all other cases | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -4018,7 +4018,7 @@ Name of the app. Value type is string. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -4034,7 +4034,7 @@ Name of the app. Value type is string. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -4059,7 +4059,7 @@ Provides information about the status of the package. Value type is int. Valid v | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | @@ -4075,7 +4075,7 @@ Provides information about the status of the package. Value type is int. Valid v | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -4098,7 +4098,7 @@ Publisher name of the app. Value type is string. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -4114,7 +4114,7 @@ Publisher name of the app. Value type is string. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -4141,7 +4141,7 @@ This is a required node. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | @@ -4157,7 +4157,7 @@ This is a required node. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -4182,7 +4182,7 @@ Resource ID of the app. This is null for the main app, ~ for a bundle, and conta | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -4198,7 +4198,7 @@ Resource ID of the app. This is null for the main app, ~ for a bundle, and conta | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -4227,7 +4227,7 @@ This is a required node. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -4243,7 +4243,7 @@ This is a required node. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -4266,7 +4266,7 @@ Version of the app. Value type is string. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -4282,7 +4282,7 @@ Version of the app. Value type is string. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -4305,7 +4305,7 @@ AppUpdateSettings nodes to support the auto-update and auto-repair feature for a | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Delete, Get | @@ -4321,7 +4321,7 @@ AppUpdateSettings nodes to support the auto-update and auto-repair feature for a | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -4344,7 +4344,7 @@ AutoRepair node to support auto-repair feature for a specific package. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Delete, Get | @@ -4360,7 +4360,7 @@ AutoRepair node to support auto-repair feature for a specific package. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -4383,7 +4383,7 @@ PackageSource node that points the update location for a specific package. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get, Replace | | Allowed Values | Regular Expression: `^(([^;]+(?i)(\.appx|\.eappx|\.appxbundle|\.eappxbundle|\.msix|\.emsix|\.msixbundle|\.emsixbundle)([;]|$)){0,10}|([^;]+(?i)(\.appinstaller)([;]|$)){0,10})$` | @@ -4400,7 +4400,7 @@ PackageSource node that points the update location for a specific package. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -4423,7 +4423,7 @@ AutoUpdateSettings nodes to support the auto-updates for a specific package. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Delete, Get | @@ -4439,7 +4439,7 @@ AutoUpdateSettings nodes to support the auto-updates for a specific package. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -4462,7 +4462,7 @@ Specifies whether AutomaticBackgroundTask is enabled/disabled for a specific pac | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Get, Replace | | Default Value | False | @@ -4488,7 +4488,7 @@ Specifies whether AutomaticBackgroundTask is enabled/disabled for a specific pac | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -4511,7 +4511,7 @@ Specifies whether the auto-update settings is enabled/disabled for a specific pa | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Get, Replace | | Default Value | False | @@ -4537,7 +4537,7 @@ Specifies whether the auto-update settings is enabled/disabled for a specific pa | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -4560,7 +4560,7 @@ Specifies whether the auto-update setting ForceUpdateFromAnyVersion is enabled/d | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Get, Replace | | Default Value | False | @@ -4586,7 +4586,7 @@ Specifies whether the auto-update setting ForceUpdateFromAnyVersion is enabled/d | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -4609,7 +4609,7 @@ Specifies HoursBetweenUpdateChecks for a specific package. | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Get, Replace | | Allowed Values | Range: `[8-10000]` | | Default Value | 8 | @@ -4627,7 +4627,7 @@ Specifies HoursBetweenUpdateChecks for a specific package. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -4650,7 +4650,7 @@ Specifies whether OnLaunchUpdateCheck is enabled/disabled for a specific package | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Get, Replace | | Default Value | False | @@ -4676,7 +4676,7 @@ Specifies whether OnLaunchUpdateCheck is enabled/disabled for a specific package | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -4699,7 +4699,7 @@ PackageSource node that points the update location for a specific package. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get, Replace | | Allowed Values | Regular Expression: `^(([^;]+(?i)(\.appinstaller)([;]|$)){1,11})$` | @@ -4716,7 +4716,7 @@ PackageSource node that points the update location for a specific package. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -4739,7 +4739,7 @@ Specifies whether the auto-update setting ShowPrompt is enabled/disabled for a s | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Get, Replace | | Default Value | False | @@ -4765,7 +4765,7 @@ Specifies whether the auto-update setting ShowPrompt is enabled/disabled for a s | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -4788,7 +4788,7 @@ Specifies whether the auto-update setting UpdateBlocksActivation is enabled/disa | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Get, Replace | | Default Value | False | @@ -4814,7 +4814,7 @@ Specifies whether the auto-update setting UpdateBlocksActivation is enabled/disa | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -4838,7 +4838,7 @@ This is a required node. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | @@ -4863,7 +4863,7 @@ This is a required node. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041] and later | @@ -4894,7 +4894,7 @@ Expected Behavior on an AMD64 machine that has x86 flavor of an app installed (M | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | @@ -4919,7 +4919,7 @@ Expected Behavior on an AMD64 machine that has x86 flavor of an app installed (M | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later | @@ -4943,7 +4943,7 @@ NonRemovable requires admin permission. This setting can only be defined per dev | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Get, Replace | @@ -5031,7 +5031,7 @@ NonRemovable requires admin permission. This setting can only be defined per dev | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -5054,7 +5054,7 @@ Interior node for the managing updates through the Microsoft Store. These settin | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get, Replace | @@ -5070,7 +5070,7 @@ Interior node for the managing updates through the Microsoft Store. These settin | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -5093,7 +5093,7 @@ Identifier for the app or set of apps. If there is only one app, it is the Packa | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get, Replace | | Dynamic Node Naming | UniqueName: If there is only one app, the name is the PackageFamilyName. If it is for a set of apps, the name is the PackageFamilyName of the main app. | @@ -5110,7 +5110,7 @@ Identifier for the app or set of apps. If there is only one app, it is the Packa | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -5133,7 +5133,7 @@ Specifies the app channel ID. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -5149,7 +5149,7 @@ Specifies the app channel ID. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -5172,7 +5172,7 @@ Interior node used to specify the effective app release to use when multiple use | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -5188,7 +5188,7 @@ Interior node used to specify the effective app release to use when multiple use | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -5211,7 +5211,7 @@ Returns the last user channel ID on the device. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -5227,7 +5227,7 @@ Returns the last user channel ID on the device. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -5250,7 +5250,7 @@ Returns the last user release ID on the device. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -5266,7 +5266,7 @@ Returns the last user release ID on the device. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -5289,7 +5289,7 @@ The IT admin can specify a release ID to indicate a specific release that they w | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -5305,7 +5305,7 @@ The IT admin can specify a release ID to indicate a specific release that they w | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -5329,7 +5329,7 @@ This is a required node. | Property name | Property value | |:--|:--| -| Format | null | +| Format | `null` | | Access Type | Exec | @@ -5345,7 +5345,7 @@ This is a required node. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -5368,7 +5368,7 @@ Used to perform app installation. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -5384,7 +5384,7 @@ Used to perform app installation. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -5409,7 +5409,7 @@ Package family name (PFN) of the app. There is one for each PFN on the device wh | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Delete, Get, Replace | | Dynamic Node Naming | UniqueName: Package family name (PFN) of the app. | @@ -5446,7 +5446,7 @@ Here's an example for uninstalling an app: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -5481,7 +5481,7 @@ This is a required node. The following list shows the supported deployment optio | Property name | Property value | |:--|:--| -| Format | xml | +| Format | `xml` | | Access Type | Add, Delete, Exec, Get | @@ -5497,7 +5497,7 @@ This is a required node. The following list shows the supported deployment optio | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -5522,7 +5522,7 @@ Last error relating to the app installation. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | @@ -5538,7 +5538,7 @@ Last error relating to the app installation. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -5563,7 +5563,7 @@ Description of last error relating to the app installation. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -5579,7 +5579,7 @@ Description of last error relating to the app installation. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -5604,7 +5604,7 @@ An integer the indicates the progress of the app installation. For https locatio | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | @@ -5620,7 +5620,7 @@ An integer the indicates the progress of the app installation. For https locatio | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -5645,7 +5645,7 @@ Status of app installation. The following values are returned: NOT_INSTALLED (0) | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | @@ -5661,7 +5661,7 @@ Status of app installation. The following values are returned: NOT_INSTALLED (0) | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -5684,7 +5684,7 @@ Command to perform an install of an app and a license from the Microsoft Store. | Property name | Property value | |:--|:--| -| Format | xml | +| Format | `xml` | | Access Type | Add, Delete, Exec, Get | @@ -5700,7 +5700,7 @@ Command to perform an install of an app and a license from the Microsoft Store. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -5723,7 +5723,7 @@ Used to manage licenses for app scenarios. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -5739,7 +5739,7 @@ Used to manage licenses for app scenarios. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -5762,7 +5762,7 @@ Used to manage licenses for store apps. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -5778,7 +5778,7 @@ Used to manage licenses for store apps. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -5802,7 +5802,7 @@ This is an optional node. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Delete, Get | | Dynamic Node Naming | UniqueName: License ID for a store installed app. The license ID is generally the PFN of the app. | @@ -5819,7 +5819,7 @@ This is an optional node. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -5843,7 +5843,7 @@ This is a required node. | Property name | Property value | |:--|:--| -| Format | xml | +| Format | `xml` | | Access Type | Exec | @@ -5859,7 +5859,7 @@ This is a required node. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -5883,7 +5883,7 @@ This is a required node. | Property name | Property value | |:--|:--| -| Format | xml | +| Format | `xml` | | Access Type | Exec | @@ -5899,7 +5899,7 @@ This is a required node. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -5922,7 +5922,7 @@ Category of license that is used to classify various license sources. Valid valu | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -5938,7 +5938,7 @@ Category of license that is used to classify various license sources. Valid valu | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -5961,7 +5961,7 @@ Indicates the allowed usage for the license. Valid values: Unknown - usage is un | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -5977,7 +5977,7 @@ Indicates the allowed usage for the license. Valid values: Unknown - usage is un | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -6000,7 +6000,7 @@ Identifier for the entity that requested the license, such as the client who acq | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -6016,7 +6016,7 @@ Identifier for the entity that requested the license, such as the client who acq | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -6039,7 +6039,7 @@ Used for inventory and app management (post-install). | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -6055,7 +6055,7 @@ Used for inventory and app management (post-install). | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -6105,7 +6105,7 @@ This is a required node. Query parameters: | Property name | Property value | |:--|:--| -| Format | xml | +| Format | `xml` | | Access Type | Get, Replace | @@ -6137,7 +6137,7 @@ The following example sets the inventory query for the package names and checks | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -6161,7 +6161,7 @@ This is a required node. | Property name | Property value | |:--|:--| -| Format | xml | +| Format | `xml` | | Access Type | Get | @@ -6191,7 +6191,7 @@ Here's an example of AppInventoryResults operation. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -6214,7 +6214,7 @@ This is a required node. Used for managing apps from the Microsoft Store. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Delete, Get | @@ -6230,7 +6230,7 @@ This is a required node. Used for managing apps from the Microsoft Store. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -6255,7 +6255,7 @@ Package family name (PFN) of the app. There is one for each PFN on the device wh | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Delete, Get | | Dynamic Node Naming | ClientInventory | @@ -6292,7 +6292,7 @@ Here's an example for uninstalling an app: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -6315,7 +6315,7 @@ Full name of the package installed. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Delete, Get | | Dynamic Node Naming | ClientInventory | @@ -6332,7 +6332,7 @@ Full name of the package installed. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -6357,7 +6357,7 @@ Architecture of installed package. Value type is string. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -6373,7 +6373,7 @@ Architecture of installed package. Value type is string. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -6397,7 +6397,7 @@ This is a required node. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -6413,7 +6413,7 @@ This is a required node. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -6438,7 +6438,7 @@ Install location of the app on the device. Value type is string. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -6454,7 +6454,7 @@ Install location of the app on the device. Value type is string. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -6477,7 +6477,7 @@ The value is 1 if the package is an app bundle and 0 (zero) for all other cases. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | @@ -6493,7 +6493,7 @@ The value is 1 if the package is an app bundle and 0 (zero) for all other cases. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -6518,7 +6518,7 @@ Whether or not the app is a framework package. Value type is int. The value is 1 | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | @@ -6534,7 +6534,7 @@ Whether or not the app is a framework package. Value type is int. The value is 1 | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -6557,7 +6557,7 @@ The value is 0 or 1 that indicates if the app is provisioned on the device. The | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | @@ -6573,7 +6573,7 @@ The value is 0 or 1 that indicates if the app is provisioned on the device. The | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041] and later | @@ -6597,7 +6597,7 @@ The value is 1 if the package is a stub package and 0 (zero) for all other cases | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | @@ -6613,7 +6613,7 @@ The value is 1 if the package is a stub package and 0 (zero) for all other cases | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -6636,7 +6636,7 @@ Name of the app. Value type is string. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -6652,7 +6652,7 @@ Name of the app. Value type is string. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -6677,7 +6677,7 @@ Provides information about the status of the package. Value type is int. Valid v | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | @@ -6693,7 +6693,7 @@ Provides information about the status of the package. Value type is int. Valid v | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -6716,7 +6716,7 @@ Publisher name of the app. Value type is string. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -6732,7 +6732,7 @@ Publisher name of the app. Value type is string. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -6759,7 +6759,7 @@ This is a required node. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | @@ -6775,7 +6775,7 @@ This is a required node. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -6800,7 +6800,7 @@ Resource ID of the app. This is null for the main app, ~ for a bundle, and conta | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -6816,7 +6816,7 @@ Resource ID of the app. This is null for the main app, ~ for a bundle, and conta | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -6845,7 +6845,7 @@ This is a required node. Possible values: | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -6861,7 +6861,7 @@ This is a required node. Possible values: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -6884,7 +6884,7 @@ Version of the app. Value type is string. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -6900,7 +6900,7 @@ Version of the app. Value type is string. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -6925,7 +6925,7 @@ Interior node for all managed app setting values. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Delete, Get, Replace | @@ -6941,7 +6941,7 @@ Interior node for all managed app setting values. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -6965,7 +6965,7 @@ This setting only works for apps that support the feature and it's only supporte | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Dynamic Node Naming | UniqueName: SettingValue represents a Key in a Key Value Pair. Values can be found in LocalSettings in the Managed.App.Settings container. | @@ -7015,7 +7015,7 @@ This setting only works for apps that support the feature and it's only supporte | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -7039,7 +7039,7 @@ This is a required node. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | @@ -7064,7 +7064,7 @@ This is a required node. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041] and later | @@ -7095,7 +7095,7 @@ Expected Behavior on an AMD64 machine that has x86 flavor of an app installed (M | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | @@ -7120,7 +7120,7 @@ Expected Behavior on an AMD64 machine that has x86 flavor of an app installed (M | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -7145,7 +7145,7 @@ Interior node for the managing updates through the Microsoft Store. These settin | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get, Replace | @@ -7161,7 +7161,7 @@ Interior node for the managing updates through the Microsoft Store. These settin | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -7184,7 +7184,7 @@ Identifier for the app or set of apps. If there is only one app, it is the Packa | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get, Replace | | Dynamic Node Naming | UniqueName: If there is only one app, the name is the PackageFamilyName. If it is for a set of apps, the name is the PackageFamilyName of the main app. | @@ -7201,7 +7201,7 @@ Identifier for the app or set of apps. If there is only one app, it is the Packa | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -7224,7 +7224,7 @@ Specifies the app channel ID. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -7240,7 +7240,7 @@ Specifies the app channel ID. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -7263,7 +7263,7 @@ Interior node used to specify the effective app release to use when multiple use | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -7279,7 +7279,7 @@ Interior node used to specify the effective app release to use when multiple use | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -7302,7 +7302,7 @@ Returns the last user channel ID on the device. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -7318,7 +7318,7 @@ Returns the last user channel ID on the device. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -7341,7 +7341,7 @@ Returns the last user release ID on the device. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -7357,7 +7357,7 @@ Returns the last user release ID on the device. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -7380,7 +7380,7 @@ The IT admin can specify a release ID to indicate a specific release that they w | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -7396,7 +7396,7 @@ The IT admin can specify a release ID to indicate a specific release that they w | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -7420,7 +7420,7 @@ This is a required node. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | @@ -7436,7 +7436,7 @@ This is a required node. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -7459,7 +7459,7 @@ Used to manage enterprise apps or developer apps that weren't acquired from the | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Delete, Get | @@ -7475,7 +7475,7 @@ Used to manage enterprise apps or developer apps that weren't acquired from the | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -7500,7 +7500,7 @@ Package family name (PFN) of the app. There is one for each PFN on the device wh | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Delete, Get | | Dynamic Node Naming | ClientInventory | @@ -7533,7 +7533,7 @@ Package family name (PFN) of the app. There is one for each PFN on the device wh | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -7556,7 +7556,7 @@ Full name of the package installed. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Delete, Get | | Dynamic Node Naming | ClientInventory | @@ -7573,7 +7573,7 @@ Full name of the package installed. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -7598,7 +7598,7 @@ Architecture of installed package. Value type is string. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -7614,7 +7614,7 @@ Architecture of installed package. Value type is string. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -7638,7 +7638,7 @@ This is a required node. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -7654,7 +7654,7 @@ This is a required node. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -7679,7 +7679,7 @@ Install location of the app on the device. Value type is string. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -7695,7 +7695,7 @@ Install location of the app on the device. Value type is string. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -7718,7 +7718,7 @@ The value is 1 if the package is an app bundle and 0 (zero) for all other cases. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | @@ -7734,7 +7734,7 @@ The value is 1 if the package is an app bundle and 0 (zero) for all other cases. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -7759,7 +7759,7 @@ Whether or not the app is a framework package. Value type is int. The value is 1 | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | @@ -7775,7 +7775,7 @@ Whether or not the app is a framework package. Value type is int. The value is 1 | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -7798,7 +7798,7 @@ The value is 0 or 1 that indicates if the app is provisioned on the device. The | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | @@ -7814,7 +7814,7 @@ The value is 0 or 1 that indicates if the app is provisioned on the device. The | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041] and later | @@ -7840,7 +7840,7 @@ Value type is int. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | @@ -7856,7 +7856,7 @@ Value type is int. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -7879,7 +7879,7 @@ Name of the app. Value type is string. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -7895,7 +7895,7 @@ Name of the app. Value type is string. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -7920,7 +7920,7 @@ Provides information about the status of the package. Value type is int. Valid v | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | @@ -7936,7 +7936,7 @@ Provides information about the status of the package. Value type is int. Valid v | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -7959,7 +7959,7 @@ Publisher name of the app. Value type is string. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -7975,7 +7975,7 @@ Publisher name of the app. Value type is string. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -8002,7 +8002,7 @@ This is a required node. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | @@ -8018,7 +8018,7 @@ This is a required node. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -8043,7 +8043,7 @@ Resource ID of the app. This is null for the main app, ~ for a bundle, and conta | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -8059,7 +8059,7 @@ Resource ID of the app. This is null for the main app, ~ for a bundle, and conta | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -8088,7 +8088,7 @@ Requried. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -8104,7 +8104,7 @@ Requried. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -8127,7 +8127,7 @@ Version of the app. Value type is string. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -8143,7 +8143,7 @@ Version of the app. Value type is string. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -8167,7 +8167,7 @@ This node is only supported in the user context. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Delete, Get, Replace | @@ -8183,7 +8183,7 @@ This node is only supported in the user context. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -8207,7 +8207,7 @@ This setting only works for apps that support the feature and it's only supporte | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Dynamic Node Naming | UniqueName: SettingValue represents a Key in a Key Value Pair. Values can be found in LocalSettings in the Managed.App.Settings container. | @@ -8255,7 +8255,7 @@ The following example gets all managed app settings for a specific app. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -8279,7 +8279,7 @@ This is a required node. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | @@ -8304,7 +8304,7 @@ This is a required node. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041] and later | @@ -8335,7 +8335,7 @@ Expected Behavior on an AMD64 machine that has x86 flavor of an app installed (M | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | @@ -8360,7 +8360,7 @@ Expected Behavior on an AMD64 machine that has x86 flavor of an app installed (M | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -8383,7 +8383,7 @@ Interior node for the managing updates through the Microsoft Store. These settin | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get, Replace | @@ -8399,7 +8399,7 @@ Interior node for the managing updates through the Microsoft Store. These settin | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -8422,7 +8422,7 @@ Identifier for the app or set of apps. If there is only one app, it is the Packa | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get, Replace | | Dynamic Node Naming | UniqueName: If there is only one app, the name is the PackageFamilyName. If it is for a set of apps, the name is the PackageFamilyName of the main app. | @@ -8439,7 +8439,7 @@ Identifier for the app or set of apps. If there is only one app, it is the Packa | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -8462,7 +8462,7 @@ Specifies the app channel ID. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -8478,7 +8478,7 @@ Specifies the app channel ID. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -8501,7 +8501,7 @@ Interior node used to specify the effective app release to use when multiple use | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -8517,7 +8517,7 @@ Interior node used to specify the effective app release to use when multiple use | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -8540,7 +8540,7 @@ Returns the last user channel ID on the device. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -8556,7 +8556,7 @@ Returns the last user channel ID on the device. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -8579,7 +8579,7 @@ Returns the last user release ID on the device. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -8595,7 +8595,7 @@ Returns the last user release ID on the device. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -8618,7 +8618,7 @@ The IT admin can specify a release ID to indicate a specific release that they w | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -8634,7 +8634,7 @@ The IT admin can specify a release ID to indicate a specific release that they w | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -8665,7 +8665,7 @@ Parameters: | Property name | Property value | |:--|:--| -| Format | xml | +| Format | `xml` | | Access Type | Exec, Get | @@ -8699,7 +8699,7 @@ The following example removes a package for all users: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -8722,7 +8722,7 @@ Used to restore the Windows app to its initial configuration. | Property name | Property value | |:--|:--| -| Format | xml | +| Format | `xml` | | Access Type | Exec, Get | @@ -8738,7 +8738,7 @@ Used to restore the Windows app to its initial configuration. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -8761,7 +8761,7 @@ Reports apps installed as part of the operating system. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Delete, Get | @@ -8777,7 +8777,7 @@ Reports apps installed as part of the operating system. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -8802,7 +8802,7 @@ Package family name (PFN) of the app. There is one for each PFN on the device wh | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Delete, Get | | Dynamic Node Naming | ClientInventory | @@ -8837,7 +8837,7 @@ Package family name (PFN) of the app. There is one for each PFN on the device wh | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -8860,7 +8860,7 @@ Full name of the package installed. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Delete, Get | | Dynamic Node Naming | ClientInventory | @@ -8877,7 +8877,7 @@ Full name of the package installed. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -8902,7 +8902,7 @@ Architecture of installed package. Value type is string. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -8918,7 +8918,7 @@ Architecture of installed package. Value type is string. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -8942,7 +8942,7 @@ This is a required node. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -8958,7 +8958,7 @@ This is a required node. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -8983,7 +8983,7 @@ Install location of the app on the device. Value type is string. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -8999,7 +8999,7 @@ Install location of the app on the device. Value type is string. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -9022,7 +9022,7 @@ The value is 1 if the package is an app bundle and 0 (zero) for all other cases. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | @@ -9038,7 +9038,7 @@ The value is 1 if the package is an app bundle and 0 (zero) for all other cases. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -9063,7 +9063,7 @@ Whether or not the app is a framework package. Value type is int. The value is 1 | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | @@ -9079,7 +9079,7 @@ Whether or not the app is a framework package. Value type is int. The value is 1 | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -9102,7 +9102,7 @@ The value is 0 or 1 that indicates if the app is provisioned on the device. The | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | @@ -9118,7 +9118,7 @@ The value is 0 or 1 that indicates if the app is provisioned on the device. The | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041] and later | @@ -9142,7 +9142,7 @@ The value is 1 if the package is a stub package and 0 (zero) for all other cases | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | @@ -9158,7 +9158,7 @@ The value is 1 if the package is a stub package and 0 (zero) for all other cases | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -9181,7 +9181,7 @@ Name of the app. Value type is string. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -9197,7 +9197,7 @@ Name of the app. Value type is string. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -9222,7 +9222,7 @@ Provides information about the status of the package. Value type is int. Valid v | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | @@ -9238,7 +9238,7 @@ Provides information about the status of the package. Value type is int. Valid v | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -9261,7 +9261,7 @@ Publisher name of the app. Value type is string. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -9277,7 +9277,7 @@ Publisher name of the app. Value type is string. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -9304,7 +9304,7 @@ This is a required node. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | @@ -9320,7 +9320,7 @@ This is a required node. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -9345,7 +9345,7 @@ Resource ID of the app. This is null for the main app, ~ for a bundle, and conta | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -9361,7 +9361,7 @@ Resource ID of the app. This is null for the main app, ~ for a bundle, and conta | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -9390,7 +9390,7 @@ This is a required node. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -9406,7 +9406,7 @@ This is a required node. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -9429,7 +9429,7 @@ Version of the app. Value type is string. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -9445,7 +9445,7 @@ Version of the app. Value type is string. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -9469,7 +9469,7 @@ This node is only supported in the user context. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Delete, Get, Replace | @@ -9485,7 +9485,7 @@ This node is only supported in the user context. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -9509,7 +9509,7 @@ This setting only works for apps that support the feature and it's only supporte | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Dynamic Node Naming | UniqueName: SettingValue represents a Key in a Key Value Pair. Values can be found in LocalSettings in the Managed.App.Settings container. | @@ -9559,7 +9559,7 @@ This setting only works for apps that support the feature and it's only supporte | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -9583,7 +9583,7 @@ This is a required node. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | @@ -9608,7 +9608,7 @@ This is a required node. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041] and later | @@ -9639,7 +9639,7 @@ Expected Behavior on an AMD64 machine that has x86 flavor of an app installed (M | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | @@ -9664,7 +9664,7 @@ Expected Behavior on an AMD64 machine that has x86 flavor of an app installed (M | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -9687,7 +9687,7 @@ Interior node for the managing updates through the Microsoft Store. These settin | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get, Replace | @@ -9703,7 +9703,7 @@ Interior node for the managing updates through the Microsoft Store. These settin | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -9726,7 +9726,7 @@ Identifier for the app or set of apps. If there is only one app, it is the Packa | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get, Replace | | Dynamic Node Naming | UniqueName: If there is only one app, the name is the PackageFamilyName. If it is for a set of apps, the name is the PackageFamilyName of the main app. | @@ -9743,7 +9743,7 @@ Identifier for the app or set of apps. If there is only one app, it is the Packa | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -9766,7 +9766,7 @@ Specifies the app channel ID. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -9782,7 +9782,7 @@ Specifies the app channel ID. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -9805,7 +9805,7 @@ Interior node used to specify the effective app release to use when multiple use | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -9821,7 +9821,7 @@ Interior node used to specify the effective app release to use when multiple use | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -9844,7 +9844,7 @@ Returns the last user channel ID on the device. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -9860,7 +9860,7 @@ Returns the last user channel ID on the device. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -9883,7 +9883,7 @@ Returns the last user release ID on the device. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -9899,7 +9899,7 @@ Returns the last user release ID on the device. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -9922,7 +9922,7 @@ The IT admin can specify a release ID to indicate a specific release that they w | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -9938,7 +9938,7 @@ The IT admin can specify a release ID to indicate a specific release that they w | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -9962,7 +9962,7 @@ This is a required node. | Property name | Property value | |:--|:--| -| Format | null | +| Format | `null` | | Access Type | Exec | diff --git a/windows/client-management/mdm/euiccs-csp.md b/windows/client-management/mdm/euiccs-csp.md index bbd1a859ce..40e27332fe 100644 --- a/windows/client-management/mdm/euiccs-csp.md +++ b/windows/client-management/mdm/euiccs-csp.md @@ -4,7 +4,7 @@ description: Learn more about the eUICCs CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 02/28/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -57,7 +57,7 @@ The following list shows the eUICCs configuration service provider nodes: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -80,7 +80,7 @@ Represents information associated with an eUICC. There is one subtree for each k | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | | Dynamic Node Naming | UniqueName: The eUICC ID (EID) associated with the device. | @@ -97,7 +97,7 @@ Represents information associated with an eUICC. There is one subtree for each k | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -120,7 +120,7 @@ Actions that can be performed on the eUICC as a whole (when it is active). | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -136,7 +136,7 @@ Actions that can be performed on the eUICC as a whole (when it is active). | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -159,7 +159,7 @@ An EXECUTE on this node triggers the LPA to perform an eUICC Memory Reset. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Exec | @@ -175,7 +175,7 @@ An EXECUTE on this node triggers the LPA to perform an eUICC Memory Reset. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -198,7 +198,7 @@ Status of most recent operation, as an HRESULT. S_OK indicates success, S_FALSE | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | | Default Value | 0 | @@ -215,7 +215,7 @@ Status of most recent operation, as an HRESULT. S_OK indicates success, S_FALSE | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -238,7 +238,7 @@ Represents default SM-DP+ discovery requests. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -254,7 +254,7 @@ Represents default SM-DP+ discovery requests. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -277,7 +277,7 @@ Node representing the discovery operation for a server name. The node name is th | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Delete, Get, Replace | | Dynamic Node Naming | UniqueName: ServerName used for the discovery operation. | @@ -294,7 +294,7 @@ Node representing the discovery operation for a server name. The node name is th | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -317,7 +317,7 @@ Indicates whether the discovered profile must be enabled automatically after ins | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Add, Get, Replace | @@ -342,7 +342,7 @@ Indicates whether the discovered profile must be enabled automatically after ins | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -365,7 +365,7 @@ Current state of the discovery operation for the parent ServerName (Requested = | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | | Default Value | 1 | @@ -382,7 +382,7 @@ Current state of the discovery operation for the parent ServerName (Requested = | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later | @@ -405,7 +405,7 @@ Indicates whether the server is a discovery server. Optional, default value is f | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Add, Get, Replace | | Default Value | false | @@ -431,7 +431,7 @@ Indicates whether the server is a discovery server. Optional, default value is f | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -455,7 +455,7 @@ Identifies an eUICC in an implementation-specific manner, for example, this iden | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -471,7 +471,7 @@ Identifies an eUICC in an implementation-specific manner, for example, this iden | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -494,7 +494,7 @@ Indicates whether this eUICC is physically present and active. Updated only by t | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Get | @@ -510,7 +510,7 @@ Indicates whether this eUICC is physically present and active. Updated only by t | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -533,7 +533,7 @@ Device policies associated with the eUICC as a whole (not per-profile). | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -549,7 +549,7 @@ Device policies associated with the eUICC as a whole (not per-profile). | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -572,7 +572,7 @@ Determines whether the local user interface of the LUI is available (true if ava | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Get, Replace | | Default Value | true | @@ -598,7 +598,7 @@ Determines whether the local user interface of the LUI is available (true if ava | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -621,7 +621,7 @@ Indicates whether the download of a profile with PPR1 is allowed. If the eUICC h | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Get | @@ -637,7 +637,7 @@ Indicates whether the download of a profile with PPR1 is allowed. If the eUICC h | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -660,7 +660,7 @@ Indicates whether the eUICC has already a profile with PPR1. | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Get | @@ -676,7 +676,7 @@ Indicates whether the eUICC has already a profile with PPR1. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -699,7 +699,7 @@ Represents all enterprise-owned profiles. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -715,7 +715,7 @@ Represents all enterprise-owned profiles. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -738,7 +738,7 @@ Node representing an enterprise-owned eUICC profile. The node name is the ICCID | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Delete, Get, Replace | | Dynamic Node Naming | UniqueName: ICCID of the profile. | @@ -755,7 +755,7 @@ Node representing an enterprise-owned eUICC profile. The node name is the ICCID | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -778,7 +778,7 @@ Detailed error if the profile download and install procedure failed (None = 0, C | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | | Default Value | 0 | @@ -795,7 +795,7 @@ Detailed error if the profile download and install procedure failed (None = 0, C | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -818,7 +818,7 @@ Indicates whether this profile is enabled. Can be set by the MDM when the ICCID | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Add, Get, Replace | @@ -843,7 +843,7 @@ Indicates whether this profile is enabled. Can be set by the MDM when the ICCID | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -866,7 +866,7 @@ Matching ID (activation code token) for profile download. Must be set by the MDM | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Get, Replace | | Allowed Values | Regular Expression: `^([0-9a-fA-F]{5}-){3}[0-9a-fA-F]{5}$` | @@ -883,7 +883,7 @@ Matching ID (activation code token) for profile download. Must be set by the MDM | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -906,7 +906,7 @@ This profile policy rule indicates whether disabling of this profile is not allo | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Get | @@ -922,7 +922,7 @@ This profile policy rule indicates whether disabling of this profile is not allo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -945,7 +945,7 @@ This profile policy rule indicates whether deletion of this profile is not allow | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Get | @@ -961,7 +961,7 @@ This profile policy rule indicates whether deletion of this profile is not allow | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -984,7 +984,7 @@ Fully qualified domain name of the SM-DP+ that can download this profile. Must b | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Get, Replace | @@ -1000,7 +1000,7 @@ Fully qualified domain name of the SM-DP+ that can download this profile. Must b | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -1023,7 +1023,7 @@ Current state of the profile (Installing = 1, Installed = 2, Deleting = 3, Error | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | | Default Value | 1 | diff --git a/windows/client-management/mdm/firewall-csp.md b/windows/client-management/mdm/firewall-csp.md index 6d3ab4b908..e4a1048323 100644 --- a/windows/client-management/mdm/firewall-csp.md +++ b/windows/client-management/mdm/firewall-csp.md @@ -174,7 +174,7 @@ The following list shows the Firewall configuration service provider nodes: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -197,7 +197,7 @@ Interior node. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -213,7 +213,7 @@ Interior node. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -235,7 +235,7 @@ Interior node. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -251,7 +251,7 @@ Interior node. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -274,7 +274,7 @@ This value is an on/off switch. If this value is false, connection security rule | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Get, Replace | | Default Value | true | | Dependency [Enable Firewall] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/Firewall/MdmStore/DomainProfile/EnableFirewall`
Dependency Allowed Value: `true`
Dependency Allowed Value Type: `ENUM`
| @@ -301,7 +301,7 @@ This value is an on/off switch. If this value is false, connection security rule | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -324,7 +324,7 @@ This value is used as an on/off switch. If this value is false, firewall rules f | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Get, Replace | | Default Value | true | | Dependency [Enable Firewall] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/Firewall/MdmStore/DomainProfile/EnableFirewall`
Dependency Allowed Value: `true`
Dependency Allowed Value Type: `ENUM`
| @@ -351,7 +351,7 @@ This value is used as an on/off switch. If this value is false, firewall rules f | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -374,7 +374,7 @@ This value is used as an on/off switch. If this value is false, authorized appli | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Get, Replace | | Default Value | true | | Dependency [Enable Firewall] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/Firewall/MdmStore/DomainProfile/EnableFirewall`
Dependency Allowed Value: `true`
Dependency Allowed Value Type: `ENUM`
| @@ -401,7 +401,7 @@ This value is used as an on/off switch. If this value is false, authorized appli | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -424,7 +424,7 @@ This value is the action that the firewall does by default (and evaluates at the | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get, Replace | | Default Value | 1 | | Dependency [Enable Firewall] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/Firewall/MdmStore/DomainProfile/EnableFirewall`
Dependency Allowed Value: `true`
Dependency Allowed Value Type: `ENUM`
| @@ -451,7 +451,7 @@ This value is the action that the firewall does by default (and evaluates at the | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -474,7 +474,7 @@ This value is the action that the firewall does by default (and evaluates at the | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get, Replace | | Default Value | 0 | | Dependency [Enable Firewall] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/Firewall/MdmStore/DomainProfile/EnableFirewall`
Dependency Allowed Value: `true`
Dependency Allowed Value Type: `ENUM`
| @@ -524,7 +524,7 @@ This value is the action that the firewall does by default (and evaluates at the | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -547,7 +547,7 @@ This value is an on/off switch. If this value is false, the firewall MAY display | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Get, Replace | | Default Value | false | | Dependency [Enable Firewall] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/Firewall/MdmStore/DomainProfile/EnableFirewall`
Dependency Allowed Value: `true`
Dependency Allowed Value Type: `ENUM`
| @@ -574,7 +574,7 @@ This value is an on/off switch. If this value is false, the firewall MAY display | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -597,7 +597,7 @@ This value is an on/off switch. When this option is false, the server operates i | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Get, Replace | | Default Value | false | | Dependency [EnableFirewall] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/Firewall/MdmStore/DomainProfile/EnableFirewall`
Dependency Allowed Value: `true`
Dependency Allowed Value Type: `ENUM`
| @@ -624,7 +624,7 @@ This value is an on/off switch. When this option is false, the server operates i | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -647,7 +647,7 @@ This value is an on/off switch. This option is ignored if DisableStealthMode is | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Get, Replace | | Default Value | true | | Dependency [Enable Firewall] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/Firewall/MdmStore/DomainProfile/EnableFirewall`
Dependency Allowed Value: `true`
Dependency Allowed Value Type: `ENUM`
| @@ -674,7 +674,7 @@ This value is an on/off switch. This option is ignored if DisableStealthMode is | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -697,7 +697,7 @@ This value is used as an on/off switch. If it is true, unicast responses to mult | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Get, Replace | | Default Value | false | | Dependency [Enable Firewall] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/Firewall/MdmStore/DomainProfile/EnableFirewall`
Dependency Allowed Value: `true`
Dependency Allowed Value Type: `ENUM`
| @@ -724,7 +724,7 @@ This value is used as an on/off switch. If it is true, unicast responses to mult | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -747,7 +747,7 @@ This value is an on/off switch for the firewall and advanced security enforcemen | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Replace | | Default Value | true | @@ -773,7 +773,7 @@ This value is an on/off switch for the firewall and advanced security enforcemen | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later | @@ -796,7 +796,7 @@ This value is used as an on/off switch. If this value is on, the firewall logs a | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Get, Replace | | Default Value | false | | Dependency [Enable Firewall] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/Firewall/MdmStore/DomainProfile/EnableFirewall`
Dependency Allowed Value: `true`
Dependency Allowed Value Type: `ENUM`
| @@ -823,7 +823,7 @@ This value is used as an on/off switch. If this value is on, the firewall logs a | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later | @@ -846,7 +846,7 @@ This value is used as an on/off switch. The server MAY use this value in an impl | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Get, Replace | | Default Value | false | | Dependency [Enable Firewall] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/Firewall/MdmStore/DomainProfile/EnableFirewall`
Dependency Allowed Value: `true`
Dependency Allowed Value Type: `ENUM`
| @@ -873,7 +873,7 @@ This value is used as an on/off switch. The server MAY use this value in an impl | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later | @@ -896,7 +896,7 @@ This value is used as an on/off switch. If this value is on, the firewall logs a | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Get, Replace | | Default Value | false | | Dependency [Enable Firewall] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/Firewall/MdmStore/DomainProfile/EnableFirewall`
Dependency Allowed Value: `true`
Dependency Allowed Value Type: `ENUM`
| @@ -923,7 +923,7 @@ This value is used as an on/off switch. If this value is on, the firewall logs a | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -946,7 +946,7 @@ This value is used as an on/off switch. If this value is false, global port fire | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Get, Replace | | Default Value | true | | Dependency [Enable Firewall] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/Firewall/MdmStore/DomainProfile/EnableFirewall`
Dependency Allowed Value: `true`
Dependency Allowed Value Type: `ENUM`
| @@ -973,7 +973,7 @@ This value is used as an on/off switch. If this value is false, global port fire | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later | @@ -996,7 +996,7 @@ This value is a string that represents a file path to the log where the firewall | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get, Replace | | Default Value | %systemroot%\system32\LogFiles\Firewall\pfirewall.log | | Dependency [Enable Firewall] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/Firewall/MdmStore/DomainProfile/EnableFirewall`
Dependency Allowed Value: `true`
Dependency Allowed Value Type: `ENUM`
| @@ -1014,7 +1014,7 @@ This value is a string that represents a file path to the log where the firewall | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later | @@ -1037,7 +1037,7 @@ This value specifies the size, in kilobytes, of the log file where dropped packe | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get, Replace | | Allowed Values | Range: `[0-4294967295]` | | Default Value | 1024 | @@ -1056,7 +1056,7 @@ This value specifies the size, in kilobytes, of the log file where dropped packe | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -1079,7 +1079,7 @@ This value is used as an on/off switch. If this value is on and EnableFirewall i | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Replace | | Default Value | false | | Dependency [Enable Firewall] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/Firewall/MdmStore/DomainProfile/EnableFirewall`
Dependency Allowed Value: `true`
Dependency Allowed Value Type: `ENUM`
| @@ -1106,7 +1106,7 @@ This value is used as an on/off switch. If this value is on and EnableFirewall i | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2009 [10.0.19042.1706] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1706] and later
:heavy_check_mark: Windows 10, version 21H2 [10.0.19044.1706] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2009 [10.0.19042.1706] and later
✅ Windows 10, version 21H1 [10.0.19043.1706] and later
✅ Windows 10, version 21H2 [10.0.19044.1706] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1128,7 +1128,7 @@ This value is used as an on/off switch. If this value is on and EnableFirewall i | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -1144,7 +1144,7 @@ This value is used as an on/off switch. If this value is on and EnableFirewall i | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2009 [10.0.19042.1706] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1706] and later
:heavy_check_mark: Windows 10, version 21H2 [10.0.19044.1706] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2009 [10.0.19042.1706] and later
✅ Windows 10, version 21H1 [10.0.19043.1706] and later
✅ Windows 10, version 21H2 [10.0.19044.1706] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1167,7 +1167,7 @@ A list of dynamic keyword addresses for use within firewall rules. Dynamic keywo | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -1183,7 +1183,7 @@ A list of dynamic keyword addresses for use within firewall rules. Dynamic keywo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2009 [10.0.19042.1706] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1706] and later
:heavy_check_mark: Windows 10, version 21H2 [10.0.19044.1706] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2009 [10.0.19042.1706] and later
✅ Windows 10, version 21H1 [10.0.19043.1706] and later
✅ Windows 10, version 21H2 [10.0.19044.1706] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1206,7 +1206,7 @@ A unique GUID string identifier for this dynamic keyword address. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Delete, Get | | Atomic Required | True | | Dynamic Node Naming | ServerGeneratedUniqueIdentifier | @@ -1225,7 +1225,7 @@ A unique GUID string identifier for this dynamic keyword address. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2009 [10.0.19042.1706] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1706] and later
:heavy_check_mark: Windows 10, version 21H2 [10.0.19044.1706] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2009 [10.0.19042.1706] and later
✅ Windows 10, version 21H1 [10.0.19043.1706] and later
✅ Windows 10, version 21H2 [10.0.19044.1706] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1253,7 +1253,7 @@ An IPv6 address range in the format of "start address - end address" with no spa | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `,`) | | Dependency [AutoResolve False] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/Firewall/MdmStore/DynamicKeywords/Addresses/[Id]/AutoResolve`
Dependency Allowed Value: `false`
Dependency Allowed Value Type: `ENUM`
| @@ -1271,7 +1271,7 @@ An IPv6 address range in the format of "start address - end address" with no spa | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2009 [10.0.19042.1706] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1706] and later
:heavy_check_mark: Windows 10, version 21H2 [10.0.19044.1706] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2009 [10.0.19042.1706] and later
✅ Windows 10, version 21H1 [10.0.19043.1706] and later
✅ Windows 10, version 21H2 [10.0.19044.1706] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1294,7 +1294,7 @@ If this flag is set to TRUE, then the 'keyword' field of this object is expected | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Add, Delete, Get | | Default Value | false | @@ -1320,7 +1320,7 @@ If this flag is set to TRUE, then the 'keyword' field of this object is expected | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2009 [10.0.19042.1706] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1706] and later
:heavy_check_mark: Windows 10, version 21H2 [10.0.19044.1706] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2009 [10.0.19042.1706] and later
✅ Windows 10, version 21H1 [10.0.19043.1706] and later
✅ Windows 10, version 21H2 [10.0.19044.1706] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1343,7 +1343,7 @@ A String representing keyword. If the AutoResolve value is true, this should be | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get | @@ -1359,7 +1359,7 @@ A String representing keyword. If the AutoResolve value is true, this should be | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -1382,7 +1382,7 @@ A list of rules controlling traffic through the Windows Firewall. Each Rule ID i | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -1398,7 +1398,7 @@ A list of rules controlling traffic through the Windows Firewall. Each Rule ID i | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -1421,7 +1421,7 @@ Unique alpha numeric identifier for the rule. The rule name must not include a f | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Delete, Get, Replace | | Atomic Required | True | | Dynamic Node Naming | ServerGeneratedUniqueIdentifier | @@ -1440,7 +1440,7 @@ Unique alpha numeric identifier for the rule. The rule name must not include a f | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -1463,7 +1463,7 @@ Specifies the action for the rule. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -1479,7 +1479,7 @@ Specifies the action for the rule. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -1504,7 +1504,7 @@ Specifies the action the rule enforces: | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get, Replace | | Default Value | 1 | @@ -1530,7 +1530,7 @@ Specifies the action the rule enforces: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -1560,7 +1560,7 @@ ServiceName. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -1576,7 +1576,7 @@ ServiceName. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -1599,7 +1599,7 @@ FilePath - This App/Id value represents the full file path of the app. For examp | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1615,7 +1615,7 @@ FilePath - This App/Id value represents the full file path of the app. For examp | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -1638,7 +1638,7 @@ Fully Qualified Binary Name. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1654,7 +1654,7 @@ Fully Qualified Binary Name. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -1677,7 +1677,7 @@ PackageFamilyName - This App/Id value represents the PackageFamilyName of the ap | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1693,7 +1693,7 @@ PackageFamilyName - This App/Id value represents the PackageFamilyName of the ap | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -1716,7 +1716,7 @@ This is a service name, and is used in cases when a service, not an application, | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1732,7 +1732,7 @@ This is a service name, and is used in cases when a service, not an application, | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -1755,7 +1755,7 @@ Specifies the description of the rule. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1771,7 +1771,7 @@ Specifies the description of the rule. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -1799,7 +1799,7 @@ If not specified the default is OUT. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get, Replace | | Default Value | OUT | @@ -1825,7 +1825,7 @@ If not specified the default is OUT. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -1852,7 +1852,7 @@ New rules have the EdgeTraversal property disabled by default. | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Add, Delete, Get, Replace | @@ -1877,7 +1877,7 @@ New rules have the EdgeTraversal property disabled by default. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -1901,7 +1901,7 @@ If not specified - a new rule is disabled by default. | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Get, Replace | @@ -1926,7 +1926,7 @@ If not specified - a new rule is disabled by default. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: [10.0.20348] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ [10.0.20348] and later | @@ -1949,7 +1949,7 @@ Comma separated list of ICMP types and codes applicable to the firewall rule. To | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `,`) | @@ -1966,7 +1966,7 @@ Comma separated list of ICMP types and codes applicable to the firewall rule. To | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -1990,7 +1990,7 @@ If more than one interface type is specified, the strings must be separated by a | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Default Value | All | @@ -2019,7 +2019,7 @@ If more than one interface type is specified, the strings must be separated by a | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -2049,7 +2049,7 @@ An IPv6 address range in the format of "start address - end address" with no spa | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `,`) | @@ -2066,7 +2066,7 @@ An IPv6 address range in the format of "start address - end address" with no spa | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -2090,7 +2090,7 @@ When setting this field in a firewall rule, the protocol field must also be set, | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Regular Expression: `^[0-9,-]+$` | @@ -2107,7 +2107,7 @@ When setting this field in a firewall rule, the protocol field must also be set, | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -2131,7 +2131,7 @@ This is a string in Security Descriptor Definition Language (SDDL) format\. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | `` | @@ -2148,7 +2148,7 @@ This is a string in Security Descriptor Definition Language (SDDL) format\. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -2171,7 +2171,7 @@ Specifies the friendly name of the firewall rule. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2187,7 +2187,7 @@ Specifies the friendly name of the firewall rule. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 22H2 [10.0.19045.2913] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000.1880] and later
:heavy_check_mark: Windows 11, version 22H2 [10.0.22621.1635] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 22H2 [10.0.19045.2913] and later
✅ Windows 11, version 21H2 [10.0.22000.1880] and later
✅ Windows 11, version 22H2 [10.0.22621.1635] and later | @@ -2210,7 +2210,7 @@ Specifies one WDAC tag. This is a string that can contain any alphanumeric chara | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Regular Expression: `^[A-Za-z0-9_.:/]+$` | @@ -2227,7 +2227,7 @@ Specifies one WDAC tag. This is a string that can contain any alphanumeric chara | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -2250,7 +2250,7 @@ Specifies the profiles to which the rule belongs: Domain, Private, Public. See [ | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get, Replace | @@ -2278,7 +2278,7 @@ Specifies the profiles to which the rule belongs: Domain, Private, Public. See [ | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -2301,7 +2301,7 @@ Specifies the profiles to which the rule belongs: Domain, Private, Public. See [ | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[0-255]` | @@ -2318,7 +2318,7 @@ Specifies the profiles to which the rule belongs: Domain, Private, Public. See [ | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2009 [10.0.19042.1706] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1706] and later
:heavy_check_mark: Windows 10, version 21H2 [10.0.19044.1706] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2009 [10.0.19042.1706] and later
✅ Windows 10, version 21H1 [10.0.19043.1706] and later
✅ Windows 10, version 21H2 [10.0.19044.1706] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2341,7 +2341,7 @@ Comma separated list of Dynamic Keyword Address Ids (GUID strings) specifying th | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Regular Expression: `\{[0-9A-Fa-f]{8}\-[0-9A-Fa-f]{4}\-[0-9A-Fa-f]{4}\-[0-9A-Fa-f]{4}\-[0-9A-Fa-f]{12}\}` | @@ -2358,7 +2358,7 @@ Comma separated list of Dynamic Keyword Address Ids (GUID strings) specifying th | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -2395,7 +2395,7 @@ An IPv6 address range in the format of "start address - end address" with no spa | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `,`) | @@ -2412,7 +2412,7 @@ An IPv6 address range in the format of "start address - end address" with no spa | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -2436,7 +2436,7 @@ When setting this field in a firewall rule, the protocol field must also be set, | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Regular Expression: `^[0-9,-]+$` | @@ -2453,7 +2453,7 @@ When setting this field in a firewall rule, the protocol field must also be set, | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -2476,7 +2476,7 @@ Provides information about the specific version of the rule in deployment for mo | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -2492,7 +2492,7 @@ Provides information about the specific version of the rule in deployment for mo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -2514,7 +2514,7 @@ Provides information about the specific version of the rule in deployment for mo | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -2530,7 +2530,7 @@ Provides information about the specific version of the rule in deployment for mo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -2553,7 +2553,7 @@ This value contains the binary version of the structures and data types that are | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -2569,7 +2569,7 @@ This value contains the binary version of the structures and data types that are | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -2592,7 +2592,7 @@ This value specifies how certificate revocation list (CRL) verification is enfor | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get, Replace | @@ -2618,7 +2618,7 @@ This value specifies how certificate revocation list (CRL) verification is enfor | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -2641,7 +2641,7 @@ Value that contains a bitmask of the current enforced profiles that are maintain | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | @@ -2657,7 +2657,7 @@ Value that contains a bitmask of the current enforced profiles that are maintain | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -2680,7 +2680,7 @@ This value is an on/off switch. If off, the firewall performs stateful File Tran | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Get, Replace | | Default Value | false | @@ -2706,7 +2706,7 @@ This value is an on/off switch. If off, the firewall performs stateful File Tran | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -2729,7 +2729,7 @@ This value specifies how scaling for the software on the receive side is enabled | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get, Replace | | Default Value | 0x0 | @@ -2756,7 +2756,7 @@ This value specifies how scaling for the software on the receive side is enabled | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -2779,7 +2779,7 @@ This value configures IPsec exceptions and MUST be a combination of the valid fl | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get, Replace | | Default Value | 0x0 | @@ -2808,7 +2808,7 @@ This value configures IPsec exceptions and MUST be a combination of the valid fl | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -2831,7 +2831,7 @@ This value is used as an on/off switch. When this option is false, keying module | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Get, Replace | @@ -2856,7 +2856,7 @@ This value is used as an on/off switch. When this option is false, keying module | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -2879,7 +2879,7 @@ This value contains the policy version of the policy store being managed. This v | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -2895,7 +2895,7 @@ This value contains the policy version of the policy store being managed. This v | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -2918,7 +2918,7 @@ Value that contains the maximum policy version that the server host can accept. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | @@ -2934,7 +2934,7 @@ Value that contains the maximum policy version that the server host can accept. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -2957,7 +2957,7 @@ Specifies the preshared key encoding that is used. MUST be a valid value from th | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get, Replace | | Default Value | 1 | @@ -2983,7 +2983,7 @@ Specifies the preshared key encoding that is used. MUST be a valid value from th | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -3006,7 +3006,7 @@ This value configures the security association idle time, in seconds. Security a | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get, Replace | | Allowed Values | Range: `[300-3600]` | | Default Value | 300 | @@ -3024,7 +3024,7 @@ This value configures the security association idle time, in seconds. Security a | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -3047,7 +3047,7 @@ A list of rules controlling traffic through the Windows Firewall for Hyper-V con | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -3063,7 +3063,7 @@ A list of rules controlling traffic through the Windows Firewall for Hyper-V con | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -3086,7 +3086,7 @@ Unique alpha numeric identifier for the rule. The rule name must not include a f | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Delete, Get, Replace | | Atomic Required | True | | Dynamic Node Naming | ServerGeneratedUniqueIdentifier | @@ -3105,7 +3105,7 @@ Unique alpha numeric identifier for the rule. The rule name must not include a f | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -3130,7 +3130,7 @@ Specifies the action the rule enforces: | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get, Replace | | Default Value | 1 | @@ -3156,7 +3156,7 @@ Specifies the action the rule enforces: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -3184,7 +3184,7 @@ If not specified the default is OUT. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get, Replace | | Default Value | OUT | @@ -3210,7 +3210,7 @@ If not specified the default is OUT. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -3234,7 +3234,7 @@ If not specified - a new rule is disabled by default. | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Get, Replace | @@ -3259,7 +3259,7 @@ If not specified - a new rule is disabled by default. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -3289,7 +3289,7 @@ An IPv6 address range in the format of "start address - end address" with no spa | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `,`) | @@ -3306,7 +3306,7 @@ An IPv6 address range in the format of "start address - end address" with no spa | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -3329,7 +3329,7 @@ Comma Separated list of ranges for eg. 100-120,200,300-320. If not specified the | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Regular Expression: `^[0-9,-]+$` | @@ -3346,7 +3346,7 @@ Comma Separated list of ranges for eg. 100-120,200,300-320. If not specified the | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -3369,7 +3369,7 @@ Specifies the friendly name of the Hyper-V Firewall rule. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -3385,7 +3385,7 @@ Specifies the friendly name of the Hyper-V Firewall rule. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -3408,7 +3408,7 @@ This value represents the order of rule enforcement. A lower priority rule is ev | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[0-65535]` | @@ -3425,7 +3425,7 @@ This value represents the order of rule enforcement. A lower priority rule is ev | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -3448,7 +3448,7 @@ Specifies the profiles to which the rule belongs: Domain, Private, Public. See [ | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get, Replace | @@ -3475,7 +3475,7 @@ Specifies the profiles to which the rule belongs: Domain, Private, Public. See [ | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -3498,7 +3498,7 @@ Specifies the profiles to which the rule belongs: Domain, Private, Public. See [ | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[0-65535]` | @@ -3515,7 +3515,7 @@ Specifies the profiles to which the rule belongs: Domain, Private, Public. See [ | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -3543,7 +3543,7 @@ An IPv6 address range in the format of "start address - end address" with no spa | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `,`) | @@ -3560,7 +3560,7 @@ An IPv6 address range in the format of "start address - end address" with no spa | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -3583,7 +3583,7 @@ Comma Separated list of ranges for eg. 100-120,200,300-320. If not specified the | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Regular Expression: `^[0-9,-]+$` | @@ -3600,7 +3600,7 @@ Comma Separated list of ranges for eg. 100-120,200,300-320. If not specified the | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -3623,7 +3623,7 @@ Provides information about the specific version of the rule in deployment for mo | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -3639,7 +3639,7 @@ Provides information about the specific version of the rule in deployment for mo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -3662,7 +3662,7 @@ This field specifies the VM Creator ID that this rule is applicable to. A NULL G | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Regular Expression: `\{[0-9A-Fa-f]{8}\-[0-9A-Fa-f]{4}\-[0-9A-Fa-f]{4}\-[0-9A-Fa-f]{4}\-[0-9A-Fa-f]{12}\}` | @@ -3679,7 +3679,7 @@ This field specifies the VM Creator ID that this rule is applicable to. A NULL G | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -3702,7 +3702,7 @@ Settings for the Windows Firewall for Hyper-V containers. Each setting applies o | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -3718,7 +3718,7 @@ Settings for the Windows Firewall for Hyper-V containers. Each setting applies o | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -3741,7 +3741,7 @@ VM Creator ID that these settings apply to. Valid format is a GUID. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Delete, Get, Replace | | Atomic Required | True | | Dynamic Node Naming | ServerGeneratedUniqueIdentifier | @@ -3760,7 +3760,7 @@ VM Creator ID that these settings apply to. Valid format is a GUID. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -3783,7 +3783,7 @@ This value is used as an on/off switch. If this value is true, applicable host f | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Get, Replace | | Default Value | true | @@ -3809,7 +3809,7 @@ This value is used as an on/off switch. If this value is true, applicable host f | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -3832,7 +3832,7 @@ This value is the action that the Hyper-V Firewall does by default (and evaluate | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get, Replace | | Default Value | 1 | | Dependency [Enable Firewall] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/Firewall/MdmStore/HyperVVMSettings/[VMCreatorId]/EnableFirewall`
Dependency Allowed Value: `true`
Dependency Allowed Value Type: `ENUM`
| @@ -3859,7 +3859,7 @@ This value is the action that the Hyper-V Firewall does by default (and evaluate | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -3882,7 +3882,7 @@ This value is the action that the Hyper-V Firewall does by default (and evaluate | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get, Replace | | Default Value | 0 | | Dependency [Enable Firewall] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/Firewall/MdmStore/HyperVVMSettings/[VMCreatorId]/EnableFirewall`
Dependency Allowed Value: `true`
Dependency Allowed Value Type: `ENUM`
| @@ -3909,7 +3909,7 @@ This value is the action that the Hyper-V Firewall does by default (and evaluate | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -3931,7 +3931,7 @@ This value is the action that the Hyper-V Firewall does by default (and evaluate | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -3947,7 +3947,7 @@ This value is the action that the Hyper-V Firewall does by default (and evaluate | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -3970,7 +3970,7 @@ This value is used as an on/off switch. If this value is false, Hyper-V Firewall | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Replace | | Default Value | true | | Dependency [Enable Firewall] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/Firewall/MdmStore/HyperVVMSettings/[VMCreatorId]/DomainProfile/EnableFirewall`
Dependency Allowed Value: `true`
Dependency Allowed Value Type: `ENUM`
| @@ -3997,7 +3997,7 @@ This value is used as an on/off switch. If this value is false, Hyper-V Firewall | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -4020,7 +4020,7 @@ This value is the action that the Hyper-V Firewall does by default (and evaluate | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get, Replace | | Default Value | 1 | | Dependency [Enable Firewall] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/Firewall/MdmStore/HyperVVMSettings/[VMCreatorId]/DomainProfile/EnableFirewall`
Dependency Allowed Value: `true`
Dependency Allowed Value Type: `ENUM`
| @@ -4047,7 +4047,7 @@ This value is the action that the Hyper-V Firewall does by default (and evaluate | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -4070,7 +4070,7 @@ This value is the action that the Hyper-V Firewall does by default (and evaluate | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get, Replace | | Default Value | 0 | | Dependency [Enable Firewall] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/Firewall/MdmStore/HyperVVMSettings/[VMCreatorId]/DomainProfile/EnableFirewall`
Dependency Allowed Value: `true`
Dependency Allowed Value Type: `ENUM`
| @@ -4097,7 +4097,7 @@ This value is the action that the Hyper-V Firewall does by default (and evaluate | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -4120,7 +4120,7 @@ This value is an on/off switch for the Hyper-V Firewall enforcement. | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Replace | | Default Value | true | @@ -4146,7 +4146,7 @@ This value is an on/off switch for the Hyper-V Firewall enforcement. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -4169,7 +4169,7 @@ This value is an on/off switch for the Hyper-V Firewall. This value controls the | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Replace | | Default Value | true | @@ -4195,7 +4195,7 @@ This value is an on/off switch for the Hyper-V Firewall. This value controls the | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -4218,7 +4218,7 @@ This value is an on/off switch for loopback traffic. This determines if this VM | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Replace | | Default Value | false | @@ -4244,7 +4244,7 @@ This value is an on/off switch for loopback traffic. This determines if this VM | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -4266,7 +4266,7 @@ This value is an on/off switch for loopback traffic. This determines if this VM | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -4282,7 +4282,7 @@ This value is an on/off switch for loopback traffic. This determines if this VM | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -4305,7 +4305,7 @@ This value is used as an on/off switch. If this value is false, Hyper-V Firewall | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Replace | | Default Value | true | | Dependency [Enable Firewall] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/Firewall/MdmStore/HyperVVMSettings/[VMCreatorId]/PrivateProfile/EnableFirewall`
Dependency Allowed Value: `true`
Dependency Allowed Value Type: `ENUM`
| @@ -4332,7 +4332,7 @@ This value is used as an on/off switch. If this value is false, Hyper-V Firewall | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -4355,7 +4355,7 @@ This value is the action that the Hyper-V Firewall does by default (and evaluate | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get, Replace | | Default Value | 1 | | Dependency [Enable Firewall] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/Firewall/MdmStore/HyperVVMSettings/[VMCreatorId]/PrivateProfile/EnableFirewall`
Dependency Allowed Value: `true`
Dependency Allowed Value Type: `ENUM`
| @@ -4382,7 +4382,7 @@ This value is the action that the Hyper-V Firewall does by default (and evaluate | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -4405,7 +4405,7 @@ This value is the action that the Hyper-V Firewall does by default (and evaluate | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get, Replace | | Default Value | 0 | | Dependency [Enable Firewall] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/Firewall/MdmStore/HyperVVMSettings/[VMCreatorId]/PrivateProfile/EnableFirewall`
Dependency Allowed Value: `true`
Dependency Allowed Value Type: `ENUM`
| @@ -4432,7 +4432,7 @@ This value is the action that the Hyper-V Firewall does by default (and evaluate | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -4455,7 +4455,7 @@ This value is an on/off switch for the Hyper-V Firewall enforcement. | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Replace | | Default Value | true | @@ -4481,7 +4481,7 @@ This value is an on/off switch for the Hyper-V Firewall enforcement. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -4503,7 +4503,7 @@ This value is an on/off switch for the Hyper-V Firewall enforcement. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -4519,7 +4519,7 @@ This value is an on/off switch for the Hyper-V Firewall enforcement. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -4542,7 +4542,7 @@ This value is used as an on/off switch. If this value is false, Hyper-V Firewall | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Replace | | Default Value | true | | Dependency [Enable Firewall] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/Firewall/MdmStore/HyperVVMSettings/[VMCreatorId]/PublicProfile/EnableFirewall`
Dependency Allowed Value: `true`
Dependency Allowed Value Type: `ENUM`
| @@ -4569,7 +4569,7 @@ This value is used as an on/off switch. If this value is false, Hyper-V Firewall | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -4592,7 +4592,7 @@ This value is the action that the Hyper-V Firewall does by default (and evaluate | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get, Replace | | Default Value | 1 | | Dependency [Enable Firewall] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/Firewall/MdmStore/HyperVVMSettings/[VMCreatorId]/PublicProfile/EnableFirewall`
Dependency Allowed Value: `true`
Dependency Allowed Value Type: `ENUM`
| @@ -4619,7 +4619,7 @@ This value is the action that the Hyper-V Firewall does by default (and evaluate | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -4642,7 +4642,7 @@ This value is the action that the Hyper-V Firewall does by default (and evaluate | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get, Replace | | Default Value | 0 | | Dependency [Enable Firewall] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/Firewall/MdmStore/HyperVVMSettings/[VMCreatorId]/PublicProfile/EnableFirewall`
Dependency Allowed Value: `true`
Dependency Allowed Value Type: `ENUM`
| @@ -4669,7 +4669,7 @@ This value is the action that the Hyper-V Firewall does by default (and evaluate | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -4692,7 +4692,7 @@ This value is an on/off switch for the Hyper-V Firewall enforcement. | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Replace | | Default Value | true | @@ -4718,7 +4718,7 @@ This value is an on/off switch for the Hyper-V Firewall enforcement. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -4740,7 +4740,7 @@ This value is an on/off switch for the Hyper-V Firewall enforcement. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -4756,7 +4756,7 @@ This value is an on/off switch for the Hyper-V Firewall enforcement. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -4779,7 +4779,7 @@ This value is an on/off switch. If this value is false, connection security rule | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Get, Replace | | Default Value | true | | Dependency [Enable Firewall] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/Firewall/MdmStore/PrivateProfile/EnableFirewall`
Dependency Allowed Value: `true`
Dependency Allowed Value Type: `ENUM`
| @@ -4806,7 +4806,7 @@ This value is an on/off switch. If this value is false, connection security rule | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -4829,7 +4829,7 @@ This value is used as an on/off switch. If this value is false, firewall rules f | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Get, Replace | | Default Value | true | | Dependency [Enable Firewall] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/Firewall/MdmStore/PrivateProfile/EnableFirewall`
Dependency Allowed Value: `true`
Dependency Allowed Value Type: `ENUM`
| @@ -4856,7 +4856,7 @@ This value is used as an on/off switch. If this value is false, firewall rules f | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -4879,7 +4879,7 @@ This value is used as an on/off switch. If this value is false, authorized appli | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Get, Replace | | Default Value | true | | Dependency [Enable Firewall] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/Firewall/MdmStore/PrivateProfile/EnableFirewall`
Dependency Allowed Value: `true`
Dependency Allowed Value Type: `ENUM`
| @@ -4906,7 +4906,7 @@ This value is used as an on/off switch. If this value is false, authorized appli | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -4929,7 +4929,7 @@ This value is the action that the firewall does by default (and evaluates at the | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get, Replace | | Default Value | 1 | | Dependency [Enable Firewall] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/Firewall/MdmStore/PrivateProfile/EnableFirewall`
Dependency Allowed Value: `true`
Dependency Allowed Value Type: `ENUM`
| @@ -4956,7 +4956,7 @@ This value is the action that the firewall does by default (and evaluates at the | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -4979,7 +4979,7 @@ This value is the action that the firewall does by default (and evaluates at the | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get, Replace | | Default Value | 0 | | Dependency [Enable Firewall] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/Firewall/MdmStore/PrivateProfile/EnableFirewall`
Dependency Allowed Value: `true`
Dependency Allowed Value Type: `ENUM`
| @@ -5029,7 +5029,7 @@ This value is the action that the firewall does by default (and evaluates at the | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -5052,7 +5052,7 @@ This value is an on/off switch. If this value is false, the firewall MAY display | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Get, Replace | | Default Value | false | | Dependency [Enable Firewall] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/Firewall/MdmStore/PrivateProfile/EnableFirewall`
Dependency Allowed Value: `true`
Dependency Allowed Value Type: `ENUM`
| @@ -5079,7 +5079,7 @@ This value is an on/off switch. If this value is false, the firewall MAY display | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -5102,7 +5102,7 @@ This value is an on/off switch. When this option is false, the server operates i | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Get, Replace | | Default Value | false | | Dependency [Enable Firewall] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/Firewall/MdmStore/PrivateProfile/EnableFirewall`
Dependency Allowed Value: `true`
Dependency Allowed Value Type: `ENUM`
| @@ -5129,7 +5129,7 @@ This value is an on/off switch. When this option is false, the server operates i | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -5152,7 +5152,7 @@ This value is an on/off switch. This option is ignored if DisableStealthMode is | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Get, Replace | | Default Value | true | | Dependency [Enable Firewall] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/Firewall/MdmStore/PrivateProfile/EnableFirewall`
Dependency Allowed Value: `true`
Dependency Allowed Value Type: `ENUM`
| @@ -5179,7 +5179,7 @@ This value is an on/off switch. This option is ignored if DisableStealthMode is | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -5202,7 +5202,7 @@ This value is used as an on/off switch. If it is true, unicast responses to mult | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Get, Replace | | Default Value | false | | Dependency [Enable Firewall] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/Firewall/MdmStore/PrivateProfile/EnableFirewall`
Dependency Allowed Value: `true`
Dependency Allowed Value Type: `ENUM`
| @@ -5229,7 +5229,7 @@ This value is used as an on/off switch. If it is true, unicast responses to mult | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -5252,7 +5252,7 @@ This value is an on/off switch for the firewall and advanced security enforcemen | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Add, Get, Replace | | Default Value | true | @@ -5278,7 +5278,7 @@ This value is an on/off switch for the firewall and advanced security enforcemen | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later | @@ -5301,7 +5301,7 @@ This value is used as an on/off switch. If this value is on, the firewall logs a | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Get, Replace | | Default Value | false | | Dependency [Enable Firewall] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/Firewall/MdmStore/PrivateProfile/EnableFirewall`
Dependency Allowed Value: `true`
Dependency Allowed Value Type: `ENUM`
| @@ -5328,7 +5328,7 @@ This value is used as an on/off switch. If this value is on, the firewall logs a | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later | @@ -5351,7 +5351,7 @@ This value is used as an on/off switch. The server MAY use this value in an impl | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Get, Replace | | Default Value | false | | Dependency [Enable Firewall] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/Firewall/MdmStore/PrivateProfile/EnableFirewall`
Dependency Allowed Value: `true`
Dependency Allowed Value Type: `ENUM`
| @@ -5378,7 +5378,7 @@ This value is used as an on/off switch. The server MAY use this value in an impl | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later | @@ -5401,7 +5401,7 @@ This value is used as an on/off switch. If this value is on, the firewall logs a | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Get, Replace | | Default Value | false | | Dependency [Enable Firewall] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/Firewall/MdmStore/PrivateProfile/EnableFirewall`
Dependency Allowed Value: `true`
Dependency Allowed Value Type: `ENUM`
| @@ -5428,7 +5428,7 @@ This value is used as an on/off switch. If this value is on, the firewall logs a | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -5451,7 +5451,7 @@ This value is used as an on/off switch. If this value is false, global port fire | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Get, Replace | | Default Value | true | | Dependency [Enable Firewall] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/Firewall/MdmStore/PrivateProfile/EnableFirewall`
Dependency Allowed Value: `true`
Dependency Allowed Value Type: `ENUM`
| @@ -5478,7 +5478,7 @@ This value is used as an on/off switch. If this value is false, global port fire | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later | @@ -5501,7 +5501,7 @@ This value is a string that represents a file path to the log where the firewall | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get, Replace | | Default Value | %systemroot%\system32\LogFiles\Firewall\pfirewall.log | | Dependency [Enable Firewall] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/Firewall/MdmStore/PrivateProfile/EnableFirewall`
Dependency Allowed Value: `true`
Dependency Allowed Value Type: `ENUM`
| @@ -5519,7 +5519,7 @@ This value is a string that represents a file path to the log where the firewall | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later | @@ -5542,7 +5542,7 @@ This value specifies the size, in kilobytes, of the log file where dropped packe | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get, Replace | | Allowed Values | Range: `[0-4294967295]` | | Default Value | 1024 | @@ -5561,7 +5561,7 @@ This value specifies the size, in kilobytes, of the log file where dropped packe | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -5584,7 +5584,7 @@ This value is used as an on/off switch. If this value is on and EnableFirewall i | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Get, Replace | | Default Value | false | | Dependency [Enable Firewall] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/Firewall/MdmStore/PrivateProfile/EnableFirewall`
Dependency Allowed Value: `true`
Dependency Allowed Value Type: `ENUM`
| @@ -5611,7 +5611,7 @@ This value is used as an on/off switch. If this value is on and EnableFirewall i | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -5633,7 +5633,7 @@ This value is used as an on/off switch. If this value is on and EnableFirewall i | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -5649,7 +5649,7 @@ This value is used as an on/off switch. If this value is on and EnableFirewall i | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -5672,7 +5672,7 @@ This value is an on/off switch. If this value is false, connection security rule | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Get, Replace | | Default Value | true | | Dependency [Enable Firewall] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/Firewall/MdmStore/PublicProfile/EnableFirewall`
Dependency Allowed Value: `true`
Dependency Allowed Value Type: `ENUM`
| @@ -5699,7 +5699,7 @@ This value is an on/off switch. If this value is false, connection security rule | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -5722,7 +5722,7 @@ This value is used as an on/off switch. If this value is false, firewall rules f | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Get, Replace | | Default Value | true | | Dependency [Enable Firewall] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/Firewall/MdmStore/PublicProfile/EnableFirewall`
Dependency Allowed Value: `true`
Dependency Allowed Value Type: `ENUM`
| @@ -5749,7 +5749,7 @@ This value is used as an on/off switch. If this value is false, firewall rules f | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -5772,7 +5772,7 @@ This value is used as an on/off switch. If this value is false, authorized appli | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Get, Replace | | Default Value | true | | Dependency [Enable Firewall] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/Firewall/MdmStore/PublicProfile/EnableFirewall`
Dependency Allowed Value: `true`
Dependency Allowed Value Type: `ENUM`
| @@ -5799,7 +5799,7 @@ This value is used as an on/off switch. If this value is false, authorized appli | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -5822,7 +5822,7 @@ This value is the action that the firewall does by default (and evaluates at the | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get, Replace | | Default Value | 1 | | Dependency [Enable Firewall] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/Firewall/MdmStore/PublicProfile/EnableFirewall`
Dependency Allowed Value: `true`
Dependency Allowed Value Type: `ENUM`
| @@ -5849,7 +5849,7 @@ This value is the action that the firewall does by default (and evaluates at the | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -5872,7 +5872,7 @@ This value is the action that the firewall does by default (and evaluates at the | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get, Replace | | Default Value | 0 | | Dependency [Enable Firewall] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/Firewall/MdmStore/PublicProfile/EnableFirewall`
Dependency Allowed Value: `true`
Dependency Allowed Value Type: `ENUM`
| @@ -5922,7 +5922,7 @@ This value is the action that the firewall does by default (and evaluates at the | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -5945,7 +5945,7 @@ This value is an on/off switch. If this value is false, the firewall MAY display | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Get, Replace | | Default Value | false | | Dependency [Enable Firewall] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/Firewall/MdmStore/PublicProfile/EnableFirewall`
Dependency Allowed Value: `true`
Dependency Allowed Value Type: `ENUM`
| @@ -5972,7 +5972,7 @@ This value is an on/off switch. If this value is false, the firewall MAY display | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -5995,7 +5995,7 @@ This value is an on/off switch. When this option is false, the server operates i | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Get, Replace | | Default Value | false | | Dependency [Enable Firewall] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/Firewall/MdmStore/PublicProfile/EnableFirewall`
Dependency Allowed Value: `true`
Dependency Allowed Value Type: `ENUM`
| @@ -6022,7 +6022,7 @@ This value is an on/off switch. When this option is false, the server operates i | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -6045,7 +6045,7 @@ This value is an on/off switch. This option is ignored if DisableStealthMode is | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Get, Replace | | Default Value | true | | Dependency [Enable Firewall] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/Firewall/MdmStore/PublicProfile/EnableFirewall`
Dependency Allowed Value: `true`
Dependency Allowed Value Type: `ENUM`
| @@ -6072,7 +6072,7 @@ This value is an on/off switch. This option is ignored if DisableStealthMode is | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -6095,7 +6095,7 @@ This value is used as an on/off switch. If it is true, unicast responses to mult | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Get, Replace | | Default Value | false | | Dependency [Enable Firewall] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/Firewall/MdmStore/PublicProfile/EnableFirewall`
Dependency Allowed Value: `true`
Dependency Allowed Value Type: `ENUM`
| @@ -6122,7 +6122,7 @@ This value is used as an on/off switch. If it is true, unicast responses to mult | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -6145,7 +6145,7 @@ This value is an on/off switch for the firewall and advanced security enforcemen | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Get, Replace | | Default Value | true | @@ -6171,7 +6171,7 @@ This value is an on/off switch for the firewall and advanced security enforcemen | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later | @@ -6194,7 +6194,7 @@ This value is used as an on/off switch. If this value is on, the firewall logs a | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Get, Replace | | Default Value | false | | Dependency [Enable Firewall] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/Firewall/MdmStore/PublicProfile/EnableFirewall`
Dependency Allowed Value: `true`
Dependency Allowed Value Type: `ENUM`
| @@ -6221,7 +6221,7 @@ This value is used as an on/off switch. If this value is on, the firewall logs a | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later | @@ -6244,7 +6244,7 @@ This value is used as an on/off switch. The server MAY use this value in an impl | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Get, Replace | | Default Value | false | | Dependency [Enable Firewall] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/Firewall/MdmStore/PublicProfile/EnableFirewall`
Dependency Allowed Value: `true`
Dependency Allowed Value Type: `ENUM`
| @@ -6271,7 +6271,7 @@ This value is used as an on/off switch. The server MAY use this value in an impl | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later | @@ -6294,7 +6294,7 @@ This value is used as an on/off switch. If this value is on, the firewall logs a | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Get, Replace | | Default Value | false | | Dependency [Enable Firewall] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/Firewall/MdmStore/PublicProfile/EnableFirewall`
Dependency Allowed Value: `true`
Dependency Allowed Value Type: `ENUM`
| @@ -6321,7 +6321,7 @@ This value is used as an on/off switch. If this value is on, the firewall logs a | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -6344,7 +6344,7 @@ This value is used as an on/off switch. If this value is false, global port fire | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Get, Replace | | Default Value | true | | Dependency [Enable Firewall] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/Firewall/MdmStore/PublicProfile/EnableFirewall`
Dependency Allowed Value: `true`
Dependency Allowed Value Type: `ENUM`
| @@ -6371,7 +6371,7 @@ This value is used as an on/off switch. If this value is false, global port fire | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later | @@ -6394,7 +6394,7 @@ This value is a string that represents a file path to the log where the firewall | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get, Replace | | Default Value | %systemroot%\system32\LogFiles\Firewall\pfirewall.log | | Dependency [Enable Firewall] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/Firewall/MdmStore/PublicProfile/EnableFirewall`
Dependency Allowed Value: `true`
Dependency Allowed Value Type: `ENUM`
| @@ -6412,7 +6412,7 @@ This value is a string that represents a file path to the log where the firewall | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later | @@ -6435,7 +6435,7 @@ This value specifies the size, in kilobytes, of the log file where dropped packe | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get, Replace | | Allowed Values | Range: `[0-4294967295]` | | Default Value | 1024 | @@ -6454,7 +6454,7 @@ This value specifies the size, in kilobytes, of the log file where dropped packe | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -6477,7 +6477,7 @@ This value is used as an on/off switch. If this value is on and EnableFirewall i | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Get, Replace | | Default Value | false | | Dependency [Enable Firewall] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/Firewall/MdmStore/PublicProfile/EnableFirewall`
Dependency Allowed Value: `true`
Dependency Allowed Value Type: `ENUM`
| diff --git a/windows/client-management/mdm/healthattestation-csp.md b/windows/client-management/mdm/healthattestation-csp.md index a7eb92f01a..5448dcc273 100644 --- a/windows/client-management/mdm/healthattestation-csp.md +++ b/windows/client-management/mdm/healthattestation-csp.md @@ -4,7 +4,7 @@ description: Learn more about the HealthAttestation CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 02/28/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -55,7 +55,7 @@ The following list shows the HealthAttestation configuration service provider no | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -79,7 +79,7 @@ The status is always cleared prior to making the attest service call. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | @@ -122,7 +122,7 @@ The status is always cleared prior to making the attest service call. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -146,7 +146,7 @@ Value type is a base64 string. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -162,7 +162,7 @@ Value type is a base64 string. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -185,7 +185,7 @@ Identifies a unique device health attestation session. CorrelationId is used to | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -201,7 +201,7 @@ Identifies a unique device health attestation session. CorrelationId is used to | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -224,7 +224,7 @@ Provides the current protocol version that the client is using to communicate wi | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | @@ -240,7 +240,7 @@ Provides the current protocol version that the client is using to communicate wi | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -263,7 +263,7 @@ Instructs the client to initiate a new request to DHA-Service, and get a new DHA | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Get, Replace | | Default Value | False | @@ -289,7 +289,7 @@ Instructs the client to initiate a new request to DHA-Service, and get a new DHA | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -313,7 +313,7 @@ The report is stored in a registry key in the respective MDM enrollment store. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -357,7 +357,7 @@ The report is stored in a registry key in the respective MDM enrollment store. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -381,7 +381,7 @@ If there's more than one correlation ID, they're separated by ";" in the string. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -426,7 +426,7 @@ If there's more than one correlation ID, they're separated by ";" in the string. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -449,7 +449,7 @@ Identifies the fully qualified domain name (FQDN) of the DHA-Service that is ass | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get, Replace | | Default Value | has.spserv.microsoft.com. | @@ -466,7 +466,7 @@ Identifies the fully qualified domain name (FQDN) of the DHA-Service that is ass | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -489,7 +489,7 @@ Returns the maximum protocol version that this client can support. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | @@ -505,7 +505,7 @@ Returns the maximum protocol version that this client can support. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -528,7 +528,7 @@ Enables MDMs to protect the device health attestation communications from man-in | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get, Replace | | Default Value | \0 | @@ -545,7 +545,7 @@ Enables MDMs to protect the device health attestation communications from man-in | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -568,7 +568,7 @@ Provides the maximum preferred protocol version that the client is configured to | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get, Replace | | Default Value | 3 | @@ -585,7 +585,7 @@ Provides the maximum preferred protocol version that the client is configured to | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -608,7 +608,7 @@ Provides the current status of the device health request. For the complete list | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | @@ -624,7 +624,7 @@ Provides the current status of the device health request. For the complete list | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -647,7 +647,7 @@ Returns a bitmask of information describing the state of TPM. It indicates wheth | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | @@ -663,7 +663,7 @@ Returns a bitmask of information describing the state of TPM. It indicates wheth | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -687,7 +687,7 @@ If the attestation process is launched successfully, this node will return code | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Exec | @@ -750,7 +750,7 @@ If the attestation process is launched successfully, this node will return code | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -773,7 +773,7 @@ Notifies the device to prepare a device health verification request. | Property name | Property value | |:--|:--| -| Format | null | +| Format | `null` | | Access Type | Exec | diff --git a/windows/client-management/mdm/laps-csp.md b/windows/client-management/mdm/laps-csp.md index 41e10a9f37..a7e7eb1dd9 100644 --- a/windows/client-management/mdm/laps-csp.md +++ b/windows/client-management/mdm/laps-csp.md @@ -54,7 +54,7 @@ The following list shows the LAPS configuration service provider nodes: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: [10.0.20348.1663] and later
:heavy_check_mark: [10.0.25145] and later
:heavy_check_mark: Windows 10, version 1809 [10.0.17763.4244] and later
:heavy_check_mark: Windows 10, version 2004 [10.0.19041.2784] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000.1754] and later
:heavy_check_mark: Windows 11, version 22H2 [10.0.22621.1480] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ [10.0.20348.1663] and later
✅ [10.0.25145] and later
✅ Windows 10, version 1809 [10.0.17763.4244] and later
✅ Windows 10, version 2004 [10.0.19041.2784] and later
✅ Windows 11, version 21H2 [10.0.22000.1754] and later
✅ Windows 11, version 22H2 [10.0.22621.1480] and later | @@ -77,7 +77,7 @@ Defines the parent interior node for all action-related settings in the LAPS CSP | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -93,7 +93,7 @@ Defines the parent interior node for all action-related settings in the LAPS CSP | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: [10.0.20348.1663] and later
:heavy_check_mark: [10.0.25145] and later
:heavy_check_mark: Windows 10, version 1809 [10.0.17763.4244] and later
:heavy_check_mark: Windows 10, version 2004 [10.0.19041.2784] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000.1754] and later
:heavy_check_mark: Windows 11, version 22H2 [10.0.22621.1480] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ [10.0.20348.1663] and later
✅ [10.0.25145] and later
✅ Windows 10, version 1809 [10.0.17763.4244] and later
✅ Windows 10, version 2004 [10.0.19041.2784] and later
✅ Windows 11, version 21H2 [10.0.22000.1754] and later
✅ Windows 11, version 22H2 [10.0.22621.1480] and later | @@ -117,7 +117,7 @@ This action invokes an immediate reset of the local administrator account passwo | Property name | Property value | |:--|:--| -| Format | null | +| Format | `null` | | Access Type | Exec | @@ -133,7 +133,7 @@ This action invokes an immediate reset of the local administrator account passwo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: [10.0.20348.1663] and later
:heavy_check_mark: [10.0.25145] and later
:heavy_check_mark: Windows 10, version 1809 [10.0.17763.4244] and later
:heavy_check_mark: Windows 10, version 2004 [10.0.19041.2784] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000.1754] and later
:heavy_check_mark: Windows 11, version 22H2 [10.0.22621.1480] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ [10.0.20348.1663] and later
✅ [10.0.25145] and later
✅ Windows 10, version 1809 [10.0.17763.4244] and later
✅ Windows 10, version 2004 [10.0.19041.2784] and later
✅ Windows 11, version 21H2 [10.0.22000.1754] and later
✅ Windows 11, version 22H2 [10.0.22621.1480] and later | @@ -161,7 +161,7 @@ The value returned is an HRESULT code: | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | | Default Value | 0 | @@ -178,7 +178,7 @@ The value returned is an HRESULT code: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: [10.0.20348.1663] and later
:heavy_check_mark: [10.0.25145] and later
:heavy_check_mark: Windows 10, version 1809 [10.0.17763.4244] and later
:heavy_check_mark: Windows 10, version 2004 [10.0.19041.2784] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000.1754] and later
:heavy_check_mark: Windows 11, version 22H2 [10.0.22621.1480] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ [10.0.20348.1663] and later
✅ [10.0.25145] and later
✅ Windows 10, version 1809 [10.0.17763.4244] and later
✅ Windows 10, version 2004 [10.0.19041.2784] and later
✅ Windows 11, version 21H2 [10.0.22000.1754] and later
✅ Windows 11, version 22H2 [10.0.22621.1480] and later | @@ -201,7 +201,7 @@ Root node for LAPS policies. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | | Atomic Required | True | @@ -218,7 +218,7 @@ Root node for LAPS policies. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: [10.0.20348.1663] and later
:heavy_check_mark: [10.0.25145] and later
:heavy_check_mark: Windows 10, version 1809 [10.0.17763.4244] and later
:heavy_check_mark: Windows 10, version 2004 [10.0.19041.2784] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000.1754] and later
:heavy_check_mark: Windows 11, version 22H2 [10.0.22621.1480] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ [10.0.20348.1663] and later
✅ [10.0.25145] and later
✅ Windows 10, version 1809 [10.0.17763.4244] and later
✅ Windows 10, version 2004 [10.0.19041.2784] and later
✅ Windows 11, version 21H2 [10.0.22000.1754] and later
✅ Windows 11, version 22H2 [10.0.22621.1480] and later | @@ -249,7 +249,7 @@ This setting has a maximum allowed value of 12 passwords. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[0-12]` | | Default Value | 0 | @@ -268,7 +268,7 @@ This setting has a maximum allowed value of 12 passwords. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: [10.0.20348.1663] and later
:heavy_check_mark: [10.0.25145] and later
:heavy_check_mark: Windows 10, version 1809 [10.0.17763.4244] and later
:heavy_check_mark: Windows 10, version 2004 [10.0.19041.2784] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000.1754] and later
:heavy_check_mark: Windows 11, version 22H2 [10.0.22621.1480] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ [10.0.20348.1663] and later
✅ [10.0.25145] and later
✅ Windows 10, version 1809 [10.0.17763.4244] and later
✅ Windows 10, version 2004 [10.0.19041.2784] and later
✅ Windows 11, version 21H2 [10.0.22000.1754] and later
✅ Windows 11, version 22H2 [10.0.22621.1480] and later | @@ -297,7 +297,7 @@ Note if a custom managed local administrator account name is specified in this s | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -313,7 +313,7 @@ Note if a custom managed local administrator account name is specified in this s | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: [10.0.20348.1663] and later
:heavy_check_mark: [10.0.25145] and later
:heavy_check_mark: Windows 10, version 1809 [10.0.17763.4244] and later
:heavy_check_mark: Windows 10, version 2004 [10.0.19041.2784] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000.1754] and later
:heavy_check_mark: Windows 11, version 22H2 [10.0.22621.1480] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ [10.0.20348.1663] and later
✅ [10.0.25145] and later
✅ Windows 10, version 1809 [10.0.17763.4244] and later
✅ Windows 10, version 2004 [10.0.19041.2784] and later
✅ Windows 11, version 21H2 [10.0.22000.1754] and later
✅ Windows 11, version 22H2 [10.0.22621.1480] and later | @@ -348,7 +348,7 @@ If not specified, this setting defaults to True. | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Add, Delete, Get, Replace | | Default Value | True | | Dependency [BackupDirectory] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/LAPS/Policies/BackupDirectory`
Dependency Allowed Value: `2`
Dependency Allowed Value Type: `ENUM`
| @@ -375,7 +375,7 @@ If not specified, this setting defaults to True. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: [10.0.20348.1663] and later
:heavy_check_mark: [10.0.25145] and later
:heavy_check_mark: Windows 10, version 1809 [10.0.17763.4244] and later
:heavy_check_mark: Windows 10, version 2004 [10.0.19041.2784] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000.1754] and later
:heavy_check_mark: Windows 11, version 22H2 [10.0.22621.1480] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ [10.0.20348.1663] and later
✅ [10.0.25145] and later
✅ Windows 10, version 1809 [10.0.17763.4244] and later
✅ Windows 10, version 2004 [10.0.19041.2784] and later
✅ Windows 11, version 21H2 [10.0.22000.1754] and later
✅ Windows 11, version 22H2 [10.0.22621.1480] and later | @@ -414,7 +414,7 @@ If the specified user or group account is invalid the device will fallback to us | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Dependency [BackupDirectory] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/LAPS/Policies/BackupDirectory`
Dependency Allowed Value: `2`
Dependency Allowed Value Type: `ENUM`
| @@ -431,7 +431,7 @@ If the specified user or group account is invalid the device will fallback to us | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: [10.0.20348.1663] and later
:heavy_check_mark: [10.0.25145] and later
:heavy_check_mark: Windows 10, version 1809 [10.0.17763.4244] and later
:heavy_check_mark: Windows 10, version 2004 [10.0.19041.2784] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000.1754] and later
:heavy_check_mark: Windows 11, version 22H2 [10.0.22621.1480] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ [10.0.20348.1663] and later
✅ [10.0.25145] and later
✅ Windows 10, version 1809 [10.0.17763.4244] and later
✅ Windows 10, version 2004 [10.0.19041.2784] and later
✅ Windows 11, version 21H2 [10.0.22000.1754] and later
✅ Windows 11, version 22H2 [10.0.22621.1480] and later | @@ -462,7 +462,7 @@ If not specified, this setting will default to 0. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -489,7 +489,7 @@ If not specified, this setting will default to 0. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: [10.0.20348.1663] and later
:heavy_check_mark: [10.0.25145] and later
:heavy_check_mark: Windows 10, version 1809 [10.0.17763.4244] and later
:heavy_check_mark: Windows 10, version 2004 [10.0.19041.2784] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000.1754] and later
:heavy_check_mark: Windows 11, version 22H2 [10.0.22621.1480] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ [10.0.20348.1663] and later
✅ [10.0.25145] and later
✅ Windows 10, version 1809 [10.0.17763.4244] and later
✅ Windows 10, version 2004 [10.0.19041.2784] and later
✅ Windows 11, version 21H2 [10.0.22000.1754] and later
✅ Windows 11, version 22H2 [10.0.22621.1480] and later | @@ -518,7 +518,7 @@ This setting has a maximum allowed value of 365 days. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[1-365]` | | Default Value | 30 | @@ -537,7 +537,7 @@ This setting has a maximum allowed value of 365 days. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: [10.0.20348.1663] and later
:heavy_check_mark: [10.0.25145] and later
:heavy_check_mark: Windows 10, version 1809 [10.0.17763.4244] and later
:heavy_check_mark: Windows 10, version 2004 [10.0.19041.2784] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000.1754] and later
:heavy_check_mark: Windows 11, version 22H2 [10.0.22621.1480] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ [10.0.20348.1663] and later
✅ [10.0.25145] and later
✅ Windows 10, version 1809 [10.0.17763.4244] and later
✅ Windows 10, version 2004 [10.0.19041.2784] and later
✅ Windows 11, version 21H2 [10.0.22000.1754] and later
✅ Windows 11, version 22H2 [10.0.22621.1480] and later | @@ -571,7 +571,7 @@ If not specified, this setting will default to 4. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 4 | @@ -599,7 +599,7 @@ If not specified, this setting will default to 4. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: [10.0.20348.1663] and later
:heavy_check_mark: [10.0.25145] and later
:heavy_check_mark: Windows 10, version 1809 [10.0.17763.4244] and later
:heavy_check_mark: Windows 10, version 2004 [10.0.19041.2784] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000.1754] and later
:heavy_check_mark: Windows 11, version 22H2 [10.0.22621.1480] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ [10.0.20348.1663] and later
✅ [10.0.25145] and later
✅ Windows 10, version 1809 [10.0.17763.4244] and later
✅ Windows 10, version 2004 [10.0.19041.2784] and later
✅ Windows 11, version 21H2 [10.0.22000.1754] and later
✅ Windows 11, version 22H2 [10.0.22621.1480] and later | @@ -628,7 +628,7 @@ If not specified, this setting defaults to True. | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Add, Delete, Get, Replace | | Default Value | True | | Dependency [BackupDirectory] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/LAPS/Policies/BackupDirectory`
Dependency Allowed Value: `2`
Dependency Allowed Value Type: `ENUM`
| @@ -655,7 +655,7 @@ If not specified, this setting defaults to True. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: [10.0.20348.1663] and later
:heavy_check_mark: [10.0.25145] and later
:heavy_check_mark: Windows 10, version 1809 [10.0.17763.4244] and later
:heavy_check_mark: Windows 10, version 2004 [10.0.19041.2784] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000.1754] and later
:heavy_check_mark: Windows 11, version 22H2 [10.0.22621.1480] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ [10.0.20348.1663] and later
✅ [10.0.25145] and later
✅ Windows 10, version 1809 [10.0.17763.4244] and later
✅ Windows 10, version 2004 [10.0.19041.2784] and later
✅ Windows 11, version 21H2 [10.0.22000.1754] and later
✅ Windows 11, version 22H2 [10.0.22621.1480] and later | @@ -684,7 +684,7 @@ This setting has a maximum allowed value of 64 characters. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[8-64]` | | Default Value | 14 | @@ -702,7 +702,7 @@ This setting has a maximum allowed value of 64 characters. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: [10.0.20348.1663] and later
:heavy_check_mark: [10.0.25145] and later
:heavy_check_mark: Windows 10, version 1809 [10.0.17763.4244] and later
:heavy_check_mark: Windows 10, version 2004 [10.0.19041.2784] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000.1754] and later
:heavy_check_mark: Windows 11, version 22H2 [10.0.22621.1480] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ [10.0.20348.1663] and later
✅ [10.0.25145] and later
✅ Windows 10, version 1809 [10.0.17763.4244] and later
✅ Windows 10, version 2004 [10.0.19041.2784] and later
✅ Windows 11, version 21H2 [10.0.22000.1754] and later
✅ Windows 11, version 22H2 [10.0.22621.1480] and later | @@ -732,7 +732,7 @@ If not specified, this setting will default to 3 (Reset the password and logoff | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 3 | @@ -759,7 +759,7 @@ If not specified, this setting will default to 3 (Reset the password and logoff | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: [10.0.20348.1663] and later
:heavy_check_mark: [10.0.25145] and later
:heavy_check_mark: Windows 10, version 1809 [10.0.17763.4244] and later
:heavy_check_mark: Windows 10, version 2004 [10.0.19041.2784] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000.1754] and later
:heavy_check_mark: Windows 11, version 22H2 [10.0.22621.1480] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ [10.0.20348.1663] and later
✅ [10.0.25145] and later
✅ Windows 10, version 1809 [10.0.17763.4244] and later
✅ Windows 10, version 2004 [10.0.19041.2784] and later
✅ Windows 11, version 21H2 [10.0.22000.1754] and later
✅ Windows 11, version 22H2 [10.0.22621.1480] and later | @@ -788,7 +788,7 @@ This setting has a maximum allowed value of 24 hours. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[0-24]` | | Default Value | 24 | diff --git a/windows/client-management/mdm/networkproxy-csp.md b/windows/client-management/mdm/networkproxy-csp.md index 44b8f2d7ae..120a1757e9 100644 --- a/windows/client-management/mdm/networkproxy-csp.md +++ b/windows/client-management/mdm/networkproxy-csp.md @@ -4,7 +4,7 @@ description: Learn more about the NetworkProxy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 02/28/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -47,7 +47,7 @@ The following list shows the NetworkProxy configuration service provider nodes: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -70,7 +70,7 @@ Automatically detect settings. If enabled, the system tries to find the path to | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Delete, Get, Replace | | Default Value | 1 | @@ -96,7 +96,7 @@ Automatically detect settings. If enabled, the system tries to find the path to | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -119,7 +119,7 @@ Node for configuring a static proxy for Ethernet and Wi-Fi connections. The same | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -135,7 +135,7 @@ Node for configuring a static proxy for Ethernet and Wi-Fi connections. The same | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -158,7 +158,7 @@ Addresses that should not use the proxy server. The system will not use the prox | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Delete, Get, Replace | | Allowed Values | List (Delimiter: `;`) | @@ -175,7 +175,7 @@ Addresses that should not use the proxy server. The system will not use the prox | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -198,7 +198,7 @@ Address to the proxy server. Specify an address in the format ``[":"` @@ -214,7 +214,7 @@ Address to the proxy server. Specify an address in the format ``[":"` | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -237,7 +237,7 @@ Specifies whether the proxy server should be used for local (intranet) addresses | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Delete, Get, Replace | | Default Value | 0 | @@ -263,7 +263,7 @@ Specifies whether the proxy server should be used for local (intranet) addresses | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -288,7 +288,7 @@ When set to 0, it enables proxy configuration as global, machine wide. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Delete, Get, Replace | | Default Value | 1 | @@ -314,7 +314,7 @@ When set to 0, it enables proxy configuration as global, machine wide. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -337,7 +337,7 @@ Address to the PAC script you want to use. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Delete, Get, Replace | diff --git a/windows/client-management/mdm/networkqospolicy-csp.md b/windows/client-management/mdm/networkqospolicy-csp.md index 6d224dd68d..03fc13cf06 100644 --- a/windows/client-management/mdm/networkqospolicy-csp.md +++ b/windows/client-management/mdm/networkqospolicy-csp.md @@ -4,7 +4,7 @@ description: Learn more about the NetworkQoSPolicy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 02/28/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -60,7 +60,7 @@ The following list shows the NetworkQoSPolicy configuration service provider nod | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2009 [10.0.19042] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2009 [10.0.19042] and later | @@ -83,7 +83,7 @@ The value of this node should be a policy name. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Delete, Get, Replace | | Dynamic Node Naming | UniqueName: The value of this node should be a policy name. | @@ -100,7 +100,7 @@ The value of this node should be a policy name. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2009 [10.0.19042] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2009 [10.0.19042] and later | @@ -123,7 +123,7 @@ Specifies the name of an application to be used to match the network traffic, su | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -139,7 +139,7 @@ Specifies the name of an application to be used to match the network traffic, su | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2009 [10.0.19042] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2009 [10.0.19042] and later | @@ -162,7 +162,7 @@ Specifies a single port or a range of ports to be used to match the network traf | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -178,7 +178,7 @@ Specifies a single port or a range of ports to be used to match the network traf | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2009 [10.0.19042] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2009 [10.0.19042] and later | @@ -201,7 +201,7 @@ The differentiated services code point (DSCP) value to apply to matching network | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[0-63]` | @@ -218,7 +218,7 @@ The differentiated services code point (DSCP) value to apply to matching network | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2009 [10.0.19042] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2009 [10.0.19042] and later | @@ -241,7 +241,7 @@ Specifies the IP protocol used to match the network traffic. Valid values are 0: | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -258,7 +258,7 @@ Specifies the IP protocol used to match the network traffic. Valid values are 0: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2009 [10.0.19042] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2009 [10.0.19042] and later | @@ -281,7 +281,7 @@ The IEEE 802.1p value to apply to matching network traffice. Valid values are 0- | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[0-7]` | @@ -298,7 +298,7 @@ The IEEE 802.1p value to apply to matching network traffice. Valid values are 0- | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2009 [10.0.19042] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2009 [10.0.19042] and later | @@ -321,7 +321,7 @@ Specifies a single port or a range of ports to be used to match the network traf | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -337,7 +337,7 @@ Specifies a single port or a range of ports to be used to match the network traf | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2009 [10.0.19042] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2009 [10.0.19042] and later | @@ -360,7 +360,7 @@ Version information. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | diff --git a/windows/client-management/mdm/nodecache-csp.md b/windows/client-management/mdm/nodecache-csp.md index e3a206ff86..4d33ae9f76 100644 --- a/windows/client-management/mdm/nodecache-csp.md +++ b/windows/client-management/mdm/nodecache-csp.md @@ -4,7 +4,7 @@ description: Learn more about the NodeCache CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 02/28/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -62,7 +62,7 @@ The following list shows the NodeCache configuration service provider nodes: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -85,7 +85,7 @@ Group settings per DM server. Each group of settings is distinguished by the ser | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Delete, Get | | Dynamic Node Naming | UniqueName: It should be the same DM server PROVIDER-ID value that was supplied through the w7 APPLICATION configuration service provider XML during the enrollment process. | @@ -102,7 +102,7 @@ Group settings per DM server. Each group of settings is distinguished by the ser | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -125,7 +125,7 @@ Character string representing the cache version set by the server. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Get, Replace | @@ -141,7 +141,7 @@ Character string representing the cache version set by the server. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -164,7 +164,7 @@ List of nodes whose values do not match their expected values as specified in /N | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -180,7 +180,7 @@ List of nodes whose values do not match their expected values as specified in /N | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -203,7 +203,7 @@ XML containing nodes whose values do not match their expected values as specifie | Property name | Property value | |:--|:--| -| Format | xml | +| Format | `xml` | | Access Type | Get | @@ -219,7 +219,7 @@ XML containing nodes whose values do not match their expected values as specifie | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -242,7 +242,7 @@ Root node for cached nodes. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -258,7 +258,7 @@ Root node for cached nodes. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -281,7 +281,7 @@ Information about each cached node is stored under NodeID as specified by the se | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Delete, Get | | Dynamic Node Naming | ServerGeneratedUniqueIdentifier | @@ -298,7 +298,7 @@ Information about each cached node is stored under NodeID as specified by the se | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -321,7 +321,7 @@ This will automatically set the value on the device to match the node's actual v | Property name | Property value | |:--|:--| -| Format | null | +| Format | `null` | | Access Type | Add, Delete, Get | @@ -337,7 +337,7 @@ This will automatically set the value on the device to match the node's actual v | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -361,7 +361,7 @@ Supported values are string and x-nodemon-nonexistent. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get | @@ -395,7 +395,7 @@ Here's an example for setting the ExpectedValue to nonexistent. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -418,7 +418,7 @@ This node's value is a complete OMA DM node URI. It can specify either an interi | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get | @@ -434,7 +434,7 @@ This node's value is a complete OMA DM node URI. It can specify either an interi | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -457,7 +457,7 @@ Group settings per DM server. Each group of settings is distinguished by the ser | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Delete, Get | | Dynamic Node Naming | UniqueName: It should be the same DM server PROVIDER-ID value that was supplied through the w7 APPLICATION configuration service provider XML during the enrollment process. | @@ -474,7 +474,7 @@ Group settings per DM server. Each group of settings is distinguished by the ser | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -497,7 +497,7 @@ Character string representing the cache version set by the server. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Get, Replace | @@ -513,7 +513,7 @@ Character string representing the cache version set by the server. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -536,7 +536,7 @@ List of nodes whose values do not match their expected values as specified in /N | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -552,7 +552,7 @@ List of nodes whose values do not match their expected values as specified in /N | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -575,7 +575,7 @@ XML containing nodes whose values do not match their expected values as specifie | Property name | Property value | |:--|:--| -| Format | xml | +| Format | `xml` | | Access Type | Get | @@ -591,7 +591,7 @@ XML containing nodes whose values do not match their expected values as specifie | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -614,7 +614,7 @@ Root node for cached nodes. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -630,7 +630,7 @@ Root node for cached nodes. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -653,7 +653,7 @@ Information about each cached node is stored under NodeID as specified by the se | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Delete, Get | | Dynamic Node Naming | ServerGeneratedUniqueIdentifier | @@ -670,7 +670,7 @@ Information about each cached node is stored under NodeID as specified by the se | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -693,7 +693,7 @@ This will automatically set the value on the device to match the node's actual v | Property name | Property value | |:--|:--| -| Format | null | +| Format | `null` | | Access Type | Add, Delete, Get | @@ -709,7 +709,7 @@ This will automatically set the value on the device to match the node's actual v | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -733,7 +733,7 @@ Supported values are string and x-nodemon-nonexistent. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get | @@ -767,7 +767,7 @@ Here's an example for setting the ExpectedValue to nonexistent. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -790,7 +790,7 @@ This node's value is a complete OMA DM node URI. It can specify either an interi | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get | diff --git a/windows/client-management/mdm/office-csp.md b/windows/client-management/mdm/office-csp.md index 525461336f..887ab52ddd 100644 --- a/windows/client-management/mdm/office-csp.md +++ b/windows/client-management/mdm/office-csp.md @@ -4,7 +4,7 @@ description: Learn more about the Office CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 02/28/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -46,7 +46,7 @@ The following list shows the Office configuration service provider nodes: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -69,7 +69,7 @@ Installation options for the office CSP. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -85,7 +85,7 @@ Installation options for the office CSP. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -108,7 +108,7 @@ A unique identifier which represents the installation instance id. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Delete, Get | | Dynamic Node Naming | UniqueName: A unique identifier which represents the installation instance id. | @@ -125,7 +125,7 @@ A unique identifier which represents the installation instance id. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later | @@ -152,7 +152,7 @@ Final Office 365 installation status. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | @@ -168,7 +168,7 @@ Final Office 365 installation status. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -191,7 +191,7 @@ The install action will install office given the configuration in the data. The | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Exec, Get | @@ -207,7 +207,7 @@ The install action will install office given the configuration in the data. The | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -230,7 +230,7 @@ The installation status of the CSP. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | @@ -246,7 +246,7 @@ The installation status of the CSP. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -269,7 +269,7 @@ The current Office 365 installation status on the machine. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -285,7 +285,7 @@ The current Office 365 installation status on the machine. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -308,7 +308,7 @@ Installation options for the office CSP. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -324,7 +324,7 @@ Installation options for the office CSP. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -347,7 +347,7 @@ A unique identifier which represents the installation instance id. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Delete, Get | | Dynamic Node Naming | UniqueName: A unique identifier which represents the installation instance id. | @@ -364,7 +364,7 @@ A unique identifier which represents the installation instance id. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later | @@ -387,7 +387,7 @@ Final Office 365 installation status. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | @@ -403,7 +403,7 @@ Final Office 365 installation status. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -426,7 +426,7 @@ The install action will install office given the configuration in the data. The | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Exec, Get | @@ -442,7 +442,7 @@ The install action will install office given the configuration in the data. The | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -465,7 +465,7 @@ The installation status of the CSP. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | @@ -481,7 +481,7 @@ The installation status of the CSP. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -504,7 +504,7 @@ The current Office 365 installation status on the machine. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | diff --git a/windows/client-management/mdm/passportforwork-csp.md b/windows/client-management/mdm/passportforwork-csp.md index e55a44f67b..b9eec47e30 100644 --- a/windows/client-management/mdm/passportforwork-csp.md +++ b/windows/client-management/mdm/passportforwork-csp.md @@ -89,7 +89,7 @@ The following list shows the PassportForWork configuration service provider node | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -113,7 +113,7 @@ To get the GUID, use the PowerShell cmdlet [Get-AzureAccount](/powershell/module | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Delete, Get | | Dynamic Node Naming | UniqueName: A globally unique identifier (GUID), without curly braces ( { , } ), that is used as part of Windows Hello for Business provisioning and management. To get a GUID, use the PowerShell cmdlet Get-AzureAccount. For more information see https://devblogs.microsoft.com/scripting/get-windows-azure-active-directory-tenant-id-in-windows-powershell. | @@ -130,7 +130,7 @@ To get the GUID, use the PowerShell cmdlet [Get-AzureAccount](/powershell/module | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -153,7 +153,7 @@ Root node for policies. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Delete, Get | @@ -169,7 +169,7 @@ Root node for policies. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows Insider Preview | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows Insider Preview | @@ -192,7 +192,7 @@ Do not start Windows Hello provisioning after sign-in. | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Add, Delete, Get, Replace | | Default Value | False | @@ -218,7 +218,7 @@ Do not start Windows Hello provisioning after sign-in. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -245,7 +245,7 @@ If the user forgets their PIN, it can be changed to a new PIN using the Windows | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Add, Delete, Get, Replace | | Default Value | False | @@ -271,7 +271,7 @@ If the user forgets their PIN, it can be changed to a new PIN using the Windows | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -296,7 +296,7 @@ Root node for excluded security devices. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Delete, Get | @@ -312,7 +312,7 @@ Root node for excluded security devices. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -339,7 +339,7 @@ Some Trusted Platform Modules (TPMs) are only compliant with the older 1.2 revis | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Add, Delete, Get, Replace | | Default Value | False | @@ -365,7 +365,7 @@ Some Trusted Platform Modules (TPMs) are only compliant with the older 1.2 revis | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -388,7 +388,7 @@ Root node for PIN policies. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Delete, Get | @@ -404,7 +404,7 @@ Root node for PIN policies. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -433,7 +433,7 @@ If you do not configure this policy setting, Windows Hello for Business requires | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -460,7 +460,7 @@ If you do not configure this policy setting, Windows Hello for Business requires | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -483,7 +483,7 @@ This policy specifies when the PIN expires (in days). Valid values are 0 to 730 | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[0-730]` | | Default Value | 0 | @@ -501,7 +501,7 @@ This policy specifies when the PIN expires (in days). Valid values are 0 to 730 | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -524,7 +524,7 @@ This policy specifies the number of past PINs that can be stored in the history | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[0-50]` | | Default Value | 0 | @@ -542,7 +542,7 @@ This policy specifies the number of past PINs that can be stored in the history | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -571,7 +571,7 @@ If you do not configure this policy setting, Windows Hello for Business does not | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -598,7 +598,7 @@ If you do not configure this policy setting, Windows Hello for Business does not | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -628,7 +628,7 @@ Maximum PIN length configures the maximum number of characters allowed for the P | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[4-127]` | | Default Value | 127 | @@ -646,7 +646,7 @@ Maximum PIN length configures the maximum number of characters allowed for the P | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -676,7 +676,7 @@ Minimum PIN length configures the minimum number of characters required for the | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[4-127]` | | Default Value | 4 | @@ -694,7 +694,7 @@ Minimum PIN length configures the minimum number of characters required for the | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -723,7 +723,7 @@ If you do not configure this policy setting, Windows Hello for Business does not | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -750,7 +750,7 @@ If you do not configure this policy setting, Windows Hello for Business does not | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -779,7 +779,7 @@ If you do not configure this policy setting, Windows Hello for Business does not | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -806,7 +806,7 @@ If you do not configure this policy setting, Windows Hello for Business does not | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -829,7 +829,7 @@ Root node for phone sign-in policies. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Delete, Get | @@ -845,7 +845,7 @@ Root node for phone sign-in policies. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -875,7 +875,7 @@ Default value is false. | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Add, Delete, Get, Replace | | Default Value | False | @@ -901,7 +901,7 @@ Default value is false. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -928,7 +928,7 @@ A Trusted Platform Module (TPM) provides additional security benefits over softw | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Add, Delete, Get, Replace | | Default Value | False | @@ -954,7 +954,7 @@ A Trusted Platform Module (TPM) provides additional security benefits over softw | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -981,7 +981,7 @@ Windows Hello for Business can use certificates to authenticate to on-premise re | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Add, Delete, Get, Replace | | Default Value | False | @@ -1007,7 +1007,7 @@ Windows Hello for Business can use certificates to authenticate to on-premise re | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 21H2 [10.0.19044.1566] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000.527] and later
:heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 21H2 [10.0.19044.1566] and later
✅ Windows 11, version 21H2 [10.0.22000.527] and later
✅ Windows 11, version 22H2 [10.0.22621] and later | @@ -1034,7 +1034,7 @@ Boolean value that enables Windows Hello for Business to use Azure AD Kerberos t | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Add, Delete, Get, Replace | | Default Value | False | @@ -1060,7 +1060,7 @@ Boolean value that enables Windows Hello for Business to use Azure AD Kerberos t | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later | @@ -1088,7 +1088,7 @@ Windows requires a user to lock and unlock their session after changing this set | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Add, Delete, Get, Replace | | Default Value | False | @@ -1114,7 +1114,7 @@ Windows requires a user to lock and unlock their session after changing this set | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1141,7 +1141,7 @@ Windows Hello for Business is an alternative method for signing into Windows usi | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Add, Delete, Get, Replace | | Default Value | True | @@ -1167,7 +1167,7 @@ Windows Hello for Business is an alternative method for signing into Windows usi | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1190,7 +1190,7 @@ Root node for biometrics policies. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -1206,7 +1206,7 @@ Root node for biometrics policies. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later | @@ -1229,7 +1229,7 @@ Enhanced Sign-in Security (ESS) isolates both biometric template data and matchi | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -1264,7 +1264,7 @@ Enhanced Sign-in Security (ESS) isolates both biometric template data and matchi | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1295,7 +1295,7 @@ Note that enhanced anti-spoofing for Windows Hello face authentication is not re | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Add, Delete, Get, Replace | | Default Value | False | @@ -1321,7 +1321,7 @@ Note that enhanced anti-spoofing for Windows Hello face authentication is not re | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1353,7 +1353,7 @@ Windows Hello for Business enables users to use biometric gestures, such as face | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Add, Delete, Get, Replace | | Default Value | False | @@ -1379,7 +1379,7 @@ Windows Hello for Business enables users to use biometric gestures, such as face | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -1402,7 +1402,7 @@ Device Unlock. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -1418,7 +1418,7 @@ Device Unlock. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -1441,7 +1441,7 @@ Contains a list of providers by GUID that are to be considered for the first ste | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Regular Expression: `{[0-9A-Fa-f]{8}\-[0-9A-Fa-f]{4}\-[0-9A-Fa-f]{4}\-[0-9A-Fa-f]{4}\-[0-9A-Fa-f]{12}\}` | @@ -1458,7 +1458,7 @@ Contains a list of providers by GUID that are to be considered for the first ste | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -1481,7 +1481,7 @@ Contains a list of providers by GUID that are to be considered for the second st | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Regular Expression: `{[0-9A-Fa-f]{8}\-[0-9A-Fa-f]{4}\-[0-9A-Fa-f]{4}\-[0-9A-Fa-f]{4}\-[0-9A-Fa-f]{12}\}` | @@ -1498,7 +1498,7 @@ Contains a list of providers by GUID that are to be considered for the second st | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -1521,7 +1521,7 @@ List of plugins that the passive provider monitors to detect user presence. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1537,7 +1537,7 @@ List of plugins that the passive provider monitors to detect user presence. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -1560,7 +1560,7 @@ Dynamic Lock. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -1576,7 +1576,7 @@ Dynamic Lock. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -1599,7 +1599,7 @@ Enables/Disables Dynamic Lock. | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Add, Delete, Get, Replace | | Default Value | False | @@ -1625,7 +1625,7 @@ Enables/Disables Dynamic Lock. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -1648,7 +1648,7 @@ List of plugins that the passive provider monitors to detect user absence. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1664,7 +1664,7 @@ List of plugins that the passive provider monitors to detect user absence. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1903 [10.0.18362] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later | @@ -1687,7 +1687,7 @@ Security Key. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -1703,7 +1703,7 @@ Security Key. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1903 [10.0.18362] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later | @@ -1727,7 +1727,7 @@ Enables users to sign in to their device with a [FIDO2 security key](/azure/acti | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -1756,7 +1756,7 @@ Enables users to sign in to their device with a [FIDO2 security key](/azure/acti | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1788,7 +1788,7 @@ Windows Hello for Business enables users to use biometric gestures, such as face | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Add, Delete, Get, Replace | | Default Value | False | @@ -1814,7 +1814,7 @@ Windows Hello for Business enables users to use biometric gestures, such as face | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1838,7 +1838,7 @@ To get the GUID, use the PowerShell cmdlet [Get-AzureAccount](/powershell/module | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Delete, Get | | Dynamic Node Naming | UniqueName: A globally unique identifier (GUID), without curly braces ( { , } ), that is used as part of Windows Hello for Business provisioning and management. To get a GUID, use the PowerShell cmdlet Get-AzureAccount. For more information see https://devblogs.microsoft.com/scripting/get-windows-azure-active-directory-tenant-id-in-windows-powershell. | @@ -1855,7 +1855,7 @@ To get the GUID, use the PowerShell cmdlet [Get-AzureAccount](/powershell/module | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1878,7 +1878,7 @@ Root node for policies. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Delete, Get | @@ -1894,7 +1894,7 @@ Root node for policies. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -1921,7 +1921,7 @@ If the user forgets their PIN, it can be changed to a new PIN using the Windows | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Add, Delete, Get, Replace | | Default Value | False | @@ -1947,7 +1947,7 @@ If the user forgets their PIN, it can be changed to a new PIN using the Windows | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1970,7 +1970,7 @@ Root node for PIN policies. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Delete, Get | @@ -1986,7 +1986,7 @@ Root node for PIN policies. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -2015,7 +2015,7 @@ If you do not configure this policy setting, Windows Hello for Business requires | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -2042,7 +2042,7 @@ If you do not configure this policy setting, Windows Hello for Business requires | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -2065,7 +2065,7 @@ This policy specifies when the PIN expires (in days). Valid values are 0 to 730 | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[0-730]` | | Default Value | 0 | @@ -2083,7 +2083,7 @@ This policy specifies when the PIN expires (in days). Valid values are 0 to 730 | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -2106,7 +2106,7 @@ This policy specifies the number of past PINs that can be stored in the history | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[0-50]` | | Default Value | 0 | @@ -2124,7 +2124,7 @@ This policy specifies the number of past PINs that can be stored in the history | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -2153,7 +2153,7 @@ If you do not configure this policy setting, Windows Hello for Business does not | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -2180,7 +2180,7 @@ If you do not configure this policy setting, Windows Hello for Business does not | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -2210,7 +2210,7 @@ Maximum PIN length configures the maximum number of characters allowed for the P | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[4-127]` | | Default Value | 127 | @@ -2228,7 +2228,7 @@ Maximum PIN length configures the maximum number of characters allowed for the P | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -2258,7 +2258,7 @@ Minimum PIN length configures the minimum number of characters required for the | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[4-127]` | | Default Value | 4 | @@ -2276,7 +2276,7 @@ Minimum PIN length configures the minimum number of characters required for the | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -2305,7 +2305,7 @@ If you do not configure this policy setting, Windows Hello for Business does not | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -2332,7 +2332,7 @@ If you do not configure this policy setting, Windows Hello for Business does not | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -2361,7 +2361,7 @@ If you do not configure this policy setting, Windows Hello for Business does not | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -2388,7 +2388,7 @@ If you do not configure this policy setting, Windows Hello for Business does not | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -2415,7 +2415,7 @@ A Trusted Platform Module (TPM) provides additional security benefits over softw | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Add, Delete, Get, Replace | | Default Value | False | @@ -2441,7 +2441,7 @@ A Trusted Platform Module (TPM) provides additional security benefits over softw | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -2468,7 +2468,7 @@ Windows Hello for Business is an alternative method for signing into Windows usi | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Add, Delete, Get, Replace | | Default Value | True | diff --git a/windows/client-management/mdm/personaldataencryption-csp.md b/windows/client-management/mdm/personaldataencryption-csp.md index 9477520647..ad6900a0f4 100644 --- a/windows/client-management/mdm/personaldataencryption-csp.md +++ b/windows/client-management/mdm/personaldataencryption-csp.md @@ -4,7 +4,7 @@ description: Learn more about the PDE CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 04/14/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -36,7 +36,7 @@ The following list shows the PDE configuration service provider nodes: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:x: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:x: Windows SE | :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later | +| ❌ Device
✅ User | ❌ Pro
✅ Enterprise
✅ Education
❌ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later | @@ -60,7 +60,7 @@ The [UserDataProtectionManager Class](/uwp/api/windows.security.dataprotection.u | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | @@ -85,7 +85,7 @@ The [UserDataProtectionManager Class](/uwp/api/windows.security.dataprotection.u | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:x: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:x: Windows SE | :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later | +| ❌ Device
✅ User | ❌ Pro
✅ Enterprise
✅ Education
❌ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later | @@ -111,7 +111,7 @@ Reports the current status of Personal Data Encryption (PDE) for the user. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -127,7 +127,7 @@ Reports the current status of Personal Data Encryption (PDE) for the user. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:x: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:x: Windows SE | :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later | +| ❌ Device
✅ User | ❌ Pro
✅ Enterprise
✅ Education
❌ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later | @@ -150,7 +150,7 @@ This node reports the current state of Personal Data Encryption for a user. '0' | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | diff --git a/windows/client-management/mdm/personalization-csp.md b/windows/client-management/mdm/personalization-csp.md index 822238c6fa..2a42cdce89 100644 --- a/windows/client-management/mdm/personalization-csp.md +++ b/windows/client-management/mdm/personalization-csp.md @@ -4,7 +4,7 @@ description: Learn more about the Personalization CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 02/28/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -37,7 +37,7 @@ The following list shows the Personalization configuration service provider node | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -60,7 +60,7 @@ This represents the status of the DesktopImage. 1 - Successfully downloaded or c | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | @@ -76,7 +76,7 @@ This represents the status of the DesktopImage. 1 - Successfully downloaded or c | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -99,7 +99,7 @@ A http or https Url to a jpg, jpeg or png image that needs to be downloaded and | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -115,7 +115,7 @@ A http or https Url to a jpg, jpeg or png image that needs to be downloaded and | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -138,7 +138,7 @@ This represents the status of the LockScreenImage. 1 - Successfully downloaded o | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | @@ -154,7 +154,7 @@ This represents the status of the LockScreenImage. 1 - Successfully downloaded o | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -177,7 +177,7 @@ A http or https Url to a jpg, jpeg or png image that neeeds to be downloaded and | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index 34f29ece12..ec88461097 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -80,7 +80,7 @@ The following list shows the Policy configuration service provider nodes: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -103,7 +103,7 @@ Node for grouping all policies configured by one source. The configuration sourc | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Delete, Get | @@ -119,7 +119,7 @@ Node for grouping all policies configured by one source. The configuration sourc | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -142,7 +142,7 @@ The area group that can be configured by a single technology for a single provid | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Delete, Get | | Dynamic Node Naming | ClientInventory | @@ -159,7 +159,7 @@ The area group that can be configured by a single technology for a single provid | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -190,7 +190,7 @@ The following list shows some tips to help you when configuring policies: | Property name | Property value | |:--|:--| -| Format | null | +| Format | `null` | | Access Type | Add, Delete, Get, Replace | | Dynamic Node Naming | ClientInventory | @@ -207,7 +207,7 @@ The following list shows some tips to help you when configuring policies: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -230,7 +230,7 @@ The root node for grouping different configuration operations. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Delete, Get | @@ -246,7 +246,7 @@ The root node for grouping different configuration operations. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -273,7 +273,7 @@ Allows settings for ADMX files for Win32 and Desktop Bridge apps to be imported | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Delete, Get | @@ -289,7 +289,7 @@ Allows settings for ADMX files for Win32 and Desktop Bridge apps to be imported | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -312,7 +312,7 @@ Specifies the name of the Win32 or Desktop Bridge app associated with the ADMX f | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Delete, Get | | Dynamic Node Naming | UniqueName: Specifies the name of the Win32 or Desktop Bridge app associated with the ADMX file. | @@ -329,7 +329,7 @@ Specifies the name of the Win32 or Desktop Bridge app associated with the ADMX f | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -352,7 +352,7 @@ Setting Type of Win32 App. Policy Or Preference. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Delete, Get | | Dynamic Node Naming | UniqueName: Setting Type of Win32 App. Policy Or Preference | @@ -369,7 +369,7 @@ Setting Type of Win32 App. Policy Or Preference. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -392,7 +392,7 @@ Unique ID of ADMX file. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Dynamic Node Naming | ServerGeneratedUniqueIdentifier | @@ -409,7 +409,7 @@ Unique ID of ADMX file. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299.1481] and later
:heavy_check_mark: Windows 10, version 1803 [10.0.17134.1099] and later
:heavy_check_mark: Windows 10, version 1809 [10.0.17763.832] and later
:heavy_check_mark: Windows 10, version 1903 [10.0.18362.387] and later
:heavy_check_mark: Windows 10, version 1909 [10.0.18363] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299.1481] and later
✅ Windows 10, version 1803 [10.0.17134.1099] and later
✅ Windows 10, version 1809 [10.0.17763.832] and later
✅ Windows 10, version 1903 [10.0.18362.387] and later
✅ Windows 10, version 1909 [10.0.18363] and later | @@ -432,7 +432,7 @@ Properties of Win32 App ADMX Ingestion. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Delete, Get | @@ -448,7 +448,7 @@ Properties of Win32 App ADMX Ingestion. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299.1481] and later
:heavy_check_mark: Windows 10, version 1803 [10.0.17134.1099] and later
:heavy_check_mark: Windows 10, version 1809 [10.0.17763.832] and later
:heavy_check_mark: Windows 10, version 1903 [10.0.18362.387] and later
:heavy_check_mark: Windows 10, version 1909 [10.0.18363] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299.1481] and later
✅ Windows 10, version 1803 [10.0.17134.1099] and later
✅ Windows 10, version 1809 [10.0.17763.832] and later
✅ Windows 10, version 1903 [10.0.18362.387] and later
✅ Windows 10, version 1909 [10.0.18363] and later | @@ -471,7 +471,7 @@ Setting Type of Win32 App. Policy Or Preference. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Delete, Get | | Dynamic Node Naming | UniqueName: Setting Type of Win32 App. Policy Or Preference | @@ -488,7 +488,7 @@ Setting Type of Win32 App. Policy Or Preference. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299.1481] and later
:heavy_check_mark: Windows 10, version 1803 [10.0.17134.1099] and later
:heavy_check_mark: Windows 10, version 1809 [10.0.17763.832] and later
:heavy_check_mark: Windows 10, version 1903 [10.0.18362.387] and later
:heavy_check_mark: Windows 10, version 1909 [10.0.18363] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299.1481] and later
✅ Windows 10, version 1803 [10.0.17134.1099] and later
✅ Windows 10, version 1809 [10.0.17763.832] and later
✅ Windows 10, version 1903 [10.0.18362.387] and later
✅ Windows 10, version 1909 [10.0.18363] and later | @@ -511,7 +511,7 @@ Unique ID of ADMX file. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Delete, Get | | Dynamic Node Naming | ServerGeneratedUniqueIdentifier | @@ -528,7 +528,7 @@ Unique ID of ADMX file. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299.1481] and later
:heavy_check_mark: Windows 10, version 1803 [10.0.17134.1099] and later
:heavy_check_mark: Windows 10, version 1809 [10.0.17763.832] and later
:heavy_check_mark: Windows 10, version 1903 [10.0.18362.387] and later
:heavy_check_mark: Windows 10, version 1909 [10.0.18363] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299.1481] and later
✅ Windows 10, version 1803 [10.0.17134.1099] and later
✅ Windows 10, version 1809 [10.0.17763.832] and later
✅ Windows 10, version 1903 [10.0.18362.387] and later
✅ Windows 10, version 1909 [10.0.18363] and later | @@ -551,7 +551,7 @@ Version of ADMX file. This can be set by the server to keep a record of the vers | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -567,7 +567,7 @@ Version of ADMX file. This can be set by the server to keep a record of the vers | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -590,7 +590,7 @@ Groups the evaluated policies from all providers that can be configured. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -606,7 +606,7 @@ Groups the evaluated policies from all providers that can be configured. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -629,7 +629,7 @@ The area group that can be configured by a single technology independent of the | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | | Dynamic Node Naming | ClientInventory | @@ -646,7 +646,7 @@ The area group that can be configured by a single technology independent of the | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -669,7 +669,7 @@ Specifies the name/value pair used in the policy. See the individual Area DDFs f | Property name | Property value | |:--|:--| -| Format | null | +| Format | `null` | | Access Type | Get | | Dynamic Node Naming | ClientInventory | @@ -686,7 +686,7 @@ Specifies the name/value pair used in the policy. See the individual Area DDFs f | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:x: Pro
:x: Enterprise
:x: Education
:x: Windows SE | | +| ✅ Device
✅ User | ❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE | | @@ -709,7 +709,7 @@ Node for grouping all policies configured by one source. The configuration sourc | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Delete, Get | @@ -725,7 +725,7 @@ Node for grouping all policies configured by one source. The configuration sourc | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:x: Pro
:x: Enterprise
:x: Education
:x: Windows SE | | +| ✅ Device
✅ User | ❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE | | @@ -756,7 +756,7 @@ The following list shows some tips to help you when configuring policies: | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Delete, Get | | Dynamic Node Naming | ClientInventory | @@ -773,7 +773,7 @@ The following list shows some tips to help you when configuring policies: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:x: Pro
:x: Enterprise
:x: Education
:x: Windows SE | | +| ✅ Device
✅ User | ❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE | | @@ -796,7 +796,7 @@ Specifies the name/value pair used in the policy. See the individual Area DDFs f | Property name | Property value | |:--|:--| -| Format | null | +| Format | `null` | | Access Type | Add, Delete, Get, Replace | | Dynamic Node Naming | ClientInventory | @@ -813,7 +813,7 @@ Specifies the name/value pair used in the policy. See the individual Area DDFs f | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:x: Pro
:x: Enterprise
:x: Education
:x: Windows SE | | +| ✅ Device
✅ User | ❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE | | @@ -836,7 +836,7 @@ Groups the evaluated policies from all providers that can be configured. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -852,7 +852,7 @@ Groups the evaluated policies from all providers that can be configured. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:x: Pro
:x: Enterprise
:x: Education
:x: Windows SE | | +| ✅ Device
✅ User | ❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE | | @@ -875,7 +875,7 @@ The area group that can be configured by a single technology independent of the | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | | Dynamic Node Naming | ClientInventory | @@ -892,7 +892,7 @@ The area group that can be configured by a single technology independent of the | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:x: Pro
:x: Enterprise
:x: Education
:x: Windows SE | | +| ✅ Device
✅ User | ❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE | | @@ -915,7 +915,7 @@ Specifies the name/value pair used in the policy. See the individual Area DDFs f | Property name | Property value | |:--|:--| -| Format | null | +| Format | `null` | | Access Type | Get | | Dynamic Node Naming | ServerGeneratedUniqueIdentifier | diff --git a/windows/client-management/mdm/policy-csp-abovelock.md b/windows/client-management/mdm/policy-csp-abovelock.md index f6ee903aef..06983bfbba 100644 --- a/windows/client-management/mdm/policy-csp-abovelock.md +++ b/windows/client-management/mdm/policy-csp-abovelock.md @@ -4,7 +4,7 @@ description: Learn more about the AboveLock Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 03/23/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -29,7 +29,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:x: Pro
:x: Enterprise
:x: Education
:x: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -52,7 +52,7 @@ This policy is deprecated. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -78,7 +78,7 @@ This policy is deprecated. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -105,7 +105,7 @@ This policy setting determines whether or not the user can interact with Cortana | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -145,7 +145,7 @@ This policy setting determines whether or not the user can interact with Cortana | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -168,7 +168,7 @@ Specifies whether to allow toast notifications above the device lock screen. Mos | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | diff --git a/windows/client-management/mdm/policy-csp-accounts.md b/windows/client-management/mdm/policy-csp-accounts.md index a9ee824925..ff1c2283b4 100644 --- a/windows/client-management/mdm/policy-csp-accounts.md +++ b/windows/client-management/mdm/policy-csp-accounts.md @@ -4,7 +4,7 @@ description: Learn more about the Accounts Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 03/23/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -26,7 +26,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -52,7 +52,7 @@ Specifies whether user is allowed to add non-MSA email accounts. Most restricted | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -78,7 +78,7 @@ Specifies whether user is allowed to add non-MSA email accounts. Most restricted | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -101,7 +101,7 @@ Specifies whether the user is allowed to use an MSA account for non-email relate | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -127,7 +127,7 @@ Specifies whether the user is allowed to use an MSA account for non-email relate | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -156,7 +156,7 @@ Allows IT Admins the ability to disable the Microsoft Account Sign-In Assistant | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -182,7 +182,7 @@ Allows IT Admins the ability to disable the Microsoft Account Sign-In Assistant | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -204,7 +204,7 @@ Allows IT Admins the ability to disable the Microsoft Account Sign-In Assistant | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -220,7 +220,7 @@ Allows IT Admins the ability to disable the Microsoft Account Sign-In Assistant | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later | @@ -244,7 +244,7 @@ Most restricted value is 1. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | diff --git a/windows/client-management/mdm/policy-csp-activexcontrols.md b/windows/client-management/mdm/policy-csp-activexcontrols.md index 4fa248b41e..35349050a0 100644 --- a/windows/client-management/mdm/policy-csp-activexcontrols.md +++ b/windows/client-management/mdm/policy-csp-activexcontrols.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -58,7 +58,7 @@ This policy setting determines which ActiveX installation sites standard users i | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-activexinstallservice.md b/windows/client-management/mdm/policy-csp-admx-activexinstallservice.md index f44fba1e66..e4e8dab7ca 100644 --- a/windows/client-management/mdm/policy-csp-admx-activexinstallservice.md +++ b/windows/client-management/mdm/policy-csp-admx-activexinstallservice.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -60,7 +60,7 @@ If the trusted site uses the HTTPS protocol, this policy setting can also contro | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-addremoveprograms.md b/windows/client-management/mdm/policy-csp-admx-addremoveprograms.md index 12cee81f73..1bac16752b 100644 --- a/windows/client-management/mdm/policy-csp-admx-addremoveprograms.md +++ b/windows/client-management/mdm/policy-csp-admx-addremoveprograms.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -62,7 +62,7 @@ You can use this setting to direct users to the programs they are most likely to | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -93,7 +93,7 @@ You can use this setting to direct users to the programs they are most likely to | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -123,7 +123,7 @@ This setting does not prevent users from using other tools and methods to add or | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -155,7 +155,7 @@ This setting does not prevent users from using other tools and methods to add or | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -185,7 +185,7 @@ This setting does not prevent users from using other tools and methods to connec | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -217,7 +217,7 @@ This setting does not prevent users from using other tools and methods to connec | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -251,7 +251,7 @@ Published programs are those programs that the system administrator has explicit | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -283,7 +283,7 @@ Published programs are those programs that the system administrator has explicit | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -312,7 +312,7 @@ This setting does not prevent users from using other tools and methods to instal | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -344,7 +344,7 @@ This setting does not prevent users from using other tools and methods to instal | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -377,7 +377,7 @@ This setting does not prevent users from using other tools and methods to instal | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -409,7 +409,7 @@ This setting does not prevent users from using other tools and methods to instal | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -440,7 +440,7 @@ This setting does not prevent the Set Program Access and Defaults icon from appe | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -472,7 +472,7 @@ This setting does not prevent the Set Program Access and Defaults icon from appe | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -501,7 +501,7 @@ This setting does not prevent users from using other tools and methods to delete | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -533,7 +533,7 @@ This setting does not prevent users from using other tools and methods to delete | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -569,7 +569,7 @@ To remove "Set up services" and prevent the Windows Component Wizard from starti | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -601,7 +601,7 @@ To remove "Set up services" and prevent the Windows Component Wizard from starti | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -631,7 +631,7 @@ If you disable this setting or do not configure it, the Support Info hyperlink a | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -663,7 +663,7 @@ If you disable this setting or do not configure it, the Support Info hyperlink a | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -692,7 +692,7 @@ This setting does not prevent users from using other tools and methods to config | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-admpwd.md b/windows/client-management/mdm/policy-csp-admx-admpwd.md index cac09f39c5..8a92c2eff6 100644 --- a/windows/client-management/mdm/policy-csp-admx-admpwd.md +++ b/windows/client-management/mdm/policy-csp-admx-admpwd.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -53,7 +53,7 @@ If you disable or not configure this setting, local administrator password is NO | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -81,7 +81,7 @@ If you disable or not configure this setting, local administrator password is NO | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -106,7 +106,7 @@ When you disable or don't configure this setting, password expiration time may b | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -134,7 +134,7 @@ When you disable or don't configure this setting, password expiration time may b | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -159,7 +159,7 @@ When you disable or don't configure this setting, password expiration time may b | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -187,7 +187,7 @@ When you disable or don't configure this setting, password expiration time may b | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -214,7 +214,7 @@ If you disable or not configure this setting, local administrator password is NO | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-appcompat.md b/windows/client-management/mdm/policy-csp-admx-appcompat.md index 3347483928..f102251f4a 100644 --- a/windows/client-management/mdm/policy-csp-admx-appcompat.md +++ b/windows/client-management/mdm/policy-csp-admx-appcompat.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -62,7 +62,7 @@ If the status is set to Not Configured, the OS falls back on a local policy set | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -94,7 +94,7 @@ If the status is set to Not Configured, the OS falls back on a local policy set | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -119,7 +119,7 @@ The compatibility property page displays a list of options that can be selected | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -151,7 +151,7 @@ The compatibility property page displays a list of options that can be selected | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -182,7 +182,7 @@ Disabling telemetry will take effect on any newly launched applications. To ensu | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -214,7 +214,7 @@ Disabling telemetry will take effect on any newly launched applications. To ensu | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -248,7 +248,7 @@ This option is useful to server administrators who require faster performance an | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -280,7 +280,7 @@ This option is useful to server administrators who require faster performance an | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -303,7 +303,7 @@ This setting exists only for backward compatibility, and is not valid for this v | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -335,7 +335,7 @@ This setting exists only for backward compatibility, and is not valid for this v | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -367,7 +367,7 @@ The PCA monitors applications run by the user. When a potential compatibility is | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -399,7 +399,7 @@ The PCA monitors applications run by the user. When a potential compatibility is | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -431,7 +431,7 @@ The Inventory Collector inventories applications, files, devices, and drivers on | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -463,7 +463,7 @@ The Inventory Collector inventories applications, files, devices, and drivers on | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -496,7 +496,7 @@ Please reboot the system after changing the setting to ensure that your system a | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -528,7 +528,7 @@ Please reboot the system after changing the setting to ensure that your system a | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -557,7 +557,7 @@ Steps Recorder keeps a record of steps taken by the user. The data generated by | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-appxpackagemanager.md b/windows/client-management/mdm/policy-csp-admx-appxpackagemanager.md index 13d4e6da46..3150a63469 100644 --- a/windows/client-management/mdm/policy-csp-admx-appxpackagemanager.md +++ b/windows/client-management/mdm/policy-csp-admx-appxpackagemanager.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -63,7 +63,7 @@ User profiles for the Guest account and members of the Guests group | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-appxruntime.md b/windows/client-management/mdm/policy-csp-admx-appxruntime.md index 539bd887fd..6879ce0186 100644 --- a/windows/client-management/mdm/policy-csp-admx-appxruntime.md +++ b/windows/client-management/mdm/policy-csp-admx-appxruntime.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -55,7 +55,7 @@ This policy setting lets you turn on Content URI Rules to supplement the static | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -87,7 +87,7 @@ This policy setting lets you turn on Content URI Rules to supplement the static | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -118,7 +118,7 @@ This policy setting lets you control whether Windows Store apps can open files u | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -150,7 +150,7 @@ This policy setting lets you control whether Windows Store apps can open files u | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -179,7 +179,7 @@ This policy should not be enabled unless recommended by Microsoft as a security | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -211,7 +211,7 @@ This policy should not be enabled unless recommended by Microsoft as a security | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -245,7 +245,7 @@ This policy setting lets you control whether Windows Store apps can open URIs us | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-attachmentmanager.md b/windows/client-management/mdm/policy-csp-admx-attachmentmanager.md index 9e7e114b62..bb283b2f0f 100644 --- a/windows/client-management/mdm/policy-csp-admx-attachmentmanager.md +++ b/windows/client-management/mdm/policy-csp-admx-attachmentmanager.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -63,7 +63,7 @@ Using both the file handler and type data is the most restrictive option. Window | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -94,7 +94,7 @@ Using both the file handler and type data is the most restrictive option. Window | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -129,7 +129,7 @@ Low Risk: If the attachment is in the list of low-risk file types, Windows will | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -160,7 +160,7 @@ Low Risk: If the attachment is in the list of low-risk file types, Windows will | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -189,7 +189,7 @@ This policy setting allows you to configure the list of high-risk file types. If | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -220,7 +220,7 @@ This policy setting allows you to configure the list of high-risk file types. If | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -249,7 +249,7 @@ This policy setting allows you to configure the list of low-risk file types. If | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -280,7 +280,7 @@ This policy setting allows you to configure the list of low-risk file types. If | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -309,7 +309,7 @@ This policy setting allows you to configure the list of moderate-risk file types | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-auditsettings.md b/windows/client-management/mdm/policy-csp-admx-auditsettings.md index 9a29e37336..c539a033db 100644 --- a/windows/client-management/mdm/policy-csp-admx-auditsettings.md +++ b/windows/client-management/mdm/policy-csp-admx-auditsettings.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -62,7 +62,7 @@ Default: Not configured | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-bits.md b/windows/client-management/mdm/policy-csp-admx-bits.md index 25dab08d2d..3eba0e7cef 100644 --- a/windows/client-management/mdm/policy-csp-admx-bits.md +++ b/windows/client-management/mdm/policy-csp-admx-bits.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -58,7 +58,7 @@ This setting affects whether the BITS client is allowed to use Windows Branch Ca | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -90,7 +90,7 @@ This setting affects whether the BITS client is allowed to use Windows Branch Ca | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -120,7 +120,7 @@ This policy setting specifies whether the computer will act as a BITS peer cachi | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -152,7 +152,7 @@ This policy setting specifies whether the computer will act as a BITS peer cachi | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -182,7 +182,7 @@ This policy setting specifies whether the computer will act as a BITS peer cachi | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -214,7 +214,7 @@ This policy setting specifies whether the computer will act as a BITS peer cachi | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -243,7 +243,7 @@ If BITS peer caching is enabled, BITS caches downloaded files and makes them ava | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -275,7 +275,7 @@ If BITS peer caching is enabled, BITS caches downloaded files and makes them ava | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -307,7 +307,7 @@ You can change the default behavior of BITS, and specify a fixed maximum bandwid | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -338,7 +338,7 @@ You can change the default behavior of BITS, and specify a fixed maximum bandwid | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -370,7 +370,7 @@ You can specify a limit to use for background jobs during a maintenance schedule | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -402,7 +402,7 @@ You can specify a limit to use for background jobs during a maintenance schedule | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -431,7 +431,7 @@ You can specify a limit to use for background jobs during a work schedule. For e | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -463,7 +463,7 @@ You can specify a limit to use for background jobs during a work schedule. For e | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -493,7 +493,7 @@ This policy setting limits the maximum amount of disk space that can be used for | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -524,7 +524,7 @@ This policy setting limits the maximum amount of disk space that can be used for | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -554,7 +554,7 @@ This policy setting limits the maximum age of files in the Background Intelligen | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -585,7 +585,7 @@ This policy setting limits the maximum age of files in the Background Intelligen | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -616,7 +616,7 @@ By default BITS uses a maximum download time of 90 days (7,776,000 seconds). | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -647,7 +647,7 @@ By default BITS uses a maximum download time of 90 days (7,776,000 seconds). | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -677,7 +677,7 @@ This policy setting limits the number of files that a BITS job can contain. By d | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -708,7 +708,7 @@ This policy setting limits the number of files that a BITS job can contain. By d | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -738,7 +738,7 @@ This policy setting limits the number of BITS jobs that can be created for all u | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -769,7 +769,7 @@ This policy setting limits the number of BITS jobs that can be created for all u | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -799,7 +799,7 @@ This policy setting limits the number of BITS jobs that can be created by a user | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -830,7 +830,7 @@ This policy setting limits the number of BITS jobs that can be created by a user | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -860,7 +860,7 @@ This policy setting limits the number of ranges that can be added to a file in a | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md b/windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md index daa8d23044..27dfe4b48e 100644 --- a/windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md +++ b/windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -57,7 +57,7 @@ Link for all the cipherSuites: | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -88,7 +88,7 @@ Link for all the cipherSuites: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -125,7 +125,7 @@ CertUtil.exe -DisplayEccCurve. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-com.md b/windows/client-management/mdm/policy-csp-admx-com.md index f016f7dfca..dea711f95b 100644 --- a/windows/client-management/mdm/policy-csp-admx-com.md +++ b/windows/client-management/mdm/policy-csp-admx-com.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -59,7 +59,7 @@ This setting appears in the Computer Configuration and User Configuration folder | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -91,7 +91,7 @@ This setting appears in the Computer Configuration and User Configuration folder | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -122,7 +122,7 @@ This setting appears in the Computer Configuration and User Configuration folder | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-controlpanel.md b/windows/client-management/mdm/policy-csp-admx-controlpanel.md index 2c700395ec..1a2bd4c090 100644 --- a/windows/client-management/mdm/policy-csp-admx-controlpanel.md +++ b/windows/client-management/mdm/policy-csp-admx-controlpanel.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -66,7 +66,7 @@ If both the "Hide specified Control Panel items" setting and the "Show only spec | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -98,7 +98,7 @@ If both the "Hide specified Control Panel items" setting and the "Show only spec | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -130,7 +130,7 @@ This policy setting controls the default Control Panel view, whether by category | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -162,7 +162,7 @@ This policy setting controls the default Control Panel view, whether by category | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -199,7 +199,7 @@ If users try to select a Control Panel item from the Properties item on a contex | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -231,7 +231,7 @@ If users try to select a Control Panel item from the Properties item on a contex | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -267,7 +267,7 @@ If both the "Hide specified Control Panel items" setting and the "Show only spec | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-controlpaneldisplay.md b/windows/client-management/mdm/policy-csp-admx-controlpaneldisplay.md index d3031f09d2..f33a05e04a 100644 --- a/windows/client-management/mdm/policy-csp-admx-controlpaneldisplay.md +++ b/windows/client-management/mdm/policy-csp-admx-controlpaneldisplay.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -55,7 +55,7 @@ Also, see the "Prohibit access to the Control Panel" (User Configuration\Adminis | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -87,7 +87,7 @@ Also, see the "Prohibit access to the Control Panel" (User Configuration\Adminis | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -112,7 +112,7 @@ This setting prevents users from using Control Panel to add, configure, or chang | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -144,7 +144,7 @@ This setting prevents users from using Control Panel to add, configure, or chang | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -173,7 +173,7 @@ For Windows 7 and later, use the "Prevent changing color and appearance" setting | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -205,7 +205,7 @@ For Windows 7 and later, use the "Prevent changing color and appearance" setting | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -235,7 +235,7 @@ This setting disables the theme gallery in the Personalization Control Panel. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -267,7 +267,7 @@ This setting disables the theme gallery in the Personalization Control Panel. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -294,7 +294,7 @@ When enabled on Windows XP and later systems, this setting prevents users and ap | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -326,7 +326,7 @@ When enabled on Windows XP and later systems, this setting prevents users and ap | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -357,7 +357,7 @@ Also, see the "Prevent changing Screen Saver" setting. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -389,7 +389,7 @@ Also, see the "Prevent changing Screen Saver" setting. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -421,7 +421,7 @@ This can be used in conjunction with the "Prevent changing lock screen and logon | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -452,7 +452,7 @@ This can be used in conjunction with the "Prevent changing lock screen and logon | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -479,7 +479,7 @@ Prevents users from changing the size of the font in the windows and buttons dis | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -511,7 +511,7 @@ Prevents users from changing the size of the font in the windows and buttons dis | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -538,7 +538,7 @@ If you enable this setting, the user will not be able to change their lock scree | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -570,7 +570,7 @@ If you enable this setting, the user will not be able to change their lock scree | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -601,7 +601,7 @@ If the "Force a specific Start background" policy is also set on a supported ver | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -633,7 +633,7 @@ If the "Force a specific Start background" policy is also set on a supported ver | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -662,7 +662,7 @@ For systems prior to Windows Vista, this setting hides the Appearance and Themes | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -694,7 +694,7 @@ For systems prior to Windows Vista, this setting hides the Appearance and Themes | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -728,7 +728,7 @@ Also, see the "Allow only bitmapped wallpaper" setting. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -760,7 +760,7 @@ Also, see the "Allow only bitmapped wallpaper" setting. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -789,7 +789,7 @@ For systems prior to Windows Vista, this setting also hides the Desktop tab in t | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -821,7 +821,7 @@ For systems prior to Windows Vista, this setting also hides the Desktop tab in t | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -848,7 +848,7 @@ This policy setting controls whether the lock screen appears for users. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -880,7 +880,7 @@ This policy setting controls whether the lock screen appears for users. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -907,7 +907,7 @@ If you enable this setting, none of the mouse pointer scheme settings can be cha | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -939,7 +939,7 @@ If you enable this setting, none of the mouse pointer scheme settings can be cha | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -964,7 +964,7 @@ This setting prevents users from using Control Panel to add, configure, or chang | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -996,7 +996,7 @@ This setting prevents users from using Control Panel to add, configure, or chang | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1023,7 +1023,7 @@ If you enable this setting, none of the Sound Scheme settings can be changed by | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1055,7 +1055,7 @@ If you enable this setting, none of the Sound Scheme settings can be changed by | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1082,7 +1082,7 @@ If this setting is enabled, the background and accent colors of Windows will be | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1113,7 +1113,7 @@ If this setting is enabled, the background and accent colors of Windows will be | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1148,7 +1148,7 @@ To ensure that a computer will be password protected, enable the "Enable Screen | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1180,7 +1180,7 @@ To ensure that a computer will be password protected, enable the "Enable Screen | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1217,7 +1217,7 @@ When not configured, whatever wait time is set on the client through the Screen | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1248,7 +1248,7 @@ When not configured, whatever wait time is set on the client through the Screen | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1282,7 +1282,7 @@ If the specified screen saver is not installed on a computer to which this setti | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1313,7 +1313,7 @@ If the specified screen saver is not installed on a computer to which this setti | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1344,7 +1344,7 @@ Specifies which theme file is applied to the computer the first time a user logs | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1375,7 +1375,7 @@ Specifies which theme file is applied to the computer the first time a user logs | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1413,7 +1413,7 @@ This can be a local computer visual style (aero.msstyles), or a file located on | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1444,7 +1444,7 @@ This can be a local computer visual style (aero.msstyles), or a file located on | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1471,7 +1471,7 @@ If this setting is set to a nonzero value, then Start uses the specified backgro | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-cpls.md b/windows/client-management/mdm/policy-csp-admx-cpls.md index 3ec9c6ecea..3ed641d22f 100644 --- a/windows/client-management/mdm/policy-csp-admx-cpls.md +++ b/windows/client-management/mdm/policy-csp-admx-cpls.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -58,7 +58,7 @@ This policy setting allows an administrator to standardize the account pictures | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-credentialproviders.md b/windows/client-management/mdm/policy-csp-admx-credentialproviders.md index 5d2b50bda2..da3c48d8cb 100644 --- a/windows/client-management/mdm/policy-csp-admx-credentialproviders.md +++ b/windows/client-management/mdm/policy-csp-admx-credentialproviders.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -59,7 +59,7 @@ This policy setting allows you to control whether a user can change the time bef | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -91,7 +91,7 @@ This policy setting allows you to control whether a user can change the time bef | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -121,7 +121,7 @@ This policy setting allows the administrator to assign a specified credential pr | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -152,7 +152,7 @@ This policy setting allows the administrator to assign a specified credential pr | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -189,7 +189,7 @@ credential providers available for authentication purposes. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-credssp.md b/windows/client-management/mdm/policy-csp-admx-credssp.md index 2503db801f..cb03fe2782 100644 --- a/windows/client-management/mdm/policy-csp-admx-credssp.md +++ b/windows/client-management/mdm/policy-csp-admx-credssp.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -70,7 +70,7 @@ TERMSRV/*.humanresources.fabrikam.com Remote Desktop Session Host running on all | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -102,7 +102,7 @@ TERMSRV/*.humanresources.fabrikam.com Remote Desktop Session Host running on all | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -139,7 +139,7 @@ TERMSRV/*.humanresources.fabrikam.com Remote Desktop Session Host running on all | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -171,7 +171,7 @@ TERMSRV/*.humanresources.fabrikam.com Remote Desktop Session Host running on all | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -208,7 +208,7 @@ For more information about the vulnerability and servicing requirements for prot | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -239,7 +239,7 @@ For more information about the vulnerability and servicing requirements for prot | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -279,7 +279,7 @@ TERMSRV/*.humanresources.fabrikam.com Remote Desktop Session Host running on all | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -311,7 +311,7 @@ TERMSRV/*.humanresources.fabrikam.com Remote Desktop Session Host running on all | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -350,7 +350,7 @@ TERMSRV/*.humanresources.fabrikam.com Remote Desktop Session Host running on all | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -382,7 +382,7 @@ TERMSRV/*.humanresources.fabrikam.com Remote Desktop Session Host running on all | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -421,7 +421,7 @@ TERMSRV/*.humanresources.fabrikam.com Remote Desktop Session Host running on all | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -453,7 +453,7 @@ TERMSRV/*.humanresources.fabrikam.com Remote Desktop Session Host running on all | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -492,7 +492,7 @@ TERMSRV/*.humanresources.fabrikam.com Remote Desktop Session Host running on all | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -524,7 +524,7 @@ TERMSRV/*.humanresources.fabrikam.com Remote Desktop Session Host running on all | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -561,7 +561,7 @@ This policy setting can be used in combination with the "Allow delegating defaul | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -593,7 +593,7 @@ This policy setting can be used in combination with the "Allow delegating defaul | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -630,7 +630,7 @@ This policy setting can be used in combination with the "Allow delegating fresh | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -662,7 +662,7 @@ This policy setting can be used in combination with the "Allow delegating fresh | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -699,7 +699,7 @@ This policy setting can be used in combination with the "Allow delegating saved | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -731,7 +731,7 @@ This policy setting can be used in combination with the "Allow delegating saved | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -773,7 +773,7 @@ Require Restricted Admin: Participating applications must use Restricted Admin t | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-credui.md b/windows/client-management/mdm/policy-csp-admx-credui.md index c44cb3ba10..34059f6af3 100644 --- a/windows/client-management/mdm/policy-csp-admx-credui.md +++ b/windows/client-management/mdm/policy-csp-admx-credui.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -58,7 +58,7 @@ This policy setting requires the user to enter Microsoft Windows credentials usi | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -90,7 +90,7 @@ This policy setting requires the user to enter Microsoft Windows credentials usi | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -113,7 +113,7 @@ If you turn this policy setting on, local users won't be able to set up and use | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-ctrlaltdel.md b/windows/client-management/mdm/policy-csp-admx-ctrlaltdel.md index aad9cb3504..7596bda38d 100644 --- a/windows/client-management/mdm/policy-csp-admx-ctrlaltdel.md +++ b/windows/client-management/mdm/policy-csp-admx-ctrlaltdel.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -55,7 +55,7 @@ However, users are still able to change their password when prompted by the syst | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -87,7 +87,7 @@ However, users are still able to change their password when prompted by the syst | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -119,7 +119,7 @@ While locked, the desktop is hidden and the system cannot be used. Only the user | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -151,7 +151,7 @@ While locked, the desktop is hidden and the system cannot be used. Only the user | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -180,7 +180,7 @@ Task Manager (taskmgr.exe) lets users start and stop programs; monitor the perfo | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -212,7 +212,7 @@ Task Manager (taskmgr.exe) lets users start and stop programs; monitor the perfo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -241,7 +241,7 @@ Also, see the 'Remove Logoff on the Start Menu' policy setting. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-datacollection.md b/windows/client-management/mdm/policy-csp-admx-datacollection.md index fa46076a6e..93a36d03d2 100644 --- a/windows/client-management/mdm/policy-csp-admx-datacollection.md +++ b/windows/client-management/mdm/policy-csp-admx-datacollection.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -55,7 +55,7 @@ If you disable or do not configure this policy setting, then Microsoft will not | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-dcom.md b/windows/client-management/mdm/policy-csp-admx-dcom.md index c922711dfd..c9cbf39829 100644 --- a/windows/client-management/mdm/policy-csp-admx-dcom.md +++ b/windows/client-management/mdm/policy-csp-admx-dcom.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -58,7 +58,7 @@ Allows you to specify that local computer administrators can supplement the "Def | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -90,7 +90,7 @@ Allows you to specify that local computer administrators can supplement the "Def | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -130,7 +130,7 @@ DCOM servers added to this exemption list are only exempted if their custom laun | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-desktop.md b/windows/client-management/mdm/policy-csp-admx-desktop.md index 1d524fa141..c4fca8d7e4 100644 --- a/windows/client-management/mdm/policy-csp-admx-desktop.md +++ b/windows/client-management/mdm/policy-csp-admx-desktop.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -57,7 +57,7 @@ To see the filter bar, open Network Locations, click Entire Network, and then cl | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -89,7 +89,7 @@ To see the filter bar, open Network Locations, click Entire Network, and then cl | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -120,7 +120,7 @@ This setting is designed to let users search Active Directory but not tempt them | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -152,7 +152,7 @@ This setting is designed to let users search Active Directory but not tempt them | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -181,7 +181,7 @@ This setting is designed to protect the network and the domain controller from t | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -212,7 +212,7 @@ This setting is designed to protect the network and the domain controller from t | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -242,7 +242,7 @@ If you disable this setting or do not configure it, Active Desktop is disabled b | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -274,7 +274,7 @@ If you disable this setting or do not configure it, Active Desktop is disabled b | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -304,7 +304,7 @@ If you disable this setting or do not configure it, Active Desktop is disabled b | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -336,7 +336,7 @@ If you disable this setting or do not configure it, Active Desktop is disabled b | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -361,7 +361,7 @@ This is a comprehensive setting that locks down the configuration you establish | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -393,7 +393,7 @@ This is a comprehensive setting that locks down the configuration you establish | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -424,7 +424,7 @@ Also, see "Items displayed in Places Bar" in User Configuration\Administrative T | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -456,7 +456,7 @@ Also, see "Items displayed in Places Bar" in User Configuration\Administrative T | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -486,7 +486,7 @@ Prevents users from using the Desktop Cleanup Wizard. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -518,7 +518,7 @@ Prevents users from using the Desktop Cleanup Wizard. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -543,7 +543,7 @@ This setting does not prevent the user from starting Internet Explorer by using | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -575,7 +575,7 @@ This setting does not prevent the user from starting Internet Explorer by using | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -607,7 +607,7 @@ This setting hides Computer from the desktop and from the new Start menu. It als | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -639,7 +639,7 @@ This setting hides Computer from the desktop and from the new Start menu. It als | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -671,7 +671,7 @@ This setting does not remove the My Documents icon from the Start menu. To do so | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -703,7 +703,7 @@ This setting does not remove the My Documents icon from the Start menu. To do so | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -731,7 +731,7 @@ This setting only affects the desktop icon. It does not prevent users from conne | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -763,7 +763,7 @@ This setting only affects the desktop icon. It does not prevent users from conne | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -790,7 +790,7 @@ This setting hides Properties on the context menu for Computer. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -822,7 +822,7 @@ This setting hides Properties on the context menu for Computer. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -853,7 +853,7 @@ Clicks the My Documents icon, and then presses ALT+ENTER. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -885,7 +885,7 @@ Clicks the My Documents icon, and then presses ALT+ENTER. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -912,7 +912,7 @@ Remote shared folders are not added to Network Locations whenever you open a doc | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -944,7 +944,7 @@ Remote shared folders are not added to Network Locations whenever you open a doc | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -974,7 +974,7 @@ This setting does not prevent the user from using other methods to gain access t | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1006,7 +1006,7 @@ This setting does not prevent the user from using other methods to gain access t | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1033,7 +1033,7 @@ Removes the Properties option from the Recycle Bin context menu. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1065,7 +1065,7 @@ Removes the Properties option from the Recycle Bin context menu. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1090,7 +1090,7 @@ If you enable this setting, users can change the desktop, but some changes, such | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1122,7 +1122,7 @@ If you enable this setting, users can change the desktop, but some changes, such | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1149,7 +1149,7 @@ Prevents windows from being minimized or restored when the active window is shak | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1181,7 +1181,7 @@ Prevents windows from being minimized or restored when the active window is shak | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1214,7 +1214,7 @@ You can also use this setting to delete particular Web-based items from users' d | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1245,7 +1245,7 @@ You can also use this setting to delete particular Web-based items from users' d | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1272,7 +1272,7 @@ Also, see the "Disable all items" setting. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1304,7 +1304,7 @@ Also, see the "Disable all items" setting. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1334,7 +1334,7 @@ If you enable this setting, items added to the desktop cannot be closed; they al | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1366,7 +1366,7 @@ If you enable this setting, items added to the desktop cannot be closed; they al | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1395,7 +1395,7 @@ Also, see the "Prohibit closing items" and "Disable all items" settings. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1427,7 +1427,7 @@ Also, see the "Prohibit closing items" and "Disable all items" settings. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1452,7 +1452,7 @@ This setting disables the Properties button on the Web tab in Display in Control | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1484,7 +1484,7 @@ This setting disables the Properties button on the Web tab in Display in Control | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1512,7 +1512,7 @@ This setting removes all Active Desktop items from the desktop. It also removes | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1544,7 +1544,7 @@ This setting removes all Active Desktop items from the desktop. It also removes | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1577,7 +1577,7 @@ Also, see the "Prohibit adjusting desktop toolbars" setting. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1609,7 +1609,7 @@ Also, see the "Prohibit adjusting desktop toolbars" setting. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1639,7 +1639,7 @@ Also, see the "Prevent adding, dragging, dropping and closing the Taskbar's tool | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1671,7 +1671,7 @@ Also, see the "Prevent adding, dragging, dropping and closing the Taskbar's tool | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1696,7 +1696,7 @@ Also, see the "Desktop Wallpaper" and the "Prevent changing wallpaper" (in User | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1728,7 +1728,7 @@ Also, see the "Desktop Wallpaper" and the "Prevent changing wallpaper" (in User | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1762,7 +1762,7 @@ Also, see the "Allow only bitmapped wallpaper" in the same location, and the "Pr | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-devicecompat.md b/windows/client-management/mdm/policy-csp-admx-devicecompat.md index c1599d017c..ca20f8c48b 100644 --- a/windows/client-management/mdm/policy-csp-admx-devicecompat.md +++ b/windows/client-management/mdm/policy-csp-admx-devicecompat.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -51,7 +51,7 @@ Changes behavior of Microsoft bus drivers to work with specific devices. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -83,7 +83,7 @@ Changes behavior of Microsoft bus drivers to work with specific devices. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -106,7 +106,7 @@ Changes behavior of 3rd-party drivers to work around incompatibilities introduce | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-deviceguard.md b/windows/client-management/mdm/policy-csp-admx-deviceguard.md index a3552e0e6c..9db0d92210 100644 --- a/windows/client-management/mdm/policy-csp-admx-deviceguard.md +++ b/windows/client-management/mdm/policy-csp-admx-deviceguard.md @@ -30,7 +30,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -64,7 +64,7 @@ If using a signed and protected policy then disabling this policy setting doesn' | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-deviceinstallation.md b/windows/client-management/mdm/policy-csp-admx-deviceinstallation.md index a8f9d96912..8505373616 100644 --- a/windows/client-management/mdm/policy-csp-admx-deviceinstallation.md +++ b/windows/client-management/mdm/policy-csp-admx-deviceinstallation.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -57,7 +57,7 @@ This policy setting allows you to determine whether members of the Administrator | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -89,7 +89,7 @@ This policy setting allows you to determine whether members of the Administrator | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -116,7 +116,7 @@ This policy setting allows you to display a custom message to users in a notific | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -147,7 +147,7 @@ This policy setting allows you to display a custom message to users in a notific | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -174,7 +174,7 @@ This policy setting allows you to display a custom message title in a notificati | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -205,7 +205,7 @@ This policy setting allows you to display a custom message title in a notificati | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -232,7 +232,7 @@ This policy setting allows you to configure the number of seconds Windows waits | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -263,7 +263,7 @@ This policy setting allows you to configure the number of seconds Windows waits | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -293,7 +293,7 @@ This policy setting establishes the amount of time (in seconds) that the system | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -325,7 +325,7 @@ This policy setting establishes the amount of time (in seconds) that the system | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -357,7 +357,7 @@ This policy setting allows you to prevent Windows from installing removable devi | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -389,7 +389,7 @@ This policy setting allows you to prevent Windows from installing removable devi | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -416,7 +416,7 @@ This policy setting allows you to prevent Windows from creating a system restore | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -448,7 +448,7 @@ This policy setting allows you to prevent Windows from creating a system restore | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -475,7 +475,7 @@ This policy setting specifies a list of device setup class GUIDs describing driv | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-devicesetup.md b/windows/client-management/mdm/policy-csp-admx-devicesetup.md index c8eaa4c96c..0e5fd54ad3 100644 --- a/windows/client-management/mdm/policy-csp-admx-devicesetup.md +++ b/windows/client-management/mdm/policy-csp-admx-devicesetup.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -55,7 +55,7 @@ This policy setting allows you to turn off "Found New Hardware" balloons during | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -87,7 +87,7 @@ This policy setting allows you to turn off "Found New Hardware" balloons during | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -118,7 +118,7 @@ If the setting for searching only if needed is specified, then Windows will sear | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-dfs.md b/windows/client-management/mdm/policy-csp-admx-dfs.md index 424decf97a..99488e0ff1 100644 --- a/windows/client-management/mdm/policy-csp-admx-dfs.md +++ b/windows/client-management/mdm/policy-csp-admx-dfs.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -58,7 +58,7 @@ This policy setting allows you to configure how often a Distributed File System | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-digitallocker.md b/windows/client-management/mdm/policy-csp-admx-digitallocker.md index 27e75b70be..c6b4af938a 100644 --- a/windows/client-management/mdm/policy-csp-admx-digitallocker.md +++ b/windows/client-management/mdm/policy-csp-admx-digitallocker.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -57,7 +57,7 @@ Digital Locker is a dedicated download manager associated with Windows Marketpla | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -89,7 +89,7 @@ Digital Locker is a dedicated download manager associated with Windows Marketpla | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -118,7 +118,7 @@ Digital Locker is a dedicated download manager associated with Windows Marketpla | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-diskdiagnostic.md b/windows/client-management/mdm/policy-csp-admx-diskdiagnostic.md index 1dec1d3d3f..176eaad89f 100644 --- a/windows/client-management/mdm/policy-csp-admx-diskdiagnostic.md +++ b/windows/client-management/mdm/policy-csp-admx-diskdiagnostic.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -62,7 +62,7 @@ This policy setting only takes effect if the Disk Diagnostic scenario policy set | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -93,7 +93,7 @@ This policy setting only takes effect if the Disk Diagnostic scenario policy set | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -133,7 +133,7 @@ This policy setting takes effect only when the DPS is in the running state. When | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-disknvcache.md b/windows/client-management/mdm/policy-csp-admx-disknvcache.md index 1f77b069a2..680d5e448b 100644 --- a/windows/client-management/mdm/policy-csp-admx-disknvcache.md +++ b/windows/client-management/mdm/policy-csp-admx-disknvcache.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -60,7 +60,7 @@ This policy setting turns off the boot and resume optimizations for the hybrid h | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -92,7 +92,7 @@ This policy setting turns off the boot and resume optimizations for the hybrid h | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -124,7 +124,7 @@ This policy setting turns off power save mode on the hybrid hard disks in the sy | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -156,7 +156,7 @@ This policy setting turns off power save mode on the hybrid hard disks in the sy | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -188,7 +188,7 @@ This policy setting turns off all support for the non-volatile (NV) cache on all | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -220,7 +220,7 @@ This policy setting turns off all support for the non-volatile (NV) cache on all | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -252,7 +252,7 @@ This policy setting turns off the solid state mode for the hybrid hard disks. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-diskquota.md b/windows/client-management/mdm/policy-csp-admx-diskquota.md index aaf1463c9c..50d89026b3 100644 --- a/windows/client-management/mdm/policy-csp-admx-diskquota.md +++ b/windows/client-management/mdm/policy-csp-admx-diskquota.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -65,7 +65,7 @@ To prevent users from changing the setting while a setting is in effect, the sys | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -97,7 +97,7 @@ To prevent users from changing the setting while a setting is in effect, the sys | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -133,7 +133,7 @@ Enforcement is optional. When users reach an enforced disk quota limit, the syst | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -165,7 +165,7 @@ Enforcement is optional. When users reach an enforced disk quota limit, the syst | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -200,7 +200,7 @@ This policy setting is effective only when disk quota management is enabled on t | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -231,7 +231,7 @@ This policy setting is effective only when disk quota management is enabled on t | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -266,7 +266,7 @@ Also, this policy setting does not affect the Quota Entries window on the Quota | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -298,7 +298,7 @@ Also, this policy setting does not affect the Quota Entries window on the Quota | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -331,7 +331,7 @@ This policy setting does not affect the Quota Entries window on the Quota tab. E | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -363,7 +363,7 @@ This policy setting does not affect the Quota Entries window on the Quota tab. E | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -391,7 +391,7 @@ If you disable or do not configure this policy setting, the disk quota policies | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-distributedlinktracking.md b/windows/client-management/mdm/policy-csp-admx-distributedlinktracking.md index e1db98c378..d58880ef87 100644 --- a/windows/client-management/mdm/policy-csp-admx-distributedlinktracking.md +++ b/windows/client-management/mdm/policy-csp-admx-distributedlinktracking.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -52,7 +52,7 @@ Specifies that Distributed Link Tracking clients in this domain may use the Dist | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-dnsclient.md b/windows/client-management/mdm/policy-csp-admx-dnsclient.md index 500e7c6cd8..8b260020c7 100644 --- a/windows/client-management/mdm/policy-csp-admx-dnsclient.md +++ b/windows/client-management/mdm/policy-csp-admx-dnsclient.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -55,7 +55,7 @@ Specifies that NetBIOS over TCP/IP (NetBT) queries are issued for fully qualifie | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -87,7 +87,7 @@ Specifies that NetBIOS over TCP/IP (NetBT) queries are issued for fully qualifie | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -122,7 +122,7 @@ If attaching suffixes is allowed, and a DNS client with a primary domain suffix | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -154,7 +154,7 @@ If attaching suffixes is allowed, and a DNS client with a primary domain suffix | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -183,7 +183,7 @@ To use this policy setting, click Enabled, and then enter a string value represe | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -214,7 +214,7 @@ To use this policy setting, click Enabled, and then enter a string value represe | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -259,7 +259,7 @@ For example, if the primary DNS suffix ooo.aaa.microsoft.com is attached to the | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -291,7 +291,7 @@ For example, if the primary DNS suffix ooo.aaa.microsoft.com is attached to the | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -318,7 +318,7 @@ Specifies whether the DNS client should convert internationalized domain names ( | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -350,7 +350,7 @@ Specifies whether the DNS client should convert internationalized domain names ( | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -377,7 +377,7 @@ Specifies whether the DNS client should convert internationalized domain names ( | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -409,7 +409,7 @@ Specifies whether the DNS client should convert internationalized domain names ( | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -438,7 +438,7 @@ To use this policy setting, click Enabled, and then enter a space-delimited list | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -469,7 +469,7 @@ To use this policy setting, click Enabled, and then enter a space-delimited list | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -499,7 +499,7 @@ Specifies that responses from link local name resolution protocols received over | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -531,7 +531,7 @@ Specifies that responses from link local name resolution protocols received over | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -565,7 +565,7 @@ You can use this policy setting to prevent users, including local administrators | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -596,7 +596,7 @@ You can use this policy setting to prevent users, including local administrators | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -630,7 +630,7 @@ For example, with a computer name of mycomputer, a primary DNS suffix of microso | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -662,7 +662,7 @@ For example, with a computer name of mycomputer, a primary DNS suffix of microso | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -699,7 +699,7 @@ Register only if A record registration succeeds: Computers will attempt to regis | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -730,7 +730,7 @@ Register only if A record registration succeeds: Computers will attempt to regis | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -757,7 +757,7 @@ Specifies if DNS dynamic update is enabled. Computers configured for DNS dynamic | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -789,7 +789,7 @@ Specifies if DNS dynamic update is enabled. Computers configured for DNS dynamic | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -820,7 +820,7 @@ During dynamic update of resource records in a zone that does not use Secure Dyn | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -852,7 +852,7 @@ During dynamic update of resource records in a zone that does not use Secure Dyn | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -886,7 +886,7 @@ To specify the registration refresh interval, click Enabled and then enter a val | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -917,7 +917,7 @@ To specify the registration refresh interval, click Enabled and then enter a val | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -946,7 +946,7 @@ To specify the TTL, click Enabled and then enter a value in seconds (for example | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -977,7 +977,7 @@ To specify the TTL, click Enabled and then enter a value in seconds (for example | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1010,7 +1010,7 @@ To use this policy setting, click Enabled, and then enter a string value represe | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1041,7 +1041,7 @@ To use this policy setting, click Enabled, and then enter a string value represe | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1068,7 +1068,7 @@ Specifies that a multi-homed DNS client should optimize name resolution across n | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1100,7 +1100,7 @@ Specifies that a multi-homed DNS client should optimize name resolution across n | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1130,7 +1130,7 @@ Specifies that the DNS client should prefer responses from link local name resol | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1162,7 +1162,7 @@ Specifies that the DNS client should prefer responses from link local name resol | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1197,7 +1197,7 @@ Only secure - computers send only secure dynamic updates. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1228,7 +1228,7 @@ Only secure - computers send only secure dynamic updates. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1257,7 +1257,7 @@ By default, a DNS client that is configured to perform dynamic DNS update will u | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1289,7 +1289,7 @@ By default, a DNS client that is configured to perform dynamic DNS update will u | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1334,7 +1334,7 @@ For example, if the primary DNS suffix ooo.aaa.microsoft.com is attached to the | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1366,7 +1366,7 @@ For example, if the primary DNS suffix ooo.aaa.microsoft.com is attached to the | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1395,7 +1395,7 @@ LLMNR is a secondary name resolution protocol. With LLMNR, queries are sent usin | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-dwm.md b/windows/client-management/mdm/policy-csp-admx-dwm.md index 1f17f0e7fa..78db3acd1f 100644 --- a/windows/client-management/mdm/policy-csp-admx-dwm.md +++ b/windows/client-management/mdm/policy-csp-admx-dwm.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -58,7 +58,7 @@ This policy setting controls the default color for window frames when the user d | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -90,7 +90,7 @@ This policy setting controls the default color for window frames when the user d | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -120,7 +120,7 @@ This policy setting controls the default color for window frames when the user d | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -152,7 +152,7 @@ This policy setting controls the default color for window frames when the user d | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -181,7 +181,7 @@ Changing this policy setting requires a logoff for it to be applied. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -213,7 +213,7 @@ Changing this policy setting requires a logoff for it to be applied. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -242,7 +242,7 @@ Changing this policy setting requires a logoff for it to be applied. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -274,7 +274,7 @@ Changing this policy setting requires a logoff for it to be applied. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -304,7 +304,7 @@ This policy setting controls the ability to change the color of window frames. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -336,7 +336,7 @@ This policy setting controls the ability to change the color of window frames. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -366,7 +366,7 @@ This policy setting controls the ability to change the color of window frames. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-eaime.md b/windows/client-management/mdm/policy-csp-admx-eaime.md index 2578137e94..f6800a18e5 100644 --- a/windows/client-management/mdm/policy-csp-admx-eaime.md +++ b/windows/client-management/mdm/policy-csp-admx-eaime.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -60,7 +60,7 @@ This policy setting applies to Japanese Microsoft IME only. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -92,7 +92,7 @@ This policy setting applies to Japanese Microsoft IME only. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -136,7 +136,7 @@ This policy setting applies to Japanese Microsoft IME only. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -167,7 +167,7 @@ This policy setting applies to Japanese Microsoft IME only. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -203,7 +203,7 @@ This policy setting is applied to Japanese Microsoft IME. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -235,7 +235,7 @@ This policy setting is applied to Japanese Microsoft IME. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -267,7 +267,7 @@ This policy setting applies to Japanese Microsoft IME only. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -299,7 +299,7 @@ This policy setting applies to Japanese Microsoft IME only. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -333,7 +333,7 @@ This policy setting applies to Japanese Microsoft IME. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -365,7 +365,7 @@ This policy setting applies to Japanese Microsoft IME. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -396,7 +396,7 @@ This policy setting is applied to Japanese Microsoft IME. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -428,7 +428,7 @@ This policy setting is applied to Japanese Microsoft IME. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -457,7 +457,7 @@ This policy setting applies to Japanese Microsoft IME only. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -489,7 +489,7 @@ This policy setting applies to Japanese Microsoft IME only. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -520,7 +520,7 @@ This Policy setting applies to Microsoft CHS Pinyin IME and JPN IME. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -552,7 +552,7 @@ This Policy setting applies to Microsoft CHS Pinyin IME and JPN IME. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -583,7 +583,7 @@ This Policy setting applies only to Microsoft CHS Pinyin IME. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -615,7 +615,7 @@ This Policy setting applies only to Microsoft CHS Pinyin IME. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -646,7 +646,7 @@ This Policy setting applies only to Microsoft CHS Pinyin IME. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -674,7 +674,7 @@ This Policy setting applies only to Microsoft CHS Pinyin IME. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -705,7 +705,7 @@ This Policy setting applies only to Microsoft CHS Pinyin IME. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -733,7 +733,7 @@ This Policy setting applies only to Microsoft CHS Pinyin IME. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -762,7 +762,7 @@ This policy setting applies to Japanese Microsoft IME and Traditional Chinese IM | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-encryptfilesonmove.md b/windows/client-management/mdm/policy-csp-admx-encryptfilesonmove.md index adb6e26f60..98d10dad33 100644 --- a/windows/client-management/mdm/policy-csp-admx-encryptfilesonmove.md +++ b/windows/client-management/mdm/policy-csp-admx-encryptfilesonmove.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -57,7 +57,7 @@ This setting applies only to files moved within a volume. When files are moved t | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-enhancedstorage.md b/windows/client-management/mdm/policy-csp-admx-enhancedstorage.md index 3d25fc4f8d..9f14232190 100644 --- a/windows/client-management/mdm/policy-csp-admx-enhancedstorage.md +++ b/windows/client-management/mdm/policy-csp-admx-enhancedstorage.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -55,7 +55,7 @@ This policy setting allows you to configure a list of Enhanced Storage devices b | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -87,7 +87,7 @@ This policy setting allows you to configure a list of Enhanced Storage devices b | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -114,7 +114,7 @@ This policy setting allows you to create a list of IEEE 1667 silos, compliant wi | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -146,7 +146,7 @@ This policy setting allows you to create a list of IEEE 1667 silos, compliant wi | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -173,7 +173,7 @@ This policy setting configures whether or not a password can be used to unlock a | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -205,7 +205,7 @@ This policy setting configures whether or not a password can be used to unlock a | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -232,7 +232,7 @@ This policy setting configures whether or not non-Enhanced Storage removable dev | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -264,7 +264,7 @@ This policy setting configures whether or not non-Enhanced Storage removable dev | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -293,7 +293,7 @@ This policy setting is supported in Windows Server SKUs only. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -325,7 +325,7 @@ This policy setting is supported in Windows Server SKUs only. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -352,7 +352,7 @@ This policy setting configures whether or not only USB root hub connected Enhanc | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-errorreporting.md b/windows/client-management/mdm/policy-csp-admx-errorreporting.md index dfe6b2bced..1745ef8c82 100644 --- a/windows/client-management/mdm/policy-csp-admx-errorreporting.md +++ b/windows/client-management/mdm/policy-csp-admx-errorreporting.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -61,7 +61,7 @@ For related information, see the Configure Error Reporting and Report Operating | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -92,7 +92,7 @@ For related information, see the Configure Error Reporting and Report Operating | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -121,7 +121,7 @@ This policy setting controls Windows Error Reporting behavior for errors in gene | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -152,7 +152,7 @@ This policy setting controls Windows Error Reporting behavior for errors in gene | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -187,7 +187,7 @@ This setting will be ignored if the 'Configure Error Reporting' setting is disab | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -218,7 +218,7 @@ This setting will be ignored if the 'Configure Error Reporting' setting is disab | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -268,7 +268,7 @@ See related policy settings Display Error Notification (same folder as this poli | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -299,7 +299,7 @@ See related policy settings Display Error Notification (same folder as this poli | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -330,7 +330,7 @@ See also the Configure Error Reporting policy setting. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -362,7 +362,7 @@ See also the Configure Error Reporting policy setting. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -389,7 +389,7 @@ This policy setting controls the behavior of the Windows Error Reporting archive | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -421,7 +421,7 @@ This policy setting controls the behavior of the Windows Error Reporting archive | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -448,7 +448,7 @@ This policy setting controls the behavior of the Windows Error Reporting archive | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -480,7 +480,7 @@ This policy setting controls the behavior of the Windows Error Reporting archive | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -507,7 +507,7 @@ This policy setting controls whether memory dumps in support of OS-generated err | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -539,7 +539,7 @@ This policy setting controls whether memory dumps in support of OS-generated err | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -566,7 +566,7 @@ This policy setting controls whether memory dumps in support of OS-generated err | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -598,7 +598,7 @@ This policy setting controls whether memory dumps in support of OS-generated err | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -625,7 +625,7 @@ This policy setting determines whether Windows Error Reporting (WER) sends addit | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -657,7 +657,7 @@ This policy setting determines whether Windows Error Reporting (WER) sends addit | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -684,7 +684,7 @@ This policy setting determines whether Windows Error Reporting (WER) sends addit | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -716,7 +716,7 @@ This policy setting determines whether Windows Error Reporting (WER) sends addit | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -743,7 +743,7 @@ This policy setting determines whether Windows Error Reporting (WER) checks for | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -775,7 +775,7 @@ This policy setting determines whether Windows Error Reporting (WER) checks for | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -802,7 +802,7 @@ This policy setting determines whether Windows Error Reporting (WER) checks for | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -834,7 +834,7 @@ This policy setting determines whether Windows Error Reporting (WER) checks for | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -861,7 +861,7 @@ This policy setting determines whether Windows Error Reporting (WER) checks if t | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -893,7 +893,7 @@ This policy setting determines whether Windows Error Reporting (WER) checks if t | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -920,7 +920,7 @@ This policy setting determines whether Windows Error Reporting (WER) checks if t | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -952,7 +952,7 @@ This policy setting determines whether Windows Error Reporting (WER) checks if t | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -979,7 +979,7 @@ This policy setting specifies a corporate server to which Windows Error Reportin | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1010,7 +1010,7 @@ This policy setting specifies a corporate server to which Windows Error Reportin | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1047,7 +1047,7 @@ This policy setting determines the consent behavior of Windows Error Reporting f | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1078,7 +1078,7 @@ This policy setting determines the consent behavior of Windows Error Reporting f | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1105,7 +1105,7 @@ This policy setting determines the behavior of the Configure Default Consent set | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1137,7 +1137,7 @@ This policy setting determines the behavior of the Configure Default Consent set | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1164,7 +1164,7 @@ This policy setting determines the behavior of the Configure Default Consent set | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1196,7 +1196,7 @@ This policy setting determines the behavior of the Configure Default Consent set | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1231,7 +1231,7 @@ This policy setting determines the default consent behavior of Windows Error Rep | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1262,7 +1262,7 @@ This policy setting determines the default consent behavior of Windows Error Rep | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1297,7 +1297,7 @@ This policy setting determines the default consent behavior of Windows Error Rep | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1328,7 +1328,7 @@ This policy setting determines the default consent behavior of Windows Error Rep | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1355,7 +1355,7 @@ This policy setting turns off Windows Error Reporting, so that reports are not c | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1387,7 +1387,7 @@ This policy setting turns off Windows Error Reporting, so that reports are not c | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1416,7 +1416,7 @@ This policy setting limits Windows Error Reporting behavior for errors in genera | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1447,7 +1447,7 @@ This policy setting limits Windows Error Reporting behavior for errors in genera | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1476,7 +1476,7 @@ This policy setting limits Windows Error Reporting behavior for errors in genera | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1507,7 +1507,7 @@ This policy setting limits Windows Error Reporting behavior for errors in genera | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1534,7 +1534,7 @@ This policy setting controls whether Windows Error Reporting saves its own event | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1566,7 +1566,7 @@ This policy setting controls whether Windows Error Reporting saves its own event | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1593,7 +1593,7 @@ This policy setting controls whether Windows Error Reporting saves its own event | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1625,7 +1625,7 @@ This policy setting controls whether Windows Error Reporting saves its own event | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1652,7 +1652,7 @@ This policy setting controls whether additional data in support of error reports | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1684,7 +1684,7 @@ This policy setting controls whether additional data in support of error reports | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1713,7 +1713,7 @@ The Maximum number of reports to queue setting determines how many reports can b | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1745,7 +1745,7 @@ The Maximum number of reports to queue setting determines how many reports can b | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1774,7 +1774,7 @@ The Maximum number of reports to queue setting determines how many reports can b | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-eventforwarding.md b/windows/client-management/mdm/policy-csp-admx-eventforwarding.md index 359c649ead..671ae2c735 100644 --- a/windows/client-management/mdm/policy-csp-admx-eventforwarding.md +++ b/windows/client-management/mdm/policy-csp-admx-eventforwarding.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -57,7 +57,7 @@ This setting applies across all subscriptions for the forwarder (source computer | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -88,7 +88,7 @@ This setting applies across all subscriptions for the forwarder (source computer | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -118,7 +118,7 @@ Server=https://``:5986/wsman/SubscriptionManager/WEC,Refr | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-eventlog.md b/windows/client-management/mdm/policy-csp-admx-eventlog.md index 697eed0a3b..7367be19af 100644 --- a/windows/client-management/mdm/policy-csp-admx-eventlog.md +++ b/windows/client-management/mdm/policy-csp-admx-eventlog.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -57,7 +57,7 @@ This policy setting controls Event Log behavior when the log file reaches its ma | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -89,7 +89,7 @@ This policy setting controls Event Log behavior when the log file reaches its ma | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -118,7 +118,7 @@ This policy setting controls Event Log behavior when the log file reaches its ma | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -150,7 +150,7 @@ This policy setting controls Event Log behavior when the log file reaches its ma | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -179,7 +179,7 @@ This policy setting controls Event Log behavior when the log file reaches its ma | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -211,7 +211,7 @@ This policy setting controls Event Log behavior when the log file reaches its ma | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -240,7 +240,7 @@ This policy setting controls Event Log behavior when the log file reaches its ma | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -272,7 +272,7 @@ This policy setting controls Event Log behavior when the log file reaches its ma | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -302,7 +302,7 @@ This policy setting specifies the security descriptor to use for the log using t | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -333,7 +333,7 @@ This policy setting specifies the security descriptor to use for the log using t | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -363,7 +363,7 @@ This policy setting specifies the security descriptor to use for the log using t | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -394,7 +394,7 @@ This policy setting specifies the security descriptor to use for the log using t | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -424,7 +424,7 @@ This policy setting specifies the security descriptor to use for the log using t | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -455,7 +455,7 @@ This policy setting specifies the security descriptor to use for the log using t | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -485,7 +485,7 @@ This policy setting specifies the security descriptor to use for the log using t | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -516,7 +516,7 @@ This policy setting specifies the security descriptor to use for the log using t | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -545,7 +545,7 @@ This policy setting specifies the security descriptor to use for the log using t | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -576,7 +576,7 @@ This policy setting specifies the security descriptor to use for the log using t | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -605,7 +605,7 @@ This policy setting specifies the security descriptor to use for the log using t | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -636,7 +636,7 @@ This policy setting specifies the security descriptor to use for the log using t | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -665,7 +665,7 @@ This policy setting specifies the security descriptor to use for the log using t | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -696,7 +696,7 @@ This policy setting specifies the security descriptor to use for the log using t | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -725,7 +725,7 @@ This policy setting specifies the security descriptor to use for the log using t | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -756,7 +756,7 @@ This policy setting specifies the security descriptor to use for the log using t | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -786,7 +786,7 @@ This policy setting controls Event Log behavior when the log file reaches its ma | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -818,7 +818,7 @@ This policy setting controls Event Log behavior when the log file reaches its ma | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -848,7 +848,7 @@ This policy setting controls Event Log behavior when the log file reaches its ma | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -880,7 +880,7 @@ This policy setting controls Event Log behavior when the log file reaches its ma | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -910,7 +910,7 @@ This policy setting controls Event Log behavior when the log file reaches its ma | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -942,7 +942,7 @@ This policy setting controls Event Log behavior when the log file reaches its ma | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -969,7 +969,7 @@ If the policy setting is disabled, then no new events can be logged. Events can | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1001,7 +1001,7 @@ If the policy setting is disabled, then no new events can be logged. Events can | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1028,7 +1028,7 @@ This policy setting controls the location of the log file. The location of the f | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1059,7 +1059,7 @@ This policy setting controls the location of the log file. The location of the f | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1086,7 +1086,7 @@ This policy setting controls the location of the log file. The location of the f | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1117,7 +1117,7 @@ This policy setting controls the location of the log file. The location of the f | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1144,7 +1144,7 @@ This policy setting controls the location of the log file. The location of the f | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1175,7 +1175,7 @@ This policy setting controls the location of the log file. The location of the f | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1202,7 +1202,7 @@ This policy setting controls the location of the log file. The location of the f | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1233,7 +1233,7 @@ This policy setting controls the location of the log file. The location of the f | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1260,7 +1260,7 @@ This policy setting specifies the maximum size of the log file in kilobytes. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-eventlogging.md b/windows/client-management/mdm/policy-csp-admx-eventlogging.md index cb1ff63073..3f32e259bc 100644 --- a/windows/client-management/mdm/policy-csp-admx-eventlogging.md +++ b/windows/client-management/mdm/policy-csp-admx-eventlogging.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -55,7 +55,7 @@ This policy setting lets you configure Protected Event Logging. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-eventviewer.md b/windows/client-management/mdm/policy-csp-admx-eventviewer.md index 462071a83e..4152b2d2b5 100644 --- a/windows/client-management/mdm/policy-csp-admx-eventviewer.md +++ b/windows/client-management/mdm/policy-csp-admx-eventviewer.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -51,7 +51,7 @@ This is the program that will be invoked when the user clicks the events.asp lin | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -82,7 +82,7 @@ This is the program that will be invoked when the user clicks the events.asp lin | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -105,7 +105,7 @@ This specifies the command line parameters that will be passed to the events.asp | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -136,7 +136,7 @@ This specifies the command line parameters that will be passed to the events.asp | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -159,7 +159,7 @@ This is the URL that will be passed to the Description area in the Event Propert | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-explorer.md b/windows/client-management/mdm/policy-csp-admx-explorer.md index e14da0b40b..f7a98013c4 100644 --- a/windows/client-management/mdm/policy-csp-admx-explorer.md +++ b/windows/client-management/mdm/policy-csp-admx-explorer.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -51,7 +51,7 @@ Sets the target of the More Information link that will be displayed when the use | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -82,7 +82,7 @@ Sets the target of the More Information link that will be displayed when the use | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -115,7 +115,7 @@ This policy setting configures File Explorer to always display the menu bar. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -147,7 +147,7 @@ This policy setting configures File Explorer to always display the menu bar. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -172,7 +172,7 @@ If you enable this policy setting on a machine that does not contain all program | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -204,7 +204,7 @@ If you enable this policy setting on a machine that does not contain all program | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -234,7 +234,7 @@ This policy setting allows administrators to prevent users from adding new items | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -266,7 +266,7 @@ This policy setting allows administrators to prevent users from adding new items | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -289,7 +289,7 @@ This policy is similar to settings directly available to computer users. Disabli | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-externalboot.md b/windows/client-management/mdm/policy-csp-admx-externalboot.md index 1eaf7b6be0..b92d628508 100644 --- a/windows/client-management/mdm/policy-csp-admx-externalboot.md +++ b/windows/client-management/mdm/policy-csp-admx-externalboot.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -55,7 +55,7 @@ Specifies whether the PC can use the hibernation sleep state (S4) when started f | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -87,7 +87,7 @@ Specifies whether the PC can use the hibernation sleep state (S4) when started f | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -116,7 +116,7 @@ This policy setting controls whether the PC will boot to Windows To Go if a USB | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -148,7 +148,7 @@ This policy setting controls whether the PC will boot to Windows To Go if a USB | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -175,7 +175,7 @@ Specifies whether the PC can use standby sleep states (S1-S3) when starting from | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-filerecovery.md b/windows/client-management/mdm/policy-csp-admx-filerecovery.md index 27d6d8ed74..6282a944ba 100644 --- a/windows/client-management/mdm/policy-csp-admx-filerecovery.md +++ b/windows/client-management/mdm/policy-csp-admx-filerecovery.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -69,7 +69,7 @@ No system or service restarts are required for changes to this policy to take im | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-filerevocation.md b/windows/client-management/mdm/policy-csp-admx-filerevocation.md index 3e63382c0b..173917b501 100644 --- a/windows/client-management/mdm/policy-csp-admx-filerevocation.md +++ b/windows/client-management/mdm/policy-csp-admx-filerevocation.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -61,7 +61,7 @@ Contoso.com,ContosoIT. HumanResourcesApp_m5g0r7arhahqy | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-fileservervssprovider.md b/windows/client-management/mdm/policy-csp-admx-fileservervssprovider.md index c58f793f4f..e0a97756bf 100644 --- a/windows/client-management/mdm/policy-csp-admx-fileservervssprovider.md +++ b/windows/client-management/mdm/policy-csp-admx-fileservervssprovider.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -58,7 +58,7 @@ By default, the RPC protocol message between File Server VSS provider and File S | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-filesys.md b/windows/client-management/mdm/policy-csp-admx-filesys.md index 0f8c5a111c..e8e81ba85c 100644 --- a/windows/client-management/mdm/policy-csp-admx-filesys.md +++ b/windows/client-management/mdm/policy-csp-admx-filesys.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -53,7 +53,7 @@ A reboot is required for this setting to take effect. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -85,7 +85,7 @@ A reboot is required for this setting to take effect. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -111,7 +111,7 @@ A value of 1 will disable delete notifications for all volumes. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -143,7 +143,7 @@ A value of 1 will disable delete notifications for all volumes. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -168,7 +168,7 @@ A reboot is required for this setting to take effect. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -200,7 +200,7 @@ A reboot is required for this setting to take effect. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -223,7 +223,7 @@ Encrypting the page file prevents malicious users from reading data that has bee | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -255,7 +255,7 @@ Encrypting the page file prevents malicious users from reading data that has bee | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -278,7 +278,7 @@ Enabling Win32 long paths will allow manifested win32 applications and Windows S | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -310,7 +310,7 @@ Enabling Win32 long paths will allow manifested win32 applications and Windows S | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -335,7 +335,7 @@ If you enable short names on all volumes then short names will always be generat | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -366,7 +366,7 @@ If you enable short names on all volumes then short names will always be generat | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -399,7 +399,7 @@ For further information please refer to the Windows Help section | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -431,7 +431,7 @@ For further information please refer to the Windows Help section | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -454,7 +454,7 @@ TXF deprecated features included savepoints, secondary RM, miniversion and roll | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-folderredirection.md b/windows/client-management/mdm/policy-csp-admx-folderredirection.md index 424005b4ff..85dfacc588 100644 --- a/windows/client-management/mdm/policy-csp-admx-folderredirection.md +++ b/windows/client-management/mdm/policy-csp-admx-folderredirection.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -64,7 +64,7 @@ This policy setting allows you to control whether all redirected shell folders, | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -96,7 +96,7 @@ This policy setting allows you to control whether all redirected shell folders, | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -129,7 +129,7 @@ If you disable or do not configure this policy setting, all redirected shell fol | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -160,7 +160,7 @@ If you disable or do not configure this policy setting, all redirected shell fol | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -187,7 +187,7 @@ This policy setting controls whether the contents of redirected folders is copie | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -219,7 +219,7 @@ This policy setting controls whether the contents of redirected folders is copie | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -249,7 +249,7 @@ This policy setting allows the administrator to define whether Folder Redirectio | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -281,7 +281,7 @@ This policy setting allows the administrator to define whether Folder Redirectio | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -311,7 +311,7 @@ This policy setting allows the administrator to define whether Folder Redirectio | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -343,7 +343,7 @@ This policy setting allows the administrator to define whether Folder Redirectio | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -375,7 +375,7 @@ To designate a user's primary computers, an administrator must use management so | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -407,7 +407,7 @@ To designate a user's primary computers, an administrator must use management so | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -439,7 +439,7 @@ To designate a user's primary computers, an administrator must use management so | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-framepanes.md b/windows/client-management/mdm/policy-csp-admx-framepanes.md index 2f606ca169..82c7531c07 100644 --- a/windows/client-management/mdm/policy-csp-admx-framepanes.md +++ b/windows/client-management/mdm/policy-csp-admx-framepanes.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -60,7 +60,7 @@ If you disable, or do not configure this policy setting, the Details Pane is hid | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -91,7 +91,7 @@ If you disable, or do not configure this policy setting, the Details Pane is hid | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -118,7 +118,7 @@ If you disable, or do not configure this setting, the Preview Pane is hidden by | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-fthsvc.md b/windows/client-management/mdm/policy-csp-admx-fthsvc.md index 6b6547e73a..55105cb653 100644 --- a/windows/client-management/mdm/policy-csp-admx-fthsvc.md +++ b/windows/client-management/mdm/policy-csp-admx-fthsvc.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -63,7 +63,7 @@ No system restart or service restart is required for this policy setting to take | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-globalization.md b/windows/client-management/mdm/policy-csp-admx-globalization.md index 03d6b59d85..d81c3def66 100644 --- a/windows/client-management/mdm/policy-csp-admx-globalization.md +++ b/windows/client-management/mdm/policy-csp-admx-globalization.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -57,7 +57,7 @@ Note this does not affect the availability of user input methods on the lock scr | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -89,7 +89,7 @@ Note this does not affect the availability of user input methods on the lock scr | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -126,7 +126,7 @@ To set this policy setting on a per-user basis, make sure that you do not config | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -158,7 +158,7 @@ To set this policy setting on a per-user basis, make sure that you do not config | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -195,7 +195,7 @@ To set this policy setting on a per-user basis, make sure that you do not config | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -227,7 +227,7 @@ To set this policy setting on a per-user basis, make sure that you do not config | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -259,7 +259,7 @@ This policy setting is used only to simplify the Regional Options control panel. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -291,7 +291,7 @@ This policy setting is used only to simplify the Regional Options control panel. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -323,7 +323,7 @@ This policy setting is used only to simplify the Regional Options control panel. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -355,7 +355,7 @@ This policy setting is used only to simplify the Regional Options control panel. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -387,7 +387,7 @@ This policy setting is used only to simplify the Regional Options control panel. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -419,7 +419,7 @@ This policy setting is used only to simplify the Regional Options control panel. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -448,7 +448,7 @@ This policy setting is used only to simplify the Regional and Language Options c | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -480,7 +480,7 @@ This policy setting is used only to simplify the Regional and Language Options c | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -524,7 +524,7 @@ This policy setting is related to the "Turn off handwriting personalization" pol | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -555,7 +555,7 @@ This policy setting is related to the "Turn off handwriting personalization" pol | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -599,7 +599,7 @@ This policy setting is related to the "Turn off handwriting personalization" pol | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -630,7 +630,7 @@ This policy setting is related to the "Turn off handwriting personalization" pol | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -659,7 +659,7 @@ The locale list is specified using language names, separated by a semicolon (;). | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -691,7 +691,7 @@ The locale list is specified using language names, separated by a semicolon (;). | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -726,7 +726,7 @@ The locale list is specified using language tags, separated by a semicolon (;). | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -758,7 +758,7 @@ The locale list is specified using language tags, separated by a semicolon (;). | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -793,7 +793,7 @@ The locale list is specified using language tags, separated by a semicolon (;). | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -825,7 +825,7 @@ The locale list is specified using language tags, separated by a semicolon (;). | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -854,7 +854,7 @@ This is a policy setting for computers with more than one UI language installed. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -885,7 +885,7 @@ This is a policy setting for computers with more than one UI language installed. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -916,7 +916,7 @@ To enable this policy setting in Windows Server 2003, Windows XP, or Windows 200 | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -947,7 +947,7 @@ To enable this policy setting in Windows Server 2003, Windows XP, or Windows 200 | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -980,7 +980,7 @@ To set this policy setting on a per-user basis, make sure that the per-computer | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1012,7 +1012,7 @@ To set this policy setting on a per-user basis, make sure that the per-computer | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1045,7 +1045,7 @@ To set this policy setting on a per-user basis, make sure that the per-computer | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1077,7 +1077,7 @@ To set this policy setting on a per-user basis, make sure that the per-computer | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1112,7 +1112,7 @@ To set this policy on a per-user basis, make sure that the per-computer policy i | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1144,7 +1144,7 @@ To set this policy on a per-user basis, make sure that the per-computer policy i | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1179,7 +1179,7 @@ To set this policy on a per-user basis, make sure that the per-computer policy i | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1211,7 +1211,7 @@ To set this policy on a per-user basis, make sure that the per-computer policy i | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1240,7 +1240,7 @@ To enable this policy setting in Windows Vista, use the "Restricts the UI langua | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1271,7 +1271,7 @@ To enable this policy setting in Windows Vista, use the "Restricts the UI langua | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1302,7 +1302,7 @@ Note that the availability and function of this setting is dependent on supporte | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1334,7 +1334,7 @@ Note that the availability and function of this setting is dependent on supporte | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1365,7 +1365,7 @@ Note that the availability and function of this setting is dependent on supporte | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1397,7 +1397,7 @@ Note that the availability and function of this setting is dependent on supporte | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1428,7 +1428,7 @@ Note that the availability and function of this setting is dependent on supporte | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1460,7 +1460,7 @@ Note that the availability and function of this setting is dependent on supporte | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1491,7 +1491,7 @@ Note that the availability and function of this setting is dependent on supporte | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1523,7 +1523,7 @@ Note that the availability and function of this setting is dependent on supporte | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1554,7 +1554,7 @@ For example, the default value, 2029, specifies that all two-digit years less th | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-grouppolicy.md b/windows/client-management/mdm/policy-csp-admx-grouppolicy.md index 09b33d7603..d6bf0cde71 100644 --- a/windows/client-management/mdm/policy-csp-admx-grouppolicy.md +++ b/windows/client-management/mdm/policy-csp-admx-grouppolicy.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -64,7 +64,7 @@ This policy setting affects all user accounts that interactively log on to a com | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -96,7 +96,7 @@ This policy setting affects all user accounts that interactively log on to a com | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -123,7 +123,7 @@ This policy setting specifies how long Group Policy should wait for workplace co | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -154,7 +154,7 @@ This policy setting specifies how long Group Policy should wait for workplace co | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -188,7 +188,7 @@ The "Process even if the Group Policy objects have not changed" option updates a | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -219,7 +219,7 @@ The "Process even if the Group Policy objects have not changed" option updates a | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -255,7 +255,7 @@ The "Process even if the Group Policy objects have not changed" option updates a | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -286,7 +286,7 @@ The "Process even if the Group Policy objects have not changed" option updates a | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -322,7 +322,7 @@ The "Process even if the Group Policy objects have not changed" option updates a | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -353,7 +353,7 @@ The "Process even if the Group Policy objects have not changed" option updates a | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -387,7 +387,7 @@ The "Process even if the Group Policy objects have not changed" option updates a | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -418,7 +418,7 @@ The "Process even if the Group Policy objects have not changed" option updates a | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -454,7 +454,7 @@ The "Process even if the Group Policy objects have not changed" option updates a | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -485,7 +485,7 @@ The "Process even if the Group Policy objects have not changed" option updates a | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -521,7 +521,7 @@ The "Process even if the Group Policy objects have not changed" option updates a | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -552,7 +552,7 @@ The "Process even if the Group Policy objects have not changed" option updates a | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -584,7 +584,7 @@ The "Process even if the Group Policy objects have not changed" option updates a | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -615,7 +615,7 @@ The "Process even if the Group Policy objects have not changed" option updates a | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -649,7 +649,7 @@ The "Process even if the Group Policy objects have not changed" option updates a | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -680,7 +680,7 @@ The "Process even if the Group Policy objects have not changed" option updates a | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -714,7 +714,7 @@ The "Process even if the Group Policy objects have not changed" option updates a | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -745,7 +745,7 @@ The "Process even if the Group Policy objects have not changed" option updates a | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -782,7 +782,7 @@ The "Process even if the Group Policy objects have not changed" option updates a | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -813,7 +813,7 @@ The "Process even if the Group Policy objects have not changed" option updates a | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -850,7 +850,7 @@ The "Process even if the Group Policy objects have not changed" option updates a | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -881,7 +881,7 @@ The "Process even if the Group Policy objects have not changed" option updates a | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -921,7 +921,7 @@ Also, see the "Turn off Resultant set of Policy logging" policy setting in Compu | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -953,7 +953,7 @@ Also, see the "Turn off Resultant set of Policy logging" policy setting in Compu | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -993,7 +993,7 @@ Also, see the "Turn off Resultant set of Policy logging" policy setting in Compu | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1025,7 +1025,7 @@ Also, see the "Turn off Resultant set of Policy logging" policy setting in Compu | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1048,7 +1048,7 @@ This policy setting prevents the Group Policy Client Service from stopping when | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1080,7 +1080,7 @@ This policy setting prevents the Group Policy Client Service from stopping when | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1112,7 +1112,7 @@ Changing the status of this setting to Disabled will enforce the default behavio | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1144,7 +1144,7 @@ Changing the status of this setting to Disabled will enforce the default behavio | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1174,7 +1174,7 @@ This policy setting prevents Group Policy from being updated while the computer | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1206,7 +1206,7 @@ This policy setting prevents Group Policy from being updated while the computer | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1238,7 +1238,7 @@ By default, the policy settings in Local GPOs are applied before any domain-base | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1270,7 +1270,7 @@ By default, the policy settings in Local GPOs are applied before any domain-base | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1305,7 +1305,7 @@ Also, see the "Set Group Policy refresh interval for computers" policy setting t | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1337,7 +1337,7 @@ Also, see the "Set Group Policy refresh interval for computers" policy setting t | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1366,7 +1366,7 @@ This policy setting determines whether the Windows device is allowed to particip | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1398,7 +1398,7 @@ This policy setting determines whether the Windows device is allowed to particip | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1429,7 +1429,7 @@ The timeout value that is defined in this policy setting determines how long Gro | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1461,7 +1461,7 @@ The timeout value that is defined in this policy setting determines how long Gro | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1489,7 +1489,7 @@ The timeout value that is defined in this policy setting determines how long Gro | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1521,7 +1521,7 @@ The timeout value that is defined in this policy setting determines how long Gro | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1550,7 +1550,7 @@ This policy allows IT admins to turn off the ability to Link a Phone with a PC t | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1582,7 +1582,7 @@ This policy allows IT admins to turn off the ability to Link a Phone with a PC t | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1616,7 +1616,7 @@ In Group Policy Object Editor, preferences have a red icon to distinguish them f | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1648,7 +1648,7 @@ In Group Policy Object Editor, preferences have a red icon to distinguish them f | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1671,7 +1671,7 @@ This security feature provides a global setting to prevent programs from loading | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1702,7 +1702,7 @@ This security feature provides a global setting to prevent programs from loading | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1738,7 +1738,7 @@ This policy setting determines which domain controller the Group Policy Object E | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1769,7 +1769,7 @@ This policy setting determines which domain controller the Group Policy Object E | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1807,7 +1807,7 @@ Also, see the "Do not detect slow network connections" and related policies in C | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1838,7 +1838,7 @@ Also, see the "Do not detect slow network connections" and related policies in C | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1876,7 +1876,7 @@ Also, see the "Do not detect slow network connections" and related policies in C | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1907,7 +1907,7 @@ Also, see the "Do not detect slow network connections" and related policies in C | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1947,7 +1947,7 @@ This setting is only used when the "Turn off background refresh of Group Policy" | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1978,7 +1978,7 @@ This setting is only used when the "Turn off background refresh of Group Policy" | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2012,7 +2012,7 @@ This setting also lets you specify how much the actual update interval varies. T | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2043,7 +2043,7 @@ This setting also lets you specify how much the actual update interval varies. T | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2085,7 +2085,7 @@ This setting also lets you specify how much the actual update interval varies. T | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2116,7 +2116,7 @@ This setting also lets you specify how much the actual update interval varies. T | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2149,7 +2149,7 @@ By default, the Group Policy client waits five minutes before running logon scri | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2181,7 +2181,7 @@ By default, the Group Policy client waits five minutes before running logon scri | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2210,7 +2210,7 @@ If this setting is Disabled or Not Configured, the default display name of New G | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2241,7 +2241,7 @@ If this setting is Disabled or Not Configured, the default display name of New G | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2268,7 +2268,7 @@ This policy setting allows you to create new Group Policy object links in the di | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2300,7 +2300,7 @@ This policy setting allows you to create new Group Policy object links in the di | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2344,7 +2344,7 @@ This leads to the following behavior: | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2376,7 +2376,7 @@ This leads to the following behavior: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2424,7 +2424,7 @@ Setting flags not specified here to any value other than ? results in undefined | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2455,7 +2455,7 @@ Setting flags not specified here to any value other than ? results in undefined | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2478,7 +2478,7 @@ Enabling this setting will cause the Group Policy Client to connect to the same | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2510,7 +2510,7 @@ Enabling this setting will cause the Group Policy Client to connect to the same | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2542,7 +2542,7 @@ RSoP logs information on Group Policy settings that have been applied to the cli | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2574,7 +2574,7 @@ RSoP logs information on Group Policy settings that have been applied to the cli | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2606,7 +2606,7 @@ When Group Policy detects the bandwidth speed of a Direct Access connection, the | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2638,7 +2638,7 @@ When Group Policy detects the bandwidth speed of a Direct Access connection, the | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2673,7 +2673,7 @@ Note There are two conditions that will cause Group Policy to be processed synch | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2705,7 +2705,7 @@ Note There are two conditions that will cause Group Policy to be processed synch | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2732,7 +2732,7 @@ This policy setting specifies how long Group Policy should wait for network avai | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2763,7 +2763,7 @@ This policy setting specifies how long Group Policy should wait for network avai | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2801,7 +2801,7 @@ By default, the user's Group Policy Objects determine which user settings apply. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-help.md b/windows/client-management/mdm/policy-csp-admx-help.md index ffa08b71c4..37b6bab922 100644 --- a/windows/client-management/mdm/policy-csp-admx-help.md +++ b/windows/client-management/mdm/policy-csp-admx-help.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -57,7 +57,7 @@ Data Execution Prevention (DEP) is designed to block malicious code that takes a | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -89,7 +89,7 @@ Data Execution Prevention (DEP) is designed to block malicious code that takes a | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -130,7 +130,7 @@ For additional options, see the "Restrict these programs from being launched fro | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -161,7 +161,7 @@ For additional options, see the "Restrict these programs from being launched fro | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -194,7 +194,7 @@ This policy setting allows you to restrict programs from being run from online H | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -225,7 +225,7 @@ This policy setting allows you to restrict programs from being run from online H | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -258,7 +258,7 @@ This policy setting allows you to restrict programs from being run from online H | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-helpandsupport.md b/windows/client-management/mdm/policy-csp-admx-helpandsupport.md index 88e1654ffb..6a5196435b 100644 --- a/windows/client-management/mdm/policy-csp-admx-helpandsupport.md +++ b/windows/client-management/mdm/policy-csp-admx-helpandsupport.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -55,7 +55,7 @@ This policy setting specifies whether active content links in trusted assistance | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -87,7 +87,7 @@ This policy setting specifies whether active content links in trusted assistance | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -116,7 +116,7 @@ Users can use the control to provide feedback on the quality and usefulness of t | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -148,7 +148,7 @@ Users can use the control to provide feedback on the quality and usefulness of t | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -175,7 +175,7 @@ This policy setting specifies whether users can participate in the Help Experien | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -207,7 +207,7 @@ This policy setting specifies whether users can participate in the Help Experien | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -234,7 +234,7 @@ This policy setting specifies whether users can search and view content from Win | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-hotspotauth.md b/windows/client-management/mdm/policy-csp-admx-hotspotauth.md index faaed56b32..65215b4418 100644 --- a/windows/client-management/mdm/policy-csp-admx-hotspotauth.md +++ b/windows/client-management/mdm/policy-csp-admx-hotspotauth.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -57,7 +57,7 @@ If a WLAN hotspot supports the WISPr protocol, users can submit credentials when | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-icm.md b/windows/client-management/mdm/policy-csp-admx-icm.md index e64028904f..87ad65829d 100644 --- a/windows/client-management/mdm/policy-csp-admx-icm.md +++ b/windows/client-management/mdm/policy-csp-admx-icm.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -57,7 +57,7 @@ This policy setting turns off the Windows Customer Experience Improvement Progra | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -89,7 +89,7 @@ This policy setting turns off the Windows Customer Experience Improvement Progra | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -118,7 +118,7 @@ Typically, a certificate is used when you use a secure website or when you send | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -150,7 +150,7 @@ Typically, a certificate is used when you use a secure website or when you send | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -184,7 +184,7 @@ Also, see the "Web-based printing" policy setting in Computer Configuration/Admi | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -216,7 +216,7 @@ Also, see the "Web-based printing" policy setting in Computer Configuration/Admi | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -248,7 +248,7 @@ To set up HTTP printing, non-inbox drivers need to be downloaded over HTTP. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -280,7 +280,7 @@ To set up HTTP printing, non-inbox drivers need to be downloaded over HTTP. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -314,7 +314,7 @@ Also see "Turn off Windows Update device driver search prompt" in "Administrativ | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -346,7 +346,7 @@ Also see "Turn off Windows Update device driver search prompt" in "Administrativ | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -375,7 +375,7 @@ The Event Viewer normally makes all HTTP(S) URLs into hyperlinks that activate t | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -407,7 +407,7 @@ The Event Viewer normally makes all HTTP(S) URLs into hyperlinks that activate t | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -438,7 +438,7 @@ You might want to enable this policy setting for users who do not have Internet | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -470,7 +470,7 @@ You might want to enable this policy setting for users who do not have Internet | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -499,7 +499,7 @@ The Knowledge Base is an online source of technical support information and self | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -531,7 +531,7 @@ The Knowledge Base is an online source of technical support information and self | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -560,7 +560,7 @@ This policy setting specifies whether Windows can access the Internet to accompl | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -592,7 +592,7 @@ This policy setting specifies whether Windows can access the Internet to accompl | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -621,7 +621,7 @@ This policy setting specifies whether Windows can access the Internet to accompl | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -653,7 +653,7 @@ This policy setting specifies whether Windows can access the Internet to accompl | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -680,7 +680,7 @@ This policy setting specifies whether the Internet Connection Wizard can connect | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -712,7 +712,7 @@ This policy setting specifies whether the Internet Connection Wizard can connect | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -741,7 +741,7 @@ Note that registration is optional and involves submitting some personal informa | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -773,7 +773,7 @@ Note that registration is optional and involves submitting some personal informa | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -806,7 +806,7 @@ Also see the "Configure Error Reporting", "Display Error Notification" and "Disa | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -837,7 +837,7 @@ Also see the "Configure Error Reporting", "Display Error Notification" and "Disa | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -867,7 +867,7 @@ This policy setting allows you to remove access to Windows Update. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -899,7 +899,7 @@ This policy setting allows you to remove access to Windows Update. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -931,7 +931,7 @@ When users search the local computer or the Internet, Search Companion occasiona | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -963,7 +963,7 @@ When users search the local computer or the Internet, Search Companion occasiona | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -992,7 +992,7 @@ When a user opens a file that has an extension that is not associated with any a | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1024,7 +1024,7 @@ When a user opens a file that has an extension that is not associated with any a | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1053,7 +1053,7 @@ When a user opens a file that has an extension that is not associated with any a | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1085,7 +1085,7 @@ When a user opens a file that has an extension that is not associated with any a | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1114,7 +1114,7 @@ When a user opens a file type or protocol that is not associated with any applic | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1146,7 +1146,7 @@ When a user opens a file type or protocol that is not associated with any applic | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1175,7 +1175,7 @@ When a user opens a file type or protocol that is not associated with any applic | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1207,7 +1207,7 @@ When a user opens a file type or protocol that is not associated with any applic | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1238,7 +1238,7 @@ See the documentation for the web publishing and online ordering wizards for mor | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1270,7 +1270,7 @@ See the documentation for the web publishing and online ordering wizards for mor | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1299,7 +1299,7 @@ The Order Prints Online Wizard is used to download a list of providers and allow | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1331,7 +1331,7 @@ The Order Prints Online Wizard is used to download a list of providers and allow | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1360,7 +1360,7 @@ The Order Prints Online Wizard is used to download a list of providers and allow | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1392,7 +1392,7 @@ The Order Prints Online Wizard is used to download a list of providers and allow | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1421,7 +1421,7 @@ The Web Publishing Wizard is used to download a list of providers and allow user | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1453,7 +1453,7 @@ The Web Publishing Wizard is used to download a list of providers and allow user | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1482,7 +1482,7 @@ The Web Publishing Wizard is used to download a list of providers and allow user | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1514,7 +1514,7 @@ The Web Publishing Wizard is used to download a list of providers and allow user | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1545,7 +1545,7 @@ With the Customer Experience Improvement program, users can allow Microsoft to c | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1577,7 +1577,7 @@ With the Customer Experience Improvement program, users can allow Microsoft to c | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1608,7 +1608,7 @@ With the Customer Experience Improvement program, users can allow Microsoft to c | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-iis.md b/windows/client-management/mdm/policy-csp-admx-iis.md index 8bb9180356..4723887660 100644 --- a/windows/client-management/mdm/policy-csp-admx-iis.md +++ b/windows/client-management/mdm/policy-csp-admx-iis.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -54,7 +54,7 @@ ms.topic: reference | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-iscsi.md b/windows/client-management/mdm/policy-csp-admx-iscsi.md index 7e452b36f8..d595d630eb 100644 --- a/windows/client-management/mdm/policy-csp-admx-iscsi.md +++ b/windows/client-management/mdm/policy-csp-admx-iscsi.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -51,7 +51,7 @@ If enabled then new iSNS servers may not be added and thus new targets discovere | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -83,7 +83,7 @@ If enabled then new iSNS servers may not be added and thus new targets discovere | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -106,7 +106,7 @@ If enabled then new target portals may not be added and thus new targets discove | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -138,7 +138,7 @@ If enabled then new target portals may not be added and thus new targets discove | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -161,7 +161,7 @@ If enabled then discovered targets may not be manually configured. If disabled t | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -193,7 +193,7 @@ If enabled then discovered targets may not be manually configured. If disabled t | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -216,7 +216,7 @@ If enabled then new targets may not be manually configured by entering the targe | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -248,7 +248,7 @@ If enabled then new targets may not be manually configured by entering the targe | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -271,7 +271,7 @@ If enabled then do not allow the initiator iqn name to be changed. If disabled t | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -303,7 +303,7 @@ If enabled then do not allow the initiator iqn name to be changed. If disabled t | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -326,7 +326,7 @@ If enabled then only those sessions that are established via a persistent login | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -358,7 +358,7 @@ If enabled then only those sessions that are established via a persistent login | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -381,7 +381,7 @@ If enabled then do not allow the initiator CHAP secret to be changed. If disable | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -413,7 +413,7 @@ If enabled then do not allow the initiator CHAP secret to be changed. If disable | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -436,7 +436,7 @@ If enabled then only those connections that are configured for IPSec may be esta | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -468,7 +468,7 @@ If enabled then only those connections that are configured for IPSec may be esta | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -491,7 +491,7 @@ If enabled then only those sessions that are configured for mutual CHAP may be e | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -523,7 +523,7 @@ If enabled then only those sessions that are configured for mutual CHAP may be e | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -546,7 +546,7 @@ If enabled then only those sessions that are configured for one-way CHAP may be | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-kdc.md b/windows/client-management/mdm/policy-csp-admx-kdc.md index 6bd45aa619..59d1ad1721 100644 --- a/windows/client-management/mdm/policy-csp-admx-kdc.md +++ b/windows/client-management/mdm/policy-csp-admx-kdc.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -81,7 +81,7 @@ Impact on domain controller performance when this policy setting is enabled: | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -113,7 +113,7 @@ Impact on domain controller performance when this policy setting is enabled: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -145,7 +145,7 @@ For Windows Logon to leverage this feature, the "Display information about previ | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -177,7 +177,7 @@ For Windows Logon to leverage this feature, the "Display information about previ | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -206,7 +206,7 @@ To ensure consistent behavior, this policy setting must be supported and set ide | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -238,7 +238,7 @@ To ensure consistent behavior, this policy setting must be supported and set ide | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -271,7 +271,7 @@ Required: PKInit Freshness Extension is required for successful authentication. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -302,7 +302,7 @@ Required: PKInit Freshness Extension is required for successful authentication. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -332,7 +332,7 @@ This policy setting allows you to configure a domain controller to request compo | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -364,7 +364,7 @@ This policy setting allows you to configure a domain controller to request compo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -391,7 +391,7 @@ This policy setting allows you to configure at what size Kerberos tickets will t | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-kerberos.md b/windows/client-management/mdm/policy-csp-admx-kerberos.md index 9b5b04a23d..8064ca30a9 100644 --- a/windows/client-management/mdm/policy-csp-admx-kerberos.md +++ b/windows/client-management/mdm/policy-csp-admx-kerberos.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -58,7 +58,7 @@ This policy setting controls whether a device always sends a compound authentica | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -90,7 +90,7 @@ This policy setting controls whether a device always sends a compound authentica | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -124,7 +124,7 @@ Force: Device will always authenticate using its certificate. If a DC cannot be | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -156,7 +156,7 @@ Force: Device will always authenticate using its certificate. If a DC cannot be | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -185,7 +185,7 @@ This policy setting allows you to specify which DNS host names and which DNS suf | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -217,7 +217,7 @@ This policy setting allows you to specify which DNS host names and which DNS suf | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -247,7 +247,7 @@ This policy setting allows you to disable revocation check for the SSL certifica | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -279,7 +279,7 @@ This policy setting allows you to disable revocation check for the SSL certifica | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -306,7 +306,7 @@ This policy setting configures the Kerberos client's mapping to KDC proxy server | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -338,7 +338,7 @@ This policy setting configures the Kerberos client's mapping to KDC proxy server | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -367,7 +367,7 @@ This policy setting configures the Kerberos client so that it can authenticate w | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -399,7 +399,7 @@ This policy setting configures the Kerberos client so that it can authenticate w | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -435,7 +435,7 @@ Always: Compound authentication is always provided for this computer account. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -467,7 +467,7 @@ Always: Compound authentication is always provided for this computer account. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -494,7 +494,7 @@ This policy setting allows you to configure this server so that Kerberos can dec | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-lanmanserver.md b/windows/client-management/mdm/policy-csp-admx-lanmanserver.md index 8797d0788c..5f36e5d7f4 100644 --- a/windows/client-management/mdm/policy-csp-admx-lanmanserver.md +++ b/windows/client-management/mdm/policy-csp-admx-lanmanserver.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -73,7 +73,7 @@ Arrange the desired cipher suites in the edit box, one cipher suite per line, in | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -104,7 +104,7 @@ Arrange the desired cipher suites in the edit box, one cipher suite per line, in | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -145,7 +145,7 @@ In circumstances where this policy setting is enabled, you can also select the f | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -176,7 +176,7 @@ In circumstances where this policy setting is enabled, you can also select the f | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -221,7 +221,7 @@ Hash version supported: | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -252,7 +252,7 @@ Hash version supported: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -282,7 +282,7 @@ This policy setting determines how the SMB server selects a cipher suite when ne | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-lanmanworkstation.md b/windows/client-management/mdm/policy-csp-admx-lanmanworkstation.md index 570620c9fe..77bf2e4301 100644 --- a/windows/client-management/mdm/policy-csp-admx-lanmanworkstation.md +++ b/windows/client-management/mdm/policy-csp-admx-lanmanworkstation.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -74,7 +74,7 @@ AES_256 is not supported on Windows 10 version 20H2 and lower. If you enter only | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -105,7 +105,7 @@ AES_256 is not supported on Windows 10 version 20H2 and lower. If you enter only | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -135,7 +135,7 @@ This policy setting determines the behavior of SMB handle caching for clients co | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -167,7 +167,7 @@ This policy setting determines the behavior of SMB handle caching for clients co | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -197,7 +197,7 @@ This policy setting determines the behavior of Offline Files on clients connecti | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-leakdiagnostic.md b/windows/client-management/mdm/policy-csp-admx-leakdiagnostic.md index 4cb2d9618a..bac5ee83d9 100644 --- a/windows/client-management/mdm/policy-csp-admx-leakdiagnostic.md +++ b/windows/client-management/mdm/policy-csp-admx-leakdiagnostic.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -66,7 +66,7 @@ For Windows Server systems, this policy setting applies only if the Desktop Expe | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-linklayertopologydiscovery.md b/windows/client-management/mdm/policy-csp-admx-linklayertopologydiscovery.md index cb378bccaa..e9d07bfeca 100644 --- a/windows/client-management/mdm/policy-csp-admx-linklayertopologydiscovery.md +++ b/windows/client-management/mdm/policy-csp-admx-linklayertopologydiscovery.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -57,7 +57,7 @@ LLTDIO allows a computer to discover the topology of a network it's connected to | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -89,7 +89,7 @@ LLTDIO allows a computer to discover the topology of a network it's connected to | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -118,7 +118,7 @@ The Responder allows a computer to participate in Link Layer Topology Discovery | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-locationprovideradm.md b/windows/client-management/mdm/policy-csp-admx-locationprovideradm.md index 0cd5e91ebf..6d99e67a98 100644 --- a/windows/client-management/mdm/policy-csp-admx-locationprovideradm.md +++ b/windows/client-management/mdm/policy-csp-admx-locationprovideradm.md @@ -30,7 +30,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -57,7 +57,7 @@ This policy setting turns off the Windows Location Provider feature for this com | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-logon.md b/windows/client-management/mdm/policy-csp-admx-logon.md index 45c71aa99d..0b651742b0 100644 --- a/windows/client-management/mdm/policy-csp-admx-logon.md +++ b/windows/client-management/mdm/policy-csp-admx-logon.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -55,7 +55,7 @@ This policy prevents the user from showing account details (email address or use | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -87,7 +87,7 @@ This policy prevents the user from showing account details (email address or use | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -113,7 +113,7 @@ This policy setting disables the acrylic blur effect on logon background image. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -145,7 +145,7 @@ This policy setting disables the acrylic blur effect on logon background image. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -181,7 +181,7 @@ Also, see the "Do not process the run once list" policy setting. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -213,7 +213,7 @@ Also, see the "Do not process the run once list" policy setting. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -249,7 +249,7 @@ Also, see the "Do not process the run once list" policy setting. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -281,7 +281,7 @@ Also, see the "Do not process the run once list" policy setting. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -317,7 +317,7 @@ Also, see the "Do not process the legacy run list" policy setting. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -349,7 +349,7 @@ Also, see the "Do not process the legacy run list" policy setting. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -385,7 +385,7 @@ Also, see the "Do not process the legacy run list" policy setting. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -417,7 +417,7 @@ Also, see the "Do not process the legacy run list" policy setting. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -444,7 +444,7 @@ This policy setting suppresses system status messages. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -476,7 +476,7 @@ This policy setting suppresses system status messages. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -503,7 +503,7 @@ This policy setting prevents connected users from being enumerated on domain-joi | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -535,7 +535,7 @@ This policy setting prevents connected users from being enumerated on domain-joi | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -572,7 +572,7 @@ This setting applies only to Windows 2000 Professional. It does not affect the " | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -604,7 +604,7 @@ This setting applies only to Windows 2000 Professional. It does not affect the " | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -641,7 +641,7 @@ This setting applies only to Windows 2000 Professional. It does not affect the " | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -673,7 +673,7 @@ This setting applies only to Windows 2000 Professional. It does not affect the " | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -707,7 +707,7 @@ Also, see the "Do not process the legacy run list" and the "Do not process the r | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -738,7 +738,7 @@ Also, see the "Do not process the legacy run list" and the "Do not process the r | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -772,7 +772,7 @@ Also, see the "Do not process the legacy run list" and the "Do not process the r | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -803,7 +803,7 @@ Also, see the "Do not process the legacy run list" and the "Do not process the r | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -847,7 +847,7 @@ Note | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -879,7 +879,7 @@ Note | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -908,7 +908,7 @@ This policy setting may be used to make Windows give preference to a custom logo | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -940,7 +940,7 @@ This policy setting may be used to make Windows give preference to a custom logo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -972,7 +972,7 @@ This policy setting is designed for advanced users who require this information. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md b/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md index b060939d52..a6779046e7 100644 --- a/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md +++ b/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -55,7 +55,7 @@ This policy setting controls the load priority for the antimalware service. Incr | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -87,7 +87,7 @@ This policy setting controls the load priority for the antimalware service. Incr | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -120,7 +120,7 @@ Enabling or disabling this policy may lead to unexpected or unsupported behavior | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -152,7 +152,7 @@ Enabling or disabling this policy may lead to unexpected or unsupported behavior | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -184,7 +184,7 @@ Same as Disabled. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -216,7 +216,7 @@ Same as Disabled. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -249,7 +249,7 @@ Real-time Protection -> Do not enable the "Turn off real-time protection" policy | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -281,7 +281,7 @@ Real-time Protection -> Do not enable the "Turn off real-time protection" policy | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -308,7 +308,7 @@ This policy setting controls whether or not complex list settings configured by | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -340,7 +340,7 @@ This policy setting controls whether or not complex list settings configured by | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -371,7 +371,7 @@ Real-time protection consists of always-on scanning with file and process behavi | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -403,7 +403,7 @@ Real-time protection consists of always-on scanning with file and process behavi | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -432,7 +432,7 @@ This policy setting allows you to configure whether Microsoft Defender Antivirus | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -464,7 +464,7 @@ This policy setting allows you to configure whether Microsoft Defender Antivirus | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -489,7 +489,7 @@ This policy setting allows you specify a list of file types that should be exclu | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -521,7 +521,7 @@ This policy setting allows you specify a list of file types that should be exclu | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -546,7 +546,7 @@ This policy setting allows you to disable scheduled and real-time scanning for f | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -578,7 +578,7 @@ This policy setting allows you to disable scheduled and real-time scanning for f | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -603,7 +603,7 @@ This policy setting allows you to disable real-time scanning for any file opened | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -635,7 +635,7 @@ This policy setting allows you to disable real-time scanning for any file opened | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -673,7 +673,7 @@ You can configure ASR rules in the Configure Attack Surface Reduction rules GP s | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -705,7 +705,7 @@ You can configure ASR rules in the Configure Attack Surface Reduction rules GP s | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -769,7 +769,7 @@ You can exclude folders or files in the "Exclude files and paths from Attack Sur | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -801,7 +801,7 @@ You can exclude folders or files in the "Exclude files and paths from Attack Sur | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -841,7 +841,7 @@ Default system folders are automatically guarded, but you can add folders in the | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -873,7 +873,7 @@ Default system folders are automatically guarded, but you can add folders in the | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -914,7 +914,7 @@ Microsoft Defender Antivirus automatically determines which applications can be | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -946,7 +946,7 @@ Microsoft Defender Antivirus automatically determines which applications can be | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -978,7 +978,7 @@ Same as Disabled. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1010,7 +1010,7 @@ Same as Disabled. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1037,7 +1037,7 @@ This policy setting allows you to configure definition retirement for network pr | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1069,7 +1069,7 @@ This policy setting allows you to configure definition retirement for network pr | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1092,7 +1092,7 @@ This policy setting defines additional definition sets to enable for network tra | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1124,7 +1124,7 @@ This policy setting defines additional definition sets to enable for network tra | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1151,7 +1151,7 @@ This policy setting allows you to configure protocol recognition for network pro | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1183,7 +1183,7 @@ This policy setting allows you to configure protocol recognition for network pro | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1210,7 +1210,7 @@ This policy, if defined, will prevent antimalware from using the configured prox | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1241,7 +1241,7 @@ This policy, if defined, will prevent antimalware from using the configured prox | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1276,7 +1276,7 @@ This policy setting defines the URL of a proxy .pac file that should be used whe | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1307,7 +1307,7 @@ This policy setting defines the URL of a proxy .pac file that should be used whe | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1342,7 +1342,7 @@ This policy setting allows you to configure the named proxy that should be used | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1373,7 +1373,7 @@ This policy setting allows you to configure the named proxy that should be used | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1400,7 +1400,7 @@ This policy setting configures a local override for the configuration of the num | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1432,7 +1432,7 @@ This policy setting configures a local override for the configuration of the num | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1459,7 +1459,7 @@ This policy setting defines the number of days items should be kept in the Quara | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1491,7 +1491,7 @@ This policy setting defines the number of days items should be kept in the Quara | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1518,7 +1518,7 @@ This policy setting allows you to configure the scheduled scan, and the schedule | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1550,7 +1550,7 @@ This policy setting allows you to configure the scheduled scan, and the schedule | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1579,7 +1579,7 @@ This policy setting allows you to configure behavior monitoring. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1611,7 +1611,7 @@ This policy setting allows you to configure behavior monitoring. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1640,7 +1640,7 @@ This policy setting allows you to configure scanning for all downloaded files an | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1672,7 +1672,7 @@ This policy setting allows you to configure scanning for all downloaded files an | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1701,7 +1701,7 @@ This policy setting allows you to configure monitoring for file and program acti | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1733,7 +1733,7 @@ This policy setting allows you to configure monitoring for file and program acti | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1760,7 +1760,7 @@ This policy setting controls whether raw volume write notifications are sent to | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1792,7 +1792,7 @@ This policy setting controls whether raw volume write notifications are sent to | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1821,7 +1821,7 @@ This policy setting allows you to configure process scanning when real-time prot | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1853,7 +1853,7 @@ This policy setting allows you to configure process scanning when real-time prot | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1880,7 +1880,7 @@ This policy setting defines the maximum size (in kilobytes) of downloaded files | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1912,7 +1912,7 @@ This policy setting defines the maximum size (in kilobytes) of downloaded files | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1939,7 +1939,7 @@ This policy setting configures a local override for the configuration of behavio | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1971,7 +1971,7 @@ This policy setting configures a local override for the configuration of behavio | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1998,7 +1998,7 @@ This policy setting configures a local override for the configuration of scannin | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2030,7 +2030,7 @@ This policy setting configures a local override for the configuration of scannin | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2057,7 +2057,7 @@ This policy setting configures a local override for the configuration of monitor | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2089,7 +2089,7 @@ This policy setting configures a local override for the configuration of monitor | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2116,7 +2116,7 @@ This policy setting configures a local override for the configuration to turn on | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2148,7 +2148,7 @@ This policy setting configures a local override for the configuration to turn on | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2175,7 +2175,7 @@ This policy setting configures a local override for the configuration of monitor | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2207,7 +2207,7 @@ This policy setting configures a local override for the configuration of monitor | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2234,7 +2234,7 @@ This policy setting configures a local override for the configuration of the tim | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2266,7 +2266,7 @@ This policy setting configures a local override for the configuration of the tim | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2304,7 +2304,7 @@ This setting can be configured with the following ordinal number values: | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2336,7 +2336,7 @@ This setting can be configured with the following ordinal number values: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2363,7 +2363,7 @@ This policy setting allows you to specify the time of day at which to perform a | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2395,7 +2395,7 @@ This policy setting allows you to specify the time of day at which to perform a | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2418,7 +2418,7 @@ This policy setting configures the time in minutes before a detection in the "ad | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2450,7 +2450,7 @@ This policy setting configures the time in minutes before a detection in the "ad | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2473,7 +2473,7 @@ This policy setting configures the time in minutes before a detection in the "cr | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2505,7 +2505,7 @@ This policy setting configures the time in minutes before a detection in the "cr | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2534,7 +2534,7 @@ Use this policy setting to specify if you want Microsoft Defender Antivirus enha | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2566,7 +2566,7 @@ Use this policy setting to specify if you want Microsoft Defender Antivirus enha | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2593,7 +2593,7 @@ This policy setting allows you to configure whether or not Watson events are sen | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2625,7 +2625,7 @@ This policy setting allows you to configure whether or not Watson events are sen | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2648,7 +2648,7 @@ This policy setting configures the time in minutes before a detection in the "no | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2680,7 +2680,7 @@ This policy setting configures the time in minutes before a detection in the "no | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2703,7 +2703,7 @@ This policy setting configures the time in minutes before a detection in the "co | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2735,7 +2735,7 @@ This policy setting configures the time in minutes before a detection in the "co | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2758,7 +2758,7 @@ This policy configures Windows software trace preprocessor (WPP Software Tracing | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2790,7 +2790,7 @@ This policy configures Windows software trace preprocessor (WPP Software Tracing | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2818,7 +2818,7 @@ Tracing levels are defined as: | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2850,7 +2850,7 @@ Tracing levels are defined as: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2877,7 +2877,7 @@ This policy setting allows you to manage whether or not end users can pause a sc | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2909,7 +2909,7 @@ This policy setting allows you to manage whether or not end users can pause a sc | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2936,7 +2936,7 @@ This policy setting allows you to configure the maximum directory depth level in | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2968,7 +2968,7 @@ This policy setting allows you to configure the maximum directory depth level in | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2995,7 +2995,7 @@ This policy setting allows you to configure the maximum size of archive files su | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -3027,7 +3027,7 @@ This policy setting allows you to configure the maximum size of archive files su | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -3056,7 +3056,7 @@ This policy setting allows you to configure scans for malicious software and unw | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -3088,7 +3088,7 @@ This policy setting allows you to configure scans for malicious software and unw | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -3115,7 +3115,7 @@ This policy setting allows you to configure e-mail scanning. When e-mail scannin | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -3147,7 +3147,7 @@ This policy setting allows you to configure e-mail scanning. When e-mail scannin | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -3174,7 +3174,7 @@ This policy setting allows you to configure heuristics. Suspicious detections wi | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -3206,7 +3206,7 @@ This policy setting allows you to configure heuristics. Suspicious detections wi | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -3228,7 +3228,7 @@ This policy setting allows you to configure heuristics. Suspicious detections wi | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -3256,7 +3256,7 @@ This policy setting allows you to configure heuristics. Suspicious detections wi | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -3283,7 +3283,7 @@ This policy setting allows you to manage whether or not to scan for malicious so | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -3315,7 +3315,7 @@ This policy setting allows you to manage whether or not to scan for malicious so | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -3342,7 +3342,7 @@ This policy setting allows you to configure reparse point scanning. If you allow | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -3374,7 +3374,7 @@ This policy setting allows you to configure reparse point scanning. If you allow | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -3401,7 +3401,7 @@ This policy setting allows you to create a system restore point on the computer | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -3433,7 +3433,7 @@ This policy setting allows you to create a system restore point on the computer | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -3460,7 +3460,7 @@ This policy setting allows you to configure scanning mapped network drives. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -3492,7 +3492,7 @@ This policy setting allows you to configure scanning mapped network drives. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -3519,7 +3519,7 @@ This policy setting allows you to configure scanning for network files. It is re | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -3551,7 +3551,7 @@ This policy setting allows you to configure scanning for network files. It is re | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -3578,7 +3578,7 @@ This policy setting configures a local override for the configuration of maximum | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -3610,7 +3610,7 @@ This policy setting configures a local override for the configuration of maximum | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -3637,7 +3637,7 @@ This policy setting configures a local override for the configuration of the sca | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -3669,7 +3669,7 @@ This policy setting configures a local override for the configuration of the sca | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -3696,7 +3696,7 @@ This policy setting configures a local override for the configuration of schedul | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -3728,7 +3728,7 @@ This policy setting configures a local override for the configuration of schedul | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -3755,7 +3755,7 @@ This policy setting configures a local override for the configuration of schedul | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -3787,7 +3787,7 @@ This policy setting configures a local override for the configuration of schedul | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -3814,7 +3814,7 @@ This policy setting configures a local override for the configuration of schedul | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -3846,7 +3846,7 @@ This policy setting configures a local override for the configuration of schedul | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -3873,7 +3873,7 @@ This policy setting allows you to enable or disable low CPU priority for schedul | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -3905,7 +3905,7 @@ This policy setting allows you to enable or disable low CPU priority for schedul | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -3932,7 +3932,7 @@ This policy setting allows you to define the number of consecutive scheduled sca | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -3964,7 +3964,7 @@ This policy setting allows you to define the number of consecutive scheduled sca | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -3991,7 +3991,7 @@ This policy setting defines the number of days items should be kept in the scan | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -4023,7 +4023,7 @@ This policy setting defines the number of days items should be kept in the scan | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -4050,7 +4050,7 @@ This policy setting allows you to specify an interval at which to perform a quic | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -4082,7 +4082,7 @@ This policy setting allows you to specify an interval at which to perform a quic | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -4109,7 +4109,7 @@ This policy setting allows you to configure scheduled scans to start only when y | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -4141,7 +4141,7 @@ This policy setting allows you to configure scheduled scans to start only when y | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -4179,7 +4179,7 @@ This setting can be configured with the following ordinal number values: | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -4211,7 +4211,7 @@ This setting can be configured with the following ordinal number values: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -4238,7 +4238,7 @@ This policy setting allows you to specify the time of day at which to perform a | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -4270,7 +4270,7 @@ This policy setting allows you to specify the time of day at which to perform a | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -4297,7 +4297,7 @@ This policy setting allows you to configure whether or not the antimalware servi | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -4329,7 +4329,7 @@ This policy setting allows you to configure whether or not the antimalware servi | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -4356,7 +4356,7 @@ This policy setting allows you to define the number of days that must pass befor | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -4388,7 +4388,7 @@ This policy setting allows you to define the number of days that must pass befor | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -4415,7 +4415,7 @@ This policy setting allows you to define the number of days that must pass befor | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -4447,7 +4447,7 @@ This policy setting allows you to define the number of days that must pass befor | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -4474,7 +4474,7 @@ This policy setting allows you to configure UNC file share sources for downloadi | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -4505,7 +4505,7 @@ This policy setting allows you to configure UNC file share sources for downloadi | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -4532,7 +4532,7 @@ This policy setting allows you to configure the automatic scan which starts afte | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -4564,7 +4564,7 @@ This policy setting allows you to configure the automatic scan which starts afte | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -4591,7 +4591,7 @@ This policy setting allows you to configure security intelligence updates when t | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -4623,7 +4623,7 @@ This policy setting allows you to configure security intelligence updates when t | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -4650,7 +4650,7 @@ This policy setting allows you to configure security intelligence updates on sta | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -4682,7 +4682,7 @@ This policy setting allows you to configure security intelligence updates on sta | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -4711,7 +4711,7 @@ For Example: `{ InternalDefinitionUpdateServer | MicrosoftUpdateServer | MMPC }` | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -4742,7 +4742,7 @@ For Example: `{ InternalDefinitionUpdateServer | MicrosoftUpdateServer | MMPC }` | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -4769,7 +4769,7 @@ This policy setting allows you to enable download of security intelligence updat | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -4801,7 +4801,7 @@ This policy setting allows you to enable download of security intelligence updat | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -4828,7 +4828,7 @@ This policy setting allows you to enable real-time security intelligence updates | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -4860,7 +4860,7 @@ This policy setting allows you to enable real-time security intelligence updates | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -4898,7 +4898,7 @@ This setting can be configured with the following ordinal number values: | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -4930,7 +4930,7 @@ This setting can be configured with the following ordinal number values: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -4957,7 +4957,7 @@ This policy setting allows you to specify the time of day at which to check for | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -4989,7 +4989,7 @@ This policy setting allows you to specify the time of day at which to check for | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -5014,7 +5014,7 @@ If you disable or do not configure this setting, security intelligence will be r | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -5045,7 +5045,7 @@ If you disable or do not configure this setting, security intelligence will be r | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -5072,7 +5072,7 @@ This policy setting allows you to configure the antimalware service to receive n | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -5104,7 +5104,7 @@ This policy setting allows you to configure the antimalware service to receive n | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -5131,7 +5131,7 @@ This policy setting allows you to define the number of days after which a catch- | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -5163,7 +5163,7 @@ This policy setting allows you to define the number of days after which a catch- | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -5190,7 +5190,7 @@ This policy setting allows you to manage whether a check for new virus and spywa | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -5222,7 +5222,7 @@ This policy setting allows you to manage whether a check for new virus and spywa | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -5249,7 +5249,7 @@ This policy setting configures a local override for the configuration to join Mi | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -5281,7 +5281,7 @@ This policy setting configures a local override for the configuration to join Mi | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -5321,7 +5321,7 @@ In Windows 10, Basic membership is no longer available, so setting the value to | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -5353,7 +5353,7 @@ In Windows 10, Basic membership is no longer available, so setting the value to | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -5381,7 +5381,7 @@ Valid remediation action values are: | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -5413,7 +5413,7 @@ Valid remediation action values are: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -5440,7 +5440,7 @@ This policy setting allows you to configure whether or not to display additional | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -5471,7 +5471,7 @@ This policy setting allows you to configure whether or not to display additional | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -5499,7 +5499,7 @@ Use this policy setting to specify if you want Microsoft Defender Antivirus noti | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -5531,7 +5531,7 @@ Use this policy setting to specify if you want Microsoft Defender Antivirus noti | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -5558,7 +5558,7 @@ If you enable this setting AM UI won't show reboot notifications. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -5590,7 +5590,7 @@ If you enable this setting AM UI won't show reboot notifications. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -5614,7 +5614,7 @@ If you enable this setting AM UI won't be available to users. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-mmc.md b/windows/client-management/mdm/policy-csp-admx-mmc.md index 5d97114149..5d31524cc8 100644 --- a/windows/client-management/mdm/policy-csp-admx-mmc.md +++ b/windows/client-management/mdm/policy-csp-admx-mmc.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -65,7 +65,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -97,7 +97,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -134,7 +134,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -166,7 +166,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -203,7 +203,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -235,7 +235,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -266,7 +266,7 @@ If you disable this setting or do not configure it, users can enter author mode | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -298,7 +298,7 @@ If you disable this setting or do not configure it, users can enter author mode | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -334,7 +334,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-mmcsnapins.md b/windows/client-management/mdm/policy-csp-admx-mmcsnapins.md index 258567b3e8..401e1cfe8d 100644 --- a/windows/client-management/mdm/policy-csp-admx-mmcsnapins.md +++ b/windows/client-management/mdm/policy-csp-admx-mmcsnapins.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -65,7 +65,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -97,7 +97,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -134,7 +134,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -166,7 +166,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -203,7 +203,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -235,7 +235,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -272,7 +272,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -304,7 +304,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -341,7 +341,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -373,7 +373,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -410,7 +410,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -442,7 +442,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -479,7 +479,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -511,7 +511,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -548,7 +548,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -580,7 +580,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -617,7 +617,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -649,7 +649,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -686,7 +686,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -718,7 +718,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -755,7 +755,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -787,7 +787,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -824,7 +824,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -856,7 +856,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -893,7 +893,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -925,7 +925,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -962,7 +962,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -994,7 +994,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1031,7 +1031,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1063,7 +1063,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1100,7 +1100,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1132,7 +1132,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1169,7 +1169,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1201,7 +1201,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1238,7 +1238,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1270,7 +1270,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1307,7 +1307,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1339,7 +1339,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1376,7 +1376,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1408,7 +1408,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1445,7 +1445,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1477,7 +1477,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1514,7 +1514,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1546,7 +1546,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1583,7 +1583,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1615,7 +1615,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1652,7 +1652,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1684,7 +1684,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1721,7 +1721,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1753,7 +1753,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1790,7 +1790,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1822,7 +1822,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1859,7 +1859,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1891,7 +1891,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1928,7 +1928,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1960,7 +1960,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1997,7 +1997,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2029,7 +2029,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2066,7 +2066,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2098,7 +2098,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2135,7 +2135,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2167,7 +2167,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2204,7 +2204,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2236,7 +2236,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2273,7 +2273,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2305,7 +2305,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2342,7 +2342,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2374,7 +2374,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2411,7 +2411,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2443,7 +2443,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2480,7 +2480,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2512,7 +2512,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2549,7 +2549,7 @@ When the Group Policy tab is inaccessible, it does not appear in the site, domai | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2581,7 +2581,7 @@ When the Group Policy tab is inaccessible, it does not appear in the site, domai | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2618,7 +2618,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2650,7 +2650,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2687,7 +2687,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2719,7 +2719,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2756,7 +2756,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2788,7 +2788,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2825,7 +2825,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2857,7 +2857,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2894,7 +2894,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2926,7 +2926,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2963,7 +2963,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2995,7 +2995,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -3032,7 +3032,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -3064,7 +3064,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -3101,7 +3101,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -3133,7 +3133,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -3170,7 +3170,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -3202,7 +3202,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -3239,7 +3239,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -3271,7 +3271,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -3308,7 +3308,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -3340,7 +3340,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -3377,7 +3377,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -3409,7 +3409,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -3446,7 +3446,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -3478,7 +3478,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -3515,7 +3515,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -3547,7 +3547,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -3584,7 +3584,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -3616,7 +3616,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -3653,7 +3653,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -3685,7 +3685,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -3722,7 +3722,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -3754,7 +3754,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -3791,7 +3791,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -3823,7 +3823,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -3860,7 +3860,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -3892,7 +3892,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -3929,7 +3929,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -3961,7 +3961,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -3998,7 +3998,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -4030,7 +4030,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -4067,7 +4067,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -4099,7 +4099,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -4136,7 +4136,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -4168,7 +4168,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -4205,7 +4205,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -4237,7 +4237,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -4274,7 +4274,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -4306,7 +4306,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -4343,7 +4343,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -4375,7 +4375,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -4412,7 +4412,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -4444,7 +4444,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -4481,7 +4481,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -4513,7 +4513,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -4550,7 +4550,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -4582,7 +4582,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -4619,7 +4619,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -4651,7 +4651,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -4688,7 +4688,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -4720,7 +4720,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -4757,7 +4757,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -4789,7 +4789,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -4826,7 +4826,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -4858,7 +4858,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -4895,7 +4895,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -4927,7 +4927,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -4964,7 +4964,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -4996,7 +4996,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -5033,7 +5033,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -5065,7 +5065,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -5102,7 +5102,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -5134,7 +5134,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -5171,7 +5171,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -5203,7 +5203,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -5240,7 +5240,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -5272,7 +5272,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -5309,7 +5309,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -5341,7 +5341,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -5378,7 +5378,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -5410,7 +5410,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -5447,7 +5447,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -5479,7 +5479,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -5516,7 +5516,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -5548,7 +5548,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -5585,7 +5585,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -5617,7 +5617,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -5654,7 +5654,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -5686,7 +5686,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -5723,7 +5723,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -5755,7 +5755,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -5792,7 +5792,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -5824,7 +5824,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -5861,7 +5861,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -5893,7 +5893,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -5930,7 +5930,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -5962,7 +5962,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -5999,7 +5999,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -6031,7 +6031,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -6068,7 +6068,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -6100,7 +6100,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -6137,7 +6137,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -6169,7 +6169,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -6206,7 +6206,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -6238,7 +6238,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -6275,7 +6275,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -6307,7 +6307,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -6344,7 +6344,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -6376,7 +6376,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -6413,7 +6413,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -6445,7 +6445,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -6482,7 +6482,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -6514,7 +6514,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -6551,7 +6551,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -6583,7 +6583,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -6620,7 +6620,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -6652,7 +6652,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -6689,7 +6689,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -6721,7 +6721,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -6758,7 +6758,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -6790,7 +6790,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -6827,7 +6827,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -6859,7 +6859,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -6896,7 +6896,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -6928,7 +6928,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -6965,7 +6965,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -6997,7 +6997,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -7034,7 +7034,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -7066,7 +7066,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -7103,7 +7103,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -7135,7 +7135,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -7172,7 +7172,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-mobilepcmobilitycenter.md b/windows/client-management/mdm/policy-csp-admx-mobilepcmobilitycenter.md index 9b6b505f69..5ca5caf29f 100644 --- a/windows/client-management/mdm/policy-csp-admx-mobilepcmobilitycenter.md +++ b/windows/client-management/mdm/policy-csp-admx-mobilepcmobilitycenter.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -57,7 +57,7 @@ This policy setting turns off Windows Mobility Center. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -89,7 +89,7 @@ This policy setting turns off Windows Mobility Center. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -118,7 +118,7 @@ This policy setting turns off Windows Mobility Center. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-mobilepcpresentationsettings.md b/windows/client-management/mdm/policy-csp-admx-mobilepcpresentationsettings.md index e218a0b620..0d04549df1 100644 --- a/windows/client-management/mdm/policy-csp-admx-mobilepcpresentationsettings.md +++ b/windows/client-management/mdm/policy-csp-admx-mobilepcpresentationsettings.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -60,7 +60,7 @@ This policy setting turns off Windows presentation settings. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -92,7 +92,7 @@ This policy setting turns off Windows presentation settings. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -124,7 +124,7 @@ This policy setting turns off Windows presentation settings. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-msapolicy.md b/windows/client-management/mdm/policy-csp-admx-msapolicy.md index 79877b4972..bc85af259e 100644 --- a/windows/client-management/mdm/policy-csp-admx-msapolicy.md +++ b/windows/client-management/mdm/policy-csp-admx-msapolicy.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -57,7 +57,7 @@ By default, this setting is Disabled. This setting does not affect whether users | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-msched.md b/windows/client-management/mdm/policy-csp-admx-msched.md index d87a3ba4e2..2c02c6f548 100644 --- a/windows/client-management/mdm/policy-csp-admx-msched.md +++ b/windows/client-management/mdm/policy-csp-admx-msched.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -57,7 +57,7 @@ The maintenance activation boundary is the daily schduled time at which Automati | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -88,7 +88,7 @@ The maintenance activation boundary is the daily schduled time at which Automati | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -119,7 +119,7 @@ The maintenance random delay is the amount of time up to which Automatic Mainten | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-msdt.md b/windows/client-management/mdm/policy-csp-admx-msdt.md index 0e88923b66..1a68161d76 100644 --- a/windows/client-management/mdm/policy-csp-admx-msdt.md +++ b/windows/client-management/mdm/policy-csp-admx-msdt.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -61,7 +61,7 @@ No reboots or service restarts are required for this policy setting to take effe | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -93,7 +93,7 @@ No reboots or service restarts are required for this policy setting to take effe | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -134,7 +134,7 @@ This policy setting will only take effect when the Diagnostic Policy Service (DP | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -166,7 +166,7 @@ This policy setting will only take effect when the Diagnostic Policy Service (DP | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -203,7 +203,7 @@ This policy setting will only take effect when the Diagnostic Policy Service (DP | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-msi.md b/windows/client-management/mdm/policy-csp-admx-msi.md index 499da602ee..815a68978c 100644 --- a/windows/client-management/mdm/policy-csp-admx-msi.md +++ b/windows/client-management/mdm/policy-csp-admx-msi.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -59,7 +59,7 @@ This policy setting does not affect installations that run in the user's securit | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -91,7 +91,7 @@ This policy setting does not affect installations that run in the user's securit | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -122,7 +122,7 @@ Also, see the "Prevent removable media source for any install" policy setting. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -154,7 +154,7 @@ Also, see the "Prevent removable media source for any install" policy setting. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -183,7 +183,7 @@ This policy setting does not affect installations that run in the user's securit | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -215,7 +215,7 @@ This policy setting does not affect installations that run in the user's securit | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -248,7 +248,7 @@ This policy setting controls Windows Installer's interaction with the Restart Ma | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -279,7 +279,7 @@ This policy setting controls Windows Installer's interaction with the Restart Ma | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -312,7 +312,7 @@ Also, see the "Enable user to browse for source while elevated" policy setting. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -344,7 +344,7 @@ Also, see the "Enable user to browse for source while elevated" policy setting. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -371,7 +371,7 @@ This policy setting controls the ability to turn off all patch optimizations. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -402,7 +402,7 @@ This policy setting controls the ability to turn off all patch optimizations. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -433,7 +433,7 @@ This policy setting controls Windows Installer's processing of the MsiLogging pr | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -464,7 +464,7 @@ This policy setting controls Windows Installer's processing of the MsiLogging pr | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -495,7 +495,7 @@ Also, see the "Enable user to use media source while elevated" and "Hide the 'Ad | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -527,7 +527,7 @@ Also, see the "Enable user to use media source while elevated" and "Hide the 'Ad | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -560,7 +560,7 @@ This policy setting affects Windows Installer only. It does not prevent users fr | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -591,7 +591,7 @@ This policy setting affects Windows Installer only. It does not prevent users fr | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -623,7 +623,7 @@ Also, see the "Enable user to patch elevated products" policy setting. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -655,7 +655,7 @@ Also, see the "Enable user to patch elevated products" policy setting. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -684,7 +684,7 @@ This policy setting appears in the Computer Configuration and User Configuration | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -716,7 +716,7 @@ This policy setting appears in the Computer Configuration and User Configuration | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -745,7 +745,7 @@ This policy setting appears in the Computer Configuration and User Configuration | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -777,7 +777,7 @@ This policy setting appears in the Computer Configuration and User Configuration | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -804,7 +804,7 @@ This policy setting controls the ability to turn off shared components. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -836,7 +836,7 @@ This policy setting controls the ability to turn off shared components. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -865,7 +865,7 @@ Non-administrator updates provide a mechanism for the author of an application t | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -897,7 +897,7 @@ Non-administrator updates provide a mechanism for the author of an application t | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -926,7 +926,7 @@ This policy setting should be used if you need to maintain a tight control over | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -958,7 +958,7 @@ This policy setting should be used if you need to maintain a tight control over | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -985,7 +985,7 @@ This policy setting prevents Windows Installer from creating a System Restore ch | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1017,7 +1017,7 @@ This policy setting prevents Windows Installer from creating a System Restore ch | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1044,7 +1044,7 @@ This policy setting allows you to configure user installs. To configure this pol | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1075,7 +1075,7 @@ This policy setting allows you to configure user installs. To configure this pol | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1108,7 +1108,7 @@ The new feature must be added as a new leaf feature to an existing feature tree. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1140,7 +1140,7 @@ The new feature must be added as a new leaf feature to an existing feature tree. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1173,7 +1173,7 @@ If you set the baseline cache to 100, the Windows Installer will use available f | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1204,7 +1204,7 @@ If you set the baseline cache to 100, the Windows Installer will use available f | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1231,7 +1231,7 @@ This policy setting controls the ability to prevent embedded UI. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1263,7 +1263,7 @@ This policy setting controls the ability to prevent embedded UI. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1292,7 +1292,7 @@ If you disable or do not configure this policy setting, Windows Installer logs t | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1323,7 +1323,7 @@ If you disable or do not configure this policy setting, Windows Installer logs t | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1352,7 +1352,7 @@ This policy setting is designed for enterprises that use Web-based tools to dist | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1384,7 +1384,7 @@ This policy setting is designed for enterprises that use Web-based tools to dist | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1419,7 +1419,7 @@ To exclude a file source, omit or delete the letter representing that source typ | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1450,7 +1450,7 @@ To exclude a file source, omit or delete the letter representing that source typ | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1485,7 +1485,7 @@ This policy setting is designed for enterprises to prevent unauthorized or malic | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-msifilerecovery.md b/windows/client-management/mdm/policy-csp-admx-msifilerecovery.md index c46a50f66e..4095627d3a 100644 --- a/windows/client-management/mdm/policy-csp-admx-msifilerecovery.md +++ b/windows/client-management/mdm/policy-csp-admx-msifilerecovery.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -68,7 +68,7 @@ No system or service restarts are required for changes to this policy setting to | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-mss-legacy.md b/windows/client-management/mdm/policy-csp-admx-mss-legacy.md index 937a55a043..00f68b6aeb 100644 --- a/windows/client-management/mdm/policy-csp-admx-mss-legacy.md +++ b/windows/client-management/mdm/policy-csp-admx-mss-legacy.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -51,7 +51,7 @@ Enable Automatic Logon (not recommended). | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -79,7 +79,7 @@ Enable Automatic Logon (not recommended). | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -102,7 +102,7 @@ Allow Windows to automatically restart after a system crash (recommended except | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -130,7 +130,7 @@ Allow Windows to automatically restart after a system crash (recommended except | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -153,7 +153,7 @@ Enable administrative shares on servers (recommended except for highly secure en | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -181,7 +181,7 @@ Enable administrative shares on servers (recommended except for highly secure en | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -204,7 +204,7 @@ Enable administrative shares on workstations (recommended except for highly secu | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -232,7 +232,7 @@ Enable administrative shares on workstations (recommended except for highly secu | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -254,7 +254,7 @@ Enable administrative shares on workstations (recommended except for highly secu | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -283,7 +283,7 @@ Prevent the dial-up password from being saved (recommended). | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -306,7 +306,7 @@ Allow automatic detection of dead network gateways (could lead to DoS). | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -334,7 +334,7 @@ Allow automatic detection of dead network gateways (could lead to DoS). | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -357,7 +357,7 @@ Hide Computer From the Browse List (not recommended except for highly secure env | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -385,7 +385,7 @@ Hide Computer From the Browse List (not recommended except for highly secure env | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -408,7 +408,7 @@ Define how often keep-alive packets are sent in milliseconds. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -436,7 +436,7 @@ Define how often keep-alive packets are sent in milliseconds. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -459,7 +459,7 @@ Configure IPSec exemptions for various types of network traffic. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -487,7 +487,7 @@ Configure IPSec exemptions for various types of network traffic. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -510,7 +510,7 @@ Enable the computer to stop generating 8.3 style filenames. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -538,7 +538,7 @@ Enable the computer to stop generating 8.3 style filenames. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -561,7 +561,7 @@ Enable the computer to stop generating 8.3 style filenames. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -589,7 +589,7 @@ Enable the computer to stop generating 8.3 style filenames. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -612,7 +612,7 @@ Enable Safe DLL search mode (recommended). | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -640,7 +640,7 @@ Enable Safe DLL search mode (recommended). | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -663,7 +663,7 @@ he time in seconds before the screen saver grace period expires (0 recommended). | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -691,7 +691,7 @@ he time in seconds before the screen saver grace period expires (0 recommended). | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -714,7 +714,7 @@ Syn attack protection level (protects against DoS). | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -742,7 +742,7 @@ Syn attack protection level (protects against DoS). | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -765,7 +765,7 @@ SYN-ACK retransmissions when a connection request is not acknowledged. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -793,7 +793,7 @@ SYN-ACK retransmissions when a connection request is not acknowledged. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -816,7 +816,7 @@ Define how many times unacknowledged data is retransmitted (3 recommended, 5 is | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -844,7 +844,7 @@ Define how many times unacknowledged data is retransmitted (3 recommended, 5 is | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -867,7 +867,7 @@ Define how many times unacknowledged data is retransmitted (3 recommended, 5 is | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -895,7 +895,7 @@ Define how many times unacknowledged data is retransmitted (3 recommended, 5 is | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -918,7 +918,7 @@ Percentage threshold for the security event log at which the system will generat | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-nca.md b/windows/client-management/mdm/policy-csp-admx-nca.md index 85404a8ef6..fae30f7ced 100644 --- a/windows/client-management/mdm/policy-csp-admx-nca.md +++ b/windows/client-management/mdm/policy-csp-admx-nca.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -69,7 +69,7 @@ You must configure this setting to have complete NCA functionality. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -100,7 +100,7 @@ You must configure this setting to have complete NCA functionality. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -123,7 +123,7 @@ Specifies commands configured by the administrator for custom logging. These com | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -154,7 +154,7 @@ Specifies commands configured by the administrator for custom logging. These com | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -183,7 +183,7 @@ You must configure this setting to have complete NCA functionality. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -214,7 +214,7 @@ You must configure this setting to have complete NCA functionality. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -239,7 +239,7 @@ If this setting is not configured, the string that appears for DirectAccess conn | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -270,7 +270,7 @@ If this setting is not configured, the string that appears for DirectAccess conn | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -304,7 +304,7 @@ If this setting is not configured, users do not have Connect or Disconnect optio | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -336,7 +336,7 @@ If this setting is not configured, users do not have Connect or Disconnect optio | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -361,7 +361,7 @@ Set this to Disabled to keep NCA probing actively all the time. If this setting | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -393,7 +393,7 @@ Set this to Disabled to keep NCA probing actively all the time. If this setting | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -420,7 +420,7 @@ If this setting is not configured, the entry for DirectAccess connectivity appea | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -452,7 +452,7 @@ If this setting is not configured, the entry for DirectAccess connectivity appea | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -477,7 +477,7 @@ When the user sends the log files to the Administrator, NCA uses the default e-m | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-ncsi.md b/windows/client-management/mdm/policy-csp-admx-ncsi.md index 5d02b44e64..efd6152977 100644 --- a/windows/client-management/mdm/policy-csp-admx-ncsi.md +++ b/windows/client-management/mdm/policy-csp-admx-ncsi.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -53,7 +53,7 @@ This policy setting enables you to specify the expected address of the host name | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -84,7 +84,7 @@ This policy setting enables you to specify the expected address of the host name | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -109,7 +109,7 @@ This policy setting enables you to specify the host name of a computer known to | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -140,7 +140,7 @@ This policy setting enables you to specify the host name of a computer known to | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -165,7 +165,7 @@ This policy setting enables you to specify the list of IPv6 corporate site prefi | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -196,7 +196,7 @@ This policy setting enables you to specify the list of IPv6 corporate site prefi | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -221,7 +221,7 @@ This policy setting enables you to specify the URL of the corporate website, aga | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -252,7 +252,7 @@ This policy setting enables you to specify the URL of the corporate website, aga | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -277,7 +277,7 @@ This policy setting enables you to specify the HTTPS URL of the corporate websit | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -308,7 +308,7 @@ This policy setting enables you to specify the HTTPS URL of the corporate websit | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -331,7 +331,7 @@ This policy setting enables you to specify DNS binding behavior. NCSI by default | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -362,7 +362,7 @@ This policy setting enables you to specify DNS binding behavior. NCSI by default | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -385,7 +385,7 @@ This Policy setting enables you to specify passive polling behavior. NCSI polls | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-netlogon.md b/windows/client-management/mdm/policy-csp-admx-netlogon.md index 21ca763a38..023bb78ff6 100644 --- a/windows/client-management/mdm/policy-csp-admx-netlogon.md +++ b/windows/client-management/mdm/policy-csp-admx-netlogon.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -63,7 +63,7 @@ If you do not configure this policy setting, it is not applied to any DCs, and D | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -94,7 +94,7 @@ If you do not configure this policy setting, it is not applied to any DCs, and D | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -125,7 +125,7 @@ By default, DC Locator APIs can return IPv4/IPv6 DC address. But if some applica | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -157,7 +157,7 @@ By default, DC Locator APIs can return IPv4/IPv6 DC address. But if some applica | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -186,7 +186,7 @@ By default, when no setting is specified for this policy, the behavior is the sa | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -218,7 +218,7 @@ By default, when no setting is specified for this policy, the behavior is the sa | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -249,7 +249,7 @@ By default, Net Logon will not allow the older cryptography algorithms to be use | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -281,7 +281,7 @@ By default, Net Logon will not allow the older cryptography algorithms to be use | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -312,7 +312,7 @@ By default, the behavior specified in the AllowDnsSuffixSearch is used. If the A | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -344,7 +344,7 @@ By default, the behavior specified in the AllowDnsSuffixSearch is used. If the A | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -373,7 +373,7 @@ This policy setting determines whether domain controllers (DC) will dynamically | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -405,7 +405,7 @@ This policy setting determines whether domain controllers (DC) will dynamically | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -436,7 +436,7 @@ Note that this policy setting does not affect NetBIOS-based discovery for DC loc | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -468,7 +468,7 @@ Note that this policy setting does not affect NetBIOS-based discovery for DC loc | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -499,7 +499,7 @@ Contacting the PDC emulator is useful in case the client's password was recently | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -531,7 +531,7 @@ Contacting the PDC emulator is useful in case the client's password was recently | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -563,7 +563,7 @@ If the value of this setting is less than the value specified in the NegativeCac | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -594,7 +594,7 @@ If the value of this setting is less than the value specified in the NegativeCac | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -628,7 +628,7 @@ If the value for this setting is too small and the DC is not available, the freq | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -659,7 +659,7 @@ If the value for this setting is too small and the DC is not available, the freq | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -687,7 +687,7 @@ The default value for this setting is to not quit retrying (0). The maximum valu | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -718,7 +718,7 @@ The default value for this setting is to not quit retrying (0). The maximum valu | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -741,7 +741,7 @@ This policy setting determines when a successful DC cache entry is refreshed. Th | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -772,7 +772,7 @@ This policy setting determines when a successful DC cache entry is refreshed. Th | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -803,7 +803,7 @@ If you specify zero for this policy setting, the default behavior occurs as desc | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -834,7 +834,7 @@ If you specify zero for this policy setting, the default behavior occurs as desc | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -887,7 +887,7 @@ This policy setting determines which DC Locator DNS records aren't registered by | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -918,7 +918,7 @@ This policy setting determines which DC Locator DNS records aren't registered by | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -950,7 +950,7 @@ If you do not configure this policy setting, it is not applied to any DCs, and D | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -981,7 +981,7 @@ If you do not configure this policy setting, it is not applied to any DCs, and D | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1016,7 +1016,7 @@ More information is available at | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1048,7 +1048,7 @@ More information is available at | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1075,7 +1075,7 @@ If you do not configure this policy setting, it is not applied to any DCs, and D | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1106,7 +1106,7 @@ If you do not configure this policy setting, it is not applied to any DCs, and D | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1133,7 +1133,7 @@ If you do not configure this policy setting, it is not applied to any computers, | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1164,7 +1164,7 @@ If you do not configure this policy setting, it is not applied to any computers, | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1195,7 +1195,7 @@ The Domain Controller Locator (DC Locator) service is used by clients to find do | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1226,7 +1226,7 @@ The Domain Controller Locator (DC Locator) service is used by clients to find do | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1255,7 +1255,7 @@ If you do not configure this policy setting, it is not applied to any GCs, and G | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1286,7 +1286,7 @@ If you do not configure this policy setting, it is not applied to any GCs, and G | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1318,7 +1318,7 @@ This policy setting is recommended to reduce the attack surface on a DC, and can | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1350,7 +1350,7 @@ This policy setting is recommended to reduce the attack surface on a DC, and can | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1379,7 +1379,7 @@ If you do not configure this policy setting, it is not applied to any DCs, and D | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1410,7 +1410,7 @@ If you do not configure this policy setting, it is not applied to any DCs, and D | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1439,7 +1439,7 @@ If you do not configure this policy setting, it is not applied to any DCs, and D | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1470,7 +1470,7 @@ If you do not configure this policy setting, it is not applied to any DCs, and D | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1499,7 +1499,7 @@ By default, the maximum size of the log file is 20MB. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1530,7 +1530,7 @@ By default, the maximum size of the log file is 20MB. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1559,7 +1559,7 @@ If you do not configure this policy setting, it is not applied to any DCs, and D | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1590,7 +1590,7 @@ If you do not configure this policy setting, it is not applied to any DCs, and D | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1618,7 +1618,7 @@ The default value for this setting is 45 seconds. The maximum value for this set | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1649,7 +1649,7 @@ The default value for this setting is 45 seconds. The maximum value for this set | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1683,7 +1683,7 @@ By default, the Netlogon share will grant shared read access to files on the sha | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1715,7 +1715,7 @@ By default, the Netlogon share will grant shared read access to files on the sha | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1740,7 +1740,7 @@ The default value for this setting is 30 minutes (1800). The maximum value for t | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1771,7 +1771,7 @@ The default value for this setting is 30 minutes (1800). The maximum value for t | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1805,7 +1805,7 @@ If you do not configure this policy setting, it is not applied to any computers, | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1836,7 +1836,7 @@ If you do not configure this policy setting, it is not applied to any computers, | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1869,7 +1869,7 @@ To enable the setting, click Enabled, and then specify the interval in seconds. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1900,7 +1900,7 @@ To enable the setting, click Enabled, and then specify the interval in seconds. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1929,7 +1929,7 @@ If you do not configure this policy setting, it is not applied to any DCs, and D | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1960,7 +1960,7 @@ If you do not configure this policy setting, it is not applied to any DCs, and D | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1989,7 +1989,7 @@ If you do not configure this policy setting, it is not applied to any computers, | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2020,7 +2020,7 @@ If you do not configure this policy setting, it is not applied to any computers, | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2054,7 +2054,7 @@ If you enable this policy setting, domain administrators should ensure that the | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2086,7 +2086,7 @@ If you enable this policy setting, domain administrators should ensure that the | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2117,7 +2117,7 @@ The DC Locator service is used by clients to find domain controllers for their A | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2149,7 +2149,7 @@ The DC Locator service is used by clients to find domain controllers for their A | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2178,7 +2178,7 @@ This policy setting determines if dynamic registration of the domain controller | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-networkconnections.md b/windows/client-management/mdm/policy-csp-admx-networkconnections.md index 54ca825b67..fe84c32ea0 100644 --- a/windows/client-management/mdm/policy-csp-admx-networkconnections.md +++ b/windows/client-management/mdm/policy-csp-admx-networkconnections.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -68,7 +68,7 @@ The Install and Uninstall buttons appear in the properties dialog box for connec | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -100,7 +100,7 @@ The Install and Uninstall buttons appear in the properties dialog box for connec | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -135,7 +135,7 @@ The Advanced Settings item lets users view and change bindings and view and chan | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -167,7 +167,7 @@ The Advanced Settings item lets users view and change bindings and view and chan | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -209,7 +209,7 @@ Determines whether users can configure advanced TCP/IP settings. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -241,7 +241,7 @@ Determines whether users can configure advanced TCP/IP settings. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -277,7 +277,7 @@ Determines whether administrators can enable and disable the components used by | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -309,7 +309,7 @@ Determines whether administrators can enable and disable the components used by | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -352,7 +352,7 @@ To create an all-user remote access connection, on the Connection Availability p | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -384,7 +384,7 @@ To create an all-user remote access connection, on the Connection Availability p | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -423,7 +423,7 @@ Determines whether users can delete remote access connections. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -455,7 +455,7 @@ Determines whether users can delete remote access connections. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -487,7 +487,7 @@ The Remote Access Preferences item lets users create and change connections befo | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -519,7 +519,7 @@ The Remote Access Preferences item lets users create and change connections befo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -546,7 +546,7 @@ If you disable this setting or do not configure it, the "local access only" icon | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -578,7 +578,7 @@ If you disable this setting or do not configure it, the "local access only" icon | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -612,7 +612,7 @@ By default, Network Connections group settings in Windows XP Professional do not | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -644,7 +644,7 @@ By default, Network Connections group settings in Windows XP Professional do not | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -675,7 +675,7 @@ When a remote client computer connects to an internal network using DirectAccess | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -706,7 +706,7 @@ When a remote client computer connects to an internal network using DirectAccess | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -733,7 +733,7 @@ This policy setting allows you to manage whether notifications are shown to the | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -765,7 +765,7 @@ This policy setting allows you to manage whether notifications are shown to the | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -811,7 +811,7 @@ The Local Area Connection Properties dialog box includes a list of the network c | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -843,7 +843,7 @@ The Local Area Connection Properties dialog box includes a list of the network c | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -878,7 +878,7 @@ Determines whether users can enable/disable LAN connections. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -910,7 +910,7 @@ Determines whether users can enable/disable LAN connections. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -950,7 +950,7 @@ This setting determines whether the Properties menu item is enabled, and thus, w | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -982,7 +982,7 @@ This setting determines whether the Properties menu item is enabled, and thus, w | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1018,7 +1018,7 @@ Determines whether users can use the New Connection Wizard, which creates new ne | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1050,7 +1050,7 @@ Determines whether users can use the New Connection Wizard, which creates new ne | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1087,7 +1087,7 @@ The Internet Connection Firewall is a stateful packet filter for home and small | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1119,7 +1119,7 @@ The Internet Connection Firewall is a stateful packet filter for home and small | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1162,7 +1162,7 @@ This setting determines whether the Properties menu item is enabled, and thus, w | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1194,7 +1194,7 @@ This setting determines whether the Properties menu item is enabled, and thus, w | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1237,7 +1237,7 @@ The Networking tab of the Remote Access Connection Properties dialog box include | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1269,7 +1269,7 @@ The Networking tab of the Remote Access Connection Properties dialog box include | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1299,7 +1299,7 @@ Determines whether users can connect and disconnect remote access connections. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1331,7 +1331,7 @@ Determines whether users can connect and disconnect remote access connections. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1373,7 +1373,7 @@ This setting determines whether the Properties menu item is enabled, and thus, w | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1405,7 +1405,7 @@ This setting determines whether the Properties menu item is enabled, and thus, w | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1445,7 +1445,7 @@ To create an all-user connection, on the Connection Availability page in the New | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1477,7 +1477,7 @@ To create an all-user connection, on the Connection Availability page in the New | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1515,7 +1515,7 @@ If this setting is not configured, only Administrators and Network Configuration | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1547,7 +1547,7 @@ If this setting is not configured, only Administrators and Network Configuration | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1582,7 +1582,7 @@ Determines whether nonadministrators can rename a LAN connection. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1614,7 +1614,7 @@ Determines whether nonadministrators can rename a LAN connection. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1649,7 +1649,7 @@ Private connections are those that are available only to one user. To create a p | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1681,7 +1681,7 @@ Private connections are those that are available only to one user. To create a p | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1724,7 +1724,7 @@ By default, ICS is disabled when you create a remote access connection, but admi | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1756,7 +1756,7 @@ By default, ICS is disabled when you create a remote access connection, but admi | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1788,7 +1788,7 @@ Connection status is available from the connection status taskbar icon or from t | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1820,7 +1820,7 @@ Connection status is available from the connection status taskbar icon or from t | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1847,7 +1847,7 @@ This policy setting determines whether to require domain users to elevate when s | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-offlinefiles.md b/windows/client-management/mdm/policy-csp-admx-offlinefiles.md index cefe2b532a..e3f32a88f3 100644 --- a/windows/client-management/mdm/policy-csp-admx-offlinefiles.md +++ b/windows/client-management/mdm/policy-csp-admx-offlinefiles.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -57,7 +57,7 @@ This setting automatically extends the "make available offline" setting to all n | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -89,7 +89,7 @@ This setting automatically extends the "make available offline" setting to all n | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -121,7 +121,7 @@ This policy setting lists network files and folders that are always available fo | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -152,7 +152,7 @@ This policy setting lists network files and folders that are always available fo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -184,7 +184,7 @@ This policy setting lists network files and folders that are always available fo | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -215,7 +215,7 @@ This policy setting lists network files and folders that are always available fo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -244,7 +244,7 @@ You can also configure Background Sync for network shares that are in user selec | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -276,7 +276,7 @@ You can also configure Background Sync for network shares that are in user selec | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -315,7 +315,7 @@ This setting replaces the Default Cache Size setting used by pre-Windows Vista s | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -346,7 +346,7 @@ This setting replaces the Default Cache Size setting used by pre-Windows Vista s | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -376,7 +376,7 @@ This setting appears in the Computer Configuration and User Configuration folder | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -407,7 +407,7 @@ This setting appears in the Computer Configuration and User Configuration folder | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -437,7 +437,7 @@ This setting appears in the Computer Configuration and User Configuration folder | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -468,7 +468,7 @@ This setting appears in the Computer Configuration and User Configuration folder | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -506,7 +506,7 @@ This setting does not limit the disk space available for files that user's make | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -537,7 +537,7 @@ This setting does not limit the disk space available for files that user's make | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -569,7 +569,7 @@ This policy setting determines whether the Offline Files feature is enabled. Off | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -601,7 +601,7 @@ This policy setting determines whether the Offline Files feature is enabled. Off | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -637,7 +637,7 @@ This setting is applied at user logon. If this setting is changed after user log | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -669,7 +669,7 @@ This setting is applied at user logon. If this setting is changed after user log | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -707,7 +707,7 @@ To use this setting, in the "Enter" box, select the number corresponding to the | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -738,7 +738,7 @@ To use this setting, in the "Enter" box, select the number corresponding to the | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -776,7 +776,7 @@ To use this setting, in the "Enter" box, select the number corresponding to the | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -807,7 +807,7 @@ To use this setting, in the "Enter" box, select the number corresponding to the | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -834,7 +834,7 @@ This policy setting enables administrators to block certain file types from bein | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -865,7 +865,7 @@ This policy setting enables administrators to block certain file types from bein | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -897,7 +897,7 @@ To use this setting, type the file name extension in the "Extensions" box. To ty | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -928,7 +928,7 @@ To use this setting, type the file name extension in the "Extensions" box. To ty | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -970,7 +970,7 @@ Also, see the "Non-default server disconnect actions" setting. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1001,7 +1001,7 @@ Also, see the "Non-default server disconnect actions" setting. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1043,7 +1043,7 @@ Also, see the "Non-default server disconnect actions" setting. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1074,7 +1074,7 @@ Also, see the "Non-default server disconnect actions" setting. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1106,7 +1106,7 @@ This setting appears in the Computer Configuration and User Configuration folder | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1138,7 +1138,7 @@ This setting appears in the Computer Configuration and User Configuration folder | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1170,7 +1170,7 @@ This setting appears in the Computer Configuration and User Configuration folder | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1202,7 +1202,7 @@ This setting appears in the Computer Configuration and User Configuration folder | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1234,7 +1234,7 @@ This setting appears in the Computer Configuration and User Configuration folder | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1266,7 +1266,7 @@ This setting appears in the Computer Configuration and User Configuration folder | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1298,7 +1298,7 @@ This setting appears in the Computer Configuration and User Configuration folder | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1330,7 +1330,7 @@ This setting appears in the Computer Configuration and User Configuration folder | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1363,7 +1363,7 @@ The "Make Available Offline" command is called "Always available offline" on com | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1395,7 +1395,7 @@ The "Make Available Offline" command is called "Always available offline" on com | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1428,7 +1428,7 @@ The "Make Available Offline" command is called "Always available offline" on com | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1460,7 +1460,7 @@ The "Make Available Offline" command is called "Always available offline" on com | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1499,7 +1499,7 @@ If the "Remove 'Make Available Offline' command" policy setting is enabled, this | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1530,7 +1530,7 @@ If the "Remove 'Make Available Offline' command" policy setting is enabled, this | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1569,7 +1569,7 @@ If the "Remove 'Make Available Offline' command" policy setting is enabled, this | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1600,7 +1600,7 @@ If the "Remove 'Make Available Offline' command" policy setting is enabled, this | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1638,7 +1638,7 @@ This setting appears in the Computer Configuration and User Configuration folder | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1670,7 +1670,7 @@ This setting appears in the Computer Configuration and User Configuration folder | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1708,7 +1708,7 @@ This setting appears in the Computer Configuration and User Configuration folder | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1740,7 +1740,7 @@ This setting appears in the Computer Configuration and User Configuration folder | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1771,7 +1771,7 @@ This policy setting is triggered by the configured round trip network latency va | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1802,7 +1802,7 @@ This policy setting is triggered by the configured round trip network latency va | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1832,7 +1832,7 @@ If you disable this setting or do not configure it, automatically and manually c | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1864,7 +1864,7 @@ If you disable this setting or do not configure it, automatically and manually c | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1891,7 +1891,7 @@ This policy setting allows you to turn on economical application of administrati | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1923,7 +1923,7 @@ This policy setting allows you to turn on economical application of administrati | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1955,7 +1955,7 @@ This setting appears in the Computer Configuration and User Configuration folder | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1986,7 +1986,7 @@ This setting appears in the Computer Configuration and User Configuration folder | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2018,7 +2018,7 @@ This setting appears in the Computer Configuration and User Configuration folder | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2049,7 +2049,7 @@ This setting appears in the Computer Configuration and User Configuration folder | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2076,7 +2076,7 @@ This setting appears in the Computer Configuration and User Configuration folder | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2107,7 +2107,7 @@ This setting appears in the Computer Configuration and User Configuration folder | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2134,7 +2134,7 @@ This setting appears in the Computer Configuration and User Configuration folder | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2165,7 +2165,7 @@ This setting appears in the Computer Configuration and User Configuration folder | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2192,7 +2192,7 @@ This setting appears in the Computer Configuration and User Configuration folder | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2223,7 +2223,7 @@ This setting appears in the Computer Configuration and User Configuration folder | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2250,7 +2250,7 @@ This setting appears in the Computer Configuration and User Configuration folder | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2281,7 +2281,7 @@ This setting appears in the Computer Configuration and User Configuration folder | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2318,7 +2318,7 @@ In Windows 8 or Windows Server 2012, set the Latency threshold to 1ms to keep us | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2350,7 +2350,7 @@ In Windows 8 or Windows Server 2012, set the Latency threshold to 1ms to keep us | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2382,7 +2382,7 @@ When a connection is considered slow, Offline Files automatically adjust its beh | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2413,7 +2413,7 @@ When a connection is considered slow, Offline Files automatically adjust its beh | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2449,7 +2449,7 @@ This setting appears in the Computer Configuration and User Configuration folder | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2481,7 +2481,7 @@ This setting appears in the Computer Configuration and User Configuration folder | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2517,7 +2517,7 @@ This setting appears in the Computer Configuration and User Configuration folder | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2549,7 +2549,7 @@ This setting appears in the Computer Configuration and User Configuration folder | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2585,7 +2585,7 @@ This setting appears in the Computer Configuration and User Configuration folder | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2617,7 +2617,7 @@ This setting appears in the Computer Configuration and User Configuration folder | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2653,7 +2653,7 @@ This setting appears in the Computer Configuration and User Configuration folder | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2685,7 +2685,7 @@ This setting appears in the Computer Configuration and User Configuration folder | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2715,7 +2715,7 @@ Determines whether offline files are synchonized before a computer is suspended. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2746,7 +2746,7 @@ Determines whether offline files are synchonized before a computer is suspended. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2776,7 +2776,7 @@ Determines whether offline files are synchonized before a computer is suspended. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2807,7 +2807,7 @@ Determines whether offline files are synchonized before a computer is suspended. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2834,7 +2834,7 @@ This policy setting determines whether offline files are synchronized in the bac | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2866,7 +2866,7 @@ This policy setting determines whether offline files are synchronized in the bac | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2893,7 +2893,7 @@ This policy setting removes the "Work offline" command from Explorer, preventing | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2925,7 +2925,7 @@ This policy setting removes the "Work offline" command from Explorer, preventing | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2952,7 +2952,7 @@ This policy setting removes the "Work offline" command from Explorer, preventing | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-pca.md b/windows/client-management/mdm/policy-csp-admx-pca.md index 861d44b8ad..99b3a2e0d2 100644 --- a/windows/client-management/mdm/policy-csp-admx-pca.md +++ b/windows/client-management/mdm/policy-csp-admx-pca.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -51,7 +51,7 @@ This setting exists only for backward compatibility, and is not valid for this v | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -82,7 +82,7 @@ This setting exists only for backward compatibility, and is not valid for this v | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -105,7 +105,7 @@ This setting exists only for backward compatibility, and is not valid for this v | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -137,7 +137,7 @@ This setting exists only for backward compatibility, and is not valid for this v | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -160,7 +160,7 @@ This setting exists only for backward compatibility, and is not valid for this v | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -192,7 +192,7 @@ This setting exists only for backward compatibility, and is not valid for this v | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -215,7 +215,7 @@ This setting exists only for backward compatibility, and is not valid for this v | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -246,7 +246,7 @@ This setting exists only for backward compatibility, and is not valid for this v | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -269,7 +269,7 @@ This setting exists only for backward compatibility, and is not valid for this v | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -301,7 +301,7 @@ This setting exists only for backward compatibility, and is not valid for this v | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -324,7 +324,7 @@ This setting exists only for backward compatibility, and is not valid for this v | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -356,7 +356,7 @@ This setting exists only for backward compatibility, and is not valid for this v | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -388,7 +388,7 @@ This policy setting configures the Program Compatibility Assistant (PCA) to diag | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-peertopeercaching.md b/windows/client-management/mdm/policy-csp-admx-peertopeercaching.md index 03cb144ea1..f6c7dbe50e 100644 --- a/windows/client-management/mdm/policy-csp-admx-peertopeercaching.md +++ b/windows/client-management/mdm/policy-csp-admx-peertopeercaching.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -69,7 +69,7 @@ Select one of the following: | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -101,7 +101,7 @@ Select one of the following: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -138,7 +138,7 @@ Select one of the following: | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -170,7 +170,7 @@ Select one of the following: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -213,7 +213,7 @@ Hosted cache clients must trust the server certificate that is issued to the hos | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -244,7 +244,7 @@ Hosted cache clients must trust the server certificate that is issued to the hos | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -291,7 +291,7 @@ Select one of the following: | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -323,7 +323,7 @@ Select one of the following: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -366,7 +366,7 @@ In circumstances where this setting is enabled, you can also select and configur | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -397,7 +397,7 @@ In circumstances where this setting is enabled, you can also select and configur | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -434,7 +434,7 @@ In circumstances where this policy setting is enabled, you can also select and c | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -465,7 +465,7 @@ In circumstances where this policy setting is enabled, you can also select and c | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -508,7 +508,7 @@ In circumstances where this setting is enabled, you can also select and configur | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -539,7 +539,7 @@ In circumstances where this setting is enabled, you can also select and configur | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -580,7 +580,7 @@ In circumstances where this setting is enabled, you can also select and configur | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -611,7 +611,7 @@ In circumstances where this setting is enabled, you can also select and configur | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -656,7 +656,7 @@ Select from the following versions | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-pentraining.md b/windows/client-management/mdm/policy-csp-admx-pentraining.md index e2b0feb0d8..1cf7214812 100644 --- a/windows/client-management/mdm/policy-csp-admx-pentraining.md +++ b/windows/client-management/mdm/policy-csp-admx-pentraining.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -55,7 +55,7 @@ Turns off Tablet PC Pen Training. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -87,7 +87,7 @@ Turns off Tablet PC Pen Training. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -114,7 +114,7 @@ Turns off Tablet PC Pen Training. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-performancediagnostics.md b/windows/client-management/mdm/policy-csp-admx-performancediagnostics.md index 84fbd62527..61c64683a5 100644 --- a/windows/client-management/mdm/policy-csp-admx-performancediagnostics.md +++ b/windows/client-management/mdm/policy-csp-admx-performancediagnostics.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -63,7 +63,7 @@ This policy setting will only take effect when the Diagnostic Policy Service is | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -95,7 +95,7 @@ This policy setting will only take effect when the Diagnostic Policy Service is | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -130,7 +130,7 @@ This policy setting will only take effect when the Diagnostic Policy Service is | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -162,7 +162,7 @@ This policy setting will only take effect when the Diagnostic Policy Service is | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -197,7 +197,7 @@ This policy setting will only take effect when the Diagnostic Policy Service is | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -229,7 +229,7 @@ This policy setting will only take effect when the Diagnostic Policy Service is | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -264,7 +264,7 @@ This policy setting will only take effect when the Diagnostic Policy Service is | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-power.md b/windows/client-management/mdm/policy-csp-admx-power.md index c39be35f97..ffb2af3fa0 100644 --- a/windows/client-management/mdm/policy-csp-admx-power.md +++ b/windows/client-management/mdm/policy-csp-admx-power.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -57,7 +57,7 @@ This policy setting allows you to control the network connectivity state in stan | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -89,7 +89,7 @@ This policy setting allows you to control the network connectivity state in stan | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -116,7 +116,7 @@ This policy setting allows you to turn on the ability for applications and servi | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -148,7 +148,7 @@ This policy setting allows you to turn on the ability for applications and servi | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -179,7 +179,7 @@ This policy setting specifies the action that Windows takes when a user presses | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -210,7 +210,7 @@ This policy setting specifies the action that Windows takes when a user presses | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -237,7 +237,7 @@ This policy setting allows applications and services to prevent automatic sleep. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -269,7 +269,7 @@ This policy setting allows applications and services to prevent automatic sleep. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -296,7 +296,7 @@ This policy setting allows applications and services to prevent automatic sleep. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -328,7 +328,7 @@ This policy setting allows applications and services to prevent automatic sleep. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -355,7 +355,7 @@ This policy setting allows you to manage automatic sleep with open network files | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -387,7 +387,7 @@ This policy setting allows you to manage automatic sleep with open network files | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -414,7 +414,7 @@ This policy setting allows you to manage automatic sleep with open network files | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -446,7 +446,7 @@ This policy setting allows you to manage automatic sleep with open network files | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -473,7 +473,7 @@ This policy setting specifies the active power plan from a specified power plan' | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -504,7 +504,7 @@ This policy setting specifies the active power plan from a specified power plan' | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -536,7 +536,7 @@ This policy setting specifies the action that Windows takes when battery capacit | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -567,7 +567,7 @@ This policy setting specifies the action that Windows takes when battery capacit | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -599,7 +599,7 @@ This policy setting specifies the action that Windows takes when battery capacit | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -630,7 +630,7 @@ This policy setting specifies the action that Windows takes when battery capacit | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -659,7 +659,7 @@ To set the action that is triggered, see the "Critical Battery Notification Acti | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -690,7 +690,7 @@ To set the action that is triggered, see the "Critical Battery Notification Acti | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -719,7 +719,7 @@ To set the action that is triggered, see the "Low Battery Notification Action" p | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -750,7 +750,7 @@ To set the action that is triggered, see the "Low Battery Notification Action" p | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -779,7 +779,7 @@ The notification will only be shown if the "Low Battery Notification Action" pol | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -811,7 +811,7 @@ The notification will only be shown if the "Low Battery Notification Action" pol | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -840,7 +840,7 @@ This policy setting allows you to control the network connectivity state in stan | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -872,7 +872,7 @@ This policy setting allows you to control the network connectivity state in stan | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -899,7 +899,7 @@ This policy setting allows you to turn on the ability for applications and servi | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -931,7 +931,7 @@ This policy setting allows you to turn on the ability for applications and servi | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -962,7 +962,7 @@ This policy setting specifies the action that Windows takes when a user presses | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -993,7 +993,7 @@ This policy setting specifies the action that Windows takes when a user presses | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1020,7 +1020,7 @@ This policy setting specifies the period of inactivity before Windows turns off | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1051,7 +1051,7 @@ This policy setting specifies the period of inactivity before Windows turns off | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1078,7 +1078,7 @@ This policy setting specifies the period of inactivity before Windows turns off | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1109,7 +1109,7 @@ This policy setting specifies the period of inactivity before Windows turns off | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1138,7 +1138,7 @@ This setting is only applicable when Windows shutdown is initiated by software p | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1170,7 +1170,7 @@ This setting is only applicable when Windows shutdown is initiated by software p | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1199,7 +1199,7 @@ This policy setting allows you to specify if Windows should enable the desktop b | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1231,7 +1231,7 @@ This policy setting allows you to specify if Windows should enable the desktop b | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1260,7 +1260,7 @@ This policy setting allows you to specify if Windows should enable the desktop b | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1292,7 +1292,7 @@ This policy setting allows you to specify if Windows should enable the desktop b | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1319,7 +1319,7 @@ This policy setting specifies the active power plan from a list of default Windo | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1350,7 +1350,7 @@ This policy setting specifies the active power plan from a list of default Windo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1377,7 +1377,7 @@ This policy setting allows you to turn off Power Throttling. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1409,7 +1409,7 @@ This policy setting allows you to turn off Power Throttling. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1436,7 +1436,7 @@ This policy setting allows you to configure client computers to lock and prompt | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1468,7 +1468,7 @@ This policy setting allows you to configure client computers to lock and prompt | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1495,7 +1495,7 @@ This policy setting specifies the percentage of battery capacity remaining that | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-powershellexecutionpolicy.md b/windows/client-management/mdm/policy-csp-admx-powershellexecutionpolicy.md index 33bfe3a6b7..7b4628cf37 100644 --- a/windows/client-management/mdm/policy-csp-admx-powershellexecutionpolicy.md +++ b/windows/client-management/mdm/policy-csp-admx-powershellexecutionpolicy.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -66,7 +66,7 @@ To add modules and snap-ins to the policy setting list, click Show, and then typ | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -98,7 +98,7 @@ To add modules and snap-ins to the policy setting list, click Show, and then typ | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -140,7 +140,7 @@ The "Allow all scripts" policy setting allows all scripts to run. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -172,7 +172,7 @@ The "Allow all scripts" policy setting allows all scripts to run. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -213,7 +213,7 @@ from viewing the transcripts of other users or computers. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -245,7 +245,7 @@ from viewing the transcripts of other users or computers. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -279,7 +279,7 @@ This policy setting allows you to set the default value of the SourcePath parame | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-previousversions.md b/windows/client-management/mdm/policy-csp-admx-previousversions.md index 59a7deb1e2..cb28db20b2 100644 --- a/windows/client-management/mdm/policy-csp-admx-previousversions.md +++ b/windows/client-management/mdm/policy-csp-admx-previousversions.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -57,7 +57,7 @@ This policy setting lets you suppress the Restore button in the previous version | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -89,7 +89,7 @@ This policy setting lets you suppress the Restore button in the previous version | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -118,7 +118,7 @@ This policy setting lets you suppress the Restore button in the previous version | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -150,7 +150,7 @@ This policy setting lets you suppress the Restore button in the previous version | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -179,7 +179,7 @@ This policy setting lets you hide the list of previous versions of files that ar | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -211,7 +211,7 @@ This policy setting lets you hide the list of previous versions of files that ar | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -240,7 +240,7 @@ This policy setting lets you hide the list of previous versions of files that ar | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -272,7 +272,7 @@ This policy setting lets you hide the list of previous versions of files that ar | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -301,7 +301,7 @@ This policy setting lets you suppress the Restore button in the previous version | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -333,7 +333,7 @@ This policy setting lets you suppress the Restore button in the previous version | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -362,7 +362,7 @@ This policy setting lets you suppress the Restore button in the previous version | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -394,7 +394,7 @@ This policy setting lets you suppress the Restore button in the previous version | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -423,7 +423,7 @@ This policy setting lets you hide the list of previous versions of files that ar | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -455,7 +455,7 @@ This policy setting lets you hide the list of previous versions of files that ar | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -484,7 +484,7 @@ This policy setting lets you hide the list of previous versions of files that ar | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -516,7 +516,7 @@ This policy setting lets you hide the list of previous versions of files that ar | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -545,7 +545,7 @@ This setting lets you suppress the Restore button in the previous versions prope | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -577,7 +577,7 @@ This setting lets you suppress the Restore button in the previous versions prope | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -606,7 +606,7 @@ This setting lets you suppress the Restore button in the previous versions prope | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -638,7 +638,7 @@ This setting lets you suppress the Restore button in the previous versions prope | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -667,7 +667,7 @@ This policy setting lets you hide entries in the list of previous versions of a | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -699,7 +699,7 @@ This policy setting lets you hide entries in the list of previous versions of a | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -728,7 +728,7 @@ This policy setting lets you hide entries in the list of previous versions of a | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-printing.md b/windows/client-management/mdm/policy-csp-admx-printing.md index 1ddae9baf9..2ce6ccf27a 100644 --- a/windows/client-management/mdm/policy-csp-admx-printing.md +++ b/windows/client-management/mdm/policy-csp-admx-printing.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -62,7 +62,7 @@ Also, see the "Custom support URL in the Printers folder's left pane" setting in | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -94,7 +94,7 @@ Also, see the "Custom support URL in the Printers folder's left pane" setting in | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -129,7 +129,7 @@ Note: | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -161,7 +161,7 @@ Note: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -195,7 +195,7 @@ Web view is affected by the "Turn on Classic Shell" and "Do not allow Folder Opt | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -226,7 +226,7 @@ Web view is affected by the "Turn on Classic Shell" and "Do not allow Folder Opt | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -269,7 +269,7 @@ In Windows 8 and later, Bluetooth printers are not shown so its limit does not a | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -301,7 +301,7 @@ In Windows 8 and later, Bluetooth printers are not shown so its limit does not a | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -331,7 +331,7 @@ By default, Windows Ultimate, Professional and Home SKUs will continue to search | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -363,7 +363,7 @@ By default, Windows Ultimate, Professional and Home SKUs will continue to search | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -393,7 +393,7 @@ Allows users to use the Add Printer Wizard to search the network for shared prin | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -425,7 +425,7 @@ Allows users to use the Add Printer Wizard to search the network for shared prin | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -465,7 +465,7 @@ If you do not enable this policy setting, the behavior is the same as disabling | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -497,7 +497,7 @@ If you do not enable this policy setting, the behavior is the same as disabling | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -522,7 +522,7 @@ This setting may improve the performance of the XPS Rasterization Service or the | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -554,7 +554,7 @@ This setting may improve the performance of the XPS Rasterization Service or the | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -585,7 +585,7 @@ Also, see the "Custom support URL in the Printers folder's left pane" and "Activ | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -616,7 +616,7 @@ Also, see the "Custom support URL in the Printers folder's left pane" and "Activ | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -648,7 +648,7 @@ Determines whether printers using kernel-mode drivers may be installed on the lo | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -680,7 +680,7 @@ Determines whether printers using kernel-mode drivers may be installed on the lo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -709,7 +709,7 @@ This preference allows you to change default printer management. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -741,7 +741,7 @@ This preference allows you to change default printer management. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -768,7 +768,7 @@ Microsoft XPS Document Writer (MXDW) generates OpenXPS (*.oxps) files by default | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -800,7 +800,7 @@ Microsoft XPS Document Writer (MXDW) generates OpenXPS (*.oxps) files by default | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -830,7 +830,7 @@ This setting does not prevent users from running other programs to delete a prin | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -862,7 +862,7 @@ This setting does not prevent users from running other programs to delete a prin | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -901,7 +901,7 @@ In Windows 8 and later, Bluetooth printers are not shown so its limit does not a | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -933,7 +933,7 @@ In Windows 8 and later, Bluetooth printers are not shown so its limit does not a | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -960,7 +960,7 @@ This policy restricts clients computers to use package point and print only. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -992,7 +992,7 @@ This policy restricts clients computers to use package point and print only. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1019,7 +1019,7 @@ This policy restricts clients computers to use package point and print only. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1051,7 +1051,7 @@ This policy restricts clients computers to use package point and print only. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1082,7 +1082,7 @@ Windows Vista and later clients will attempt to make a non-package point and pri | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1114,7 +1114,7 @@ Windows Vista and later clients will attempt to make a non-package point and pri | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1145,7 +1145,7 @@ Windows Vista and later clients will attempt to make a non-package point and pri | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1177,7 +1177,7 @@ Windows Vista and later clients will attempt to make a non-package point and pri | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1209,7 +1209,7 @@ Type the location of the user's computer. When users search for printers, the sy | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1240,7 +1240,7 @@ Type the location of the user's computer. When users search for printers, the sy | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1269,7 +1269,7 @@ Use Location Tracking to design a location scheme for your enterprise and assign | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1301,7 +1301,7 @@ Use Location Tracking to design a location scheme for your enterprise and assign | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1334,7 +1334,7 @@ Note: | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1366,7 +1366,7 @@ Note: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1399,7 +1399,7 @@ Note: | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1431,7 +1431,7 @@ Note: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1460,7 +1460,7 @@ This setting only provides a starting point for Active Directory searches for pr | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1491,7 +1491,7 @@ This setting only provides a starting point for Active Directory searches for pr | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1525,7 +1525,7 @@ On domains with Active Directory, shared printer resources are available in Acti | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1557,7 +1557,7 @@ On domains with Active Directory, shared printer resources are available in Acti | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1587,7 +1587,7 @@ This policy controls whether the print job name will be included in print event | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1619,7 +1619,7 @@ This policy controls whether the print job name will be included in print event | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1648,7 +1648,7 @@ V4 printer drivers may include an optional, customized user interface known as a | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-printing2.md b/windows/client-management/mdm/policy-csp-admx-printing2.md index a49b40ec9b..37c38c670c 100644 --- a/windows/client-management/mdm/policy-csp-admx-printing2.md +++ b/windows/client-management/mdm/policy-csp-admx-printing2.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -60,7 +60,7 @@ The default behavior is to automatically publish shared printers in Active Direc | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -92,7 +92,7 @@ The default behavior is to automatically publish shared printers in Active Direc | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -124,7 +124,7 @@ By default, the pruning service on the domain controller prunes printer objects | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -156,7 +156,7 @@ By default, the pruning service on the domain controller prunes printer objects | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -195,7 +195,7 @@ You can enable this setting to change the default behavior. To use this setting, | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -226,7 +226,7 @@ You can enable this setting to change the default behavior. To use this setting, | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -260,7 +260,7 @@ By default, the pruning service contacts computers every eight hours and allows | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -291,7 +291,7 @@ By default, the pruning service contacts computers every eight hours and allows | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -323,7 +323,7 @@ By default, the pruning thread runs at normal priority. However, you can adjust | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -354,7 +354,7 @@ By default, the pruning thread runs at normal priority. However, you can adjust | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -388,7 +388,7 @@ By default, the pruning service contacts computers every eight hours and allows | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -419,7 +419,7 @@ By default, the pruning service contacts computers every eight hours and allows | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -454,7 +454,7 @@ The pruning service periodically contacts computers that have published printers | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -486,7 +486,7 @@ The pruning service periodically contacts computers that have published printers | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -515,7 +515,7 @@ The spooler must be restarted for changes to this policy to take effect. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -547,7 +547,7 @@ The spooler must be restarted for changes to this policy to take effect. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -576,7 +576,7 @@ To disable verification, disable this setting, or enable this setting and select | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-programs.md b/windows/client-management/mdm/policy-csp-admx-programs.md index d7d7661231..523f3226bf 100644 --- a/windows/client-management/mdm/policy-csp-admx-programs.md +++ b/windows/client-management/mdm/policy-csp-admx-programs.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -59,7 +59,7 @@ This setting does not prevent the Default Programs icon from appearing on the St | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -91,7 +91,7 @@ This setting does not prevent the Default Programs icon from appearing on the St | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -125,7 +125,7 @@ Published programs are those programs that the system administrator has explicit | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -157,7 +157,7 @@ Published programs are those programs that the system administrator has explicit | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -186,7 +186,7 @@ This setting does not prevent users from using other tools and methods to instal | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -218,7 +218,7 @@ This setting does not prevent users from using other tools and methods to instal | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -245,7 +245,7 @@ This setting does not prevent users from using other tools and methods to view o | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -277,7 +277,7 @@ This setting does not prevent users from using other tools and methods to view o | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -308,7 +308,7 @@ This setting does not prevent users from using other tools and methods to instal | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -340,7 +340,7 @@ This setting does not prevent users from using other tools and methods to instal | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -367,7 +367,7 @@ This setting does not prevent users from using other tools and methods to config | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -399,7 +399,7 @@ This setting does not prevent users from using other tools and methods to config | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -431,7 +431,7 @@ If this feature is disabled or is not configured, the "Get new programs from Win | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-pushtoinstall.md b/windows/client-management/mdm/policy-csp-admx-pushtoinstall.md index 6b8ff65a2c..5cd2a73184 100644 --- a/windows/client-management/mdm/policy-csp-admx-pushtoinstall.md +++ b/windows/client-management/mdm/policy-csp-admx-pushtoinstall.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -51,7 +51,7 @@ If you enable this setting, users will not be able to push Apps to this device f | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-qos.md b/windows/client-management/mdm/policy-csp-admx-qos.md index 29021d834d..ac02717da3 100644 --- a/windows/client-management/mdm/policy-csp-admx-qos.md +++ b/windows/client-management/mdm/policy-csp-admx-qos.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -60,7 +60,7 @@ Specifies the maximum number of outstanding packets permitted on the system. Whe | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -91,7 +91,7 @@ Specifies the maximum number of outstanding packets permitted on the system. Whe | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -123,7 +123,7 @@ By default, the Packet Scheduler limits the system to 80 percent of the bandwidt | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -154,7 +154,7 @@ By default, the Packet Scheduler limits the system to 80 percent of the bandwidt | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -186,7 +186,7 @@ This setting applies only to packets that conform to the flow specification. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -217,7 +217,7 @@ This setting applies only to packets that conform to the flow specification. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -249,7 +249,7 @@ This setting applies only to packets that do not conform to the flow specificati | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -280,7 +280,7 @@ This setting applies only to packets that do not conform to the flow specificati | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -310,7 +310,7 @@ Specifies an alternate link layer (Layer-2) priority value for packets with the | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -341,7 +341,7 @@ Specifies an alternate link layer (Layer-2) priority value for packets with the | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -373,7 +373,7 @@ This setting applies only to packets that conform to the flow specification. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -404,7 +404,7 @@ This setting applies only to packets that conform to the flow specification. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -436,7 +436,7 @@ This setting applies only to packets that do not conform to the flow specificati | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -467,7 +467,7 @@ This setting applies only to packets that do not conform to the flow specificati | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -497,7 +497,7 @@ Specifies an alternate link layer (Layer-2) priority value for packets with the | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -528,7 +528,7 @@ Specifies an alternate link layer (Layer-2) priority value for packets with the | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -560,7 +560,7 @@ This setting applies only to packets that conform to the flow specification. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -591,7 +591,7 @@ This setting applies only to packets that conform to the flow specification. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -623,7 +623,7 @@ This setting applies only to packets that do not conform to the flow specificati | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -654,7 +654,7 @@ This setting applies only to packets that do not conform to the flow specificati | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -684,7 +684,7 @@ Specifies an alternate link layer (Layer-2) priority value for packets with the | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -715,7 +715,7 @@ Specifies an alternate link layer (Layer-2) priority value for packets with the | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -747,7 +747,7 @@ This setting applies only to packets that conform to the flow specification. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -778,7 +778,7 @@ This setting applies only to packets that conform to the flow specification. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -810,7 +810,7 @@ This setting applies only to packets that do not conform to the flow specificati | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -841,7 +841,7 @@ This setting applies only to packets that do not conform to the flow specificati | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -871,7 +871,7 @@ Specifies an alternate link layer (Layer-2) priority value for packets with the | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -902,7 +902,7 @@ Specifies an alternate link layer (Layer-2) priority value for packets with the | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -932,7 +932,7 @@ Specifies an alternate link layer (Layer-2) priority value for packets that do n | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -963,7 +963,7 @@ Specifies an alternate link layer (Layer-2) priority value for packets that do n | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -995,7 +995,7 @@ This setting applies only to packets that conform to the flow specification. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1026,7 +1026,7 @@ This setting applies only to packets that conform to the flow specification. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1058,7 +1058,7 @@ This setting applies only to packets that do not conform to the flow specificati | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1089,7 +1089,7 @@ This setting applies only to packets that do not conform to the flow specificati | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1119,7 +1119,7 @@ Specifies an alternate link layer (Layer-2) priority value for packets with the | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1150,7 +1150,7 @@ Specifies an alternate link layer (Layer-2) priority value for packets with the | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1180,7 +1180,7 @@ Determines the smallest unit of time that the Packet Scheduler uses when schedul | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-radar.md b/windows/client-management/mdm/policy-csp-admx-radar.md index 33a37b87de..e3938e973c 100644 --- a/windows/client-management/mdm/policy-csp-admx-radar.md +++ b/windows/client-management/mdm/policy-csp-admx-radar.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -63,7 +63,7 @@ This policy setting will only take effect when the Diagnostic Policy Service is | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-reliability.md b/windows/client-management/mdm/policy-csp-admx-reliability.md index 88e275bccc..703aa134af 100644 --- a/windows/client-management/mdm/policy-csp-admx-reliability.md +++ b/windows/client-management/mdm/policy-csp-admx-reliability.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -60,7 +60,7 @@ This policy setting allows the system to detect the time of unexpected shutdowns | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -92,7 +92,7 @@ This policy setting allows the system to detect the time of unexpected shutdowns | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -123,7 +123,7 @@ Also see the "Configure Error Reporting" policy setting. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -155,7 +155,7 @@ Also see the "Configure Error Reporting" policy setting. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -189,7 +189,7 @@ The system state data file contains information about the basic system state as | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -221,7 +221,7 @@ The system state data file contains information about the basic system state as | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -257,7 +257,7 @@ The Shutdown Event Tracker can be displayed when you shut down a workstation or | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-remoteassistance.md b/windows/client-management/mdm/policy-csp-admx-remoteassistance.md index 35d9c4b9b7..487a0bba4b 100644 --- a/windows/client-management/mdm/policy-csp-admx-remoteassistance.md +++ b/windows/client-management/mdm/policy-csp-admx-remoteassistance.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -57,7 +57,7 @@ This policy setting enables Remote Assistance invitations to be generated with i | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -89,7 +89,7 @@ This policy setting enables Remote Assistance invitations to be generated with i | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -134,7 +134,7 @@ For example: | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-removablestorage.md b/windows/client-management/mdm/policy-csp-admx-removablestorage.md index 1564db54fb..c0e9c1f8a1 100644 --- a/windows/client-management/mdm/policy-csp-admx-removablestorage.md +++ b/windows/client-management/mdm/policy-csp-admx-removablestorage.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -58,7 +58,7 @@ This policy setting configures the amount of time (in seconds) that the operatin | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -90,7 +90,7 @@ This policy setting configures the amount of time (in seconds) that the operatin | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -120,7 +120,7 @@ This policy setting configures the amount of time (in seconds) that the operatin | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -152,7 +152,7 @@ This policy setting configures the amount of time (in seconds) that the operatin | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -179,7 +179,7 @@ This policy setting denies execute access to the CD and DVD removable storage cl | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -211,7 +211,7 @@ This policy setting denies execute access to the CD and DVD removable storage cl | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -238,7 +238,7 @@ This policy setting denies read access to the CD and DVD removable storage class | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -270,7 +270,7 @@ This policy setting denies read access to the CD and DVD removable storage class | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -297,7 +297,7 @@ This policy setting denies read access to the CD and DVD removable storage class | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -329,7 +329,7 @@ This policy setting denies read access to the CD and DVD removable storage class | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -356,7 +356,7 @@ This policy setting denies write access to the CD and DVD removable storage clas | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -388,7 +388,7 @@ This policy setting denies write access to the CD and DVD removable storage clas | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -415,7 +415,7 @@ This policy setting denies write access to the CD and DVD removable storage clas | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -447,7 +447,7 @@ This policy setting denies write access to the CD and DVD removable storage clas | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -474,7 +474,7 @@ This policy setting denies read access to custom removable storage classes. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -506,7 +506,7 @@ This policy setting denies read access to custom removable storage classes. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -533,7 +533,7 @@ This policy setting denies read access to custom removable storage classes. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -565,7 +565,7 @@ This policy setting denies read access to custom removable storage classes. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -592,7 +592,7 @@ This policy setting denies write access to custom removable storage classes. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -624,7 +624,7 @@ This policy setting denies write access to custom removable storage classes. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -651,7 +651,7 @@ This policy setting denies write access to custom removable storage classes. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -683,7 +683,7 @@ This policy setting denies write access to custom removable storage classes. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -710,7 +710,7 @@ This policy setting denies execute access to the Floppy Drives removable storage | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -742,7 +742,7 @@ This policy setting denies execute access to the Floppy Drives removable storage | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -769,7 +769,7 @@ This policy setting denies read access to the Floppy Drives removable storage cl | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -801,7 +801,7 @@ This policy setting denies read access to the Floppy Drives removable storage cl | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -828,7 +828,7 @@ This policy setting denies read access to the Floppy Drives removable storage cl | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -860,7 +860,7 @@ This policy setting denies read access to the Floppy Drives removable storage cl | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -887,7 +887,7 @@ This policy setting denies write access to the Floppy Drives removable storage c | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -919,7 +919,7 @@ This policy setting denies write access to the Floppy Drives removable storage c | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -946,7 +946,7 @@ This policy setting denies write access to the Floppy Drives removable storage c | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -978,7 +978,7 @@ This policy setting denies write access to the Floppy Drives removable storage c | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1005,7 +1005,7 @@ This policy setting grants normal users direct access to removable storage devic | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1037,7 +1037,7 @@ This policy setting grants normal users direct access to removable storage devic | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1064,7 +1064,7 @@ This policy setting denies execute access to removable disks. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1096,7 +1096,7 @@ This policy setting denies execute access to removable disks. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1123,7 +1123,7 @@ This policy setting denies read access to removable disks. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1155,7 +1155,7 @@ This policy setting denies read access to removable disks. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1182,7 +1182,7 @@ This policy setting denies read access to removable disks. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1214,7 +1214,7 @@ This policy setting denies read access to removable disks. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1244,7 +1244,7 @@ This policy setting denies write access to removable disks. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1276,7 +1276,7 @@ This policy setting denies write access to removable disks. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1305,7 +1305,7 @@ This policy setting takes precedence over any individual removable storage polic | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1337,7 +1337,7 @@ This policy setting takes precedence over any individual removable storage polic | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1366,7 +1366,7 @@ This policy setting takes precedence over any individual removable storage polic | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1398,7 +1398,7 @@ This policy setting takes precedence over any individual removable storage polic | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1425,7 +1425,7 @@ This policy setting denies execute access to the Tape Drive removable storage cl | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1457,7 +1457,7 @@ This policy setting denies execute access to the Tape Drive removable storage cl | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1484,7 +1484,7 @@ This policy setting denies read access to the Tape Drive removable storage class | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1516,7 +1516,7 @@ This policy setting denies read access to the Tape Drive removable storage class | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1543,7 +1543,7 @@ This policy setting denies read access to the Tape Drive removable storage class | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1575,7 +1575,7 @@ This policy setting denies read access to the Tape Drive removable storage class | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1602,7 +1602,7 @@ This policy setting denies write access to the Tape Drive removable storage clas | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1634,7 +1634,7 @@ This policy setting denies write access to the Tape Drive removable storage clas | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1661,7 +1661,7 @@ This policy setting denies write access to the Tape Drive removable storage clas | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1693,7 +1693,7 @@ This policy setting denies write access to the Tape Drive removable storage clas | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1720,7 +1720,7 @@ This policy setting denies read access to removable disks, which may include med | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1752,7 +1752,7 @@ This policy setting denies read access to removable disks, which may include med | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1779,7 +1779,7 @@ This policy setting denies read access to removable disks, which may include med | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1811,7 +1811,7 @@ This policy setting denies read access to removable disks, which may include med | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1838,7 +1838,7 @@ This policy setting denies write access to removable disks, which may include me | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1870,7 +1870,7 @@ This policy setting denies write access to removable disks, which may include me | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1897,7 +1897,7 @@ This policy setting denies write access to removable disks, which may include me | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-rpc.md b/windows/client-management/mdm/policy-csp-admx-rpc.md index 7ec169ec2d..e8f056ba93 100644 --- a/windows/client-management/mdm/policy-csp-admx-rpc.md +++ b/windows/client-management/mdm/policy-csp-admx-rpc.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -79,7 +79,7 @@ Extended error information includes the local time that the error occurred, the | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -110,7 +110,7 @@ Extended error information includes the local time that the error occurred, the | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -148,7 +148,7 @@ The constrained delegation model, introduced in Windows Server 2003, does not re | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -179,7 +179,7 @@ The constrained delegation model, introduced in Windows Server 2003, does not re | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -217,7 +217,7 @@ The minimum allowed value for this policy setting is 90 seconds. The maximum is | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -248,7 +248,7 @@ The minimum allowed value for this policy setting is 90 seconds. The maximum is | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -296,7 +296,7 @@ This policy setting determines whether the RPC Runtime maintains RPC state infor | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-sam.md b/windows/client-management/mdm/policy-csp-admx-sam.md index 4251d8236b..aad781080d 100644 --- a/windows/client-management/mdm/policy-csp-admx-sam.md +++ b/windows/client-management/mdm/policy-csp-admx-sam.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -75,7 +75,7 @@ More information is available at< https://go.microsoft.com/fwlink/?linkid=211643 | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-scripts.md b/windows/client-management/mdm/policy-csp-admx-scripts.md index 134b5c3fce..2a6b04c9b5 100644 --- a/windows/client-management/mdm/policy-csp-admx-scripts.md +++ b/windows/client-management/mdm/policy-csp-admx-scripts.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -55,7 +55,7 @@ This policy setting allows user logon scripts to run when the logon cross-forest | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -87,7 +87,7 @@ This policy setting allows user logon scripts to run when the logon cross-forest | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -120,7 +120,7 @@ An excessively long interval can delay the system and inconvenience users. Howev | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -151,7 +151,7 @@ An excessively long interval can delay the system and inconvenience users. Howev | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -197,7 +197,7 @@ For DesktopSales, GPOs B and C are applied, but not GPO A. Therefore, the script | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -229,7 +229,7 @@ For DesktopSales, GPOs B and C are applied, but not GPO A. Therefore, the script | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -260,7 +260,7 @@ Also, see the "Run Logon Scripts Visible" setting. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -292,7 +292,7 @@ Also, see the "Run Logon Scripts Visible" setting. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -321,7 +321,7 @@ Logoff scripts are batch files of instructions that run when the user logs off. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -353,7 +353,7 @@ Logoff scripts are batch files of instructions that run when the user logs off. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -382,7 +382,7 @@ This policy setting appears in the Computer Configuration and User Configuration | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -414,7 +414,7 @@ This policy setting appears in the Computer Configuration and User Configuration | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -443,7 +443,7 @@ This policy setting appears in the Computer Configuration and User Configuration | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -475,7 +475,7 @@ This policy setting appears in the Computer Configuration and User Configuration | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -504,7 +504,7 @@ Logon scripts are batch files of instructions that run when the user logs on. By | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -536,7 +536,7 @@ Logon scripts are batch files of instructions that run when the user logs on. By | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -565,7 +565,7 @@ Shutdown scripts are batch files of instructions that run when the user restarts | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -597,7 +597,7 @@ Shutdown scripts are batch files of instructions that run when the user restarts | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -629,7 +629,7 @@ Startup scripts are batch files that run before the user is invited to log on. B | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -661,7 +661,7 @@ Startup scripts are batch files that run before the user is invited to log on. B | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -693,7 +693,7 @@ Startup scripts are batch files of instructions that run before the user is invi | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -725,7 +725,7 @@ Startup scripts are batch files of instructions that run before the user is invi | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -775,7 +775,7 @@ For Tamara, GPOs B and C are applied, but not GPO A. Therefore, the scripts for | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-sdiageng.md b/windows/client-management/mdm/policy-csp-admx-sdiageng.md index 2f6c38d8c6..3ac645f7fb 100644 --- a/windows/client-management/mdm/policy-csp-admx-sdiageng.md +++ b/windows/client-management/mdm/policy-csp-admx-sdiageng.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -55,7 +55,7 @@ This policy setting allows users who are connected to the Internet to access and | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -87,7 +87,7 @@ This policy setting allows users who are connected to the Internet to access and | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -116,7 +116,7 @@ Note that this setting also controls a user's ability to launch standalone troub | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -148,7 +148,7 @@ Note that this setting also controls a user's ability to launch standalone troub | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -175,7 +175,7 @@ This policy setting determines whether scripted diagnostics will execute diagnos | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-sdiagschd.md b/windows/client-management/mdm/policy-csp-admx-sdiagschd.md index 32ca21fb76..871a415e66 100644 --- a/windows/client-management/mdm/policy-csp-admx-sdiagschd.md +++ b/windows/client-management/mdm/policy-csp-admx-sdiagschd.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -63,7 +63,7 @@ This policy setting will only take effect when the Task Scheduler service is in | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-securitycenter.md b/windows/client-management/mdm/policy-csp-admx-securitycenter.md index 4be5242325..68fc5cdbfc 100644 --- a/windows/client-management/mdm/policy-csp-admx-securitycenter.md +++ b/windows/client-management/mdm/policy-csp-admx-securitycenter.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -67,7 +67,7 @@ In Windows Vista, this policy setting monitors essential security settings to in | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-sensors.md b/windows/client-management/mdm/policy-csp-admx-sensors.md index 2641588a9a..b3c05e4c14 100644 --- a/windows/client-management/mdm/policy-csp-admx-sensors.md +++ b/windows/client-management/mdm/policy-csp-admx-sensors.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -55,7 +55,7 @@ This policy setting turns off the location feature for this computer. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -87,7 +87,7 @@ This policy setting turns off the location feature for this computer. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -114,7 +114,7 @@ This policy setting turns off scripting for the location feature. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -146,7 +146,7 @@ This policy setting turns off scripting for the location feature. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -173,7 +173,7 @@ This policy setting turns off scripting for the location feature. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -205,7 +205,7 @@ This policy setting turns off scripting for the location feature. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -232,7 +232,7 @@ This policy setting turns off the sensor feature for this computer. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -264,7 +264,7 @@ This policy setting turns off the sensor feature for this computer. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -291,7 +291,7 @@ This policy setting turns off the sensor feature for this computer. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-servermanager.md b/windows/client-management/mdm/policy-csp-admx-servermanager.md index d54287cc92..962fdb7a31 100644 --- a/windows/client-management/mdm/policy-csp-admx-servermanager.md +++ b/windows/client-management/mdm/policy-csp-admx-servermanager.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -57,7 +57,7 @@ This policy setting allows you to turn off the automatic display of the Manage Y | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -89,7 +89,7 @@ This policy setting allows you to turn off the automatic display of the Manage Y | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -118,7 +118,7 @@ This policy setting allows you to turn off the automatic display of the Initial | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -150,7 +150,7 @@ This policy setting allows you to turn off the automatic display of the Initial | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -182,7 +182,7 @@ This policy setting allows you to turn off the automatic display of Server Manag | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -214,7 +214,7 @@ This policy setting allows you to turn off the automatic display of Server Manag | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -245,7 +245,7 @@ This policy setting allows you to set the refresh interval for Server Manager. E | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-servicing.md b/windows/client-management/mdm/policy-csp-admx-servicing.md index 36bc9a4510..25cfbbfe49 100644 --- a/windows/client-management/mdm/policy-csp-admx-servicing.md +++ b/windows/client-management/mdm/policy-csp-admx-servicing.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -57,7 +57,7 @@ The network location can be either a folder, or a WIM file. If it is a WIM file, | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-settingsync.md b/windows/client-management/mdm/policy-csp-admx-settingsync.md index 4594789225..4bb765d516 100644 --- a/windows/client-management/mdm/policy-csp-admx-settingsync.md +++ b/windows/client-management/mdm/policy-csp-admx-settingsync.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -57,7 +57,7 @@ If you do not set or disable this setting, syncing of the "app settings" group i | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -89,7 +89,7 @@ If you do not set or disable this setting, syncing of the "app settings" group i | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -118,7 +118,7 @@ If you do not set or disable this setting, syncing of the "AppSync" group is on | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -150,7 +150,7 @@ If you do not set or disable this setting, syncing of the "AppSync" group is on | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -179,7 +179,7 @@ If you do not set or disable this setting, syncing of the "passwords" group is o | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -211,7 +211,7 @@ If you do not set or disable this setting, syncing of the "passwords" group is o | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -240,7 +240,7 @@ If you do not set or disable this setting, syncing of the "desktop personalizati | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -272,7 +272,7 @@ If you do not set or disable this setting, syncing of the "desktop personalizati | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -301,7 +301,7 @@ If you do not set or disable this setting, syncing of the "personalize" group is | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -333,7 +333,7 @@ If you do not set or disable this setting, syncing of the "personalize" group is | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -362,7 +362,7 @@ If you do not set or disable this setting, "sync your settings" is on by default | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -394,7 +394,7 @@ If you do not set or disable this setting, "sync your settings" is on by default | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -423,7 +423,7 @@ If you do not set or disable this setting, syncing of the "Start layout" group i | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -455,7 +455,7 @@ If you do not set or disable this setting, syncing of the "Start layout" group i | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -482,7 +482,7 @@ If you do not set or disable this setting, syncing on metered connections is con | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -514,7 +514,7 @@ If you do not set or disable this setting, syncing on metered connections is con | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -543,7 +543,7 @@ If you do not set or disable this setting, syncing of the "Other Windows setting | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-sharedfolders.md b/windows/client-management/mdm/policy-csp-admx-sharedfolders.md index a4dbd2c1ea..7a2851ac66 100644 --- a/windows/client-management/mdm/policy-csp-admx-sharedfolders.md +++ b/windows/client-management/mdm/policy-csp-admx-sharedfolders.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -58,7 +58,7 @@ This policy setting determines whether the user can publish DFS roots in Active | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -90,7 +90,7 @@ This policy setting determines whether the user can publish DFS roots in Active | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -120,7 +120,7 @@ This policy setting determines whether the user can publish shared folders in Ac | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-sharing.md b/windows/client-management/mdm/policy-csp-admx-sharing.md index a1f051ccea..ec05b442eb 100644 --- a/windows/client-management/mdm/policy-csp-admx-sharing.md +++ b/windows/client-management/mdm/policy-csp-admx-sharing.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -59,7 +59,7 @@ You must restart the computer for this policy setting to take effect. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -91,7 +91,7 @@ You must restart the computer for this policy setting to take effect. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -118,7 +118,7 @@ This policy setting specifies whether users can share files within their profile | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-shellcommandpromptregedittools.md b/windows/client-management/mdm/policy-csp-admx-shellcommandpromptregedittools.md index 9a40e45eee..f6a88eff78 100644 --- a/windows/client-management/mdm/policy-csp-admx-shellcommandpromptregedittools.md +++ b/windows/client-management/mdm/policy-csp-admx-shellcommandpromptregedittools.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -58,7 +58,7 @@ This policy setting prevents users from running the interactive command prompt, | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -89,7 +89,7 @@ This policy setting prevents users from running the interactive command prompt, | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -118,7 +118,7 @@ To prevent users from using other administrative tools, use the "Run only specif | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -149,7 +149,7 @@ To prevent users from using other administrative tools, use the "Run only specif | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -184,7 +184,7 @@ This policy setting only prevents users from running programs that are started b | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -216,7 +216,7 @@ This policy setting only prevents users from running programs that are started b | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -251,7 +251,7 @@ This policy setting only prevents users from running programs that are started b | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-smartcard.md b/windows/client-management/mdm/policy-csp-admx-smartcard.md index c518b5136f..c74654191a 100644 --- a/windows/client-management/mdm/policy-csp-admx-smartcard.md +++ b/windows/client-management/mdm/policy-csp-admx-smartcard.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -61,7 +61,7 @@ In versions of Windows prior to Windows Vista, smart card certificates that are | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -93,7 +93,7 @@ In versions of Windows prior to Windows Vista, smart card certificates that are | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -122,7 +122,7 @@ In order to use the integrated unblock feature your smart card must support this | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -154,7 +154,7 @@ In order to use the integrated unblock feature your smart card must support this | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -181,7 +181,7 @@ This policy setting lets you allow signature key-based certificates to be enumer | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -213,7 +213,7 @@ This policy setting lets you allow signature key-based certificates to be enumer | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -242,7 +242,7 @@ Under previous versions of Microsoft Windows, certificates were required to cont | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -274,7 +274,7 @@ Under previous versions of Microsoft Windows, certificates were required to cont | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -301,7 +301,7 @@ This policy setting allows you to manage the certificate propagation that occurs | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -333,7 +333,7 @@ This policy setting allows you to manage the certificate propagation that occurs | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -359,7 +359,7 @@ This policy setting allows you to manage the clean up behavior of root certifica | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -390,7 +390,7 @@ This policy setting allows you to manage the clean up behavior of root certifica | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -420,7 +420,7 @@ This policy setting allows you to manage the root certificate propagation that o | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -452,7 +452,7 @@ This policy setting allows you to manage the root certificate propagation that o | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -482,7 +482,7 @@ This policy setting prevents plaintext PINs from being returned by Credential Ma | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -514,7 +514,7 @@ This policy setting prevents plaintext PINs from being returned by Credential Ma | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -547,7 +547,7 @@ This policy setting allows you to control whether elliptic curve cryptography (E | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -579,7 +579,7 @@ This policy setting allows you to control whether elliptic curve cryptography (E | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -613,7 +613,7 @@ If there are two or more of the "same" certificate on a smart card and this poli | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -645,7 +645,7 @@ If there are two or more of the "same" certificate on a smart card and this poli | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -674,7 +674,7 @@ During logon Windows will by default only read the default certificate from the | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -706,7 +706,7 @@ During logon Windows will by default only read the default certificate from the | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -736,7 +736,7 @@ This policy setting allows you to manage the displayed message when a smart card | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -767,7 +767,7 @@ This policy setting allows you to manage the displayed message when a smart card | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -796,7 +796,7 @@ If you disable , the subject name will be displayed as it appears in the certifi | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -828,7 +828,7 @@ If you disable , the subject name will be displayed as it appears in the certifi | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -858,7 +858,7 @@ This policy setting allows you to control whether Smart Card Plug and Play is en | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -890,7 +890,7 @@ This policy setting allows you to control whether Smart Card Plug and Play is en | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -920,7 +920,7 @@ This policy setting allows you to control whether a confirmation message is disp | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -952,7 +952,7 @@ This policy setting allows you to control whether a confirmation message is disp | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -979,7 +979,7 @@ This policy setting lets you determine whether an optional field will be display | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-snmp.md b/windows/client-management/mdm/policy-csp-admx-snmp.md index 9a97f11a70..7dfc3ca114 100644 --- a/windows/client-management/mdm/policy-csp-admx-snmp.md +++ b/windows/client-management/mdm/policy-csp-admx-snmp.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -69,7 +69,7 @@ Also, see the other two SNMP settings: "Specify permitted managers" and "Specify | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -100,7 +100,7 @@ Also, see the other two SNMP settings: "Specify permitted managers" and "Specify | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -138,7 +138,7 @@ Also, see the other two SNMP policy settings: "Specify trap configuration" and " | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -169,7 +169,7 @@ Also, see the other two SNMP policy settings: "Specify trap configuration" and " | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -205,7 +205,7 @@ Also, see the other two SNMP settings: "Specify permitted managers" and "Specify | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-soundrec.md b/windows/client-management/mdm/policy-csp-admx-soundrec.md index f84159cbf1..146454ae98 100644 --- a/windows/client-management/mdm/policy-csp-admx-soundrec.md +++ b/windows/client-management/mdm/policy-csp-admx-soundrec.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -57,7 +57,7 @@ Sound Recorder is a feature of Microsoft Windows Vista that can be used to recor | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -89,7 +89,7 @@ Sound Recorder is a feature of Microsoft Windows Vista that can be used to recor | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -118,7 +118,7 @@ Sound Recorder is a feature of Microsoft Windows Vista that can be used to recor | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-srmfci.md b/windows/client-management/mdm/policy-csp-admx-srmfci.md index 8e2390fa37..dee841dccf 100644 --- a/windows/client-management/mdm/policy-csp-admx-srmfci.md +++ b/windows/client-management/mdm/policy-csp-admx-srmfci.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -57,7 +57,7 @@ This policy setting specifies the message that users see when they are denied ac | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -89,7 +89,7 @@ This policy setting specifies the message that users see when they are denied ac | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -118,7 +118,7 @@ Administrators can define the properties for the organization by using Active Di | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -149,7 +149,7 @@ Administrators can define the properties for the organization by using Active Di | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -178,7 +178,7 @@ The Classification tab enables users to manually classify files by selecting pro | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -210,7 +210,7 @@ The Classification tab enables users to manually classify files by selecting pro | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -233,7 +233,7 @@ This Group Policy Setting should be set on Windows clients to enable access-deni | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-startmenu.md b/windows/client-management/mdm/policy-csp-admx-startmenu.md index 10384bce2f..45c00eb5aa 100644 --- a/windows/client-management/mdm/policy-csp-admx-startmenu.md +++ b/windows/client-management/mdm/policy-csp-admx-startmenu.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -56,7 +56,7 @@ ms.topic: reference | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -88,7 +88,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -126,7 +126,7 @@ This policy also does not clear items that the user may have pinned to the Jump | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -158,7 +158,7 @@ This policy also does not clear items that the user may have pinned to the Jump | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -184,7 +184,7 @@ This policy also does not clear items that the user may have pinned to the Jump | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -216,7 +216,7 @@ This policy also does not clear items that the user may have pinned to the Jump | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -244,7 +244,7 @@ This setting does not prevent new notifications from appearing. See the "Turn of | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -276,7 +276,7 @@ This setting does not prevent new notifications from appearing. See the "Turn of | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -303,7 +303,7 @@ This policy setting allows desktop apps to be listed first in the Apps view in S | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -335,7 +335,7 @@ This policy setting allows desktop apps to be listed first in the Apps view in S | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -364,7 +364,7 @@ This policy setting is only applied when the Apps view is set as the default vie | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -396,7 +396,7 @@ This policy setting is only applied when the Apps view is set as the default vie | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -432,7 +432,7 @@ Also, see "Remove Logoff" in User Configuration\Administrative Templates\System\ | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -464,7 +464,7 @@ Also, see "Remove Logoff" in User Configuration\Administrative Templates\System\ | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -493,7 +493,7 @@ This policy setting allows users to go to the desktop instead of the Start scree | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -525,7 +525,7 @@ This policy setting allows users to go to the desktop instead of the Start scree | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -557,7 +557,7 @@ If you disable this setting or do not configure it, all Start menu shortcuts app | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -589,7 +589,7 @@ If you disable this setting or do not configure it, all Start menu shortcuts app | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -616,7 +616,7 @@ This policy setting prevents users from performing the following commands from t | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -648,7 +648,7 @@ This policy setting prevents users from performing the following commands from t | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -681,7 +681,7 @@ If you enable this setting, the system does not personalize menus. All menu item | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -713,7 +713,7 @@ If you enable this setting, the system does not personalize menus. All menu item | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -745,7 +745,7 @@ The taskbar includes the Start button, list of currently running tasks, and the | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -777,7 +777,7 @@ The taskbar includes the Start button, list of currently running tasks, and the | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -804,7 +804,7 @@ Enabling this setting adds a check box to the Run dialog box, giving users the o | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -836,7 +836,7 @@ Enabling this setting adds a check box to the Run dialog box, giving users the o | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -867,7 +867,7 @@ The notification area is located in the task bar, generally at the bottom of the | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -899,7 +899,7 @@ The notification area is located in the task bar, generally at the bottom of the | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -928,7 +928,7 @@ When you hold the cursor over an item on the Start menu or in the notification a | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -960,7 +960,7 @@ When you hold the cursor over an item on the Start menu or in the notification a | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -991,7 +991,7 @@ This policy setting allows you to prevent users from changing their Start screen | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1023,7 +1023,7 @@ This policy setting allows you to prevent users from changing their Start screen | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1053,7 +1053,7 @@ This policy setting prevents users from performing the following commands from t | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1085,7 +1085,7 @@ This policy setting prevents users from performing the following commands from t | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1113,7 +1113,7 @@ By default, the Programs menu contains items from the All Users profile and item | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1145,7 +1145,7 @@ By default, the Programs menu contains items from the All Users profile and item | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1181,7 +1181,7 @@ Prevents users from adding the Favorites menu to the Start menu or classic Start | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1213,7 +1213,7 @@ Prevents users from adding the Favorites menu to the Start menu or classic Start | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1247,7 +1247,7 @@ This policy setting affects the specified user interface elements only. It does | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1279,7 +1279,7 @@ This policy setting affects the specified user interface elements only. It does | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1305,7 +1305,7 @@ This policy setting affects the specified user interface elements only. It does | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1337,7 +1337,7 @@ This policy setting affects the specified user interface elements only. It does | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1366,7 +1366,7 @@ This policy setting only affects the Start menu. It does not remove the Help men | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1398,7 +1398,7 @@ This policy setting only affects the Start menu. It does not remove the Help men | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1429,7 +1429,7 @@ This policy setting does not prevent users from pinning programs to the Start Me | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1461,7 +1461,7 @@ This policy setting does not prevent users from pinning programs to the Start Me | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1497,7 +1497,7 @@ Selecting "Remove and disable setting" will remove the all apps list from Start | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1528,7 +1528,7 @@ Selecting "Remove and disable setting" will remove the all apps list from Start | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1561,7 +1561,7 @@ Also, see the "Disable programs on Settings menu" and "Disable Control Panel" po | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1593,7 +1593,7 @@ Also, see the "Disable programs on Settings menu" and "Disable Control Panel" po | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1621,7 +1621,7 @@ In Windows XP and Windows Vista, the Internet and email checkboxes are removed f | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1653,7 +1653,7 @@ In Windows XP and Windows Vista, the Internet and email checkboxes are removed f | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1691,7 +1691,7 @@ This setting also does not hide document shortcuts displayed in the Open dialog | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1723,7 +1723,7 @@ This setting also does not hide document shortcuts displayed in the Open dialog | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1755,7 +1755,7 @@ Also, see the "Do not track Shell shortcuts during roaming" and the "Do not use | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1787,7 +1787,7 @@ Also, see the "Do not track Shell shortcuts during roaming" and the "Do not use | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1819,7 +1819,7 @@ Also, see the "Do not track Shell shortcuts during roaming" and the "Do not use | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1851,7 +1851,7 @@ Also, see the "Do not track Shell shortcuts during roaming" and the "Do not use | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1902,7 +1902,7 @@ Also, users with extended keyboards will no longer be able to display the Run di | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1934,7 +1934,7 @@ Also, users with extended keyboards will no longer be able to display the Run di | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1960,7 +1960,7 @@ Also, users with extended keyboards will no longer be able to display the Run di | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1992,7 +1992,7 @@ Also, users with extended keyboards will no longer be able to display the Run di | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2018,7 +2018,7 @@ Also, users with extended keyboards will no longer be able to display the Run di | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2050,7 +2050,7 @@ Also, users with extended keyboards will no longer be able to display the Run di | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2076,7 +2076,7 @@ Also, users with extended keyboards will no longer be able to display the Run di | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2108,7 +2108,7 @@ Also, users with extended keyboards will no longer be able to display the Run di | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2136,7 +2136,7 @@ Also, users with extended keyboards will no longer be able to display the Run di | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2168,7 +2168,7 @@ Also, users with extended keyboards will no longer be able to display the Run di | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2194,7 +2194,7 @@ Also, users with extended keyboards will no longer be able to display the Run di | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2226,7 +2226,7 @@ Also, users with extended keyboards will no longer be able to display the Run di | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2252,7 +2252,7 @@ Also, users with extended keyboards will no longer be able to display the Run di | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2284,7 +2284,7 @@ Also, users with extended keyboards will no longer be able to display the Run di | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2315,7 +2315,7 @@ Also, see the "Disable Control Panel," "Disable Display in Control Panel," and " | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2347,7 +2347,7 @@ Also, see the "Disable Control Panel," "Disable Display in Control Panel," and " | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2380,7 +2380,7 @@ If the user right-clicks the taskbar and then clicks Properties, a message appea | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2412,7 +2412,7 @@ If the user right-clicks the taskbar and then clicks Properties, a message appea | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2444,7 +2444,7 @@ Clicking the Default Programs link from the Start menu opens the Default Program | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2476,7 +2476,7 @@ Clicking the Default Programs link from the Start menu opens the Default Program | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2508,7 +2508,7 @@ Also, see the "Remove Documents icon on the desktop" policy setting. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2540,7 +2540,7 @@ Also, see the "Remove Documents icon on the desktop" policy setting. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2567,7 +2567,7 @@ This policy setting allows you to remove the Music icon from Start Menu. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2599,7 +2599,7 @@ This policy setting allows you to remove the Music icon from Start Menu. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2626,7 +2626,7 @@ This policy setting allows you to remove the Network icon from Start Menu. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2658,7 +2658,7 @@ This policy setting allows you to remove the Network icon from Start Menu. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2685,7 +2685,7 @@ This policy setting allows you to remove the Pictures icon from Start Menu. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2717,7 +2717,7 @@ This policy setting allows you to remove the Pictures icon from Start Menu. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2744,7 +2744,7 @@ This policy setting allows you to remove the Downloads link from the Start Menu. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2776,7 +2776,7 @@ This policy setting allows you to remove the Downloads link from the Start Menu. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2802,7 +2802,7 @@ This policy setting allows you to remove the Downloads link from the Start Menu. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2834,7 +2834,7 @@ This policy setting allows you to remove the Downloads link from the Start Menu. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2861,7 +2861,7 @@ This policy setting allows you to remove the Recorded TV link from the Start Men | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2893,7 +2893,7 @@ This policy setting allows you to remove the Recorded TV link from the Start Men | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2924,7 +2924,7 @@ Note that this setting hides all user-specific folders, not just those associate | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2956,7 +2956,7 @@ Note that this setting hides all user-specific folders, not just those associate | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2983,7 +2983,7 @@ This policy setting allows you to remove the Videos link from the Start Menu. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -3015,7 +3015,7 @@ This policy setting allows you to remove the Videos link from the Start Menu. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -3046,7 +3046,7 @@ The classic Start menu in Windows 2000 Professional allows users to begin common | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -3078,7 +3078,7 @@ The classic Start menu in Windows 2000 Professional allows users to begin common | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -3105,7 +3105,7 @@ Prevents the clock in the system notification area from being displayed. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -3137,7 +3137,7 @@ Prevents the clock in the system notification area from being displayed. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -3166,7 +3166,7 @@ Taskbar grouping consolidates similar applications when there is no room on the | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -3198,7 +3198,7 @@ Taskbar grouping consolidates similar applications when there is no room on the | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -3227,7 +3227,7 @@ The taskbar includes the Start button, buttons for currently running tasks, cust | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -3259,7 +3259,7 @@ The taskbar includes the Start button, buttons for currently running tasks, cust | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -3292,7 +3292,7 @@ This policy setting does not prevent users from using other methods to issue the | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -3324,7 +3324,7 @@ This policy setting does not prevent users from using other methods to issue the | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -3356,7 +3356,7 @@ Description: The notification area is located at the far right end of the task b | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -3388,7 +3388,7 @@ Description: The notification area is located at the far right end of the task b | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -3418,7 +3418,7 @@ Description: The notification area is located at the far right end of the task b | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -3450,7 +3450,7 @@ Description: The notification area is located at the far right end of the task b | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -3476,7 +3476,7 @@ Description: The notification area is located at the far right end of the task b | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -3508,7 +3508,7 @@ Description: The notification area is located at the far right end of the task b | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -3537,7 +3537,7 @@ To remove the user name folder on Windows Vista, set the "Remove user folder lin | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -3569,7 +3569,7 @@ To remove the user name folder on Windows Vista, set the "Remove user folder lin | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -3602,7 +3602,7 @@ Also, see the "Hide the "Add programs from Microsoft" option" policy setting. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -3634,7 +3634,7 @@ Also, see the "Hide the "Add programs from Microsoft" option" policy setting. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -3663,7 +3663,7 @@ If you set the button to either Sleep or Hibernate, and that state is not suppor | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -3694,7 +3694,7 @@ If you set the button to either Sleep or Hibernate, and that state is not suppor | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -3723,7 +3723,7 @@ This policy setting controls whether the QuickLaunch bar is displayed in the Tas | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -3755,7 +3755,7 @@ This policy setting controls whether the QuickLaunch bar is displayed in the Tas | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -3781,7 +3781,7 @@ This policy setting controls whether the QuickLaunch bar is displayed in the Tas | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -3813,7 +3813,7 @@ This policy setting controls whether the QuickLaunch bar is displayed in the Tas | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -3840,7 +3840,7 @@ This policy setting allows the Apps view to be opened by default when the user g | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -3872,7 +3872,7 @@ This policy setting allows the Apps view to be opened by default when the user g | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -3902,7 +3902,7 @@ This policy setting shows or hides the "Run as different user" command on the St | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -3934,7 +3934,7 @@ This policy setting shows or hides the "Run as different user" command on the St | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -3959,7 +3959,7 @@ This policy setting shows or hides the "Run as different user" command on the St | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -3991,7 +3991,7 @@ This policy setting shows or hides the "Run as different user" command on the St | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -4018,7 +4018,7 @@ This policy setting allows the Start screen to appear on the display the user is | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -4050,7 +4050,7 @@ This policy setting allows the Start screen to appear on the display the user is | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -4084,7 +4084,7 @@ See also: "Remove Logoff" policy setting in User Configuration\Administrative Te | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -4116,7 +4116,7 @@ See also: "Remove Logoff" policy setting in User Configuration\Administrative Te | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -4143,7 +4143,7 @@ This policy setting allows pinning apps to Start by default, when they are inclu | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-systemrestore.md b/windows/client-management/mdm/policy-csp-admx-systemrestore.md index debf6dcdb4..6c5d9c2f06 100644 --- a/windows/client-management/mdm/policy-csp-admx-systemrestore.md +++ b/windows/client-management/mdm/policy-csp-admx-systemrestore.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -61,7 +61,7 @@ Also, see the "Turn off System Restore" policy setting. If the "Turn off System | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-tabletpcinputpanel.md b/windows/client-management/mdm/policy-csp-admx-tabletpcinputpanel.md index a73e974a68..9c41ea1db3 100644 --- a/windows/client-management/mdm/policy-csp-admx-tabletpcinputpanel.md +++ b/windows/client-management/mdm/policy-csp-admx-tabletpcinputpanel.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -59,7 +59,7 @@ Tablet PC Input Panel is a Tablet PC accessory that enables you to use handwriti | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -91,7 +91,7 @@ Tablet PC Input Panel is a Tablet PC accessory that enables you to use handwriti | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -122,7 +122,7 @@ Tablet PC Input Panel is a Tablet PC accessory that enables you to use handwriti | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -154,7 +154,7 @@ Tablet PC Input Panel is a Tablet PC accessory that enables you to use handwriti | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -188,7 +188,7 @@ Tablet PC Input Panel is a Tablet PC accessory that enables you to use handwriti | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -220,7 +220,7 @@ Tablet PC Input Panel is a Tablet PC accessory that enables you to use handwriti | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -254,7 +254,7 @@ Tablet PC Input Panel is a Tablet PC accessory that enables you to use handwriti | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -286,7 +286,7 @@ Tablet PC Input Panel is a Tablet PC accessory that enables you to use handwriti | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -320,7 +320,7 @@ Tablet PC Input Panel is a Tablet PC accessory that enables you to use handwriti | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -352,7 +352,7 @@ Tablet PC Input Panel is a Tablet PC accessory that enables you to use handwriti | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -386,7 +386,7 @@ Tablet PC Input Panel is a Tablet PC accessory that enables you to use handwriti | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -418,7 +418,7 @@ Tablet PC Input Panel is a Tablet PC accessory that enables you to use handwriti | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -449,7 +449,7 @@ Tablet PC Input Panel is a Tablet PC accessory that enables you to use handwriti | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -481,7 +481,7 @@ Tablet PC Input Panel is a Tablet PC accessory that enables you to use handwriti | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -512,7 +512,7 @@ Tablet PC Input Panel is a Tablet PC accessory that enables you to use handwriti | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -544,7 +544,7 @@ Tablet PC Input Panel is a Tablet PC accessory that enables you to use handwriti | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -586,7 +586,7 @@ Touch Keyboard and Handwriting panel enables you to use handwriting or an on-scr | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -618,7 +618,7 @@ Touch Keyboard and Handwriting panel enables you to use handwriting or an on-scr | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -660,7 +660,7 @@ Touch Keyboard and Handwriting panel enables you to use handwriting or an on-scr | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -692,7 +692,7 @@ Touch Keyboard and Handwriting panel enables you to use handwriting or an on-scr | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -723,7 +723,7 @@ Touch Keyboard and Handwriting panel enables you to use handwriting or an on-scr | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -755,7 +755,7 @@ Touch Keyboard and Handwriting panel enables you to use handwriting or an on-scr | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -786,7 +786,7 @@ Touch Keyboard and Handwriting panel enables you to use handwriting or an on-scr | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -818,7 +818,7 @@ Touch Keyboard and Handwriting panel enables you to use handwriting or an on-scr | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -849,7 +849,7 @@ Touch Keyboard and Handwriting panel (a.k.a. Tablet PC Input Panel in Windows 7 | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -881,7 +881,7 @@ Touch Keyboard and Handwriting panel (a.k.a. Tablet PC Input Panel in Windows 7 | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -912,7 +912,7 @@ Touch Keyboard and Handwriting panel (a.k.a. Tablet PC Input Panel in Windows 7 | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -944,7 +944,7 @@ Touch Keyboard and Handwriting panel (a.k.a. Tablet PC Input Panel in Windows 7 | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -981,7 +981,7 @@ Tablet PC Input Panel is a Tablet PC accessory that enables you to use handwriti | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1013,7 +1013,7 @@ Tablet PC Input Panel is a Tablet PC accessory that enables you to use handwriti | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1050,7 +1050,7 @@ Tablet PC Input Panel is a Tablet PC accessory that enables you to use handwriti | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-tabletshell.md b/windows/client-management/mdm/policy-csp-admx-tabletshell.md index 134de35ead..29755a3ef7 100644 --- a/windows/client-management/mdm/policy-csp-admx-tabletshell.md +++ b/windows/client-management/mdm/policy-csp-admx-tabletshell.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -57,7 +57,7 @@ Prevents start of InkBall game. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -89,7 +89,7 @@ Prevents start of InkBall game. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -118,7 +118,7 @@ Prevents start of InkBall game. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -150,7 +150,7 @@ Prevents start of InkBall game. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -179,7 +179,7 @@ Prevents start of Windows Journal. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -211,7 +211,7 @@ Prevents start of Windows Journal. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -240,7 +240,7 @@ Prevents start of Windows Journal. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -272,7 +272,7 @@ Prevents start of Windows Journal. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -301,7 +301,7 @@ Prevents printing to Journal Note Writer. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -333,7 +333,7 @@ Prevents printing to Journal Note Writer. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -362,7 +362,7 @@ Prevents printing to Journal Note Writer. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -394,7 +394,7 @@ Prevents printing to Journal Note Writer. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -423,7 +423,7 @@ Prevents the snipping tool from running. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -455,7 +455,7 @@ Prevents the snipping tool from running. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -484,7 +484,7 @@ Prevents the snipping tool from running. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -516,7 +516,7 @@ Prevents the snipping tool from running. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -545,7 +545,7 @@ Removes the Back->ESC mapping that normally occurs when menus are visible, and f | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -577,7 +577,7 @@ Removes the Back->ESC mapping that normally occurs when menus are visible, and f | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -606,7 +606,7 @@ Removes the Back->ESC mapping that normally occurs when menus are visible, and f | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -638,7 +638,7 @@ Removes the Back->ESC mapping that normally occurs when menus are visible, and f | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -665,7 +665,7 @@ Makes pen flicks and all related features unavailable. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -697,7 +697,7 @@ Makes pen flicks and all related features unavailable. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -724,7 +724,7 @@ Makes pen flicks and all related features unavailable. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -756,7 +756,7 @@ Makes pen flicks and all related features unavailable. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -783,7 +783,7 @@ Makes pen flicks learning mode unavailable. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -815,7 +815,7 @@ Makes pen flicks learning mode unavailable. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -842,7 +842,7 @@ Makes pen flicks learning mode unavailable. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -874,7 +874,7 @@ Makes pen flicks learning mode unavailable. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -903,7 +903,7 @@ Prevents the user from launching an application from a Tablet PC hardware button | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -935,7 +935,7 @@ Prevents the user from launching an application from a Tablet PC hardware button | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -964,7 +964,7 @@ Prevents the user from launching an application from a Tablet PC hardware button | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -996,7 +996,7 @@ Prevents the user from launching an application from a Tablet PC hardware button | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1025,7 +1025,7 @@ Prevents press and hold actions on hardware buttons, so that only one action is | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1057,7 +1057,7 @@ Prevents press and hold actions on hardware buttons, so that only one action is | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1086,7 +1086,7 @@ Prevents press and hold actions on hardware buttons, so that only one action is | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1118,7 +1118,7 @@ Prevents press and hold actions on hardware buttons, so that only one action is | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1147,7 +1147,7 @@ Turns off Tablet PC hardware buttons. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1179,7 +1179,7 @@ Turns off Tablet PC hardware buttons. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1208,7 +1208,7 @@ Turns off Tablet PC hardware buttons. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1240,7 +1240,7 @@ Turns off Tablet PC hardware buttons. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1267,7 +1267,7 @@ Disables visual pen action feedback, except for press and hold feedback. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1299,7 +1299,7 @@ Disables visual pen action feedback, except for press and hold feedback. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1326,7 +1326,7 @@ Disables visual pen action feedback, except for press and hold feedback. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-taskbar.md b/windows/client-management/mdm/policy-csp-admx-taskbar.md index f110506521..c8c237d4ee 100644 --- a/windows/client-management/mdm/policy-csp-admx-taskbar.md +++ b/windows/client-management/mdm/policy-csp-admx-taskbar.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -63,7 +63,7 @@ A reboot is required for this policy setting to take effect. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -95,7 +95,7 @@ A reboot is required for this policy setting to take effect. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -126,7 +126,7 @@ A reboot is required for this policy setting to take effect. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -158,7 +158,7 @@ A reboot is required for this policy setting to take effect. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -185,7 +185,7 @@ This policy setting allows you to remove Security and Maintenance from the syste | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -217,7 +217,7 @@ This policy setting allows you to remove Security and Maintenance from the syste | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -244,7 +244,7 @@ This policy setting allows you to remove the networking icon from the system con | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -276,7 +276,7 @@ This policy setting allows you to remove the networking icon from the system con | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -303,7 +303,7 @@ This policy setting allows you to remove the battery meter from the system contr | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -335,7 +335,7 @@ This policy setting allows you to remove the battery meter from the system contr | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -362,7 +362,7 @@ This policy setting allows you to remove the volume control icon from the system | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -394,7 +394,7 @@ This policy setting allows you to remove the volume control icon from the system | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -421,7 +421,7 @@ If you disable do not configure this policy setting, feature advertisement ballo | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -453,7 +453,7 @@ If you disable do not configure this policy setting, feature advertisement ballo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -480,7 +480,7 @@ This policy setting allows you to control pinning the Store app to the Taskbar. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -512,7 +512,7 @@ This policy setting allows you to control pinning the Store app to the Taskbar. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -539,7 +539,7 @@ This policy setting allows you to control pinning items in Jump Lists. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -571,7 +571,7 @@ This policy setting allows you to control pinning items in Jump Lists. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -598,7 +598,7 @@ This policy setting allows you to control pinning programs to the Taskbar. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -630,7 +630,7 @@ This policy setting allows you to control pinning programs to the Taskbar. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -662,7 +662,7 @@ The Start Menu and Taskbar display Jump Lists off of programs. These menus inclu | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -694,7 +694,7 @@ The Start Menu and Taskbar display Jump Lists off of programs. These menus inclu | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -721,7 +721,7 @@ This policy setting allows you to turn off automatic promotion of notification i | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -753,7 +753,7 @@ This policy setting allows you to turn off automatic promotion of notification i | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -782,7 +782,7 @@ This policy setting allows users to see Windows Store apps on the taskbar. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -814,7 +814,7 @@ This policy setting allows users to see Windows Store apps on the taskbar. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -841,7 +841,7 @@ This policy setting allows you to lock all taskbar settings. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -873,7 +873,7 @@ This policy setting allows you to lock all taskbar settings. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -900,7 +900,7 @@ This policy setting allows you to prevent users from adding or removing toolbars | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -932,7 +932,7 @@ This policy setting allows you to prevent users from adding or removing toolbars | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -959,7 +959,7 @@ This policy setting allows you to prevent users from rearranging toolbars. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -991,7 +991,7 @@ This policy setting allows you to prevent users from rearranging toolbars. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1018,7 +1018,7 @@ This policy setting allows you to prevent taskbars from being displayed on more | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1050,7 +1050,7 @@ This policy setting allows you to prevent taskbars from being displayed on more | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1077,7 +1077,7 @@ This policy setting allows you to turn off all notification balloons. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1109,7 +1109,7 @@ This policy setting allows you to turn off all notification balloons. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1140,7 +1140,7 @@ This policy setting allows you to remove pinned programs from the taskbar. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1172,7 +1172,7 @@ This policy setting allows you to remove pinned programs from the taskbar. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1199,7 +1199,7 @@ This policy setting allows you to prevent users from moving taskbar to another s | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1231,7 +1231,7 @@ This policy setting allows you to prevent users from moving taskbar to another s | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1258,7 +1258,7 @@ This policy setting allows you to prevent users from resizing the taskbar. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1290,7 +1290,7 @@ This policy setting allows you to prevent users from resizing the taskbar. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1317,7 +1317,7 @@ This policy setting allows you to turn off taskbar thumbnails. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-tcpip.md b/windows/client-management/mdm/policy-csp-admx-tcpip.md index 2584201a47..947e1cf373 100644 --- a/windows/client-management/mdm/policy-csp-admx-tcpip.md +++ b/windows/client-management/mdm/policy-csp-admx-tcpip.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -55,7 +55,7 @@ This policy setting allows you to specify a 6to4 relay name for a 6to4 host. A 6 | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -86,7 +86,7 @@ This policy setting allows you to specify a 6to4 relay name for a 6to4 host. A 6 | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -113,7 +113,7 @@ This policy setting allows you to specify the interval at which the relay name i | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -144,7 +144,7 @@ This policy setting allows you to specify the interval at which the relay name i | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -177,7 +177,7 @@ Policy Disabled State: 6to4 is turned off and connectivity with 6to4 will not be | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -208,7 +208,7 @@ Policy Disabled State: 6to4 is turned off and connectivity with 6to4 will not be | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -235,7 +235,7 @@ This policy setting allows you to configure IP Stateless Autoconfiguration Limit | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -267,7 +267,7 @@ This policy setting allows you to configure IP Stateless Autoconfiguration Limit | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -300,7 +300,7 @@ Policy Disabled State: No IP-HTTPS interfaces are present on the host. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -331,7 +331,7 @@ Policy Disabled State: No IP-HTTPS interfaces are present on the host. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -358,7 +358,7 @@ This policy setting allows you to specify a router name or Internet Protocol ver | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -389,7 +389,7 @@ This policy setting allows you to specify a router name or Internet Protocol ver | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -422,7 +422,7 @@ Policy Disabled State: No ISATAP interfaces are present on the host. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -453,7 +453,7 @@ Policy Disabled State: No ISATAP interfaces are present on the host. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -480,7 +480,7 @@ This policy setting allows you to select the UDP port the Teredo client will use | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -511,7 +511,7 @@ This policy setting allows you to select the UDP port the Teredo client will use | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -540,7 +540,7 @@ Policy Enabled State: If Default Qualified is enabled, Teredo will attempt quali | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -571,7 +571,7 @@ Policy Enabled State: If Default Qualified is enabled, Teredo will attempt quali | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -601,7 +601,7 @@ This policy setting allows you to configure the Teredo refresh rate. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -632,7 +632,7 @@ This policy setting allows you to configure the Teredo refresh rate. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -659,7 +659,7 @@ This policy setting allows you to specify the name of the Teredo server. This se | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -690,7 +690,7 @@ This policy setting allows you to specify the name of the Teredo server. This se | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -725,7 +725,7 @@ Enterprise Client: The Teredo interface is always present, even if the host is o | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -756,7 +756,7 @@ Enterprise Client: The Teredo interface is always present, even if the host is o | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -785,7 +785,7 @@ This policy setting allows you to configure Window Scaling Heuristics. Window Sc | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-terminalserver.md b/windows/client-management/mdm/policy-csp-admx-terminalserver.md index 98e9f29b07..a0d71af144 100644 --- a/windows/client-management/mdm/policy-csp-admx-terminalserver.md +++ b/windows/client-management/mdm/policy-csp-admx-terminalserver.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -57,7 +57,7 @@ If the status is set to Not Configured, automatic reconnection is not specified | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -89,7 +89,7 @@ If the status is set to Not Configured, automatic reconnection is not specified | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -118,7 +118,7 @@ By default, Remote Desktop Services allows redirection of video capture devices. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -150,7 +150,7 @@ By default, Remote Desktop Services allows redirection of video capture devices. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -184,7 +184,7 @@ If no certificate can be found that was created with the specified certificate t | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -215,7 +215,7 @@ If no certificate can be found that was created with the specified certificate t | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -246,7 +246,7 @@ This policy setting allows you to specify whether users can run Remote Desktop P | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -278,7 +278,7 @@ This policy setting allows you to specify whether users can run Remote Desktop P | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -309,7 +309,7 @@ This policy setting allows you to specify whether users can run Remote Desktop P | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -341,7 +341,7 @@ This policy setting allows you to specify whether users can run Remote Desktop P | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -368,7 +368,7 @@ This policy setting allows you to specify whether users can run unsigned Remote | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -400,7 +400,7 @@ This policy setting allows you to specify whether users can run unsigned Remote | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -427,7 +427,7 @@ This policy setting allows you to specify whether users can run unsigned Remote | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -459,7 +459,7 @@ This policy setting allows you to specify whether users can run unsigned Remote | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -491,7 +491,7 @@ By default, audio and video playback redirection is not allowed when connecting | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -523,7 +523,7 @@ By default, audio and video playback redirection is not allowed when connecting | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -555,7 +555,7 @@ By default, audio recording redirection is not allowed when connecting to a comp | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -587,7 +587,7 @@ By default, audio recording redirection is not allowed when connecting to a comp | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -618,7 +618,7 @@ Audio playback quality can be configured on the client computer by using the aud | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -649,7 +649,7 @@ Audio playback quality can be configured on the client computer by using the aud | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -680,7 +680,7 @@ You can use this setting to prevent users from redirecting Clipboard data to and | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -712,7 +712,7 @@ You can use this setting to prevent users from redirecting Clipboard data to and | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -743,7 +743,7 @@ You can use this setting to prevent users from redirecting data to COM port peri | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -775,7 +775,7 @@ You can use this setting to prevent users from redirecting data to COM port peri | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -806,7 +806,7 @@ By default, Remote Desktop Services automatically designates the client default | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -838,7 +838,7 @@ By default, Remote Desktop Services automatically designates the client default | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -861,7 +861,7 @@ This policy setting specifies whether the Remote Desktop Connection can use hard | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -893,7 +893,7 @@ This policy setting specifies whether the Remote Desktop Connection can use hard | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -920,7 +920,7 @@ Controls whether a user can save passwords using Remote Desktop Connection. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -952,7 +952,7 @@ Controls whether a user can save passwords using Remote Desktop Connection. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -983,7 +983,7 @@ You can use this setting to prevent users from mapping local LPT ports and redir | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1015,7 +1015,7 @@ You can use this setting to prevent users from mapping local LPT ports and redir | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1048,7 +1048,7 @@ By default, Remote Desktop Services does not allow redirection of supported Plug | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1080,7 +1080,7 @@ By default, Remote Desktop Services does not allow redirection of supported Plug | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1111,7 +1111,7 @@ You can use this policy setting to prevent users from redirecting print jobs fro | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1143,7 +1143,7 @@ You can use this policy setting to prevent users from redirecting print jobs fro | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1179,7 +1179,7 @@ If the list contains a string that is not a certificate thumbprint, it is ignore | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1210,7 +1210,7 @@ If the list contains a string that is not a certificate thumbprint, it is ignore | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1246,7 +1246,7 @@ If the list contains a string that is not a certificate thumbprint, it is ignore | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1277,7 +1277,7 @@ If the list contains a string that is not a certificate thumbprint, it is ignore | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1304,7 +1304,7 @@ This policy setting specifies whether the UDP protocol will be used to access se | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1336,7 +1336,7 @@ This policy setting specifies whether the UDP protocol will be used to access se | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1377,7 +1377,7 @@ If the client does not support at least 16 bits, the connection is terminated. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1408,7 +1408,7 @@ If the client does not support at least 16 bits, the connection is terminated. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1441,7 +1441,7 @@ This policy setting allows you to limit the size of the entire roaming user prof | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1473,7 +1473,7 @@ This policy setting allows you to limit the size of the entire roaming user prof | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1504,7 +1504,7 @@ If the status is set to Not Configured, the default behavior applies. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1536,7 +1536,7 @@ If the status is set to Not Configured, the default behavior applies. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1568,7 +1568,7 @@ This policy setting enables system administrators to change the graphics renderi | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1600,7 +1600,7 @@ This policy setting enables system administrators to change the graphics renderi | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1630,7 +1630,7 @@ This policy setting allows you to specify whether the Remote Desktop Easy Print | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1662,7 +1662,7 @@ This policy setting allows you to specify whether the Remote Desktop Easy Print | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1692,7 +1692,7 @@ This policy setting allows you to specify whether the Remote Desktop Easy Print | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1724,7 +1724,7 @@ This policy setting allows you to specify whether the Remote Desktop Easy Print | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1757,7 +1757,7 @@ When deployed on an RD Session Host server, RemoteFX delivers a rich user experi | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1789,7 +1789,7 @@ When deployed on an RD Session Host server, RemoteFX delivers a rich user experi | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1831,7 +1831,7 @@ By default, the RD Session Host server fallback printer driver is disabled. If t | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1863,7 +1863,7 @@ By default, the RD Session Host server fallback printer driver is disabled. If t | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1895,7 +1895,7 @@ This policy is useful when the currently connected administrator does not want t | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1927,7 +1927,7 @@ This policy is useful when the currently connected administrator does not want t | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1954,7 +1954,7 @@ If you disable or do not configure this policy setting, the authentication metho | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1985,7 +1985,7 @@ If you disable or do not configure this policy setting, the authentication metho | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2018,7 +2018,7 @@ To allow users to overwrite this policy setting, select the "Allow users to chan | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2050,7 +2050,7 @@ To allow users to overwrite this policy setting, select the "Allow users to chan | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2081,7 +2081,7 @@ To allow users to overwrite the "Set RD Gateway server address" policy setting a | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2112,7 +2112,7 @@ To allow users to overwrite the "Set RD Gateway server address" policy setting a | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2149,7 +2149,7 @@ Note: | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2181,7 +2181,7 @@ Note: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2210,7 +2210,7 @@ After an RD Session Host server client loses the connection to an RD Session Hos | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2242,7 +2242,7 @@ After an RD Session Host server client loses the connection to an RD Session Hos | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2276,7 +2276,7 @@ By default, the RDS Endpoint Servers group is empty. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2308,7 +2308,7 @@ By default, the RDS Endpoint Servers group is empty. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2339,7 +2339,7 @@ This policy setting allows you to specify the order in which an RD Session Host | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2370,7 +2370,7 @@ This policy setting allows you to specify the order in which an RD Session Host | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2399,7 +2399,7 @@ By default, notifications are displayed on an RD Session Host server after you l | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2430,7 +2430,7 @@ By default, notifications are displayed on an RD Session Host server after you l | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2463,7 +2463,7 @@ Per Device licensing mode requires that each device connecting to this RD Sessio | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2494,7 +2494,7 @@ Per Device licensing mode requires that each device connecting to this RD Sessio | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2528,7 +2528,7 @@ If the status is set to Disabled or Not Configured, limits to the number of conn | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2559,7 +2559,7 @@ If the status is set to Disabled or Not Configured, limits to the number of conn | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2586,7 +2586,7 @@ This policy setting allows you to specify the maximum display resolution that ca | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2617,7 +2617,7 @@ This policy setting allows you to specify the maximum display resolution that ca | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2644,7 +2644,7 @@ This policy setting allows you to limit the number of monitors that a user can u | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2675,7 +2675,7 @@ This policy setting allows you to limit the number of monitors that a user can u | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2707,7 +2707,7 @@ You can use this policy setting to prevent users from using this familiar method | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2739,7 +2739,7 @@ You can use this policy setting to prevent users from using this familiar method | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2766,7 +2766,7 @@ If the status is set to Disabled or Not Configured, Windows Security remains in | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2798,7 +2798,7 @@ If the status is set to Disabled or Not Configured, Windows Security remains in | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2832,7 +2832,7 @@ By default, if the most appropriate RDS CAL is not available for a connection, a | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2864,7 +2864,7 @@ By default, if the most appropriate RDS CAL is not available for a connection, a | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2894,7 +2894,7 @@ This policy setting determines whether a user will be prompted on the client com | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2926,7 +2926,7 @@ This policy setting determines whether a user will be prompted on the client com | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2958,7 +2958,7 @@ The default connection URL must be configured in the form of< https://contoso.co | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2989,7 +2989,7 @@ The default connection URL must be configured in the form of< https://contoso.co | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -3018,7 +3018,7 @@ By default, when a new user signs in to a computer, the Start screen is shown an | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -3050,7 +3050,7 @@ By default, when a new user signs in to a computer, the Start screen is shown an | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -3084,7 +3084,7 @@ By default, when a new user signs in to a computer, the Start screen is shown an | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -3115,7 +3115,7 @@ By default, when a new user signs in to a computer, the Start screen is shown an | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -3149,7 +3149,7 @@ By default, when a new user signs in to a computer, the Start screen is shown an | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -3180,7 +3180,7 @@ By default, when a new user signs in to a computer, the Start screen is shown an | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -3209,7 +3209,7 @@ By default, Remote Desktop Connection sessions that use RemoteFX are optimized f | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -3240,7 +3240,7 @@ By default, Remote Desktop Connection sessions that use RemoteFX are optimized f | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -3275,7 +3275,7 @@ Note: | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -3306,7 +3306,7 @@ Note: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -3339,7 +3339,7 @@ Note: | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -3371,7 +3371,7 @@ Note: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -3406,7 +3406,7 @@ Note: | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -3437,7 +3437,7 @@ Note: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -3470,7 +3470,7 @@ This policy setting specifies whether to require the use of a specific security | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -3501,7 +3501,7 @@ This policy setting specifies whether to require the use of a specific security | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -3534,7 +3534,7 @@ If you disable or do not configure this policy setting, Remote Desktop Protocol | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -3565,7 +3565,7 @@ If you disable or do not configure this policy setting, Remote Desktop Protocol | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -3598,7 +3598,7 @@ If the UDP connection is not successful or if you select "Use only TCP," all of | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -3629,7 +3629,7 @@ If the UDP connection is not successful or if you select "Use only TCP," all of | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -3656,7 +3656,7 @@ This policy setting allows you to enable RemoteApp programs to use advanced grap | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -3688,7 +3688,7 @@ This policy setting allows you to enable RemoteApp programs to use advanced grap | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -3721,7 +3721,7 @@ Do not connect if authentication fails: The client establishes a connection to t | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -3752,7 +3752,7 @@ Do not connect if authentication fails: The client establishes a connection to t | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -3775,7 +3775,7 @@ This policy setting lets you enable H.264/AVC hardware encoding support for Remo | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -3807,7 +3807,7 @@ This policy setting lets you enable H.264/AVC hardware encoding support for Remo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -3830,7 +3830,7 @@ This policy setting prioritizes the H.264/AVC 444 graphics mode for non-RemoteFX | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -3862,7 +3862,7 @@ This policy setting prioritizes the H.264/AVC 444 graphics mode for non-RemoteFX | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -3893,7 +3893,7 @@ You can also choose not to use an RDP compression algorithm. Choosing not to use | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -3924,7 +3924,7 @@ You can also choose not to use an RDP compression algorithm. Choosing not to use | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -3956,7 +3956,7 @@ This policy setting allows you to specify the visual quality for remote users wh | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -3987,7 +3987,7 @@ This policy setting allows you to specify the visual quality for remote users wh | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -4013,7 +4013,7 @@ This policy setting allows you to configure graphics encoding to use the RemoteF | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -4045,7 +4045,7 @@ This policy setting allows you to configure graphics encoding to use the RemoteF | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -4077,7 +4077,7 @@ This policy setting allows the administrator to configure the RemoteFX experienc | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -4108,7 +4108,7 @@ This policy setting allows the administrator to configure the RemoteFX experienc | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -4137,7 +4137,7 @@ By default, Remote Desktop Services sessions are optimized for rich multimedia, | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -4168,7 +4168,7 @@ By default, Remote Desktop Services sessions are optimized for rich multimedia, | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -4197,7 +4197,7 @@ For this change to take effect, you must restart Windows. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -4229,7 +4229,7 @@ For this change to take effect, you must restart Windows. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -4265,7 +4265,7 @@ Time limits are set locally by the server administrator or by using Group Policy | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -4297,7 +4297,7 @@ Time limits are set locally by the server administrator or by using Group Policy | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -4333,7 +4333,7 @@ Time limits are set locally by the server administrator or by using Group Policy | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -4365,7 +4365,7 @@ Time limits are set locally by the server administrator or by using Group Policy | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -4399,7 +4399,7 @@ When a session is in a disconnected state, running programs are kept active even | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -4430,7 +4430,7 @@ When a session is in a disconnected state, running programs are kept active even | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -4464,7 +4464,7 @@ When a session is in a disconnected state, running programs are kept active even | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -4495,7 +4495,7 @@ When a session is in a disconnected state, running programs are kept active even | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -4527,7 +4527,7 @@ If you want Remote Desktop Services to end instead of disconnect a session when | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -4558,7 +4558,7 @@ If you want Remote Desktop Services to end instead of disconnect a session when | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -4590,7 +4590,7 @@ If you want Remote Desktop Services to end instead of disconnect a session when | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -4621,7 +4621,7 @@ If you want Remote Desktop Services to end instead of disconnect a session when | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -4653,7 +4653,7 @@ If you want Remote Desktop Services to end instead of disconnect a session when | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -4684,7 +4684,7 @@ If you want Remote Desktop Services to end instead of disconnect a session when | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -4716,7 +4716,7 @@ If you want Remote Desktop Services to end instead of disconnect a session when | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -4747,7 +4747,7 @@ If you want Remote Desktop Services to end instead of disconnect a session when | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -4776,7 +4776,7 @@ This policy setting allows you to restrict users to a single Remote Desktop Serv | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -4808,7 +4808,7 @@ This policy setting allows you to restrict users to a single Remote Desktop Serv | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -4838,7 +4838,7 @@ This policy setting allows you to control the redirection of smart card devices | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -4870,7 +4870,7 @@ This policy setting allows you to control the redirection of smart card devices | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -4906,7 +4906,7 @@ If the status is set to Disabled or Not Configured, Remote Desktop Services sess | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -4938,7 +4938,7 @@ If the status is set to Disabled or Not Configured, Remote Desktop Services sess | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -4974,7 +4974,7 @@ If the status is set to Disabled or Not Configured, Remote Desktop Services sess | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -5005,7 +5005,7 @@ If the status is set to Disabled or Not Configured, Remote Desktop Services sess | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -5039,7 +5039,7 @@ You can use this setting to maintain a user's session-specific temporary folders | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -5071,7 +5071,7 @@ You can use this setting to maintain a user's session-specific temporary folders | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -5102,7 +5102,7 @@ You can use this policy setting to disable the creation of separate temporary fo | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -5134,7 +5134,7 @@ You can use this policy setting to disable the creation of separate temporary fo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -5164,7 +5164,7 @@ This policy setting determines whether the client computer redirects its time zo | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -5196,7 +5196,7 @@ This policy setting determines whether the client computer redirects its time zo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -5228,7 +5228,7 @@ You can use this setting to prevent administrators from making changes to the us | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -5260,7 +5260,7 @@ You can use this setting to prevent administrators from making changes to the us | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -5290,7 +5290,7 @@ This policy setting determines whether the desktop is always displayed after a c | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -5322,7 +5322,7 @@ This policy setting determines whether the desktop is always displayed after a c | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -5353,7 +5353,7 @@ Remote Desktop sessions don't currently support UI Automation redirection. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -5385,7 +5385,7 @@ Remote Desktop sessions don't currently support UI Automation redirection. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -5414,7 +5414,7 @@ For this change to take effect, you must restart Windows. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -5445,7 +5445,7 @@ For this change to take effect, you must restart Windows. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -5479,7 +5479,7 @@ To determine whether a client computer supports Network Level Authentication, st | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -5511,7 +5511,7 @@ To determine whether a client computer supports Network Level Authentication, st | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -5545,7 +5545,7 @@ If the status is set to Disabled or Not Configured, the user's home directory is | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -5576,7 +5576,7 @@ If the status is set to Disabled or Not Configured, the user's home directory is | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -5607,7 +5607,7 @@ For this policy setting to take effect, you must also enable and configure the " | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -5639,7 +5639,7 @@ For this policy setting to take effect, you must also enable and configure the " | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -5675,7 +5675,7 @@ Note: | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-thumbnails.md b/windows/client-management/mdm/policy-csp-admx-thumbnails.md index 48b4bfbd9a..7be9dcce4c 100644 --- a/windows/client-management/mdm/policy-csp-admx-thumbnails.md +++ b/windows/client-management/mdm/policy-csp-admx-thumbnails.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -57,7 +57,7 @@ File Explorer displays thumbnail images by default. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -89,7 +89,7 @@ File Explorer displays thumbnail images by default. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -118,7 +118,7 @@ File Explorer displays thumbnail images on network folders by default. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -150,7 +150,7 @@ File Explorer displays thumbnail images on network folders by default. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -179,7 +179,7 @@ This policy setting allows you to configure File Explorer to cache thumbnails of | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-touchinput.md b/windows/client-management/mdm/policy-csp-admx-touchinput.md index f95091efea..6527737981 100644 --- a/windows/client-management/mdm/policy-csp-admx-touchinput.md +++ b/windows/client-management/mdm/policy-csp-admx-touchinput.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -61,7 +61,7 @@ Turns off touch panning, which allows users pan inside windows by touch. On a co | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -93,7 +93,7 @@ Turns off touch panning, which allows users pan inside windows by touch. On a co | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -126,7 +126,7 @@ Turns off touch panning, which allows users pan inside windows by touch. On a co | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -158,7 +158,7 @@ Turns off touch panning, which allows users pan inside windows by touch. On a co | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -192,7 +192,7 @@ Turns off touch input, which allows the user to interact with their computer usi | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -224,7 +224,7 @@ Turns off touch input, which allows the user to interact with their computer usi | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -258,7 +258,7 @@ Turns off touch input, which allows the user to interact with their computer usi | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-tpm.md b/windows/client-management/mdm/policy-csp-admx-tpm.md index 4ddef01a00..ad2038ed2b 100644 --- a/windows/client-management/mdm/policy-csp-admx-tpm.md +++ b/windows/client-management/mdm/policy-csp-admx-tpm.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -55,7 +55,7 @@ This policy setting allows you to manage the Group Policy list of Trusted Platfo | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -87,7 +87,7 @@ This policy setting allows you to manage the Group Policy list of Trusted Platfo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -110,7 +110,7 @@ This policy setting configures the system to prompt the user to clear the TPM if | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -142,7 +142,7 @@ This policy setting configures the system to prompt the user to clear the TPM if | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -171,7 +171,7 @@ The default list of blocked TPM commands is pre-configured by Windows. You can v | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -203,7 +203,7 @@ The default list of blocked TPM commands is pre-configured by Windows. You can v | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -232,7 +232,7 @@ The local list of blocked TPM commands is configured outside of Group Policy by | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -264,7 +264,7 @@ The local list of blocked TPM commands is configured outside of Group Policy by | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -287,7 +287,7 @@ This group policy enables Device Health Attestation reporting (DHA-report) on su | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -319,7 +319,7 @@ This group policy enables Device Health Attestation reporting (DHA-report) on su | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -355,7 +355,7 @@ Choose the operating system managed TPM authentication setting of "None" for com | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -386,7 +386,7 @@ Choose the operating system managed TPM authentication setting of "None" for com | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -425,7 +425,7 @@ If this value is not configured, a default value of 480 minutes (8 hours) is use | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -457,7 +457,7 @@ If this value is not configured, a default value of 480 minutes (8 hours) is use | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -498,7 +498,7 @@ A value of zero means the OS will not allow standard users to send commands to t | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -530,7 +530,7 @@ A value of zero means the OS will not allow standard users to send commands to t | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -571,7 +571,7 @@ A value of zero means the OS will not allow standard users to send commands to t | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -603,7 +603,7 @@ A value of zero means the OS will not allow standard users to send commands to t | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -626,7 +626,7 @@ This policy setting configures the TPM to use the Dictionary Attack Prevention P | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-userexperiencevirtualization.md b/windows/client-management/mdm/policy-csp-admx-userexperiencevirtualization.md index 4e6041c26c..851fa37d1b 100644 --- a/windows/client-management/mdm/policy-csp-admx-userexperiencevirtualization.md +++ b/windows/client-management/mdm/policy-csp-admx-userexperiencevirtualization.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -60,7 +60,7 @@ By default, the user settings of Calculator synchronize between computers. Use t | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -92,7 +92,7 @@ By default, the user settings of Calculator synchronize between computers. Use t | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -124,7 +124,7 @@ With notifications enabled, UE-V users receive a message when the settings sync | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -155,7 +155,7 @@ With notifications enabled, UE-V users receive a message when the settings sync | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -186,7 +186,7 @@ This policy setting configures the synchronization of User Experience Virtualiza | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -218,7 +218,7 @@ This policy setting configures the synchronization of User Experience Virtualiza | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -245,7 +245,7 @@ This policy setting specifies the text of the Contact IT URL hyperlink in the Co | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -276,7 +276,7 @@ This policy setting specifies the text of the Contact IT URL hyperlink in the Co | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -303,7 +303,7 @@ This policy setting specifies the URL for the Contact IT link in the Company Set | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -334,7 +334,7 @@ This policy setting specifies the URL for the Contact IT link in the Company Set | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -369,7 +369,7 @@ By default, the UE-V Agent synchronizes settings for Windows apps between the co | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -401,7 +401,7 @@ By default, the UE-V Agent synchronizes settings for Windows apps between the co | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -433,7 +433,7 @@ Certain Windows settings will synchronize between computers by default. These se | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -464,7 +464,7 @@ Certain Windows settings will synchronize between computers by default. These se | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -487,7 +487,7 @@ This policy setting allows you to enable or disable User Experience Virtualizati | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -519,7 +519,7 @@ This policy setting allows you to enable or disable User Experience Virtualizati | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -551,7 +551,7 @@ By default, the user settings of Finance sync between computers. Use the policy | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -583,7 +583,7 @@ By default, the user settings of Finance sync between computers. Use the policy | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -610,7 +610,7 @@ If you do not configure this policy setting, any defined values are deleted. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -642,7 +642,7 @@ If you do not configure this policy setting, any defined values are deleted. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -674,7 +674,7 @@ By default, the user settings of Games sync between computers. Use the policy se | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -706,7 +706,7 @@ By default, the user settings of Games sync between computers. Use the policy se | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -738,7 +738,7 @@ By default, the user settings of Internet Explorer 10 synchronize between comput | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -770,7 +770,7 @@ By default, the user settings of Internet Explorer 10 synchronize between comput | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -802,7 +802,7 @@ By default, the user settings of Internet Explorer 11 synchronize between comput | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -834,7 +834,7 @@ By default, the user settings of Internet Explorer 11 synchronize between comput | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -866,7 +866,7 @@ By default, the user settings of Internet Explorer 8 synchronize between compute | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -898,7 +898,7 @@ By default, the user settings of Internet Explorer 8 synchronize between compute | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -930,7 +930,7 @@ By default, the user settings of Internet Explorer 9 synchronize between compute | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -962,7 +962,7 @@ By default, the user settings of Internet Explorer 9 synchronize between compute | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -994,7 +994,7 @@ By default, the user settings which are common between the versions of Internet | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1025,7 +1025,7 @@ By default, the user settings which are common between the versions of Internet | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1057,7 +1057,7 @@ By default, the user settings of Maps sync between computers. Use the policy set | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1089,7 +1089,7 @@ By default, the user settings of Maps sync between computers. Use the policy set | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1119,7 +1119,7 @@ This policy setting allows you to configure the UE-V Agent to write a warning ev | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1150,7 +1150,7 @@ This policy setting allows you to configure the UE-V Agent to write a warning ev | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1182,7 +1182,7 @@ By default, the user settings of Microsoft Access 2010 synchronize between compu | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1213,7 +1213,7 @@ By default, the user settings of Microsoft Access 2010 synchronize between compu | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1245,7 +1245,7 @@ By default, the user settings which are common between the Microsoft Office Suit | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1276,7 +1276,7 @@ By default, the user settings which are common between the Microsoft Office Suit | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1308,7 +1308,7 @@ By default, the user settings of Microsoft Excel 2010 synchronize between comput | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1339,7 +1339,7 @@ By default, the user settings of Microsoft Excel 2010 synchronize between comput | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1371,7 +1371,7 @@ By default, the user settings of Microsoft InfoPath 2010 synchronize between com | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1402,7 +1402,7 @@ By default, the user settings of Microsoft InfoPath 2010 synchronize between com | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1434,7 +1434,7 @@ By default, the user settings of Microsoft Lync 2010 synchronize between compute | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1466,7 +1466,7 @@ By default, the user settings of Microsoft Lync 2010 synchronize between compute | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1498,7 +1498,7 @@ By default, the user settings of Microsoft OneNote 2010 synchronize between comp | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1529,7 +1529,7 @@ By default, the user settings of Microsoft OneNote 2010 synchronize between comp | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1561,7 +1561,7 @@ By default, the user settings of Microsoft Outlook 2010 synchronize between comp | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1592,7 +1592,7 @@ By default, the user settings of Microsoft Outlook 2010 synchronize between comp | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1624,7 +1624,7 @@ By default, the user settings of Microsoft PowerPoint 2010 synchronize between c | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1655,7 +1655,7 @@ By default, the user settings of Microsoft PowerPoint 2010 synchronize between c | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1687,7 +1687,7 @@ By default, the user settings of Microsoft Project 2010 synchronize between comp | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1718,7 +1718,7 @@ By default, the user settings of Microsoft Project 2010 synchronize between comp | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1750,7 +1750,7 @@ By default, the user settings of Microsoft Publisher 2010 synchronize between co | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1781,7 +1781,7 @@ By default, the user settings of Microsoft Publisher 2010 synchronize between co | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1813,7 +1813,7 @@ By default, the user settings of Microsoft SharePoint Designer 2010 synchronize | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1844,7 +1844,7 @@ By default, the user settings of Microsoft SharePoint Designer 2010 synchronize | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1876,7 +1876,7 @@ By default, the user settings of Microsoft SharePoint Workspace 2010 synchronize | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1907,7 +1907,7 @@ By default, the user settings of Microsoft SharePoint Workspace 2010 synchronize | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1939,7 +1939,7 @@ By default, the user settings of Microsoft Visio 2010 synchronize between comput | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1970,7 +1970,7 @@ By default, the user settings of Microsoft Visio 2010 synchronize between comput | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2002,7 +2002,7 @@ By default, the user settings of Microsoft Word 2010 synchronize between compute | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2033,7 +2033,7 @@ By default, the user settings of Microsoft Word 2010 synchronize between compute | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2065,7 +2065,7 @@ By default, the user settings of Microsoft Access 2013 synchronize between compu | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2096,7 +2096,7 @@ By default, the user settings of Microsoft Access 2013 synchronize between compu | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2128,7 +2128,7 @@ Microsoft Access 2013 has user settings that are backed up instead of synchroniz | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2159,7 +2159,7 @@ Microsoft Access 2013 has user settings that are backed up instead of synchroniz | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2191,7 +2191,7 @@ By default, the user settings which are common between the Microsoft Office Suit | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2222,7 +2222,7 @@ By default, the user settings which are common between the Microsoft Office Suit | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2254,7 +2254,7 @@ Microsoft Office Suite 2013 has user settings which are common between applicati | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2285,7 +2285,7 @@ Microsoft Office Suite 2013 has user settings which are common between applicati | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2317,7 +2317,7 @@ By default, the user settings of Microsoft Excel 2013 synchronize between comput | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2348,7 +2348,7 @@ By default, the user settings of Microsoft Excel 2013 synchronize between comput | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2380,7 +2380,7 @@ Microsoft Excel 2013 has user settings that are backed up instead of synchronizi | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2411,7 +2411,7 @@ Microsoft Excel 2013 has user settings that are backed up instead of synchronizi | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2443,7 +2443,7 @@ By default, the user settings of Microsoft InfoPath 2013 synchronize between com | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2474,7 +2474,7 @@ By default, the user settings of Microsoft InfoPath 2013 synchronize between com | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2506,7 +2506,7 @@ Microsoft InfoPath 2013 has user settings that are backed up instead of synchron | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2537,7 +2537,7 @@ Microsoft InfoPath 2013 has user settings that are backed up instead of synchron | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2569,7 +2569,7 @@ By default, the user settings of Microsoft Lync 2013 synchronize between compute | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2600,7 +2600,7 @@ By default, the user settings of Microsoft Lync 2013 synchronize between compute | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2632,7 +2632,7 @@ Microsoft Lync 2013 has user settings that are backed up instead of synchronizin | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2663,7 +2663,7 @@ Microsoft Lync 2013 has user settings that are backed up instead of synchronizin | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2695,7 +2695,7 @@ By default, the user settings of OneDrive for Business 2013 synchronize between | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2726,7 +2726,7 @@ By default, the user settings of OneDrive for Business 2013 synchronize between | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2758,7 +2758,7 @@ By default, the user settings of Microsoft OneNote 2013 synchronize between comp | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2789,7 +2789,7 @@ By default, the user settings of Microsoft OneNote 2013 synchronize between comp | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2821,7 +2821,7 @@ Microsoft OneNote 2013 has user settings that are backed up instead of synchroni | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2852,7 +2852,7 @@ Microsoft OneNote 2013 has user settings that are backed up instead of synchroni | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2884,7 +2884,7 @@ By default, the user settings of Microsoft Outlook 2013 synchronize between comp | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2915,7 +2915,7 @@ By default, the user settings of Microsoft Outlook 2013 synchronize between comp | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2947,7 +2947,7 @@ Microsoft Outlook 2013 has user settings that are backed up instead of synchroni | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2978,7 +2978,7 @@ Microsoft Outlook 2013 has user settings that are backed up instead of synchroni | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -3010,7 +3010,7 @@ By default, the user settings of Microsoft PowerPoint 2013 synchronize between c | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -3041,7 +3041,7 @@ By default, the user settings of Microsoft PowerPoint 2013 synchronize between c | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -3073,7 +3073,7 @@ Microsoft PowerPoint 2013 has user settings that are backed up instead of synchr | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -3104,7 +3104,7 @@ Microsoft PowerPoint 2013 has user settings that are backed up instead of synchr | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -3136,7 +3136,7 @@ By default, the user settings of Microsoft Project 2013 synchronize between comp | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -3167,7 +3167,7 @@ By default, the user settings of Microsoft Project 2013 synchronize between comp | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -3199,7 +3199,7 @@ Microsoft Project 2013 has user settings that are backed up instead of synchroni | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -3230,7 +3230,7 @@ Microsoft Project 2013 has user settings that are backed up instead of synchroni | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -3262,7 +3262,7 @@ By default, the user settings of Microsoft Publisher 2013 synchronize between co | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -3293,7 +3293,7 @@ By default, the user settings of Microsoft Publisher 2013 synchronize between co | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -3325,7 +3325,7 @@ Microsoft Publisher 2013 has user settings that are backed up instead of synchro | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -3356,7 +3356,7 @@ Microsoft Publisher 2013 has user settings that are backed up instead of synchro | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -3388,7 +3388,7 @@ By default, the user settings of Microsoft SharePoint Designer 2013 synchronize | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -3419,7 +3419,7 @@ By default, the user settings of Microsoft SharePoint Designer 2013 synchronize | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -3451,7 +3451,7 @@ Microsoft SharePoint Designer 2013 has user settings that are backed up instead | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -3482,7 +3482,7 @@ Microsoft SharePoint Designer 2013 has user settings that are backed up instead | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -3514,7 +3514,7 @@ By default, the user settings of Microsoft Office 2013 Upload Center synchronize | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -3545,7 +3545,7 @@ By default, the user settings of Microsoft Office 2013 Upload Center synchronize | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -3577,7 +3577,7 @@ By default, the user settings of Microsoft Visio 2013 synchronize between comput | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -3608,7 +3608,7 @@ By default, the user settings of Microsoft Visio 2013 synchronize between comput | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -3640,7 +3640,7 @@ Microsoft Visio 2013 has user settings that are backed up instead of synchronizi | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -3671,7 +3671,7 @@ Microsoft Visio 2013 has user settings that are backed up instead of synchronizi | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -3703,7 +3703,7 @@ By default, the user settings of Microsoft Word 2013 synchronize between compute | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -3734,7 +3734,7 @@ By default, the user settings of Microsoft Word 2013 synchronize between compute | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -3766,7 +3766,7 @@ Microsoft Word 2013 has user settings that are backed up instead of synchronizin | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -3797,7 +3797,7 @@ Microsoft Word 2013 has user settings that are backed up instead of synchronizin | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -3829,7 +3829,7 @@ By default, the user settings of Microsoft Access 2016 synchronize between compu | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -3860,7 +3860,7 @@ By default, the user settings of Microsoft Access 2016 synchronize between compu | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -3892,7 +3892,7 @@ Microsoft Access 2016 has user settings that are backed up instead of synchroniz | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -3923,7 +3923,7 @@ Microsoft Access 2016 has user settings that are backed up instead of synchroniz | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -3955,7 +3955,7 @@ By default, the user settings which are common between the Microsoft Office Suit | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -3986,7 +3986,7 @@ By default, the user settings which are common between the Microsoft Office Suit | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -4018,7 +4018,7 @@ Microsoft Office Suite 2016 has user settings which are common between applicati | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -4049,7 +4049,7 @@ Microsoft Office Suite 2016 has user settings which are common between applicati | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -4081,7 +4081,7 @@ By default, the user settings of Microsoft Excel 2016 synchronize between comput | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -4112,7 +4112,7 @@ By default, the user settings of Microsoft Excel 2016 synchronize between comput | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -4144,7 +4144,7 @@ Microsoft Excel 2016 has user settings that are backed up instead of synchronizi | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -4175,7 +4175,7 @@ Microsoft Excel 2016 has user settings that are backed up instead of synchronizi | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -4207,7 +4207,7 @@ By default, the user settings of Microsoft Lync 2016 synchronize between compute | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -4238,7 +4238,7 @@ By default, the user settings of Microsoft Lync 2016 synchronize between compute | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -4270,7 +4270,7 @@ Microsoft Lync 2016 has user settings that are backed up instead of synchronizin | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -4301,7 +4301,7 @@ Microsoft Lync 2016 has user settings that are backed up instead of synchronizin | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -4333,7 +4333,7 @@ By default, the user settings of OneDrive for Business 2016 synchronize between | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -4364,7 +4364,7 @@ By default, the user settings of OneDrive for Business 2016 synchronize between | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -4396,7 +4396,7 @@ By default, the user settings of Microsoft OneNote 2016 synchronize between comp | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -4427,7 +4427,7 @@ By default, the user settings of Microsoft OneNote 2016 synchronize between comp | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -4459,7 +4459,7 @@ Microsoft OneNote 2016 has user settings that are backed up instead of synchroni | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -4490,7 +4490,7 @@ Microsoft OneNote 2016 has user settings that are backed up instead of synchroni | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -4522,7 +4522,7 @@ By default, the user settings of Microsoft Outlook 2016 synchronize between comp | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -4553,7 +4553,7 @@ By default, the user settings of Microsoft Outlook 2016 synchronize between comp | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -4585,7 +4585,7 @@ Microsoft Outlook 2016 has user settings that are backed up instead of synchroni | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -4616,7 +4616,7 @@ Microsoft Outlook 2016 has user settings that are backed up instead of synchroni | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -4648,7 +4648,7 @@ By default, the user settings of Microsoft PowerPoint 2016 synchronize between c | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -4679,7 +4679,7 @@ By default, the user settings of Microsoft PowerPoint 2016 synchronize between c | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -4711,7 +4711,7 @@ Microsoft PowerPoint 2016 has user settings that are backed up instead of synchr | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -4742,7 +4742,7 @@ Microsoft PowerPoint 2016 has user settings that are backed up instead of synchr | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -4774,7 +4774,7 @@ By default, the user settings of Microsoft Project 2016 synchronize between comp | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -4805,7 +4805,7 @@ By default, the user settings of Microsoft Project 2016 synchronize between comp | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -4837,7 +4837,7 @@ Microsoft Project 2016 has user settings that are backed up instead of synchroni | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -4868,7 +4868,7 @@ Microsoft Project 2016 has user settings that are backed up instead of synchroni | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -4900,7 +4900,7 @@ By default, the user settings of Microsoft Publisher 2016 synchronize between co | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -4931,7 +4931,7 @@ By default, the user settings of Microsoft Publisher 2016 synchronize between co | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -4963,7 +4963,7 @@ Microsoft Publisher 2016 has user settings that are backed up instead of synchro | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -4994,7 +4994,7 @@ Microsoft Publisher 2016 has user settings that are backed up instead of synchro | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -5026,7 +5026,7 @@ By default, the user settings of Microsoft Office 2016 Upload Center synchronize | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -5057,7 +5057,7 @@ By default, the user settings of Microsoft Office 2016 Upload Center synchronize | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -5089,7 +5089,7 @@ By default, the user settings of Microsoft Visio 2016 synchronize between comput | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -5120,7 +5120,7 @@ By default, the user settings of Microsoft Visio 2016 synchronize between comput | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -5152,7 +5152,7 @@ Microsoft Visio 2016 has user settings that are backed up instead of synchronizi | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -5183,7 +5183,7 @@ Microsoft Visio 2016 has user settings that are backed up instead of synchronizi | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -5215,7 +5215,7 @@ By default, the user settings of Microsoft Word 2016 synchronize between compute | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -5246,7 +5246,7 @@ By default, the user settings of Microsoft Word 2016 synchronize between compute | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -5278,7 +5278,7 @@ Microsoft Word 2016 has user settings that are backed up instead of synchronizin | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -5309,7 +5309,7 @@ Microsoft Word 2016 has user settings that are backed up instead of synchronizin | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -5341,7 +5341,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -5372,7 +5372,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -5404,7 +5404,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -5435,7 +5435,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -5467,7 +5467,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -5498,7 +5498,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -5530,7 +5530,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -5561,7 +5561,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -5593,7 +5593,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -5624,7 +5624,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -5656,7 +5656,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -5687,7 +5687,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -5719,7 +5719,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -5750,7 +5750,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -5782,7 +5782,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -5813,7 +5813,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -5845,7 +5845,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -5876,7 +5876,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -5908,7 +5908,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -5939,7 +5939,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -5971,7 +5971,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -6002,7 +6002,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -6034,7 +6034,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -6065,7 +6065,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -6097,7 +6097,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -6128,7 +6128,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -6160,7 +6160,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -6191,7 +6191,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -6223,7 +6223,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -6254,7 +6254,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -6286,7 +6286,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -6317,7 +6317,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -6349,7 +6349,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -6380,7 +6380,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -6412,7 +6412,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -6443,7 +6443,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -6475,7 +6475,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -6506,7 +6506,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -6538,7 +6538,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -6569,7 +6569,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -6601,7 +6601,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -6632,7 +6632,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -6664,7 +6664,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -6695,7 +6695,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -6727,7 +6727,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -6758,7 +6758,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -6790,7 +6790,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -6821,7 +6821,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -6853,7 +6853,7 @@ By default, the user settings of Music sync between computers. Use the policy se | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -6885,7 +6885,7 @@ By default, the user settings of Music sync between computers. Use the policy se | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -6917,7 +6917,7 @@ By default, the user settings of News sync between computers. Use the policy set | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -6949,7 +6949,7 @@ By default, the user settings of News sync between computers. Use the policy set | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -6981,7 +6981,7 @@ By default, the user settings of Notepad synchronize between computers. Use the | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -7013,7 +7013,7 @@ By default, the user settings of Notepad synchronize between computers. Use the | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -7045,7 +7045,7 @@ By default, the user settings of Reader sync between computers. Use the policy s | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -7077,7 +7077,7 @@ By default, the user settings of Reader sync between computers. Use the policy s | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -7108,7 +7108,7 @@ You can use this setting to override the default value of 2000 milliseconds. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -7139,7 +7139,7 @@ You can use this setting to override the default value of 2000 milliseconds. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -7169,7 +7169,7 @@ This policy setting configures where the settings package files that contain use | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -7200,7 +7200,7 @@ This policy setting configures where the settings package files that contain use | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -7230,7 +7230,7 @@ If you specify a UNC path and check the option to replace the default Microsoft | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -7261,7 +7261,7 @@ If you specify a UNC path and check the option to replace the default Microsoft | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -7293,7 +7293,7 @@ By default, the user settings of Sports sync between computers. Use the policy s | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -7325,7 +7325,7 @@ By default, the user settings of Sports sync between computers. Use the policy s | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -7352,7 +7352,7 @@ This policy setting allows you to enable or disable User Experience Virtualizati | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -7384,7 +7384,7 @@ This policy setting allows you to enable or disable User Experience Virtualizati | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -7415,7 +7415,7 @@ If you do not configure this policy setting, any defined values are deleted. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -7447,7 +7447,7 @@ If you do not configure this policy setting, any defined values are deleted. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -7478,7 +7478,7 @@ If you do not configure this policy setting, any defined values are deleted. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -7510,7 +7510,7 @@ If you do not configure this policy setting, any defined values are deleted. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -7541,7 +7541,7 @@ This policy setting allows you to configure the User Experience Virtualization ( | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -7573,7 +7573,7 @@ This policy setting allows you to configure the User Experience Virtualization ( | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -7600,7 +7600,7 @@ If you do not configure this policy setting, any defined values are deleted. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -7632,7 +7632,7 @@ If you do not configure this policy setting, any defined values are deleted. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -7664,7 +7664,7 @@ By default, the user settings of Travel sync between computers. Use the policy s | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -7696,7 +7696,7 @@ By default, the user settings of Travel sync between computers. Use the policy s | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -7721,7 +7721,7 @@ If you do not configure this policy setting, any defined values are deleted. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -7753,7 +7753,7 @@ If you do not configure this policy setting, any defined values are deleted. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -7785,7 +7785,7 @@ By default, the user settings of Video sync between computers. Use the policy se | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -7817,7 +7817,7 @@ By default, the user settings of Video sync between computers. Use the policy se | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -7849,7 +7849,7 @@ By default, the user settings of Weather sync between computers. Use the policy | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -7881,7 +7881,7 @@ By default, the user settings of Weather sync between computers. Use the policy | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -7913,7 +7913,7 @@ By default, the user settings of WordPad synchronize between computers. Use the | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-userprofiles.md b/windows/client-management/mdm/policy-csp-admx-userprofiles.md index 976e81ab41..d1ff4bc3ca 100644 --- a/windows/client-management/mdm/policy-csp-admx-userprofiles.md +++ b/windows/client-management/mdm/policy-csp-admx-userprofiles.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -58,7 +58,7 @@ This policy setting allows an administrator to automatically delete user profile | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -89,7 +89,7 @@ This policy setting allows an administrator to automatically delete user profile | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -119,7 +119,7 @@ This policy setting controls whether Windows forcefully unloads the user's regis | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -151,7 +151,7 @@ This policy setting controls whether Windows forcefully unloads the user's regis | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -183,7 +183,7 @@ By default Windows deletes all information related to a roaming user (which incl | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -215,7 +215,7 @@ By default Windows deletes all information related to a roaming user (which incl | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -251,7 +251,7 @@ This policy setting sets the maximum size of each user profile and determines th | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -283,7 +283,7 @@ This policy setting sets the maximum size of each user profile and determines th | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -314,7 +314,7 @@ Also, see the "Delete cached copies of roaming profiles" policy setting. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -346,7 +346,7 @@ Also, see the "Delete cached copies of roaming profiles" policy setting. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -377,7 +377,7 @@ This policy setting and related policy settings in this folder together define t | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -408,7 +408,7 @@ This policy setting and related policy settings in this folder together define t | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -444,7 +444,7 @@ If the "Set Remote Desktop Services User Home Directory" policy setting is enabl | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -475,7 +475,7 @@ If the "Set Remote Desktop Services User Home Directory" policy setting is enabl | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -506,7 +506,7 @@ This setting prevents users from managing the ability to allow apps to access th | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-w32time.md b/windows/client-management/mdm/policy-csp-admx-w32time.md index 908a9f2693..a153667ae4 100644 --- a/windows/client-management/mdm/policy-csp-admx-w32time.md +++ b/windows/client-management/mdm/policy-csp-admx-w32time.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -131,7 +131,7 @@ This parameter controls the frequency at which an event that indicates the numbe | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -162,7 +162,7 @@ This parameter controls the frequency at which an event that indicates the numbe | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -210,7 +210,7 @@ This value is a bitmask that controls events that may be logged to the System lo | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -241,7 +241,7 @@ This value is a bitmask that controls events that may be logged to the System lo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -270,7 +270,7 @@ Enabling the Windows NTP Client allows your computer to synchronize its computer | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -302,7 +302,7 @@ Enabling the Windows NTP Client allows your computer to synchronize its computer | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -329,7 +329,7 @@ This policy setting allows you to specify whether the Windows NTP Server is enab | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-wcm.md b/windows/client-management/mdm/policy-csp-admx-wcm.md index ad7f74feba..701e0becfd 100644 --- a/windows/client-management/mdm/policy-csp-admx-wcm.md +++ b/windows/client-management/mdm/policy-csp-admx-wcm.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -55,7 +55,7 @@ This policy setting specifies that power management is disabled when the machine | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -87,7 +87,7 @@ This policy setting specifies that power management is disabled when the machine | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -122,7 +122,7 @@ This policy setting depends on other group policy settings. For example, if 'Min | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -154,7 +154,7 @@ This policy setting depends on other group policy settings. For example, if 'Min | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -187,7 +187,7 @@ This policy setting is related to the "Enable Windows to soft-disconnect a compu | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-wdi.md b/windows/client-management/mdm/policy-csp-admx-wdi.md index e5c1be0350..7d91ad5cdd 100644 --- a/windows/client-management/mdm/policy-csp-admx-wdi.md +++ b/windows/client-management/mdm/policy-csp-admx-wdi.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -59,7 +59,7 @@ This policy setting will only take effect when the Diagnostic Policy Service is | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -91,7 +91,7 @@ This policy setting will only take effect when the Diagnostic Policy Service is | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -124,7 +124,7 @@ No reboots or service restarts are required for this policy setting to take effe | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-wincal.md b/windows/client-management/mdm/policy-csp-admx-wincal.md index ebbc5ad09f..c2655f33c6 100644 --- a/windows/client-management/mdm/policy-csp-admx-wincal.md +++ b/windows/client-management/mdm/policy-csp-admx-wincal.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -57,7 +57,7 @@ The default is for Windows Calendar to be turned on. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -89,7 +89,7 @@ The default is for Windows Calendar to be turned on. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -118,7 +118,7 @@ The default is for Windows Calendar to be turned on. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-windowscolorsystem.md b/windows/client-management/mdm/policy-csp-admx-windowscolorsystem.md index 8a97f03811..d47c7b3a52 100644 --- a/windows/client-management/mdm/policy-csp-admx-windowscolorsystem.md +++ b/windows/client-management/mdm/policy-csp-admx-windowscolorsystem.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -55,7 +55,7 @@ This policy setting affects the ability of users to install or uninstall color p | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -87,7 +87,7 @@ This policy setting affects the ability of users to install or uninstall color p | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -114,7 +114,7 @@ This policy setting affects the ability of users to install or uninstall color p | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-windowsconnectnow.md b/windows/client-management/mdm/policy-csp-admx-windowsconnectnow.md index 014ceeea05..c3c304af0c 100644 --- a/windows/client-management/mdm/policy-csp-admx-windowsconnectnow.md +++ b/windows/client-management/mdm/policy-csp-admx-windowsconnectnow.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -55,7 +55,7 @@ This policy setting prohibits access to Windows Connect Now (WCN) wizards. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -87,7 +87,7 @@ This policy setting prohibits access to Windows Connect Now (WCN) wizards. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -114,7 +114,7 @@ This policy setting prohibits access to Windows Connect Now (WCN) wizards. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -146,7 +146,7 @@ This policy setting prohibits access to Windows Connect Now (WCN) wizards. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -179,7 +179,7 @@ The default for this policy setting allows operations over all media. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-windowsexplorer.md b/windows/client-management/mdm/policy-csp-admx-windowsexplorer.md index 334b885c7c..6f2a37dc84 100644 --- a/windows/client-management/mdm/policy-csp-admx-windowsexplorer.md +++ b/windows/client-management/mdm/policy-csp-admx-windowsexplorer.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -58,7 +58,7 @@ This policy setting allows you to prevent data loss when you change the target l | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -90,7 +90,7 @@ This policy setting allows you to prevent data loss when you change the target l | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -123,7 +123,7 @@ Also, see the "Disable Active Desktop" setting in User Configuration\Administrat | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -155,7 +155,7 @@ Also, see the "Disable Active Desktop" setting in User Configuration\Administrat | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -182,7 +182,7 @@ Allows you to have File Explorer display a confirmation dialog whenever a file i | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -214,7 +214,7 @@ Allows you to have File Explorer display a confirmation dialog whenever a file i | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -245,7 +245,7 @@ This policy setting allows you to specify a location where all default Library d | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -276,7 +276,7 @@ This policy setting allows you to specify a location where all default Library d | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -305,7 +305,7 @@ This disables access to user-defined properties, and properties stored in NTFS s | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -337,7 +337,7 @@ This disables access to user-defined properties, and properties stored in NTFS s | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -372,7 +372,7 @@ This policy will not enable users to add unsupported locations to Libraries. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -404,7 +404,7 @@ This policy will not enable users to add unsupported locations to Libraries. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -432,7 +432,7 @@ You can specify a known folder using its known folder id or using its canonical | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -464,7 +464,7 @@ You can specify a known folder using its known folder id or using its canonical | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -492,7 +492,7 @@ File Explorer shows suggestion pop-ups as users type into the Search Box. These | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -524,7 +524,7 @@ File Explorer shows suggestion pop-ups as users type into the Search Box. These | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -554,7 +554,7 @@ This policy setting determines whether remote paths can be used for file shortcu | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -586,7 +586,7 @@ This policy setting determines whether remote paths can be used for file shortcu | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -626,7 +626,7 @@ For more information, see [Microsoft Defender SmartScreen](/windows/security/thr | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -658,7 +658,7 @@ For more information, see [Microsoft Defender SmartScreen](/windows/security/thr | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -687,7 +687,7 @@ For shell extensions to run on a per-user basis, there must be an entry at HKEY_ | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -719,7 +719,7 @@ For shell extensions to run on a per-user basis, there must be an entry at HKEY_ | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -749,7 +749,7 @@ This policy setting allows you to specify whether the ribbon appears minimized o | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -781,7 +781,7 @@ This policy setting allows you to specify whether the ribbon appears minimized o | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -808,7 +808,7 @@ This policy setting allows you to turn off the display of snippets in Content vi | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -840,7 +840,7 @@ This policy setting allows you to turn off the display of snippets in Content vi | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -875,7 +875,7 @@ Changes to this setting may not be applied until the user logs off from Windows. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -907,7 +907,7 @@ Changes to this setting may not be applied until the user logs off from Windows. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -942,7 +942,7 @@ Changes to this setting may not be applied until the user logs off from Windows. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -974,7 +974,7 @@ Changes to this setting may not be applied until the user logs off from Windows. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1009,7 +1009,7 @@ Changes to this setting may not be applied until the user logs off from Windows. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1041,7 +1041,7 @@ Changes to this setting may not be applied until the user logs off from Windows. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1076,7 +1076,7 @@ Changes to this setting may not be applied until the user logs off from Windows. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1108,7 +1108,7 @@ Changes to this setting may not be applied until the user logs off from Windows. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1143,7 +1143,7 @@ Changes to this setting may not be applied until the user logs off from Windows. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1175,7 +1175,7 @@ Changes to this setting may not be applied until the user logs off from Windows. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1210,7 +1210,7 @@ Changes to this setting may not be applied until the user logs off from Windows. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1242,7 +1242,7 @@ Changes to this setting may not be applied until the user logs off from Windows. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1277,7 +1277,7 @@ Changes to this setting may not be applied until the user logs off from Windows. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1309,7 +1309,7 @@ Changes to this setting may not be applied until the user logs off from Windows. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1344,7 +1344,7 @@ Changes to this setting may not be applied until the user logs off from Windows. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1376,7 +1376,7 @@ Changes to this setting may not be applied until the user logs off from Windows. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1411,7 +1411,7 @@ Changes to this setting may not be applied until the user logs off from Windows. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1443,7 +1443,7 @@ Changes to this setting may not be applied until the user logs off from Windows. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1478,7 +1478,7 @@ Changes to this setting may not be applied until the user logs off from Windows. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1510,7 +1510,7 @@ Changes to this setting may not be applied until the user logs off from Windows. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1543,7 +1543,7 @@ This policy setting allows you to manage whether OpenSearch queries in this zone | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1575,7 +1575,7 @@ This policy setting allows you to manage whether OpenSearch queries in this zone | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1608,7 +1608,7 @@ This policy setting allows you to manage whether OpenSearch queries in this zone | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1640,7 +1640,7 @@ This policy setting allows you to manage whether OpenSearch queries in this zone | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1673,7 +1673,7 @@ This policy setting allows you to manage whether OpenSearch queries in this zone | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1705,7 +1705,7 @@ This policy setting allows you to manage whether OpenSearch queries in this zone | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1738,7 +1738,7 @@ This policy setting allows you to manage whether OpenSearch queries in this zone | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1770,7 +1770,7 @@ This policy setting allows you to manage whether OpenSearch queries in this zone | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1803,7 +1803,7 @@ This policy setting allows you to manage whether OpenSearch queries in this zone | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1835,7 +1835,7 @@ This policy setting allows you to manage whether OpenSearch queries in this zone | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1868,7 +1868,7 @@ This policy setting allows you to manage whether OpenSearch queries in this zone | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1900,7 +1900,7 @@ This policy setting allows you to manage whether OpenSearch queries in this zone | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1933,7 +1933,7 @@ This policy setting allows you to manage whether OpenSearch queries in this zone | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1965,7 +1965,7 @@ This policy setting allows you to manage whether OpenSearch queries in this zone | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1998,7 +1998,7 @@ This policy setting allows you to manage whether OpenSearch queries in this zone | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2030,7 +2030,7 @@ This policy setting allows you to manage whether OpenSearch queries in this zone | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2063,7 +2063,7 @@ This policy setting allows you to manage whether OpenSearch queries in this zone | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2095,7 +2095,7 @@ This policy setting allows you to manage whether OpenSearch queries in this zone | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2128,7 +2128,7 @@ This policy setting allows you to manage whether OpenSearch queries in this zone | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2160,7 +2160,7 @@ This policy setting allows you to manage whether OpenSearch queries in this zone | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2189,7 +2189,7 @@ Shortcut files typically include an absolute path to the original target file as | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2221,7 +2221,7 @@ Shortcut files typically include an absolute path to the original target file as | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2250,7 +2250,7 @@ The Recent Items menu contains shortcuts to the nonprogram files the user has mo | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2281,7 +2281,7 @@ The Recent Items menu contains shortcuts to the nonprogram files the user has mo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2315,7 +2315,7 @@ To see an example of the standard Open dialog box, start Notepad and, on the Fil | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2347,7 +2347,7 @@ To see an example of the standard Open dialog box, start Notepad and, on the Fil | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2377,7 +2377,7 @@ This policy setting allows you to turn off caching of thumbnail pictures. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2409,7 +2409,7 @@ This policy setting allows you to turn off caching of thumbnail pictures. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2439,7 +2439,7 @@ This policy setting allows you to remove CD Burning features. File Explorer allo | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2471,7 +2471,7 @@ This policy setting allows you to remove CD Burning features. File Explorer allo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2500,7 +2500,7 @@ Effects, such as animation, are designed to enhance the user's experience but mi | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2532,7 +2532,7 @@ Effects, such as animation, are designed to enhance the user's experience but mi | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2559,7 +2559,7 @@ Effects, such as transitory underlines, are designed to enhance the user's exper | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2591,7 +2591,7 @@ Effects, such as transitory underlines, are designed to enhance the user's exper | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2620,7 +2620,7 @@ This policy setting does not prevent users from using other methods to configure | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2652,7 +2652,7 @@ This policy setting does not prevent users from using other methods to configure | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2688,7 +2688,7 @@ Also, see the "Prevent access to drives from My Computer" policy setting. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2719,7 +2719,7 @@ Also, see the "Prevent access to drives from My Computer" policy setting. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2751,7 +2751,7 @@ To remove computers in the user's workgroup or domain from lists of network reso | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2783,7 +2783,7 @@ To remove computers in the user's workgroup or domain from lists of network reso | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2808,7 +2808,7 @@ This setting does not prevent users from using other methods to perform tasks av | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2840,7 +2840,7 @@ This setting does not prevent users from using other methods to perform tasks av | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2874,7 +2874,7 @@ To see an example of the standard Open dialog box, start Wordpad and, on the Fil | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2906,7 +2906,7 @@ To see an example of the standard Open dialog box, start Wordpad and, on the Fil | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2935,7 +2935,7 @@ Folder Options allows users to change the way files and folders open, what appea | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2967,7 +2967,7 @@ Folder Options allows users to change the way files and folders open, what appea | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2992,7 +2992,7 @@ This setting removes the Hardware tab from Mouse, Keyboard, and Sounds and Audio | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -3024,7 +3024,7 @@ This setting removes the Hardware tab from Mouse, Keyboard, and Sounds and Audio | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -3054,7 +3054,7 @@ This setting does not remove the Computer Management item from the Start menu (S | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -3086,7 +3086,7 @@ This setting does not remove the Computer Management item from the Start menu (S | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -3118,7 +3118,7 @@ When a Windows client is in a workgroup, a Shared Documents icon appears in the | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -3150,7 +3150,7 @@ When a Windows client is in a workgroup, a Shared Documents icon appears in the | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -3185,7 +3185,7 @@ This setting was documented incorrectly on the Explain tab in Group Policy for W | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -3217,7 +3217,7 @@ This setting was documented incorrectly on the Explain tab in Group Policy for W | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -3242,7 +3242,7 @@ If this group policy is enabled, no notifications will be shown. If the group po | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -3274,7 +3274,7 @@ If this group policy is enabled, no notifications will be shown. If the group po | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -3304,7 +3304,7 @@ To see an example of the standard Open dialog box, start Wordpad and, on the Fil | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -3336,7 +3336,7 @@ To see an example of the standard Open dialog box, start Wordpad and, on the Fil | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -3363,7 +3363,7 @@ When a file or folder is deleted in File Explorer, a copy of the file or folder | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -3395,7 +3395,7 @@ When a file or folder is deleted in File Explorer, a copy of the file or folder | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -3428,7 +3428,7 @@ By default, users are not prompted for alternate logon credentials when installi | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -3460,7 +3460,7 @@ By default, users are not prompted for alternate logon credentials when installi | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -3488,7 +3488,7 @@ By default, users are not prompted for alternate logon credentials when installi | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -3520,7 +3520,7 @@ By default, users are not prompted for alternate logon credentials when installi | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -3547,7 +3547,7 @@ Removes the Security tab from File Explorer. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -3579,7 +3579,7 @@ Removes the Security tab from File Explorer. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -3610,7 +3610,7 @@ This policy setting does not affect the Search items on the File Explorer contex | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -3642,7 +3642,7 @@ This policy setting does not affect the Search items on the File Explorer contex | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -3672,7 +3672,7 @@ This policy setting allows you to have file names sorted literally (as in Window | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -3704,7 +3704,7 @@ This policy setting allows you to have file names sorted literally (as in Window | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -3729,7 +3729,7 @@ If you enable this setting, menus do not appear when you right-click the desktop | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -3761,7 +3761,7 @@ If you enable this setting, menus do not appear when you right-click the desktop | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -3795,7 +3795,7 @@ Also, see the "Hide these specified drives in My Computer" setting. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -3826,7 +3826,7 @@ Also, see the "Hide these specified drives in My Computer" setting. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -3855,7 +3855,7 @@ Keyboards with a Windows key provide users with shortcuts to common shell featur | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -3887,7 +3887,7 @@ Keyboards with a Windows key provide users with shortcuts to common shell featur | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -3918,7 +3918,7 @@ To remove network computers from lists of network resources, use the "No Entire | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -3950,7 +3950,7 @@ To remove network computers from lists of network resources, use the "No Entire | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -3994,7 +3994,7 @@ If you disable or do not configure this setting the default list of items will b | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -4025,7 +4025,7 @@ If you disable or do not configure this setting the default list of items will b | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -4059,7 +4059,7 @@ If the dialog box does not appear, the installation proceeds with the current us | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -4091,7 +4091,7 @@ If the dialog box does not appear, the installation proceeds with the current us | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -4121,7 +4121,7 @@ Limits the percentage of a volume's disk space that can be used to store deleted | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -4152,7 +4152,7 @@ Limits the percentage of a volume's disk space that can be used to store deleted | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -4181,7 +4181,7 @@ This policy setting allows you to configure the amount of functionality that the | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -4213,7 +4213,7 @@ This policy setting allows you to configure the amount of functionality that the | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -4242,7 +4242,7 @@ This policy setting allows you to configure the amount of functionality that the | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -4274,7 +4274,7 @@ This policy setting allows you to configure the amount of functionality that the | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -4303,7 +4303,7 @@ Shows or hides hibernate from the power options menu. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -4335,7 +4335,7 @@ Shows or hides hibernate from the power options menu. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -4364,7 +4364,7 @@ Shows or hides sleep from the power options menu. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -4396,7 +4396,7 @@ Shows or hides sleep from the power options menu. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -4427,7 +4427,7 @@ The first several links will also be pinned to the Start menu. A total of four l | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -4459,7 +4459,7 @@ The first several links will also be pinned to the Start menu. A total of four l | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -4490,7 +4490,7 @@ The first several links will also be pinned to the Start menu. A total of four l | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-windowsmediadrm.md b/windows/client-management/mdm/policy-csp-admx-windowsmediadrm.md index 0bc5c5b292..a280ce8e6a 100644 --- a/windows/client-management/mdm/policy-csp-admx-windowsmediadrm.md +++ b/windows/client-management/mdm/policy-csp-admx-windowsmediadrm.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -57,7 +57,7 @@ When this policy is either disabled or not configured, Windows Media DRM functio | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-windowsmediaplayer.md b/windows/client-management/mdm/policy-csp-admx-windowsmediaplayer.md index 2ff1f78b95..5f200c9cf1 100644 --- a/windows/client-management/mdm/policy-csp-admx-windowsmediaplayer.md +++ b/windows/client-management/mdm/policy-csp-admx-windowsmediaplayer.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -67,7 +67,7 @@ This policy is ignored if the "Streaming media protocols" policy setting is enab | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -99,7 +99,7 @@ This policy is ignored if the "Streaming media protocols" policy setting is enab | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -137,7 +137,7 @@ This policy setting is ignored if the "Streaming media protocols" policy setting | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -169,7 +169,7 @@ This policy setting is ignored if the "Streaming media protocols" policy setting | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -205,7 +205,7 @@ The Configure button on the Network tab in the Player is not available and the p | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -237,7 +237,7 @@ The Configure button on the Network tab in the Player is not available and the p | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -266,7 +266,7 @@ This policy setting prevents the dialog boxes which allow users to select privac | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -298,7 +298,7 @@ This policy setting prevents the dialog boxes which allow users to select privac | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -325,7 +325,7 @@ This policy setting allows you to hide the Network tab. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -357,7 +357,7 @@ This policy setting allows you to hide the Network tab. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -386,7 +386,7 @@ This policy setting allows you to prevent the anchor window from being displayed | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -418,7 +418,7 @@ This policy setting allows you to prevent the anchor window from being displayed | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -447,7 +447,7 @@ When this policy is not configured and the Set and Lock Skin policy is enabled, | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -479,7 +479,7 @@ When this policy is not configured and the Set and Lock Skin policy is enabled, | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -510,7 +510,7 @@ Video smoothing is available only on the Windows XP Home Edition and Windows XP | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -542,7 +542,7 @@ Video smoothing is available only on the Windows XP Home Edition and Windows XP | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -571,7 +571,7 @@ This policy setting allows a screen saver to interrupt playback. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -603,7 +603,7 @@ This policy setting allows a screen saver to interrupt playback. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -632,7 +632,7 @@ The default privacy settings are used for the options on the Privacy tab unless | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -664,7 +664,7 @@ The default privacy settings are used for the options on the Privacy tab unless | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -691,7 +691,7 @@ This policy setting allows you to hide the Security tab in Windows Media Player. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -723,7 +723,7 @@ This policy setting allows you to hide the Security tab in Windows Media Player. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -755,7 +755,7 @@ The "Use default buffering" and "Buffer" options on the Performance tab in the P | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -787,7 +787,7 @@ The "Use default buffering" and "Buffer" options on the Performance tab in the P | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -816,7 +816,7 @@ This policy setting allows you to prevent Windows Media Player from downloading | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -848,7 +848,7 @@ This policy setting allows you to prevent Windows Media Player from downloading | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -875,7 +875,7 @@ This policy setting allows you to prevent media information for CDs and DVDs fro | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -907,7 +907,7 @@ This policy setting allows you to prevent media information for CDs and DVDs fro | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -934,7 +934,7 @@ This policy setting allows you to prevent media sharing from Windows Media Playe | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -966,7 +966,7 @@ This policy setting allows you to prevent media sharing from Windows Media Playe | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -993,7 +993,7 @@ This policy setting allows you to prevent media information for music files from | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1025,7 +1025,7 @@ This policy setting allows you to prevent media information for music files from | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1052,7 +1052,7 @@ This policy setting allows you to prevent a shortcut for the Player from being a | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1084,7 +1084,7 @@ This policy setting allows you to prevent a shortcut for the Player from being a | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1111,7 +1111,7 @@ This policy setting allows you to prevent radio station presets from being retri | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1143,7 +1143,7 @@ This policy setting allows you to prevent radio station presets from being retri | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1170,7 +1170,7 @@ This policy setting allows you to prevent a shortcut icon for the Player from be | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1202,7 +1202,7 @@ This policy setting allows you to prevent a shortcut icon for the Player from be | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1233,7 +1233,7 @@ A user has access only to the Player features that are available with the specif | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1265,7 +1265,7 @@ A user has access only to the Player features that are available with the specif | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1296,7 +1296,7 @@ This policy setting allows you to specify that Windows Media Player can attempt | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-windowsremotemanagement.md b/windows/client-management/mdm/policy-csp-admx-windowsremotemanagement.md index eec4ecd4ae..78cf4e3ebe 100644 --- a/windows/client-management/mdm/policy-csp-admx-windowsremotemanagement.md +++ b/windows/client-management/mdm/policy-csp-admx-windowsremotemanagement.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -55,7 +55,7 @@ This policy setting allows you to manage whether the Windows Remote Management ( | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -87,7 +87,7 @@ This policy setting allows you to manage whether the Windows Remote Management ( | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -114,7 +114,7 @@ This policy setting allows you to manage whether the Windows Remote Management ( | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-windowsstore.md b/windows/client-management/mdm/policy-csp-admx-windowsstore.md index 51bdbc375a..8d59d83fdb 100644 --- a/windows/client-management/mdm/policy-csp-admx-windowsstore.md +++ b/windows/client-management/mdm/policy-csp-admx-windowsstore.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -57,7 +57,7 @@ Enables or disables the automatic download of app updates on PCs running Windows | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -89,7 +89,7 @@ Enables or disables the automatic download of app updates on PCs running Windows | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -116,7 +116,7 @@ Enables or disables the Store offer to update to the latest version of Windows. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -148,7 +148,7 @@ Enables or disables the Store offer to update to the latest version of Windows. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -175,7 +175,7 @@ Enables or disables the Store offer to update to the latest version of Windows. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -207,7 +207,7 @@ Enables or disables the Store offer to update to the latest version of Windows. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -234,7 +234,7 @@ Denies or allows access to the Store application. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -266,7 +266,7 @@ Denies or allows access to the Store application. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -293,7 +293,7 @@ Denies or allows access to the Store application. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-wininit.md b/windows/client-management/mdm/policy-csp-admx-wininit.md index 00e3b779a5..a6ab24e318 100644 --- a/windows/client-management/mdm/policy-csp-admx-wininit.md +++ b/windows/client-management/mdm/policy-csp-admx-wininit.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -55,7 +55,7 @@ This policy setting controls the legacy remote shutdown interface (named pipe). | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -87,7 +87,7 @@ This policy setting controls the legacy remote shutdown interface (named pipe). | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -114,7 +114,7 @@ This policy setting controls the use of fast startup. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -146,7 +146,7 @@ This policy setting controls the use of fast startup. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -173,7 +173,7 @@ This policy setting configures the number of minutes the system waits for the hu | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-winlogon.md b/windows/client-management/mdm/policy-csp-admx-winlogon.md index 485134dd5c..abd05901dc 100644 --- a/windows/client-management/mdm/policy-csp-admx-winlogon.md +++ b/windows/client-management/mdm/policy-csp-admx-winlogon.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -62,7 +62,7 @@ To use this setting, copy your interface program to a network share or to your s | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -93,7 +93,7 @@ To use this setting, copy your interface program to a network share or to your s | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -122,7 +122,7 @@ If you disable or do not configure this setting, messages about the previous log | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -154,7 +154,7 @@ If you disable or do not configure this setting, messages about the previous log | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -184,7 +184,7 @@ This policy controls whether the logged on user should be notified when his logo | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -216,7 +216,7 @@ This policy controls whether the logged on user should be notified when his logo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -250,7 +250,7 @@ If you choose to log off a user, the user cannot log on again except during perm | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -281,7 +281,7 @@ If you choose to log off a user, the user cannot log on again except during perm | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -312,7 +312,7 @@ If disabled or not configured, no popup will be displayed to the user. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -344,7 +344,7 @@ If disabled or not configured, no popup will be displayed to the user. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -376,7 +376,7 @@ If you set this policy setting to "Services and Ease of Access applications," bo | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-winsrv.md b/windows/client-management/mdm/policy-csp-admx-winsrv.md index a2fd5d9cb2..05370d3487 100644 --- a/windows/client-management/mdm/policy-csp-admx-winsrv.md +++ b/windows/client-management/mdm/policy-csp-admx-winsrv.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -58,7 +58,7 @@ This policy setting specifies whether Windows will allow console applications an | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-wlansvc.md b/windows/client-management/mdm/policy-csp-admx-wlansvc.md index 0463120c55..78e7ae4623 100644 --- a/windows/client-management/mdm/policy-csp-admx-wlansvc.md +++ b/windows/client-management/mdm/policy-csp-admx-wlansvc.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -61,7 +61,7 @@ This policy setting configures the cost of Wireless LAN (WLAN) connections on th | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -92,7 +92,7 @@ This policy setting configures the cost of Wireless LAN (WLAN) connections on th | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -119,7 +119,7 @@ Conversely it means that Push Button is NOT allowed. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -151,7 +151,7 @@ Conversely it means that Push Button is NOT allowed. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -178,7 +178,7 @@ When enabled, it makes the connections to prefer a PIN for pairing to Wireless D | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-wordwheel.md b/windows/client-management/mdm/policy-csp-admx-wordwheel.md index 28865acd1b..b4bf212607 100644 --- a/windows/client-management/mdm/policy-csp-admx-wordwheel.md +++ b/windows/client-management/mdm/policy-csp-admx-wordwheel.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -55,7 +55,7 @@ Set up the menu name and URL for the custom Internet search provider. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-workfoldersclient.md b/windows/client-management/mdm/policy-csp-admx-workfoldersclient.md index b7bf87d9af..2eda61fdfb 100644 --- a/windows/client-management/mdm/policy-csp-admx-workfoldersclient.md +++ b/windows/client-management/mdm/policy-csp-admx-workfoldersclient.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -55,7 +55,7 @@ This policy setting specifies whether Work Folders should be set up automaticall | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -87,7 +87,7 @@ This policy setting specifies whether Work Folders should be set up automaticall | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -110,7 +110,7 @@ This policy specifies whether Work Folders should use Token Broker for interacti | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -142,7 +142,7 @@ This policy specifies whether Work Folders should use Token Broker for interacti | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -183,7 +183,7 @@ The "Force automatic setup" option specifies that Work Folders should be set up | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-admx-wpn.md b/windows/client-management/mdm/policy-csp-admx-wpn.md index 11de17927c..d25946b8cb 100644 --- a/windows/client-management/mdm/policy-csp-admx-wpn.md +++ b/windows/client-management/mdm/policy-csp-admx-wpn.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -57,7 +57,7 @@ This policy setting blocks voice and video calls during Quiet Hours. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -89,7 +89,7 @@ This policy setting blocks voice and video calls during Quiet Hours. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -118,7 +118,7 @@ No reboots or service restarts are required for this policy setting to take effe | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -150,7 +150,7 @@ No reboots or service restarts are required for this policy setting to take effe | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -179,7 +179,7 @@ This policy setting turns off Quiet Hours functionality. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -211,7 +211,7 @@ This policy setting turns off Quiet Hours functionality. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -248,7 +248,7 @@ No reboots or service restarts are required for this policy setting to take effe | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -280,7 +280,7 @@ No reboots or service restarts are required for this policy setting to take effe | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -309,7 +309,7 @@ This policy setting specifies the number of minutes after midnight (local time) | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -340,7 +340,7 @@ This policy setting specifies the number of minutes after midnight (local time) | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -369,7 +369,7 @@ This policy setting specifies the number of minutes after midnight (local time) | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-applicationdefaults.md b/windows/client-management/mdm/policy-csp-applicationdefaults.md index dfa18c48f2..7153de8aea 100644 --- a/windows/client-management/mdm/policy-csp-applicationdefaults.md +++ b/windows/client-management/mdm/policy-csp-applicationdefaults.md @@ -4,7 +4,7 @@ description: Learn more about the ApplicationDefaults Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 03/23/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -26,7 +26,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -60,7 +60,7 @@ If the policy is enabled, disabled, or not configured, users will still be able | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -141,7 +141,7 @@ Here's the SyncML example: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -170,7 +170,7 @@ If you do not configure this policy setting, the default behavior depends on the | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | diff --git a/windows/client-management/mdm/policy-csp-applicationmanagement.md b/windows/client-management/mdm/policy-csp-applicationmanagement.md index 53e2098e53..7f9fdcb85f 100644 --- a/windows/client-management/mdm/policy-csp-applicationmanagement.md +++ b/windows/client-management/mdm/policy-csp-applicationmanagement.md @@ -26,7 +26,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -53,7 +53,7 @@ This policy setting allows you to manage the installation of trusted line-of-bus | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 65535 | @@ -94,7 +94,7 @@ This policy setting allows you to manage the installation of trusted line-of-bus | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -117,7 +117,7 @@ Specifies whether automatic update of apps from Microsoft Store are allowed. Mos | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 2 | @@ -158,7 +158,7 @@ Specifies whether automatic update of apps from Microsoft Store are allowed. Mos | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -187,7 +187,7 @@ This policy setting controls whether the system can archive infrequently used ap | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 65535 | @@ -228,7 +228,7 @@ This policy setting controls whether the system can archive infrequently used ap | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -255,7 +255,7 @@ Allows or denies development of Microsoft Store applications and installing them | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 65535 | @@ -296,7 +296,7 @@ Allows or denies development of Microsoft Store applications and installing them | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -324,7 +324,7 @@ If the setting is enabled or not configured, then Recording and Broadcasting (st | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -364,7 +364,7 @@ If the setting is enabled or not configured, then Recording and Broadcasting (st | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -391,7 +391,7 @@ Manages a Windows app's ability to share data between users who have installed t | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -434,7 +434,7 @@ Manages a Windows app's ability to share data between users who have installed t | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:x: Pro
:x: Enterprise
:x: Education
:x: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -457,7 +457,7 @@ This policy is deprecated. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -486,7 +486,7 @@ This policy is deprecated. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:x: Pro
:x: Enterprise
:x: Education
:x: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -509,7 +509,7 @@ This policy is deprecated. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -525,7 +525,7 @@ This policy is deprecated. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:x: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:x: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041] and later | +| ✅ Device
❌ User | ❌ Pro
✅ Enterprise
✅ Education
❌ Windows SE | ✅ Windows 10, version 2004 [10.0.19041] and later | @@ -552,7 +552,7 @@ Manages non-Administrator users' ability to install Windows app packages. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -592,7 +592,7 @@ Manages non-Administrator users' ability to install Windows app packages. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:x: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:x: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ❌ Pro
✅ Enterprise
✅ Education
❌ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -615,7 +615,7 @@ Disable turns off the launch of all apps from the Microsoft Store that came pre- | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -655,7 +655,7 @@ Disable turns off the launch of all apps from the Microsoft Store that came pre- | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later | @@ -682,7 +682,7 @@ This policy allows the IT admin to specify a list of applications that users can | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `;`) | @@ -708,7 +708,7 @@ For this policy to work, the Windows apps need to declare in their manifest that | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -739,7 +739,7 @@ This policy setting is designed for less restrictive environments. It can be use | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -779,7 +779,7 @@ This policy setting is designed for less restrictive environments. It can be use | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -816,7 +816,7 @@ This policy setting directs Windows Installer to use elevated permissions when i | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -856,7 +856,7 @@ This policy setting directs Windows Installer to use elevated permissions when i | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:x: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:x: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
✅ User | ❌ Pro
✅ Enterprise
✅ Education
❌ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -887,7 +887,7 @@ Denies access to the retail catalog in the Microsoft Store, but displays the pri | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -927,7 +927,7 @@ Denies access to the retail catalog in the Microsoft Store, but displays the pri | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -954,7 +954,7 @@ Prevent users' app data from moving to another location when an app is moved or | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -994,7 +994,7 @@ Prevent users' app data from moving to another location when an app is moved or | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -1021,7 +1021,7 @@ This policy setting allows you to manage installing Windows apps on additional v | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -1061,7 +1061,7 @@ This policy setting allows you to manage installing Windows apps on additional v | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:x: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:x: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763] and later | +| ✅ Device
❌ User | ❌ Pro
✅ Enterprise
✅ Education
❌ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later | @@ -1084,7 +1084,7 @@ To ensure apps are up-to-date, this policy allows the admins to set a recurring | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-appruntime.md b/windows/client-management/mdm/policy-csp-appruntime.md index f197cdc5ce..b95821fb82 100644 --- a/windows/client-management/mdm/policy-csp-appruntime.md +++ b/windows/client-management/mdm/policy-csp-appruntime.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -55,7 +55,7 @@ This policy setting lets you control whether Microsoft accounts are optional for | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-appvirtualization.md b/windows/client-management/mdm/policy-csp-appvirtualization.md index 8f71ef0d15..789e490c75 100644 --- a/windows/client-management/mdm/policy-csp-appvirtualization.md +++ b/windows/client-management/mdm/policy-csp-appvirtualization.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:x: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:x: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ❌ Pro
✅ Enterprise
✅ Education
❌ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -51,7 +51,7 @@ This policy setting allows you to enable or disable Microsoft Application Virtua | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -83,7 +83,7 @@ This policy setting allows you to enable or disable Microsoft Application Virtua | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:x: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:x: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ❌ Pro
✅ Enterprise
✅ Education
❌ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -106,7 +106,7 @@ Enables Dynamic Virtualization of supported shell extensions, browser helper obj | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -138,7 +138,7 @@ Enables Dynamic Virtualization of supported shell extensions, browser helper obj | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:x: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:x: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ❌ Pro
✅ Enterprise
✅ Education
❌ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -161,7 +161,7 @@ Enables automatic cleanup of appv packages that were added after Windows10 anniv | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -193,7 +193,7 @@ Enables automatic cleanup of appv packages that were added after Windows10 anniv | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:x: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:x: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ❌ Pro
✅ Enterprise
✅ Education
❌ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -216,7 +216,7 @@ Enables scripts defined in the package manifest of configuration files that shou | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -248,7 +248,7 @@ Enables scripts defined in the package manifest of configuration files that shou | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:x: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:x: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ❌ Pro
✅ Enterprise
✅ Education
❌ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -271,7 +271,7 @@ Enables a UX to display to the user when a publishing refresh is performed on th | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -303,7 +303,7 @@ Enables a UX to display to the user when a publishing refresh is performed on th | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:x: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:x: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ❌ Pro
✅ Enterprise
✅ Education
❌ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -336,7 +336,7 @@ Data Block Size: This value specifies the maximum size in bytes to transmit to t | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -368,7 +368,7 @@ Data Block Size: This value specifies the maximum size in bytes to transmit to t | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:x: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:x: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ❌ Pro
✅ Enterprise
✅ Education
❌ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -391,7 +391,7 @@ Specifies the file paths relative to %userprofile% that do not roam with a user' | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -422,7 +422,7 @@ Specifies the file paths relative to %userprofile% that do not roam with a user' | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:x: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:x: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ❌ Pro
✅ Enterprise
✅ Education
❌ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -445,7 +445,7 @@ Specifies the registry paths that do not roam with a user profile. Example usage | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -476,7 +476,7 @@ Specifies the registry paths that do not roam with a user profile. Example usage | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:x: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:x: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ❌ Pro
✅ Enterprise
✅ Education
❌ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -499,7 +499,7 @@ Specifies how new packages should be loaded automatically by App-V on a specific | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -530,7 +530,7 @@ Specifies how new packages should be loaded automatically by App-V on a specific | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:x: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:x: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ❌ Pro
✅ Enterprise
✅ Education
❌ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -553,7 +553,7 @@ Migration mode allows the App-V client to modify shortcuts and FTA's for package | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -585,7 +585,7 @@ Migration mode allows the App-V client to modify shortcuts and FTA's for package | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:x: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:x: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ❌ Pro
✅ Enterprise
✅ Education
❌ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -608,7 +608,7 @@ Specifies the location where symbolic links are created to the current version o | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -639,7 +639,7 @@ Specifies the location where symbolic links are created to the current version o | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:x: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:x: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ❌ Pro
✅ Enterprise
✅ Education
❌ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -662,7 +662,7 @@ Specifies the location where symbolic links are created to the current version o | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -693,7 +693,7 @@ Specifies the location where symbolic links are created to the current version o | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:x: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:x: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ❌ Pro
✅ Enterprise
✅ Education
❌ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -734,7 +734,7 @@ User Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, D | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -765,7 +765,7 @@ User Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, D | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:x: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:x: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ❌ Pro
✅ Enterprise
✅ Education
❌ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -806,7 +806,7 @@ User Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, D | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -837,7 +837,7 @@ User Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, D | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:x: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:x: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ❌ Pro
✅ Enterprise
✅ Education
❌ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -878,7 +878,7 @@ User Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, D | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -909,7 +909,7 @@ User Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, D | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:x: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:x: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ❌ Pro
✅ Enterprise
✅ Education
❌ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -950,7 +950,7 @@ User Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, D | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -981,7 +981,7 @@ User Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, D | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:x: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:x: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ❌ Pro
✅ Enterprise
✅ Education
❌ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -1022,7 +1022,7 @@ User Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, D | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1053,7 +1053,7 @@ User Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, D | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:x: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:x: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ❌ Pro
✅ Enterprise
✅ Education
❌ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -1076,7 +1076,7 @@ Specifies the path to a valid certificate in the certificate store. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1107,7 +1107,7 @@ Specifies the path to a valid certificate in the certificate store. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:x: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:x: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ❌ Pro
✅ Enterprise
✅ Education
❌ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -1130,7 +1130,7 @@ This setting controls whether virtualized applications are launched on Windows 8 | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1162,7 +1162,7 @@ This setting controls whether virtualized applications are launched on Windows 8 | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:x: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:x: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ❌ Pro
✅ Enterprise
✅ Education
❌ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -1185,7 +1185,7 @@ Specifies the CLSID for a compatible implementation of the IAppvPackageLocationP | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1216,7 +1216,7 @@ Specifies the CLSID for a compatible implementation of the IAppvPackageLocationP | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:x: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:x: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ❌ Pro
✅ Enterprise
✅ Education
❌ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -1239,7 +1239,7 @@ Specifies directory where all new applications and updates will be installed. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1270,7 +1270,7 @@ Specifies directory where all new applications and updates will be installed. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:x: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:x: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ❌ Pro
✅ Enterprise
✅ Education
❌ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -1293,7 +1293,7 @@ Overrides source location for downloading package content. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1324,7 +1324,7 @@ Overrides source location for downloading package content. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:x: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:x: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ❌ Pro
✅ Enterprise
✅ Education
❌ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -1347,7 +1347,7 @@ Specifies the number of seconds between attempts to reestablish a dropped sessio | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1378,7 +1378,7 @@ Specifies the number of seconds between attempts to reestablish a dropped sessio | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:x: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:x: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ❌ Pro
✅ Enterprise
✅ Education
❌ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -1401,7 +1401,7 @@ Specifies the number of times to retry a dropped session. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1432,7 +1432,7 @@ Specifies the number of times to retry a dropped session. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:x: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:x: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ❌ Pro
✅ Enterprise
✅ Education
❌ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -1455,7 +1455,7 @@ Specifies that streamed package contents will be not be saved to the local hard | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1487,7 +1487,7 @@ Specifies that streamed package contents will be not be saved to the local hard | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:x: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:x: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ❌ Pro
✅ Enterprise
✅ Education
❌ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -1510,7 +1510,7 @@ If enabled, the App-V client will support BrancheCache compatible HTTP streaming | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1542,7 +1542,7 @@ If enabled, the App-V client will support BrancheCache compatible HTTP streaming | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:x: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:x: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ❌ Pro
✅ Enterprise
✅ Education
❌ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -1565,7 +1565,7 @@ Verifies Server certificate revocation status before streaming using HTTPS. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1597,7 +1597,7 @@ Verifies Server certificate revocation status before streaming using HTTPS. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:x: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:x: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ❌ Pro
✅ Enterprise
✅ Education
❌ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -1620,7 +1620,7 @@ Specifies a list of process paths (may contain wildcards) which are candidates f | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-attachmentmanager.md b/windows/client-management/mdm/policy-csp-attachmentmanager.md index 78fb0dc2f1..773aa14a81 100644 --- a/windows/client-management/mdm/policy-csp-attachmentmanager.md +++ b/windows/client-management/mdm/policy-csp-attachmentmanager.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -57,7 +57,7 @@ This policy setting allows you to manage whether Windows marks file attachments | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -89,7 +89,7 @@ This policy setting allows you to manage whether Windows marks file attachments | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -118,7 +118,7 @@ This policy setting allows you to manage whether users can manually remove the z | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -150,7 +150,7 @@ This policy setting allows you to manage whether users can manually remove the z | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -179,7 +179,7 @@ This policy setting allows you to manage the behavior for notifying registered a | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-audit.md b/windows/client-management/mdm/policy-csp-audit.md index 0f6e42fa74..d191218a9b 100644 --- a/windows/client-management/mdm/policy-csp-audit.md +++ b/windows/client-management/mdm/policy-csp-audit.md @@ -26,7 +26,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134.1039] and later
:heavy_check_mark: Windows 10, version 1809 [10.0.17763.774] and later
:heavy_check_mark: Windows 10, version 1903 [10.0.18362.329] and later
:heavy_check_mark: Windows 10, version 2004 [10.0.19041] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134.1039] and later
✅ Windows 10, version 1809 [10.0.17763.774] and later
✅ Windows 10, version 1903 [10.0.18362.329] and later
✅ Windows 10, version 2004 [10.0.19041] and later | @@ -50,7 +50,7 @@ Volume: High on domain controllers. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -87,7 +87,7 @@ Volume: High on domain controllers. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134.1039] and later
:heavy_check_mark: Windows 10, version 1809 [10.0.17763.774] and later
:heavy_check_mark: Windows 10, version 1903 [10.0.18362.329] and later
:heavy_check_mark: Windows 10, version 2004 [10.0.19041] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134.1039] and later
✅ Windows 10, version 1809 [10.0.17763.774] and later
✅ Windows 10, version 1903 [10.0.18362.329] and later
✅ Windows 10, version 2004 [10.0.19041] and later | @@ -113,7 +113,7 @@ Volume: High on Kerberos Key Distribution Center servers. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -150,7 +150,7 @@ Volume: High on Kerberos Key Distribution Center servers. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134.1039] and later
:heavy_check_mark: Windows 10, version 1809 [10.0.17763.774] and later
:heavy_check_mark: Windows 10, version 1903 [10.0.18362.329] and later
:heavy_check_mark: Windows 10, version 2004 [10.0.19041] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134.1039] and later
✅ Windows 10, version 1809 [10.0.17763.774] and later
✅ Windows 10, version 1903 [10.0.18362.329] and later
✅ Windows 10, version 2004 [10.0.19041] and later | @@ -176,7 +176,7 @@ Volume: Low. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -213,7 +213,7 @@ Volume: Low. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134.1039] and later
:heavy_check_mark: Windows 10, version 1809 [10.0.17763.774] and later
:heavy_check_mark: Windows 10, version 1903 [10.0.18362.329] and later
:heavy_check_mark: Windows 10, version 2004 [10.0.19041] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134.1039] and later
✅ Windows 10, version 1809 [10.0.17763.774] and later
✅ Windows 10, version 1903 [10.0.18362.329] and later
✅ Windows 10, version 2004 [10.0.19041] and later | @@ -236,7 +236,7 @@ This policy setting allows you to audit events generated by responses to credent | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -273,7 +273,7 @@ This policy setting allows you to audit events generated by responses to credent | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134.1039] and later
:heavy_check_mark: Windows 10, version 1809 [10.0.17763.774] and later
:heavy_check_mark: Windows 10, version 1903 [10.0.18362.329] and later
:heavy_check_mark: Windows 10, version 2004 [10.0.19041] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134.1039] and later
✅ Windows 10, version 1809 [10.0.17763.774] and later
✅ Windows 10, version 1903 [10.0.18362.329] and later
✅ Windows 10, version 2004 [10.0.19041] and later | @@ -297,7 +297,7 @@ Volume: Low. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -334,7 +334,7 @@ Volume: Low. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134.1039] and later
:heavy_check_mark: Windows 10, version 1809 [10.0.17763.774] and later
:heavy_check_mark: Windows 10, version 1903 [10.0.18362.329] and later
:heavy_check_mark: Windows 10, version 2004 [10.0.19041] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134.1039] and later
✅ Windows 10, version 1809 [10.0.17763.774] and later
✅ Windows 10, version 1903 [10.0.18362.329] and later
✅ Windows 10, version 2004 [10.0.19041] and later | @@ -358,7 +358,7 @@ Volume: Low on a client computer. Medium on a domain controller or a network ser | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -395,7 +395,7 @@ Volume: Low on a client computer. Medium on a domain controller or a network ser | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134.1039] and later
:heavy_check_mark: Windows 10, version 1809 [10.0.17763.774] and later
:heavy_check_mark: Windows 10, version 1903 [10.0.18362.329] and later
:heavy_check_mark: Windows 10, version 2004 [10.0.19041] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134.1039] and later
✅ Windows 10, version 1809 [10.0.17763.774] and later
✅ Windows 10, version 1903 [10.0.18362.329] and later
✅ Windows 10, version 2004 [10.0.19041] and later | @@ -421,7 +421,7 @@ Volume: High. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -458,7 +458,7 @@ Volume: High. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134.1039] and later
:heavy_check_mark: Windows 10, version 1809 [10.0.17763.774] and later
:heavy_check_mark: Windows 10, version 1903 [10.0.18362.329] and later
:heavy_check_mark: Windows 10, version 2004 [10.0.19041] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134.1039] and later
✅ Windows 10, version 1809 [10.0.17763.774] and later
✅ Windows 10, version 1903 [10.0.18362.329] and later
✅ Windows 10, version 2004 [10.0.19041] and later | @@ -484,7 +484,7 @@ Volume: High. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -521,7 +521,7 @@ Volume: High. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134.1039] and later
:heavy_check_mark: Windows 10, version 1809 [10.0.17763.774] and later
:heavy_check_mark: Windows 10, version 1903 [10.0.18362.329] and later
:heavy_check_mark: Windows 10, version 2004 [10.0.19041] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134.1039] and later
✅ Windows 10, version 1809 [10.0.17763.774] and later
✅ Windows 10, version 1903 [10.0.18362.329] and later
✅ Windows 10, version 2004 [10.0.19041] and later | @@ -547,7 +547,7 @@ Volume: High. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -584,7 +584,7 @@ Volume: High. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134.1039] and later
:heavy_check_mark: Windows 10, version 1809 [10.0.17763.774] and later
:heavy_check_mark: Windows 10, version 1903 [10.0.18362.329] and later
:heavy_check_mark: Windows 10, version 2004 [10.0.19041] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134.1039] and later
✅ Windows 10, version 1809 [10.0.17763.774] and later
✅ Windows 10, version 1903 [10.0.18362.329] and later
✅ Windows 10, version 2004 [10.0.19041] and later | @@ -610,7 +610,7 @@ Volume: Low. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -647,7 +647,7 @@ Volume: Low. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134.1039] and later
:heavy_check_mark: Windows 10, version 1809 [10.0.17763.774] and later
:heavy_check_mark: Windows 10, version 1903 [10.0.18362.329] and later
:heavy_check_mark: Windows 10, version 2004 [10.0.19041] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134.1039] and later
✅ Windows 10, version 1809 [10.0.17763.774] and later
✅ Windows 10, version 1903 [10.0.18362.329] and later
✅ Windows 10, version 2004 [10.0.19041] and later | @@ -671,7 +671,7 @@ Volume: Low on a client computer. Medium on a domain controller or a network ser | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -708,7 +708,7 @@ Volume: Low on a client computer. Medium on a domain controller or a network ser | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134.1039] and later
:heavy_check_mark: Windows 10, version 1809 [10.0.17763.774] and later
:heavy_check_mark: Windows 10, version 1903 [10.0.18362.329] and later
:heavy_check_mark: Windows 10, version 2004 [10.0.19041] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134.1039] and later
✅ Windows 10, version 1809 [10.0.17763.774] and later
✅ Windows 10, version 1903 [10.0.18362.329] and later
✅ Windows 10, version 2004 [10.0.19041] and later | @@ -734,7 +734,7 @@ Volume: Medium or High on NPS and IAS server. No volume on other computers. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 3 | @@ -771,7 +771,7 @@ Volume: Medium or High on NPS and IAS server. No volume on other computers. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134.1039] and later
:heavy_check_mark: Windows 10, version 1809 [10.0.17763.774] and later
:heavy_check_mark: Windows 10, version 1903 [10.0.18362.329] and later
:heavy_check_mark: Windows 10, version 2004 [10.0.19041] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134.1039] and later
✅ Windows 10, version 1809 [10.0.17763.774] and later
✅ Windows 10, version 1903 [10.0.18362.329] and later
✅ Windows 10, version 2004 [10.0.19041] and later | @@ -795,7 +795,7 @@ Volume: Low. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -832,7 +832,7 @@ Volume: Low. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134.1039] and later
:heavy_check_mark: Windows 10, version 1809 [10.0.17763.774] and later
:heavy_check_mark: Windows 10, version 1903 [10.0.18362.329] and later
:heavy_check_mark: Windows 10, version 2004 [10.0.19041] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134.1039] and later
✅ Windows 10, version 1809 [10.0.17763.774] and later
✅ Windows 10, version 1903 [10.0.18362.329] and later
✅ Windows 10, version 2004 [10.0.19041] and later | @@ -856,7 +856,7 @@ Volume: Low. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -893,7 +893,7 @@ Volume: Low. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134.1039] and later
:heavy_check_mark: Windows 10, version 1809 [10.0.17763.774] and later
:heavy_check_mark: Windows 10, version 1903 [10.0.18362.329] and later
:heavy_check_mark: Windows 10, version 2004 [10.0.19041] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134.1039] and later
✅ Windows 10, version 1809 [10.0.17763.774] and later
✅ Windows 10, version 1903 [10.0.18362.329] and later
✅ Windows 10, version 2004 [10.0.19041] and later | @@ -917,7 +917,7 @@ Volume: Low on a client computer. Medium on a domain controller or a network ser | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -954,7 +954,7 @@ Volume: Low on a client computer. Medium on a domain controller or a network ser | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134.1039] and later
:heavy_check_mark: Windows 10, version 1809 [10.0.17763.774] and later
:heavy_check_mark: Windows 10, version 1903 [10.0.18362.329] and later
:heavy_check_mark: Windows 10, version 2004 [10.0.19041] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134.1039] and later
✅ Windows 10, version 1809 [10.0.17763.774] and later
✅ Windows 10, version 1903 [10.0.18362.329] and later
✅ Windows 10, version 2004 [10.0.19041] and later | @@ -980,7 +980,7 @@ Volume: Low. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -1017,7 +1017,7 @@ Volume: Low. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134.1039] and later
:heavy_check_mark: Windows 10, version 1809 [10.0.17763.774] and later
:heavy_check_mark: Windows 10, version 1903 [10.0.18362.329] and later
:heavy_check_mark: Windows 10, version 2004 [10.0.19041] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134.1039] and later
✅ Windows 10, version 1809 [10.0.17763.774] and later
✅ Windows 10, version 1903 [10.0.18362.329] and later
✅ Windows 10, version 2004 [10.0.19041] and later | @@ -1043,7 +1043,7 @@ Volume: Low. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -1080,7 +1080,7 @@ Volume: Low. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134.1039] and later
:heavy_check_mark: Windows 10, version 1809 [10.0.17763.774] and later
:heavy_check_mark: Windows 10, version 1903 [10.0.18362.329] and later
:heavy_check_mark: Windows 10, version 2004 [10.0.19041] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134.1039] and later
✅ Windows 10, version 1809 [10.0.17763.774] and later
✅ Windows 10, version 1903 [10.0.18362.329] and later
✅ Windows 10, version 2004 [10.0.19041] and later | @@ -1109,7 +1109,7 @@ Volume: Low. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -1146,7 +1146,7 @@ Volume: Low. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134.1039] and later
:heavy_check_mark: Windows 10, version 1809 [10.0.17763.774] and later
:heavy_check_mark: Windows 10, version 1903 [10.0.18362.329] and later
:heavy_check_mark: Windows 10, version 2004 [10.0.19041] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134.1039] and later
✅ Windows 10, version 1809 [10.0.17763.774] and later
✅ Windows 10, version 1903 [10.0.18362.329] and later
✅ Windows 10, version 2004 [10.0.19041] and later | @@ -1170,7 +1170,7 @@ Volume: Low. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -1207,7 +1207,7 @@ Volume: Low. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134.1039] and later
:heavy_check_mark: Windows 10, version 1809 [10.0.17763.774] and later
:heavy_check_mark: Windows 10, version 1903 [10.0.18362.329] and later
:heavy_check_mark: Windows 10, version 2004 [10.0.19041] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134.1039] and later
✅ Windows 10, version 1809 [10.0.17763.774] and later
✅ Windows 10, version 1903 [10.0.18362.329] and later
✅ Windows 10, version 2004 [10.0.19041] and later | @@ -1233,7 +1233,7 @@ Volume: Low. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -1270,7 +1270,7 @@ Volume: Low. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134.1039] and later
:heavy_check_mark: Windows 10, version 1809 [10.0.17763.774] and later
:heavy_check_mark: Windows 10, version 1903 [10.0.18362.329] and later
:heavy_check_mark: Windows 10, version 2004 [10.0.19041] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134.1039] and later
✅ Windows 10, version 1809 [10.0.17763.774] and later
✅ Windows 10, version 1903 [10.0.18362.329] and later
✅ Windows 10, version 2004 [10.0.19041] and later | @@ -1296,7 +1296,7 @@ Volume: Low. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -1333,7 +1333,7 @@ Volume: Low. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134.1039] and later
:heavy_check_mark: Windows 10, version 1809 [10.0.17763.774] and later
:heavy_check_mark: Windows 10, version 1903 [10.0.18362.329] and later
:heavy_check_mark: Windows 10, version 2004 [10.0.19041] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134.1039] and later
✅ Windows 10, version 1809 [10.0.17763.774] and later
✅ Windows 10, version 1903 [10.0.18362.329] and later
✅ Windows 10, version 2004 [10.0.19041] and later | @@ -1359,7 +1359,7 @@ Volume: Low. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -1396,7 +1396,7 @@ Volume: Low. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134.1039] and later
:heavy_check_mark: Windows 10, version 1809 [10.0.17763.774] and later
:heavy_check_mark: Windows 10, version 1903 [10.0.18362.329] and later
:heavy_check_mark: Windows 10, version 2004 [10.0.19041] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134.1039] and later
✅ Windows 10, version 1809 [10.0.17763.774] and later
✅ Windows 10, version 1903 [10.0.18362.329] and later
✅ Windows 10, version 2004 [10.0.19041] and later | @@ -1422,7 +1422,7 @@ Volume: Low. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -1459,7 +1459,7 @@ Volume: Low. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134.1039] and later
:heavy_check_mark: Windows 10, version 1809 [10.0.17763.774] and later
:heavy_check_mark: Windows 10, version 1903 [10.0.18362.329] and later
:heavy_check_mark: Windows 10, version 2004 [10.0.19041] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134.1039] and later
✅ Windows 10, version 1809 [10.0.17763.774] and later
✅ Windows 10, version 1903 [10.0.18362.329] and later
✅ Windows 10, version 2004 [10.0.19041] and later | @@ -1485,7 +1485,7 @@ Volume: Depends on how the computer is used. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -1522,7 +1522,7 @@ Volume: Depends on how the computer is used. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134.1039] and later
:heavy_check_mark: Windows 10, version 1809 [10.0.17763.774] and later
:heavy_check_mark: Windows 10, version 1903 [10.0.18362.329] and later
:heavy_check_mark: Windows 10, version 2004 [10.0.19041] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134.1039] and later
✅ Windows 10, version 1809 [10.0.17763.774] and later
✅ Windows 10, version 1903 [10.0.18362.329] and later
✅ Windows 10, version 2004 [10.0.19041] and later | @@ -1548,7 +1548,7 @@ Volume: Depends on how the computer is used. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -1585,7 +1585,7 @@ Volume: Depends on how the computer is used. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134.1039] and later
:heavy_check_mark: Windows 10, version 1809 [10.0.17763.774] and later
:heavy_check_mark: Windows 10, version 1903 [10.0.18362.329] and later
:heavy_check_mark: Windows 10, version 2004 [10.0.19041] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134.1039] and later
✅ Windows 10, version 1809 [10.0.17763.774] and later
✅ Windows 10, version 1903 [10.0.18362.329] and later
✅ Windows 10, version 2004 [10.0.19041] and later | @@ -1611,7 +1611,7 @@ Volume: High on RPC servers. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -1648,7 +1648,7 @@ Volume: High on RPC servers. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134.1039] and later
:heavy_check_mark: Windows 10, version 1809 [10.0.17763.774] and later
:heavy_check_mark: Windows 10, version 1903 [10.0.18362.329] and later
:heavy_check_mark: Windows 10, version 2004 [10.0.19041] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134.1039] and later
✅ Windows 10, version 1809 [10.0.17763.774] and later
✅ Windows 10, version 1903 [10.0.18362.329] and later
✅ Windows 10, version 2004 [10.0.19041] and later | @@ -1672,7 +1672,7 @@ Volume: High. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -1709,7 +1709,7 @@ Volume: High. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134.1039] and later
:heavy_check_mark: Windows 10, version 1809 [10.0.17763.774] and later
:heavy_check_mark: Windows 10, version 1903 [10.0.18362.329] and later
:heavy_check_mark: Windows 10, version 2004 [10.0.19041] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134.1039] and later
✅ Windows 10, version 1809 [10.0.17763.774] and later
✅ Windows 10, version 1903 [10.0.18362.329] and later
✅ Windows 10, version 2004 [10.0.19041] and later | @@ -1733,7 +1733,7 @@ Volume: High. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -1770,7 +1770,7 @@ Volume: High. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134.1039] and later
:heavy_check_mark: Windows 10, version 1809 [10.0.17763.774] and later
:heavy_check_mark: Windows 10, version 1903 [10.0.18362.329] and later
:heavy_check_mark: Windows 10, version 2004 [10.0.19041] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134.1039] and later
✅ Windows 10, version 1809 [10.0.17763.774] and later
✅ Windows 10, version 1903 [10.0.18362.329] and later
✅ Windows 10, version 2004 [10.0.19041] and later | @@ -1794,7 +1794,7 @@ Volume: High on domain controllers. None on client computers. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -1831,7 +1831,7 @@ Volume: High on domain controllers. None on client computers. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134.1039] and later
:heavy_check_mark: Windows 10, version 1809 [10.0.17763.774] and later
:heavy_check_mark: Windows 10, version 1903 [10.0.18362.329] and later
:heavy_check_mark: Windows 10, version 2004 [10.0.19041] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134.1039] and later
✅ Windows 10, version 1809 [10.0.17763.774] and later
✅ Windows 10, version 1903 [10.0.18362.329] and later
✅ Windows 10, version 2004 [10.0.19041] and later | @@ -1860,7 +1860,7 @@ Volume: High on domain controllers only. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -1897,7 +1897,7 @@ Volume: High on domain controllers only. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134.1039] and later
:heavy_check_mark: Windows 10, version 1809 [10.0.17763.774] and later
:heavy_check_mark: Windows 10, version 1903 [10.0.18362.329] and later
:heavy_check_mark: Windows 10, version 2004 [10.0.19041] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134.1039] and later
✅ Windows 10, version 1809 [10.0.17763.774] and later
✅ Windows 10, version 1903 [10.0.18362.329] and later
✅ Windows 10, version 2004 [10.0.19041] and later | @@ -1923,7 +1923,7 @@ Volume: Medium on domain controllers. None on client computers. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -1960,7 +1960,7 @@ Volume: Medium on domain controllers. None on client computers. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134.1039] and later
:heavy_check_mark: Windows 10, version 1809 [10.0.17763.774] and later
:heavy_check_mark: Windows 10, version 1903 [10.0.18362.329] and later
:heavy_check_mark: Windows 10, version 2004 [10.0.19041] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134.1039] and later
✅ Windows 10, version 1809 [10.0.17763.774] and later
✅ Windows 10, version 1903 [10.0.18362.329] and later
✅ Windows 10, version 2004 [10.0.19041] and later | @@ -1984,7 +1984,7 @@ Volume: Depends on the applications that are generating them. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -2021,7 +2021,7 @@ Volume: Depends on the applications that are generating them. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134.1039] and later
:heavy_check_mark: Windows 10, version 1809 [10.0.17763.774] and later
:heavy_check_mark: Windows 10, version 1903 [10.0.18362.329] and later
:heavy_check_mark: Windows 10, version 2004 [10.0.19041] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134.1039] and later
✅ Windows 10, version 1809 [10.0.17763.774] and later
✅ Windows 10, version 1903 [10.0.18362.329] and later
✅ Windows 10, version 2004 [10.0.19041] and later | @@ -2045,7 +2045,7 @@ Volume: Potentially high on a file server when the proposed policy differs signi | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -2082,7 +2082,7 @@ Volume: Potentially high on a file server when the proposed policy differs signi | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134.1039] and later
:heavy_check_mark: Windows 10, version 1809 [10.0.17763.774] and later
:heavy_check_mark: Windows 10, version 1903 [10.0.18362.329] and later
:heavy_check_mark: Windows 10, version 2004 [10.0.19041] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134.1039] and later
✅ Windows 10, version 1809 [10.0.17763.774] and later
✅ Windows 10, version 1903 [10.0.18362.329] and later
✅ Windows 10, version 2004 [10.0.19041] and later | @@ -2106,7 +2106,7 @@ Volume: Medium or Low on computers running Active Directory Certificate Services | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -2143,7 +2143,7 @@ Volume: Medium or Low on computers running Active Directory Certificate Services | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134.1039] and later
:heavy_check_mark: Windows 10, version 1809 [10.0.17763.774] and later
:heavy_check_mark: Windows 10, version 1903 [10.0.18362.329] and later
:heavy_check_mark: Windows 10, version 2004 [10.0.19041] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134.1039] and later
✅ Windows 10, version 1809 [10.0.17763.774] and later
✅ Windows 10, version 1903 [10.0.18362.329] and later
✅ Windows 10, version 2004 [10.0.19041] and later | @@ -2173,7 +2173,7 @@ Volume: High on a file server or domain controller because of SYSVOL network acc | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -2210,7 +2210,7 @@ Volume: High on a file server or domain controller because of SYSVOL network acc | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134.1039] and later
:heavy_check_mark: Windows 10, version 1809 [10.0.17763.774] and later
:heavy_check_mark: Windows 10, version 1903 [10.0.18362.329] and later
:heavy_check_mark: Windows 10, version 2004 [10.0.19041] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134.1039] and later
✅ Windows 10, version 1809 [10.0.17763.774] and later
✅ Windows 10, version 1903 [10.0.18362.329] and later
✅ Windows 10, version 2004 [10.0.19041] and later | @@ -2241,7 +2241,7 @@ Volume: High on a file server or domain controller because of SYSVOL network acc | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -2278,7 +2278,7 @@ Volume: High on a file server or domain controller because of SYSVOL network acc | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134.1039] and later
:heavy_check_mark: Windows 10, version 1809 [10.0.17763.774] and later
:heavy_check_mark: Windows 10, version 1903 [10.0.18362.329] and later
:heavy_check_mark: Windows 10, version 2004 [10.0.19041] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134.1039] and later
✅ Windows 10, version 1809 [10.0.17763.774] and later
✅ Windows 10, version 1903 [10.0.18362.329] and later
✅ Windows 10, version 2004 [10.0.19041] and later | @@ -2307,7 +2307,7 @@ Volume: Depends on how the file system SACLs are configured. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -2344,7 +2344,7 @@ Volume: Depends on how the file system SACLs are configured. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134.1039] and later
:heavy_check_mark: Windows 10, version 1809 [10.0.17763.774] and later
:heavy_check_mark: Windows 10, version 1903 [10.0.18362.329] and later
:heavy_check_mark: Windows 10, version 2004 [10.0.19041] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134.1039] and later
✅ Windows 10, version 1809 [10.0.17763.774] and later
✅ Windows 10, version 1903 [10.0.18362.329] and later
✅ Windows 10, version 2004 [10.0.19041] and later | @@ -2370,7 +2370,7 @@ Volume: High. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -2407,7 +2407,7 @@ Volume: High. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134.1039] and later
:heavy_check_mark: Windows 10, version 1809 [10.0.17763.774] and later
:heavy_check_mark: Windows 10, version 1903 [10.0.18362.329] and later
:heavy_check_mark: Windows 10, version 2004 [10.0.19041] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134.1039] and later
✅ Windows 10, version 1809 [10.0.17763.774] and later
✅ Windows 10, version 1903 [10.0.18362.329] and later
✅ Windows 10, version 2004 [10.0.19041] and later | @@ -2431,7 +2431,7 @@ Volume: High. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -2468,7 +2468,7 @@ Volume: High. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134.1039] and later
:heavy_check_mark: Windows 10, version 1809 [10.0.17763.774] and later
:heavy_check_mark: Windows 10, version 1903 [10.0.18362.329] and later
:heavy_check_mark: Windows 10, version 2004 [10.0.19041] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134.1039] and later
✅ Windows 10, version 1809 [10.0.17763.774] and later
✅ Windows 10, version 1903 [10.0.18362.329] and later
✅ Windows 10, version 2004 [10.0.19041] and later | @@ -2497,7 +2497,7 @@ Volume: Depends on how SACLs are configured. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -2534,7 +2534,7 @@ Volume: Depends on how SACLs are configured. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134.1039] and later
:heavy_check_mark: Windows 10, version 1809 [10.0.17763.774] and later
:heavy_check_mark: Windows 10, version 1903 [10.0.18362.329] and later
:heavy_check_mark: Windows 10, version 2004 [10.0.19041] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134.1039] and later
✅ Windows 10, version 1809 [10.0.17763.774] and later
✅ Windows 10, version 1903 [10.0.18362.329] and later
✅ Windows 10, version 2004 [10.0.19041] and later | @@ -2561,7 +2561,7 @@ Volume: High if auditing access of global system objects is enabled. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -2598,7 +2598,7 @@ Volume: High if auditing access of global system objects is enabled. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134.1039] and later
:heavy_check_mark: Windows 10, version 1809 [10.0.17763.774] and later
:heavy_check_mark: Windows 10, version 1903 [10.0.18362.329] and later
:heavy_check_mark: Windows 10, version 2004 [10.0.19041] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134.1039] and later
✅ Windows 10, version 1809 [10.0.17763.774] and later
✅ Windows 10, version 1903 [10.0.18362.329] and later
✅ Windows 10, version 2004 [10.0.19041] and later | @@ -2622,7 +2622,7 @@ Volume: Low. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -2659,7 +2659,7 @@ Volume: Low. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134.1039] and later
:heavy_check_mark: Windows 10, version 1809 [10.0.17763.774] and later
:heavy_check_mark: Windows 10, version 1903 [10.0.18362.329] and later
:heavy_check_mark: Windows 10, version 2004 [10.0.19041] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134.1039] and later
✅ Windows 10, version 1809 [10.0.17763.774] and later
✅ Windows 10, version 1903 [10.0.18362.329] and later
✅ Windows 10, version 2004 [10.0.19041] and later | @@ -2688,7 +2688,7 @@ Volume: Depends on how registry SACLs are configured. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -2725,7 +2725,7 @@ Volume: Depends on how registry SACLs are configured. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134.1039] and later
:heavy_check_mark: Windows 10, version 1809 [10.0.17763.774] and later
:heavy_check_mark: Windows 10, version 1903 [10.0.18362.329] and later
:heavy_check_mark: Windows 10, version 2004 [10.0.19041] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134.1039] and later
✅ Windows 10, version 1809 [10.0.17763.774] and later
✅ Windows 10, version 1903 [10.0.18362.329] and later
✅ Windows 10, version 2004 [10.0.19041] and later | @@ -2750,7 +2750,7 @@ This policy setting allows you to audit user attempts to access file system obje | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -2787,7 +2787,7 @@ This policy setting allows you to audit user attempts to access file system obje | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134.1039] and later
:heavy_check_mark: Windows 10, version 1809 [10.0.17763.774] and later
:heavy_check_mark: Windows 10, version 1903 [10.0.18362.329] and later
:heavy_check_mark: Windows 10, version 2004 [10.0.19041] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134.1039] and later
✅ Windows 10, version 1809 [10.0.17763.774] and later
✅ Windows 10, version 1903 [10.0.18362.329] and later
✅ Windows 10, version 2004 [10.0.19041] and later | @@ -2816,7 +2816,7 @@ Volume: High on domain controllers. For more information about reducing the numb | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -2853,7 +2853,7 @@ Volume: High on domain controllers. For more information about reducing the numb | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134.1039] and later
:heavy_check_mark: Windows 10, version 1809 [10.0.17763.774] and later
:heavy_check_mark: Windows 10, version 1903 [10.0.18362.329] and later
:heavy_check_mark: Windows 10, version 2004 [10.0.19041] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134.1039] and later
✅ Windows 10, version 1809 [10.0.17763.774] and later
✅ Windows 10, version 1903 [10.0.18362.329] and later
✅ Windows 10, version 2004 [10.0.19041] and later | @@ -2882,7 +2882,7 @@ Volume: Low. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -2919,7 +2919,7 @@ Volume: Low. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134.1039] and later
:heavy_check_mark: Windows 10, version 1809 [10.0.17763.774] and later
:heavy_check_mark: Windows 10, version 1903 [10.0.18362.329] and later
:heavy_check_mark: Windows 10, version 2004 [10.0.19041] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134.1039] and later
✅ Windows 10, version 1809 [10.0.17763.774] and later
✅ Windows 10, version 1903 [10.0.18362.329] and later
✅ Windows 10, version 2004 [10.0.19041] and later | @@ -2945,7 +2945,7 @@ Volume: Low. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -2982,7 +2982,7 @@ Volume: Low. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134.1039] and later
:heavy_check_mark: Windows 10, version 1809 [10.0.17763.774] and later
:heavy_check_mark: Windows 10, version 1903 [10.0.18362.329] and later
:heavy_check_mark: Windows 10, version 2004 [10.0.19041] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134.1039] and later
✅ Windows 10, version 1809 [10.0.17763.774] and later
✅ Windows 10, version 1903 [10.0.18362.329] and later
✅ Windows 10, version 2004 [10.0.19041] and later | @@ -3008,7 +3008,7 @@ Volume: Low. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -3045,7 +3045,7 @@ Volume: Low. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134.1039] and later
:heavy_check_mark: Windows 10, version 1809 [10.0.17763.774] and later
:heavy_check_mark: Windows 10, version 1903 [10.0.18362.329] and later
:heavy_check_mark: Windows 10, version 2004 [10.0.19041] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134.1039] and later
✅ Windows 10, version 1809 [10.0.17763.774] and later
✅ Windows 10, version 1903 [10.0.18362.329] and later
✅ Windows 10, version 2004 [10.0.19041] and later | @@ -3071,7 +3071,7 @@ Volume: Low. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -3108,7 +3108,7 @@ Volume: Low. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134.1039] and later
:heavy_check_mark: Windows 10, version 1809 [10.0.17763.774] and later
:heavy_check_mark: Windows 10, version 1903 [10.0.18362.329] and later
:heavy_check_mark: Windows 10, version 2004 [10.0.19041] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134.1039] and later
✅ Windows 10, version 1809 [10.0.17763.774] and later
✅ Windows 10, version 1903 [10.0.18362.329] and later
✅ Windows 10, version 2004 [10.0.19041] and later | @@ -3132,7 +3132,7 @@ Volume: Low. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -3169,7 +3169,7 @@ Volume: Low. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134.1039] and later
:heavy_check_mark: Windows 10, version 1809 [10.0.17763.774] and later
:heavy_check_mark: Windows 10, version 1903 [10.0.18362.329] and later
:heavy_check_mark: Windows 10, version 2004 [10.0.19041] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134.1039] and later
✅ Windows 10, version 1809 [10.0.17763.774] and later
✅ Windows 10, version 1903 [10.0.18362.329] and later
✅ Windows 10, version 2004 [10.0.19041] and later | @@ -3196,7 +3196,7 @@ Volume: Low. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -3233,7 +3233,7 @@ Volume: Low. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134.1039] and later
:heavy_check_mark: Windows 10, version 1809 [10.0.17763.774] and later
:heavy_check_mark: Windows 10, version 1903 [10.0.18362.329] and later
:heavy_check_mark: Windows 10, version 2004 [10.0.19041] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134.1039] and later
✅ Windows 10, version 1809 [10.0.17763.774] and later
✅ Windows 10, version 1903 [10.0.18362.329] and later
✅ Windows 10, version 2004 [10.0.19041] and later | @@ -3260,7 +3260,7 @@ Volume: Very High. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -3297,7 +3297,7 @@ Volume: Very High. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134.1039] and later
:heavy_check_mark: Windows 10, version 1809 [10.0.17763.774] and later
:heavy_check_mark: Windows 10, version 1903 [10.0.18362.329] and later
:heavy_check_mark: Windows 10, version 2004 [10.0.19041] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134.1039] and later
✅ Windows 10, version 1809 [10.0.17763.774] and later
✅ Windows 10, version 1903 [10.0.18362.329] and later
✅ Windows 10, version 2004 [10.0.19041] and later | @@ -3320,7 +3320,7 @@ Not used. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -3357,7 +3357,7 @@ Not used. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134.1039] and later
:heavy_check_mark: Windows 10, version 1809 [10.0.17763.774] and later
:heavy_check_mark: Windows 10, version 1903 [10.0.18362.329] and later
:heavy_check_mark: Windows 10, version 2004 [10.0.19041] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134.1039] and later
✅ Windows 10, version 1809 [10.0.17763.774] and later
✅ Windows 10, version 1903 [10.0.18362.329] and later
✅ Windows 10, version 2004 [10.0.19041] and later | @@ -3383,7 +3383,7 @@ Volume: High. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -3420,7 +3420,7 @@ Volume: High. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134.1039] and later
:heavy_check_mark: Windows 10, version 1809 [10.0.17763.774] and later
:heavy_check_mark: Windows 10, version 1903 [10.0.18362.329] and later
:heavy_check_mark: Windows 10, version 2004 [10.0.19041] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134.1039] and later
✅ Windows 10, version 1809 [10.0.17763.774] and later
✅ Windows 10, version 1903 [10.0.18362.329] and later
✅ Windows 10, version 2004 [10.0.19041] and later | @@ -3446,7 +3446,7 @@ Volume: Low. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -3483,7 +3483,7 @@ Volume: Low. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134.1039] and later
:heavy_check_mark: Windows 10, version 1809 [10.0.17763.774] and later
:heavy_check_mark: Windows 10, version 1903 [10.0.18362.329] and later
:heavy_check_mark: Windows 10, version 2004 [10.0.19041] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134.1039] and later
✅ Windows 10, version 1809 [10.0.17763.774] and later
✅ Windows 10, version 1903 [10.0.18362.329] and later
✅ Windows 10, version 2004 [10.0.19041] and later | @@ -3507,7 +3507,7 @@ Volume: Low. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 3 | @@ -3544,7 +3544,7 @@ Volume: Low. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134.1039] and later
:heavy_check_mark: Windows 10, version 1809 [10.0.17763.774] and later
:heavy_check_mark: Windows 10, version 1903 [10.0.18362.329] and later
:heavy_check_mark: Windows 10, version 2004 [10.0.19041] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134.1039] and later
✅ Windows 10, version 1809 [10.0.17763.774] and later
✅ Windows 10, version 1903 [10.0.18362.329] and later
✅ Windows 10, version 2004 [10.0.19041] and later | @@ -3568,7 +3568,7 @@ Volume: Low. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -3605,7 +3605,7 @@ Volume: Low. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134.1039] and later
:heavy_check_mark: Windows 10, version 1809 [10.0.17763.774] and later
:heavy_check_mark: Windows 10, version 1903 [10.0.18362.329] and later
:heavy_check_mark: Windows 10, version 2004 [10.0.19041] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134.1039] and later
✅ Windows 10, version 1809 [10.0.17763.774] and later
✅ Windows 10, version 1903 [10.0.18362.329] and later
✅ Windows 10, version 2004 [10.0.19041] and later | @@ -3631,7 +3631,7 @@ Volume: Low. Security system extension events are generated more often on a doma | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -3668,7 +3668,7 @@ Volume: Low. Security system extension events are generated more often on a doma | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134.1039] and later
:heavy_check_mark: Windows 10, version 1809 [10.0.17763.774] and later
:heavy_check_mark: Windows 10, version 1903 [10.0.18362.329] and later
:heavy_check_mark: Windows 10, version 2004 [10.0.19041] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134.1039] and later
✅ Windows 10, version 1809 [10.0.17763.774] and later
✅ Windows 10, version 1903 [10.0.18362.329] and later
✅ Windows 10, version 2004 [10.0.19041] and later | @@ -3692,7 +3692,7 @@ Volume: Low. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 3 | diff --git a/windows/client-management/mdm/policy-csp-authentication.md b/windows/client-management/mdm/policy-csp-authentication.md index 845bc4e58d..e09370032f 100644 --- a/windows/client-management/mdm/policy-csp-authentication.md +++ b/windows/client-management/mdm/policy-csp-authentication.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -53,7 +53,7 @@ This policy allows the Azure Active Directory (Azure AD) tenant administrator to | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -79,7 +79,7 @@ This policy allows the Azure Active Directory (Azure AD) tenant administrator to | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -102,7 +102,7 @@ Allows an EAP cert-based authentication for a single sign on (SSO) to access int | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -128,7 +128,7 @@ Allows an EAP cert-based authentication for a single sign on (SSO) to access int | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -151,7 +151,7 @@ Allows EAP Fast Reconnect from being attempted for EAP Method TLS. Most restrict | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -177,7 +177,7 @@ Allows EAP Fast Reconnect from being attempted for EAP Method TLS. Most restrict | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -204,7 +204,7 @@ This policy allows users to use a companion device, such as a phone, fitness ban | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -244,7 +244,7 @@ This policy allows users to use a companion device, such as a phone, fitness ban | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -270,7 +270,7 @@ Specifies a list of domains that are allowed to access the webcam in Web Sign-in | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `;`) | @@ -293,7 +293,7 @@ Your organization federates to "Contoso IDP" and your web sign-in portal at `sig | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134.2145] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134.2145] and later | @@ -324,7 +324,7 @@ This policy specifies the list of domains that users can access in certain authe | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `;`) | @@ -347,7 +347,7 @@ Your organization's PIN reset or web sign-in authentication flow is expected to | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later | @@ -375,7 +375,7 @@ This policy is intended for use on Shared PCs to enable a quick first sign-in ex | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -402,7 +402,7 @@ This policy is intended for use on Shared PCs to enable a quick first sign-in ex | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows Insider Preview | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows Insider Preview | @@ -425,7 +425,7 @@ Specifies whether connected users on AADJ devices receive a Passwordless experie | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -452,7 +452,7 @@ Specifies whether connected users on AADJ devices receive a Passwordless experie | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later | @@ -483,7 +483,7 @@ Specifies whether web-based sign-in is allowed for signing in to Windows. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -510,7 +510,7 @@ Specifies whether web-based sign-in is allowed for signing in to Windows. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later | @@ -533,7 +533,7 @@ Specifies the preferred domain among available domains in the AAD tenant. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-autoplay.md b/windows/client-management/mdm/policy-csp-autoplay.md index 7bac8598d7..9489269011 100644 --- a/windows/client-management/mdm/policy-csp-autoplay.md +++ b/windows/client-management/mdm/policy-csp-autoplay.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -59,7 +59,7 @@ This policy setting disallows AutoPlay for MTP devices like cameras or phones. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -91,7 +91,7 @@ This policy setting disallows AutoPlay for MTP devices like cameras or phones. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -131,7 +131,7 @@ b) Revert back to pre-Windows Vista behavior of automatically executing the auto | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -162,7 +162,7 @@ b) Revert back to pre-Windows Vista behavior of automatically executing the auto | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -204,7 +204,7 @@ This policy setting disables Autoplay on additional types of drives. You cannot | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-bitlocker.md b/windows/client-management/mdm/policy-csp-bitlocker.md index 21bab7bc1e..25e1f03451 100644 --- a/windows/client-management/mdm/policy-csp-bitlocker.md +++ b/windows/client-management/mdm/policy-csp-bitlocker.md @@ -4,7 +4,7 @@ description: Learn more about the Bitlocker Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 01/09/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -57,7 +57,7 @@ The following list shows the supported values: | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[0-4294967295]` | | Default Value | 6 | diff --git a/windows/client-management/mdm/policy-csp-bits.md b/windows/client-management/mdm/policy-csp-bits.md index b99d514066..558e3a029e 100644 --- a/windows/client-management/mdm/policy-csp-bits.md +++ b/windows/client-management/mdm/policy-csp-bits.md @@ -26,7 +26,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later | @@ -60,7 +60,7 @@ Consider using this setting to prevent BITS transfers from competing for network | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[0-23]` | | Default Value | 17 | @@ -92,7 +92,7 @@ Consider using this setting to prevent BITS transfers from competing for network | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later | @@ -126,7 +126,7 @@ Consider using this setting to prevent BITS transfers from competing for network | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[0-23]` | | Default Value | 8 | @@ -158,7 +158,7 @@ Consider using this setting to prevent BITS transfers from competing for network | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later | @@ -192,7 +192,7 @@ Consider using this setting to prevent BITS transfers from competing for network | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[0-4294967200]` | | Default Value | 1000 | @@ -224,7 +224,7 @@ Consider using this setting to prevent BITS transfers from competing for network | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later | @@ -267,7 +267,7 @@ For example, you can specify that background jobs are by default to transfer onl | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -310,7 +310,7 @@ For example, you can specify that background jobs are by default to transfer onl | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later | @@ -353,7 +353,7 @@ For example, you can specify that background jobs are by default to transfer onl | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -396,7 +396,7 @@ For example, you can specify that background jobs are by default to transfer onl | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later | @@ -429,7 +429,7 @@ Consider decreasing this value if you are concerned about orphaned jobs occupyin | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[1-999]` | | Default Value | 90 | diff --git a/windows/client-management/mdm/policy-csp-bluetooth.md b/windows/client-management/mdm/policy-csp-bluetooth.md index d3031acbca..8441ab6161 100644 --- a/windows/client-management/mdm/policy-csp-bluetooth.md +++ b/windows/client-management/mdm/policy-csp-bluetooth.md @@ -4,7 +4,7 @@ description: Learn more about the Bluetooth Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 03/23/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -26,7 +26,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -49,7 +49,7 @@ Specifies whether the device can send out Bluetooth advertisements. If this is n | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -75,7 +75,7 @@ Specifies whether the device can send out Bluetooth advertisements. If this is n | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -98,7 +98,7 @@ Specifies whether other Bluetooth-enabled devices can discover the device. If th | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -124,7 +124,7 @@ Specifies whether other Bluetooth-enabled devices can discover the device. If th | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -147,7 +147,7 @@ Specifies whether to allow specific bundled Bluetooth peripherals to automatical | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -173,7 +173,7 @@ Specifies whether to allow specific bundled Bluetooth peripherals to automatical | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -196,7 +196,7 @@ This policy allows the IT admin to block users on these managed devices from usi | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -222,7 +222,7 @@ This policy allows the IT admin to block users on these managed devices from usi | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -245,7 +245,7 @@ Sets the local Bluetooth device name. If this is set, the value that it is set t | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -261,7 +261,7 @@ Sets the local Bluetooth device name. If this is set, the value that it is set t | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -284,7 +284,7 @@ Set a list of allowable services and profiles. String hex formatted array of Blu | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `;`) | @@ -301,7 +301,7 @@ Set a list of allowable services and profiles. String hex formatted array of Blu | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041] and later | @@ -324,7 +324,7 @@ There are multiple levels of encryption strength when pairing Bluetooth devices. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[1-16]` | | Default Value | 0 | diff --git a/windows/client-management/mdm/policy-csp-browser.md b/windows/client-management/mdm/policy-csp-browser.md index e0a5e1b043..e0cc47c40d 100644 --- a/windows/client-management/mdm/policy-csp-browser.md +++ b/windows/client-management/mdm/policy-csp-browser.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -62,7 +62,7 @@ This policy setting lets you decide whether the Address bar drop-down functional | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -102,7 +102,7 @@ This policy setting lets you decide whether the Address bar drop-down functional | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -135,7 +135,7 @@ This policy setting lets you decide whether employees can use Autofill to automa | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -185,7 +185,7 @@ To verify AllowAutofill is set to 0 (not allowed): | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:x: Pro
:x: Enterprise
:x: Education
:x: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
✅ User | ❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -212,7 +212,7 @@ This policy is deprecated. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -238,7 +238,7 @@ This policy is deprecated. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -265,7 +265,7 @@ This policy setting lets you decide whether Microsoft Edge can automatically upd | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -291,7 +291,7 @@ This policy setting lets you decide whether Microsoft Edge can automatically upd | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -325,7 +325,7 @@ Block only 3rd-party cookies: Blocks only cookies from 3rd-party websites. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 2 | @@ -373,7 +373,7 @@ To verify AllowCookies is set to 0 (not allowed): | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -404,7 +404,7 @@ This policy setting lets you decide whether F12 Developer Tools are available on | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -444,7 +444,7 @@ This policy setting lets you decide whether F12 Developer Tools are available on | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -477,7 +477,7 @@ This policy setting lets you decide whether employees can send Do Not Track requ | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -524,7 +524,7 @@ To verify AllowDoNotTrack is set to 0 (not allowed): | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -555,7 +555,7 @@ This setting lets you decide whether employees can load extensions in Microsoft | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -595,7 +595,7 @@ This setting lets you decide whether employees can load extensions in Microsoft | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -626,7 +626,7 @@ This setting lets you decide whether employees can run Adobe Flash in Microsoft | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -666,7 +666,7 @@ This setting lets you decide whether employees can run Adobe Flash in Microsoft | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -695,7 +695,7 @@ Sites get onto the auto-allowed list based on user feedback, specifically by how | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -735,7 +735,7 @@ Sites get onto the auto-allowed list based on user feedback, specifically by how | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later | @@ -766,7 +766,7 @@ If disabled, full-screen mode is unavailable for use in Microsoft Edge. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -806,7 +806,7 @@ If disabled, full-screen mode is unavailable for use in Microsoft Edge. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -837,7 +837,7 @@ This policy setting lets you decide whether employees can browse using InPrivate | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -877,7 +877,7 @@ This policy setting lets you decide whether employees can browse using InPrivate | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -908,7 +908,7 @@ This policy setting lets you decide whether to use the Microsoft Compatibility L | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -948,7 +948,7 @@ This policy setting lets you decide whether to use the Microsoft Compatibility L | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -981,7 +981,7 @@ This policy setting lets you decide whether employees can save their passwords l | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -1026,7 +1026,7 @@ To verify AllowPasswordManager is set to 0 (not allowed): | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -1059,7 +1059,7 @@ This policy setting lets you decide whether to turn on Pop-up Blocker. By defaul | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -1104,7 +1104,7 @@ To verify AllowPopups is set to 0 (not allowed): | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later | @@ -1135,7 +1135,7 @@ If you prevent pre-launch, Microsoft Edge won't pre-launch during Windows sign i | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -1174,7 +1174,7 @@ If you prevent pre-launch, Microsoft Edge won't pre-launch during Windows sign i | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later | @@ -1205,7 +1205,7 @@ If disabled, printing is not allowed. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -1245,7 +1245,7 @@ If disabled, printing is not allowed. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later | @@ -1276,7 +1276,7 @@ If disabled, the browsing history stops saving and is not visible in the History | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -1316,7 +1316,7 @@ If disabled, the browsing history stops saving and is not visible in the History | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -1351,7 +1351,7 @@ This setting can only be used with domain-joined or MDM-enrolled devices. For mo | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -1391,7 +1391,7 @@ This setting can only be used with domain-joined or MDM-enrolled devices. For mo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -1424,7 +1424,7 @@ This policy setting lets you decide whether search suggestions appear in the Add | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -1464,7 +1464,7 @@ This policy setting lets you decide whether search suggestions appear in the Add | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later | @@ -1504,7 +1504,7 @@ Related policies: | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -1544,7 +1544,7 @@ Related policies: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -1577,7 +1577,7 @@ This policy setting lets you configure whether to turn on Windows Defender Smart | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -1622,7 +1622,7 @@ To verify AllowSmartScreen is set to 0 (not allowed): | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later | @@ -1653,7 +1653,7 @@ If you prevent preloading, Microsoft Edge won't load the Start or New Tab page d | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -1692,7 +1692,7 @@ If you prevent preloading, Microsoft Edge won't load the Start or New Tab page d | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later | @@ -1725,7 +1725,7 @@ This policy setting lets you configure what appears when Microsoft Edge opens a | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -1765,7 +1765,7 @@ This policy setting lets you configure what appears when Microsoft Edge opens a | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -1796,7 +1796,7 @@ This policy setting helps you to decide whether to make the Books tab visible, r | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -1836,7 +1836,7 @@ This policy setting helps you to decide whether to make the Books tab visible, r | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -1867,7 +1867,7 @@ This policy setting allows the automatic clearing of browsing data when Microsof | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -1914,7 +1914,7 @@ To verify whether browsing data is cleared on exit (ClearBrowsingDataOnExit is s | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -1950,7 +1950,7 @@ This setting can only be used with domain-joined or MDM-enrolled devices. For mo | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1980,7 +1980,7 @@ This setting can only be used with domain-joined or MDM-enrolled devices. For mo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later | @@ -2013,7 +2013,7 @@ If not configured, the favorites bar is hidden but is visible on the Start and N | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -2053,7 +2053,7 @@ If not configured, the favorites bar is hidden but is visible on the Start and N | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later | @@ -2097,7 +2097,7 @@ Related policies: | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -2141,7 +2141,7 @@ Related policies: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later | @@ -2179,7 +2179,7 @@ If enabled and set to 1: | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -2218,7 +2218,7 @@ If enabled and set to 1: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later | @@ -2253,7 +2253,7 @@ If you do not configure Microsoft Edge in assigned access, then this policy does | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[0-1440]` | | Default Value | 5 | @@ -2285,7 +2285,7 @@ If you do not configure Microsoft Edge in assigned access, then this policy does | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later | @@ -2329,7 +2329,7 @@ Related policies: | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 3 | @@ -2376,7 +2376,7 @@ Related policies: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later | @@ -2406,7 +2406,7 @@ Default setting: Disabled or not configured (no data collected or sent) | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -2448,7 +2448,7 @@ Default setting: Disabled or not configured (no data collected or sent) | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -2488,7 +2488,7 @@ Related policy: | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -2527,7 +2527,7 @@ Related policy: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -2558,7 +2558,7 @@ This policy setting lets you decide how much data to send to Microsoft about the | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -2598,7 +2598,7 @@ This policy setting lets you decide how much data to send to Microsoft about the | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -2629,7 +2629,7 @@ This policy setting lets you configure whether to use Enterprise Mode and the En | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2659,7 +2659,7 @@ This policy setting lets you configure whether to use Enterprise Mode and the En | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -2686,7 +2686,7 @@ Important. Discontinued in Windows 10, version 1511. Use the Browser/EnterpriseM | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2702,7 +2702,7 @@ Important. Discontinued in Windows 10, version 1511. Use the Browser/EnterpriseM | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:x: Pro
:x: Enterprise
:x: Education
:x: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
✅ User | ❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -2729,7 +2729,7 @@ Configure first run URL. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Dependency [Browser_FirstRunURL_DependencyGroup] | Dependency Type: `DependsOn`
Dependency URI: `Device/Vendor/MSFT/Policy/Config/Browser/PreventFirstRunPage`
Dependency Allowed Value: `[0]`
Dependency Allowed Value Type: `Range`
| @@ -2746,7 +2746,7 @@ Configure first run URL. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -2791,7 +2791,7 @@ Related policy: | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2821,7 +2821,7 @@ Related policy: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -2855,7 +2855,7 @@ Don't enable both this setting and the Keep favorites in sync between Internet E | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -2895,7 +2895,7 @@ Don't enable both this setting and the Keep favorites in sync between Internet E | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -2926,7 +2926,7 @@ This policy setting lets you decide whether employees can access the about:flags | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -2966,7 +2966,7 @@ This policy setting lets you decide whether employees can access the about:flags | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later | @@ -2997,7 +2997,7 @@ If disabled or not configured, overriding certificate errors are allowed. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -3037,7 +3037,7 @@ If disabled or not configured, overriding certificate errors are allowed. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -3068,7 +3068,7 @@ This policy setting lets you decide whether employees see Microsoft's First Run | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -3108,7 +3108,7 @@ This policy setting lets you decide whether employees see Microsoft's First Run | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -3139,7 +3139,7 @@ This policy lets you decide whether Microsoft Edge can gather Live Tile metadata | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -3179,7 +3179,7 @@ This policy lets you decide whether Microsoft Edge can gather Live Tile metadata | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -3210,7 +3210,7 @@ This policy setting lets you decide whether employees can override the Windows D | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -3250,7 +3250,7 @@ This policy setting lets you decide whether employees can override the Windows D | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -3281,7 +3281,7 @@ This policy setting lets you decide whether employees can override the Windows D | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -3321,7 +3321,7 @@ This policy setting lets you decide whether employees can override the Windows D | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later | @@ -3360,7 +3360,7 @@ Related Documents: | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `;`) | @@ -3391,7 +3391,7 @@ Related Documents: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -3422,7 +3422,7 @@ This policy setting lets you decide whether an employee's LocalHost IP address s | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -3462,7 +3462,7 @@ This policy setting lets you decide whether an employee's LocalHost IP address s | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -3496,7 +3496,7 @@ Don't enable both this setting and the Keep favorites in sync between Internet E | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -3533,7 +3533,7 @@ To define a default list of favorites: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -3564,7 +3564,7 @@ This policy setting lets you decide whether your intranet sites should all open | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -3604,7 +3604,7 @@ This policy setting lets you decide whether your intranet sites should all open | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -3647,7 +3647,7 @@ Employees can change the default search engine at any time, unless you disable t | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -3677,7 +3677,7 @@ Employees can change the default search engine at any time, unless you disable t | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later | @@ -3709,7 +3709,7 @@ Related policy: Configure Home Button. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -3739,7 +3739,7 @@ Related policy: Configure Home Button. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later | @@ -3773,7 +3773,7 @@ Related policy: Allow web content on New Tab page. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -3803,7 +3803,7 @@ Related policy: Allow web content on New Tab page. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -3840,7 +3840,7 @@ Related policies: | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -3881,7 +3881,7 @@ Related policies: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -3912,7 +3912,7 @@ This setting lets you decide whether people can sync their favorites between Int | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -3960,7 +3960,7 @@ To verify that favorites are in synchronized between Internet Explorer and Micro | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later | @@ -3997,7 +3997,7 @@ Related policy: | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -4037,7 +4037,7 @@ Related policy: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -4068,7 +4068,7 @@ This policy setting lets you decide whether Microsoft Edge stores books from the | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | diff --git a/windows/client-management/mdm/policy-csp-camera.md b/windows/client-management/mdm/policy-csp-camera.md index 6b88a97e01..c2ea4b8e02 100644 --- a/windows/client-management/mdm/policy-csp-camera.md +++ b/windows/client-management/mdm/policy-csp-camera.md @@ -4,7 +4,7 @@ description: Learn more about the Camera Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 01/09/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -26,7 +26,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -53,7 +53,7 @@ This policy setting allow the use of Camera devices on the machine. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | diff --git a/windows/client-management/mdm/policy-csp-cellular.md b/windows/client-management/mdm/policy-csp-cellular.md index cad8cc1ea3..61927574aa 100644 --- a/windows/client-management/mdm/policy-csp-cellular.md +++ b/windows/client-management/mdm/policy-csp-cellular.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -74,7 +74,7 @@ If an app is open when this Group Policy object is applied on a device, employee | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -115,7 +115,7 @@ If an app is open when this Group Policy object is applied on a device, employee | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -150,7 +150,7 @@ If an app is open when this Group Policy object is applied on a device, employee | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `;`) | @@ -180,7 +180,7 @@ If an app is open when this Group Policy object is applied on a device, employee | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -215,7 +215,7 @@ If an app is open when this Group Policy object is applied on a device, employee | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `;`) | @@ -245,7 +245,7 @@ If an app is open when this Group Policy object is applied on a device, employee | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -280,7 +280,7 @@ If an app is open when this Group Policy object is applied on a device, employee | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `;`) | @@ -310,7 +310,7 @@ If an app is open when this Group Policy object is applied on a device, employee | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -336,7 +336,7 @@ This policy setting configures the visibility of the link to the per-application | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-clouddesktop.md b/windows/client-management/mdm/policy-csp-clouddesktop.md index fc9dfec2ac..55896ea4f2 100644 --- a/windows/client-management/mdm/policy-csp-clouddesktop.md +++ b/windows/client-management/mdm/policy-csp-clouddesktop.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:x: Windows SE | :heavy_check_mark: Windows Insider Preview | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE | ✅ Windows Insider Preview | @@ -51,7 +51,7 @@ This policy allows the user to configure the boot to cloud mode. Boot to Cloud m | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | diff --git a/windows/client-management/mdm/policy-csp-connectivity.md b/windows/client-management/mdm/policy-csp-connectivity.md index 9bfced5845..489c25883d 100644 --- a/windows/client-management/mdm/policy-csp-connectivity.md +++ b/windows/client-management/mdm/policy-csp-connectivity.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -54,7 +54,7 @@ Allows the user to enable Bluetooth or restrict access. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 2 | @@ -81,7 +81,7 @@ Allows the user to enable Bluetooth or restrict access. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -104,7 +104,7 @@ Allows the cellular data channel on the device. Device reboot is not required to | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -131,7 +131,7 @@ Allows the cellular data channel on the device. Device reboot is not required to | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -158,7 +158,7 @@ This policy setting prevents clients from connecting to Mobile Broadband network | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -206,7 +206,7 @@ To validate, the enterprise can confirm by observing the roaming enable switch i | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -231,7 +231,7 @@ To validate, the enterprise can confirm by observing the roaming enable switch i | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -260,7 +260,7 @@ To validate, the enterprise can confirm by observing the roaming enable switch i | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:x: Pro
:x: Enterprise
:x: Education
:x: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -283,7 +283,7 @@ This policy is deprecated. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -309,7 +309,7 @@ This policy is deprecated. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -338,7 +338,7 @@ This policy allows IT admins to turn off the ability to Link a Phone with a PC t | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -383,7 +383,7 @@ Device that has previously opt-in to MMX will also stop showing on the device li | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:x: Pro
:x: Enterprise
:x: Education
:x: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -408,7 +408,7 @@ Device that has previously opt-in to MMX will also stop showing on the device li | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -434,7 +434,7 @@ Device that has previously opt-in to MMX will also stop showing on the device li | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -457,7 +457,7 @@ Specifies what type of underlying connections VPN is allowed to use. Most restri | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -483,7 +483,7 @@ Specifies what type of underlying connections VPN is allowed to use. Most restri | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -506,7 +506,7 @@ Prevents the device from connecting to VPN when the device roams over cellular n | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -532,7 +532,7 @@ Prevents the device from connecting to VPN when the device roams over cellular n | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -566,7 +566,7 @@ Also, see the "Web-based printing" policy setting in Computer Configuration/Admi | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -598,7 +598,7 @@ Also, see the "Web-based printing" policy setting in Computer Configuration/Admi | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -630,7 +630,7 @@ To set up HTTP printing, non-inbox drivers need to be downloaded over HTTP. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -662,7 +662,7 @@ To set up HTTP printing, non-inbox drivers need to be downloaded over HTTP. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -693,7 +693,7 @@ See the documentation for the web publishing and online ordering wizards for mor | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -725,7 +725,7 @@ See the documentation for the web publishing and online ordering wizards for mor | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -754,7 +754,7 @@ As part of determining the connectivity level, NCSI performs one of two active t | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -794,7 +794,7 @@ As part of determining the connectivity level, NCSI performs one of two active t | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -820,7 +820,7 @@ For more information, see [MS15-011: Vulnerability in Group Policy could allow r | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -851,7 +851,7 @@ For more information, see [MS15-011: Vulnerability in Group Policy could allow r | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -881,7 +881,7 @@ If you disable this setting or do not configure it, the user will be able to cre | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-controlpolicyconflict.md b/windows/client-management/mdm/policy-csp-controlpolicyconflict.md index 4d9b9ad115..15c0389036 100644 --- a/windows/client-management/mdm/policy-csp-controlpolicyconflict.md +++ b/windows/client-management/mdm/policy-csp-controlpolicyconflict.md @@ -4,7 +4,7 @@ description: Learn more about the ControlPolicyConflict Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 01/09/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -26,7 +26,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -74,7 +74,7 @@ The MDM Diagnostic report shows the applied configurations states of a device in | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | diff --git a/windows/client-management/mdm/policy-csp-credentialproviders.md b/windows/client-management/mdm/policy-csp-credentialproviders.md index 7d393397fe..f7601e1216 100644 --- a/windows/client-management/mdm/policy-csp-credentialproviders.md +++ b/windows/client-management/mdm/policy-csp-credentialproviders.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -60,7 +60,7 @@ To configure Windows Hello for Business, use the Administrative Template policie | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -92,7 +92,7 @@ To configure Windows Hello for Business, use the Administrative Template policie | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -121,7 +121,7 @@ Note that the user's domain password will be cached in the system vault when usi | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -153,7 +153,7 @@ Note that the user's domain password will be cached in the system vault when usi | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -176,7 +176,7 @@ Boolean policy to disable the visibility of the credential provider that trigger | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | diff --git a/windows/client-management/mdm/policy-csp-credentialsdelegation.md b/windows/client-management/mdm/policy-csp-credentialsdelegation.md index c5bf99ea6c..4403faa777 100644 --- a/windows/client-management/mdm/policy-csp-credentialsdelegation.md +++ b/windows/client-management/mdm/policy-csp-credentialsdelegation.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -57,7 +57,7 @@ When using credential delegation, devices provide an exportable version of crede | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-credentialsui.md b/windows/client-management/mdm/policy-csp-credentialsui.md index fe656db7c8..15f980bcd2 100644 --- a/windows/client-management/mdm/policy-csp-credentialsui.md +++ b/windows/client-management/mdm/policy-csp-credentialsui.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -63,7 +63,7 @@ The policy applies to all Windows components and applications that use the Windo | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -95,7 +95,7 @@ The policy applies to all Windows components and applications that use the Windo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -122,7 +122,7 @@ This policy setting controls whether administrator accounts are displayed when a | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-cryptography.md b/windows/client-management/mdm/policy-csp-cryptography.md index 53aabcf9bf..841ae0f1bd 100644 --- a/windows/client-management/mdm/policy-csp-cryptography.md +++ b/windows/client-management/mdm/policy-csp-cryptography.md @@ -4,7 +4,7 @@ description: Learn more about the Cryptography Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 01/09/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -26,7 +26,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -49,7 +49,7 @@ Allows or disallows the Federal Information Processing Standard (FIPS) policy. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -84,7 +84,7 @@ Allows or disallows the Federal Information Processing Standard (FIPS) policy. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -107,7 +107,7 @@ Lists the Cryptographic Cipher Algorithms allowed for SSL connections. Format is | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `;`) | diff --git a/windows/client-management/mdm/policy-csp-dataprotection.md b/windows/client-management/mdm/policy-csp-dataprotection.md index fb84b5f3b7..2bed9781c9 100644 --- a/windows/client-management/mdm/policy-csp-dataprotection.md +++ b/windows/client-management/mdm/policy-csp-dataprotection.md @@ -4,7 +4,7 @@ description: Learn more about the DataProtection Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 03/23/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -26,7 +26,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -49,7 +49,7 @@ This policy setting allows you to block direct memory access (DMA) for all hot p | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -75,7 +75,7 @@ This policy setting allows you to block direct memory access (DMA) for all hot p | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -101,7 +101,7 @@ Important. This policy may change in a future release. It may be used for testin | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-datausage.md b/windows/client-management/mdm/policy-csp-datausage.md index bab0720b95..55963b49c3 100644 --- a/windows/client-management/mdm/policy-csp-datausage.md +++ b/windows/client-management/mdm/policy-csp-datausage.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -63,7 +63,7 @@ This policy setting configures the cost of 3G connections on the local machine. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -94,7 +94,7 @@ This policy setting configures the cost of 3G connections on the local machine. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -127,7 +127,7 @@ This policy setting configures the cost of 4G connections on the local machine. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-defender.md b/windows/client-management/mdm/policy-csp-defender.md index e4ba13552a..86104e0374 100644 --- a/windows/client-management/mdm/policy-csp-defender.md +++ b/windows/client-management/mdm/policy-csp-defender.md @@ -26,7 +26,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -55,7 +55,7 @@ This policy setting allows you to configure scans for malicious software and unw | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -95,7 +95,7 @@ This policy setting allows you to configure scans for malicious software and unw | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -124,7 +124,7 @@ This policy setting allows you to configure behavior monitoring. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -164,7 +164,7 @@ This policy setting allows you to configure behavior monitoring. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -206,7 +206,7 @@ In Windows 10, Basic membership is no longer available, so setting the value to | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -246,7 +246,7 @@ In Windows 10, Basic membership is no longer available, so setting the value to | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -273,7 +273,7 @@ This policy setting allows you to configure e-mail scanning. When e-mail scannin | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -313,7 +313,7 @@ This policy setting allows you to configure e-mail scanning. When e-mail scannin | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -340,7 +340,7 @@ This policy setting allows you to configure scanning mapped network drives. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -380,7 +380,7 @@ This policy setting allows you to configure scanning mapped network drives. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -407,7 +407,7 @@ This policy setting allows you to manage whether or not to scan for malicious so | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -447,7 +447,7 @@ This policy setting allows you to manage whether or not to scan for malicious so | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -472,7 +472,7 @@ Allows or disallows Windows Defender Intrusion Prevention functionality. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -498,7 +498,7 @@ Allows or disallows Windows Defender Intrusion Prevention functionality. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -527,7 +527,7 @@ This policy setting allows you to configure scanning for all downloaded files an | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -567,7 +567,7 @@ This policy setting allows you to configure scanning for all downloaded files an | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -596,7 +596,7 @@ This policy setting allows you to configure monitoring for file and program acti | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -636,7 +636,7 @@ This policy setting allows you to configure monitoring for file and program acti | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -661,7 +661,7 @@ Allows or disallows Windows Defender Realtime Monitoring functionality. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -701,7 +701,7 @@ Allows or disallows Windows Defender Realtime Monitoring functionality. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -727,7 +727,7 @@ This policy setting allows you to configure real-time scanning for files that ar | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -767,7 +767,7 @@ This policy setting allows you to configure real-time scanning for files that ar | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -792,7 +792,7 @@ Allows or disallows Windows Defender Script Scanning functionality. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -818,7 +818,7 @@ Allows or disallows Windows Defender Script Scanning functionality. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -842,7 +842,7 @@ If you enable this setting AM UI won't be available to users. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -882,7 +882,7 @@ If you enable this setting AM UI won't be available to users. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -920,7 +920,7 @@ You can configure ASR rules in the Configure Attack Surface Reduction rules GP s | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `|`) | @@ -951,7 +951,7 @@ You can configure ASR rules in the Configure Attack Surface Reduction rules GP s | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -1015,7 +1015,7 @@ You can exclude folders or files in the "Exclude files and paths from Attack Sur | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1045,7 +1045,7 @@ You can exclude folders or files in the "Exclude files and paths from Attack Sur | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -1072,7 +1072,7 @@ This policy setting allows you to configure the maximum percentage CPU utilizati | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[0-100]` | | Default Value | 50 | @@ -1104,7 +1104,7 @@ This policy setting allows you to configure the maximum percentage CPU utilizati | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later | @@ -1133,7 +1133,7 @@ This setting applies to scheduled scans, but it has no effect on scans initiated | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -1172,7 +1172,7 @@ This setting applies to scheduled scans, but it has no effect on scans initiated | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -1209,7 +1209,7 @@ Possible options are: | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -1251,7 +1251,7 @@ Possible options are: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -1281,7 +1281,7 @@ For example, if the desired timeout is 60 seconds, specify 50 seconds in this se | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[0-50]` | | Default Value | 0 | @@ -1313,7 +1313,7 @@ For example, if the desired timeout is 60 seconds, specify 50 seconds in this se | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -1353,7 +1353,7 @@ Default system folders are automatically guarded, but you can add folders in the | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `|`) | @@ -1384,7 +1384,7 @@ Default system folders are automatically guarded, but you can add folders in the | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -1425,7 +1425,7 @@ Microsoft Defender Antivirus automatically determines which applications can be | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `|`) | @@ -1456,7 +1456,7 @@ Microsoft Defender Antivirus automatically determines which applications can be | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -1483,7 +1483,7 @@ This policy setting defines the number of days items should be kept in the Quara | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[0-90]` | | Default Value | 0 | @@ -1515,7 +1515,7 @@ This policy setting defines the number of days items should be kept in the Quara | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later | @@ -1542,7 +1542,7 @@ This policy setting allows you to configure catch-up scans for scheduled full sc | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -1581,7 +1581,7 @@ This policy setting allows you to configure catch-up scans for scheduled full sc | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later | @@ -1608,7 +1608,7 @@ This policy setting allows you to configure catch-up scans for scheduled quick s | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -1647,7 +1647,7 @@ This policy setting allows you to configure catch-up scans for scheduled quick s | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -1721,7 +1721,7 @@ Same as Disabled. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -1762,7 +1762,7 @@ Same as Disabled. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later | @@ -1789,7 +1789,7 @@ This policy setting allows you to enable or disable low CPU priority for schedul | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -1828,7 +1828,7 @@ This policy setting allows you to enable or disable low CPU priority for schedul | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -1863,7 +1863,7 @@ Same as Disabled. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -1903,7 +1903,7 @@ Same as Disabled. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -1928,7 +1928,7 @@ Allows an administrator to specify a list of file type extensions to ignore duri | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `|`) | @@ -1959,7 +1959,7 @@ Allows an administrator to specify a list of file type extensions to ignore duri | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -1984,7 +1984,7 @@ Allows an administrator to specify a list of directory paths to ignore during a | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `|`) | @@ -2015,7 +2015,7 @@ Allows an administrator to specify a list of directory paths to ignore during a | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -2043,7 +2043,7 @@ Allows an administrator to specify a list of files opened by processes to ignore | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `|`) | @@ -2074,7 +2074,7 @@ Allows an administrator to specify a list of files opened by processes to ignore | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -2109,7 +2109,7 @@ Same as Disabled. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -2149,7 +2149,7 @@ Same as Disabled. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -2185,7 +2185,7 @@ Any other value, or if the value does not exist, resolves to the default (0). | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -2226,7 +2226,7 @@ Any other value, or if the value does not exist, resolves to the default (0). | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -2255,7 +2255,7 @@ This policy setting allows you to specify the scan type to use during a schedule | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -2295,7 +2295,7 @@ This policy setting allows you to specify the scan type to use during a schedule | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -2322,7 +2322,7 @@ This policy setting allows you to specify the time of day at which to perform a | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[0-1380]` | | Default Value | 120 | @@ -2354,7 +2354,7 @@ This policy setting allows you to specify the time of day at which to perform a | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -2392,7 +2392,7 @@ This setting can be configured with the following ordinal number values: | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -2439,7 +2439,7 @@ This setting can be configured with the following ordinal number values: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -2466,7 +2466,7 @@ This policy setting allows you to specify the time of day at which to perform a | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[0-1380]` | | Default Value | 120 | @@ -2498,7 +2498,7 @@ This policy setting allows you to specify the time of day at which to perform a | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1903 [10.0.18362] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later | @@ -2523,7 +2523,7 @@ If you disable or do not configure this setting, security intelligence will be r | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2553,7 +2553,7 @@ If you disable or do not configure this setting, security intelligence will be r | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later | @@ -2582,7 +2582,7 @@ For Example: `{ InternalDefinitionUpdateServer | MicrosoftUpdateServer | MMPC }` | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `|`) | @@ -2613,7 +2613,7 @@ For Example: `{ InternalDefinitionUpdateServer | MicrosoftUpdateServer | MMPC }` | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later | @@ -2640,7 +2640,7 @@ This policy setting allows you to configure UNC file share sources for downloadi | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `|`) | @@ -2671,7 +2671,7 @@ This policy setting allows you to configure UNC file share sources for downloadi | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -2698,7 +2698,7 @@ This policy setting allows you to specify an interval at which to check for secu | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[0-24]` | | Default Value | 8 | @@ -2730,7 +2730,7 @@ This policy setting allows you to specify an interval at which to check for secu | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -2759,7 +2759,7 @@ Possible options are: | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -2801,7 +2801,7 @@ Possible options are: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -2837,7 +2837,7 @@ Valid remediation action values are: | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-deliveryoptimization.md b/windows/client-management/mdm/policy-csp-deliveryoptimization.md index d4cd618ac6..96df133dc7 100644 --- a/windows/client-management/mdm/policy-csp-deliveryoptimization.md +++ b/windows/client-management/mdm/policy-csp-deliveryoptimization.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -55,7 +55,7 @@ The value 0 (zero) means "unlimited" cache; Delivery Optimization will clear the | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[0-4294967295]` | | Default Value | 0 | @@ -87,7 +87,7 @@ The value 0 (zero) means "unlimited" cache; Delivery Optimization will clear the | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -110,7 +110,7 @@ Specifies whether the device is allowed to participate in Peer Caching while con | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -150,7 +150,7 @@ Specifies whether the device is allowed to participate in Peer Caching while con | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -177,7 +177,7 @@ One or more values can be added as either fully qualified domain names (FQDN) or | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `,`) | @@ -208,7 +208,7 @@ One or more values can be added as either fully qualified domain names (FQDN) or | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041] and later | @@ -243,7 +243,7 @@ If this policy is not configured, the client will attempt to automatically find | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[0-4294967295]` | | Default Value | 0 | @@ -275,7 +275,7 @@ If this policy is not configured, the client will attempt to automatically find | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -304,7 +304,7 @@ The recommended value is 1 hour (3600). | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[0-4294967295]` | | Default Value | 0 | @@ -336,7 +336,7 @@ The recommended value is 1 hour (3600). | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1903 [10.0.18362] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later | @@ -359,7 +359,7 @@ Specifies the time in seconds to delay the fallback from Cache Server to the HTT | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[0-2592000]` | | Default Value | 0 | @@ -391,7 +391,7 @@ Specifies the time in seconds to delay the fallback from Cache Server to the HTT | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1903 [10.0.18362] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later | @@ -414,7 +414,7 @@ Specifies the time in seconds to delay the fallback from Cache Server to the HTT | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[0-2592000]` | | Default Value | 0 | @@ -446,7 +446,7 @@ Specifies the time in seconds to delay the fallback from Cache Server to the HTT | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -475,7 +475,7 @@ The recommended value is 1 minute (60). | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[0-4294967295]` | | Default Value | 0 | @@ -507,7 +507,7 @@ The recommended value is 1 minute (60). | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -530,7 +530,7 @@ Disallow downloads from Microsoft Connected Cache servers when the device connec | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -566,7 +566,7 @@ Disallow downloads from Microsoft Connected Cache servers when the device connec | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -591,7 +591,7 @@ Specifies the download method that Delivery Optimization can use in downloads of | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -635,7 +635,7 @@ Specifies the download method that Delivery Optimization can use in downloads of | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -662,7 +662,7 @@ Note this is a best effort optimization and should not be relied on for an authe | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -692,7 +692,7 @@ Note this is a best effort optimization and should not be relied on for an authe | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -717,7 +717,7 @@ Set this policy to restrict peer selection to a specific source. Available optio | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -761,7 +761,7 @@ Set this policy to restrict peer selection to a specific source. Available optio | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041] and later | @@ -786,7 +786,7 @@ The default value 0 (zero) means that Delivery Optimization dynamically adjusts | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[0-4294967295]` | | Default Value | 0 | @@ -818,7 +818,7 @@ The default value 0 (zero) means that Delivery Optimization dynamically adjusts | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -841,7 +841,7 @@ Specifies the maximum time in seconds that each file is held in the Delivery Opt | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[0-4294967295]` | | Default Value | 0 | @@ -873,7 +873,7 @@ Specifies the maximum time in seconds that each file is held in the Delivery Opt | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -896,7 +896,7 @@ Specifies the maximum cache size that Delivery Optimization can utilize, as a pe | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[1-100]` | | Default Value | 0 | @@ -928,7 +928,7 @@ Specifies the maximum cache size that Delivery Optimization can utilize, as a pe | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041] and later | @@ -953,7 +953,7 @@ The default value 0 (zero) means that Delivery Optimization dynamically adjusts | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[0-4294967295]` | | Default Value | 0 | @@ -985,7 +985,7 @@ The default value 0 (zero) means that Delivery Optimization dynamically adjusts | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -1008,7 +1008,7 @@ Specifies the minimum download QoS (Quality of Service or speed) in KiloBytes/se | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[1-4294967295]` | | Default Value | 0 | @@ -1040,7 +1040,7 @@ Specifies the minimum download QoS (Quality of Service or speed) in KiloBytes/se | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -1067,7 +1067,7 @@ The value 0 means "not-limited"; The cloud service set default value will be use | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[0-100]` | | Default Value | 0 | @@ -1099,7 +1099,7 @@ The value 0 means "not-limited"; The cloud service set default value will be use | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -1127,7 +1127,7 @@ Recommended values: 64 GB to 256 GB. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[1-100000]` | | Default Value | 0 | @@ -1159,7 +1159,7 @@ Recommended values: 64 GB to 256 GB. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -1182,7 +1182,7 @@ Specifies the minimum content file size in MB enabled to use Peer Caching. Recom | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[1-100000]` | | Default Value | 0 | @@ -1214,7 +1214,7 @@ Specifies the minimum content file size in MB enabled to use Peer Caching. Recom | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -1237,7 +1237,7 @@ Specifies the minimum RAM size in GB required to use Peer Caching. For example, | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[1-100000]` | | Default Value | 0 | @@ -1269,7 +1269,7 @@ Specifies the minimum RAM size in GB required to use Peer Caching. For example, | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -1294,7 +1294,7 @@ By default, %SystemDrive% is used to store the cache. The drive location can be | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1324,7 +1324,7 @@ By default, %SystemDrive% is used to store the cache. The drive location can be | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -1347,7 +1347,7 @@ Specifies the maximum total bytes in GB that Delivery Optimization is allowed to | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[0-4294967295]` | | Default Value | 0 | @@ -1379,7 +1379,7 @@ Specifies the maximum total bytes in GB that Delivery Optimization is allowed to | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -1406,7 +1406,7 @@ Downloads from LAN peers won't be throttled even when this policy is set. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[0-100]` | | Default Value | 0 | @@ -1438,7 +1438,7 @@ Downloads from LAN peers won't be throttled even when this policy is set. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -1463,7 +1463,7 @@ The default value 0 (zero) means that Delivery Optimization dynamically adjusts | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[0-100]` | | Default Value | 0 | @@ -1495,7 +1495,7 @@ The default value 0 (zero) means that Delivery Optimization dynamically adjusts | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -1530,7 +1530,7 @@ In Windows 11 the 'Local Peer Discovery' option was introduced to restrict peer | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -1571,7 +1571,7 @@ In Windows 11 the 'Local Peer Discovery' option was introduced to restrict peer | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -1594,7 +1594,7 @@ Specifies the maximum background download bandwidth that Delivery Optimization u | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1625,7 +1625,7 @@ Specifies the maximum background download bandwidth that Delivery Optimization u | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -1653,7 +1653,7 @@ This policy allows an IT Admin to define the following details: | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1684,7 +1684,7 @@ This policy allows an IT Admin to define the following details: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1707,7 +1707,7 @@ This policy allows you to set one or more keywords used to recognize VPN connect | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `,`) | diff --git a/windows/client-management/mdm/policy-csp-desktop.md b/windows/client-management/mdm/policy-csp-desktop.md index dd8db44630..82a49e6530 100644 --- a/windows/client-management/mdm/policy-csp-desktop.md +++ b/windows/client-management/mdm/policy-csp-desktop.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -55,7 +55,7 @@ If you enable this setting, users are unable to type a new location in the Targe | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-desktopappinstaller.md b/windows/client-management/mdm/policy-csp-desktopappinstaller.md index 62c204d4b2..81d408575b 100644 --- a/windows/client-management/mdm/policy-csp-desktopappinstaller.md +++ b/windows/client-management/mdm/policy-csp-desktopappinstaller.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later | @@ -57,7 +57,7 @@ This policy controls additional sources provided by the enterprise IT administra | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -89,7 +89,7 @@ This policy controls additional sources provided by the enterprise IT administra | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later | @@ -118,7 +118,7 @@ This policy controls additional sources allowed by the enterprise IT administrat | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -150,7 +150,7 @@ This policy controls additional sources allowed by the enterprise IT administrat | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later | @@ -178,7 +178,7 @@ Users will still be able to execute the *winget* command. The default help will | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -210,7 +210,7 @@ Users will still be able to execute the *winget* command. The default help will | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later | @@ -232,7 +232,7 @@ Users will still be able to execute the *winget* command. The default help will | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -260,7 +260,7 @@ Users will still be able to execute the *winget* command. The default help will | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later | @@ -289,7 +289,7 @@ This policy controls the default source included with the [Windows Package Manag | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -321,7 +321,7 @@ This policy controls the default source included with the [Windows Package Manag | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later | @@ -349,7 +349,7 @@ Experimental features are used during Windows Package Manager development cycle | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -381,7 +381,7 @@ Experimental features are used during Windows Package Manager development cycle | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later | @@ -408,7 +408,7 @@ This policy controls whether or not the [Windows Package Manager](/windows/packa | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -440,7 +440,7 @@ This policy controls whether or not the [Windows Package Manager](/windows/packa | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later | @@ -462,7 +462,7 @@ This policy controls whether or not the [Windows Package Manager](/windows/packa | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -490,7 +490,7 @@ This policy controls whether or not the [Windows Package Manager](/windows/packa | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later | @@ -517,7 +517,7 @@ This policy controls whether users can install packages with local manifest file | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -549,7 +549,7 @@ This policy controls whether users can install packages with local manifest file | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later | @@ -578,7 +578,7 @@ This policy controls the Microsoft Store source included with the [Windows Packa | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -610,7 +610,7 @@ This policy controls the Microsoft Store source included with the [Windows Packa | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later | @@ -637,7 +637,7 @@ This policy controls whether users can install packages from a website that is u | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -669,7 +669,7 @@ This policy controls whether users can install packages from a website that is u | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later | @@ -697,7 +697,7 @@ The settings are stored inside of a .json file on the user’s system. It may be | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -729,7 +729,7 @@ The settings are stored inside of a .json file on the user’s system. It may be | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later | @@ -757,7 +757,7 @@ The default source for Windows Package Manager is configured such that an index | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-deviceguard.md b/windows/client-management/mdm/policy-csp-deviceguard.md index ba41b0ac29..5f50a586ab 100644 --- a/windows/client-management/mdm/policy-csp-deviceguard.md +++ b/windows/client-management/mdm/policy-csp-deviceguard.md @@ -4,7 +4,7 @@ description: Learn more about the DeviceGuard Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 03/23/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -26,7 +26,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later | @@ -50,7 +50,7 @@ For more information about System Guard, see [Introducing Windows Defender Syste | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -91,7 +91,7 @@ For more information about System Guard, see [Introducing Windows Defender Syste | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:x: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -114,7 +114,7 @@ Turns On Virtualization Based Security(VBS) | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -154,7 +154,7 @@ Turns On Virtualization Based Security(VBS) | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:x: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:x: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ❌ Pro
✅ Enterprise
✅ Education
❌ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -177,7 +177,7 @@ Credential Guard Configuration: 0 - Turns off CredentialGuard remotely if config | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -218,7 +218,7 @@ Credential Guard Configuration: 0 - Turns off CredentialGuard remotely if config | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:x: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:x: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ❌ Pro
✅ Enterprise
✅ Education
❌ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -242,7 +242,7 @@ This setting lets users turn on Credential Guard with virtualization-based secur | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | diff --git a/windows/client-management/mdm/policy-csp-devicehealthmonitoring.md b/windows/client-management/mdm/policy-csp-devicehealthmonitoring.md index cd689bed30..259c785fc2 100644 --- a/windows/client-management/mdm/policy-csp-devicehealthmonitoring.md +++ b/windows/client-management/mdm/policy-csp-devicehealthmonitoring.md @@ -4,7 +4,7 @@ description: Learn more about the DeviceHealthMonitoring Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 01/09/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -26,7 +26,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1903 [10.0.18362] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later | @@ -50,7 +50,7 @@ DeviceHealthMonitoring is an opt-in health monitoring connection between the dev | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -76,7 +76,7 @@ DeviceHealthMonitoring is an opt-in health monitoring connection between the dev | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1903 [10.0.18362] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later | @@ -100,7 +100,7 @@ This policy is applicable only if the [AllowDeviceHealthMonitoring](#allowdevice | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Dependency [DeviceHealthMonitoring_ConfigDeviceHealthMonitoringScope_DependencyGroup] | Dependency Type: `DependsOn`
Dependency URI: `Device/Vendor/MSFT/Policy/Config/DeviceHealthMonitoring/AllowDeviceHealthMonitoring`
Dependency Allowed Value: `[1]`
Dependency Allowed Value Type: `Range`
| @@ -117,7 +117,7 @@ This policy is applicable only if the [AllowDeviceHealthMonitoring](#allowdevice | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -140,7 +140,7 @@ If the device is not opted-in to the DeviceHealthMonitoring service via the Allo | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Dependency [DeviceHealthMonitoring_ConfigDeviceHealthMonitoringServiceInstance_DependencyGroup] | Dependency Type: `DependsOn`
Dependency URI: `Device/Vendor/MSFT/Policy/Config/DeviceHealthMonitoring/AllowDeviceHealthMonitoring`
Dependency Allowed Value: `[1]`
Dependency Allowed Value Type: `Range`
| @@ -157,7 +157,7 @@ If the device is not opted-in to the DeviceHealthMonitoring service via the Allo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1903 [10.0.18362] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later | @@ -186,7 +186,7 @@ Configure this policy manually only when explicitly instructed to do so by a Mic | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Dependency [DeviceHealthMonitoring_ConfigDeviceHealthMonitoringUploadDestination_DependencyGroup] | Dependency Type: `DependsOn`
Dependency URI: `Device/Vendor/MSFT/Policy/Config/DeviceHealthMonitoring/AllowDeviceHealthMonitoring`
Dependency Allowed Value: `[1]`
Dependency Allowed Value Type: `Range`
| diff --git a/windows/client-management/mdm/policy-csp-deviceinstallation.md b/windows/client-management/mdm/policy-csp-deviceinstallation.md index 8a142cb391..2f8849bd97 100644 --- a/windows/client-management/mdm/policy-csp-deviceinstallation.md +++ b/windows/client-management/mdm/policy-csp-deviceinstallation.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later | @@ -67,7 +67,7 @@ Peripherals can be specified by their [hardware identity](/windows-hardware/driv | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -130,7 +130,7 @@ To verify that the policy is applied, check C:\windows\INF\setupapi.dev.log and | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041] and later | @@ -168,7 +168,7 @@ Peripherals can be specified by their [device instance ID](/windows-hardware/dri | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -233,7 +233,7 @@ To verify the policy is applied, check C:\windows\INF\setupapi.dev.log and see i | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later | @@ -273,7 +273,7 @@ Peripherals can be specified by their [hardware identity](/windows-hardware/driv | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -344,7 +344,7 @@ To verify that the policy is applied, check C:\windows\INF\setupapi.dev.log and | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: [10.0.20348.256] and later
:heavy_check_mark: Windows 10, version 1809 [10.0.17763.2145] and later
:heavy_check_mark: Windows 10, version 1903 [10.0.18362.1714] and later
:heavy_check_mark: Windows 10, version 2004 [10.0.19041.1151] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ [10.0.20348.256] and later
✅ Windows 10, version 1809 [10.0.17763.2145] and later
✅ Windows 10, version 1903 [10.0.18362.1714] and later
✅ Windows 10, version 2004 [10.0.19041.1151] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -393,7 +393,7 @@ If you disable or do not configure this policy setting, the default evaluation i | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -460,7 +460,7 @@ You can also change the evaluation order of device installation policy settings | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later | @@ -487,7 +487,7 @@ This policy setting allows you to prevent Windows from retrieving device metadat | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -519,7 +519,7 @@ This policy setting allows you to prevent Windows from retrieving device metadat | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later | @@ -549,7 +549,7 @@ This policy setting allows you to prevent the installation of devices that are n | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -618,7 +618,7 @@ You can also block installation by using a custom profile in Intune. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -651,7 +651,7 @@ Peripherals can be specified by their [hardware identity](/windows-hardware/driv | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -722,7 +722,7 @@ For example, this custom profile blocks installation and usage of USB devices wi | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041] and later | @@ -752,7 +752,7 @@ Peripherals can be specified by their [device instance ID](/windows-hardware/dri | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -833,7 +833,7 @@ To prevent installation of devices with matching device instance IDs by using cu | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -866,7 +866,7 @@ Peripherals can be specified by their [hardware identity](/windows-hardware/driv | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-devicelock.md b/windows/client-management/mdm/policy-csp-devicelock.md index cdee8174aa..a6e8a48030 100644 --- a/windows/client-management/mdm/policy-csp-devicelock.md +++ b/windows/client-management/mdm/policy-csp-devicelock.md @@ -32,7 +32,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows Insider Preview | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows Insider Preview | @@ -55,7 +55,7 @@ Account lockout threshold - This security setting determines the number of faile | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -71,7 +71,7 @@ Account lockout threshold - This security setting determines the number of faile | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows Insider Preview | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows Insider Preview | @@ -94,7 +94,7 @@ Allow Administrator account lockout This security setting determines whether the | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[0-1]` | | Default Value | 1 | @@ -121,7 +121,7 @@ Allow Administrator account lockout This security setting determines whether the | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:x: Pro
:x: Enterprise
:x: Education
:x: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -149,7 +149,7 @@ Specifies whether the user must input a PIN or password when the device resumes | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | | Dependency [DeviceLock_AllowIdleReturnWithoutPassword_DependencyGroup] | Dependency Type: `DependsOn`
Dependency URI: `Device/Vendor/MSFT/Policy/Config/DeviceLock/DevicePasswordEnabled`
Dependency Allowed Value: `[0]`
Dependency Allowed Value Type: `Range`
| @@ -176,7 +176,7 @@ Specifies whether the user must input a PIN or password when the device resumes | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -199,7 +199,7 @@ Specifies whether to show a user-configurable setting to control the screen time | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -225,7 +225,7 @@ Specifies whether to show a user-configurable setting to control the screen time | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -252,7 +252,7 @@ For more information about this policy, see [Exchange ActiveSync Policy Engine O | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | | Dependency [DeviceLock_AllowSimpleDevicePassword_DependencyGroup] | Dependency Type: `DependsOn`
Dependency URI: `Device/Vendor/MSFT/Policy/Config/DeviceLock/DevicePasswordEnabled`
Dependency Allowed Value: `[0]`
Dependency Allowed Value Type: `Range`
| @@ -279,7 +279,7 @@ For more information about this policy, see [Exchange ActiveSync Policy Engine O | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -308,7 +308,7 @@ Determines the type of PIN or password required. This policy only applies if the | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 2 | | Dependency [DeviceLock_AlphanumericDevicePasswordRequired_DependencyGroup] | Dependency Type: `DependsOn`
Dependency URI: `Device/Vendor/MSFT/Policy/Config/DeviceLock/DevicePasswordEnabled`
Dependency Allowed Value: `[0]`
Dependency Allowed Value Type: `Range`
| @@ -336,7 +336,7 @@ Determines the type of PIN or password required. This policy only applies if the | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows Insider Preview | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows Insider Preview | @@ -360,7 +360,7 @@ This security setting determines whether the operating system stores passwords u | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[0-1]` | | Default Value | 0 | @@ -387,7 +387,7 @@ This security setting determines whether the operating system stores passwords u | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -443,7 +443,7 @@ Specifies whether device lock is enabled. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -469,7 +469,7 @@ Specifies whether device lock is enabled. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -498,7 +498,7 @@ For more information about this policy, see [Exchange ActiveSync Policy Engine O | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[0-730]` | | Default Value | 0 | @@ -517,7 +517,7 @@ For more information about this policy, see [Exchange ActiveSync Policy Engine O | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -548,7 +548,7 @@ For more information about this policy, see [Exchange ActiveSync Policy Engine O | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[0-50]` | | Default Value | 0 | @@ -567,7 +567,7 @@ For more information about this policy, see [Exchange ActiveSync Policy Engine O | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -590,7 +590,7 @@ Specifies the default lock screen and logon image shown when no user is signed i | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -606,7 +606,7 @@ Specifies the default lock screen and logon image shown when no user is signed i | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -628,7 +628,7 @@ Specifies the default lock screen and logon image shown when no user is signed i | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -644,7 +644,7 @@ Specifies the default lock screen and logon image shown when no user is signed i | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -670,7 +670,7 @@ The number of authentication failures allowed before the device will be wiped. A | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[0-999]` | | Default Value | 0 | @@ -689,7 +689,7 @@ The number of authentication failures allowed before the device will be wiped. A | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows Insider Preview | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows Insider Preview | @@ -715,7 +715,7 @@ This security setting determines the period of time (in days) that a password ca | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[0-999]` | | Default Value | 1 | @@ -742,7 +742,7 @@ This security setting determines the period of time (in days) that a password ca | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -770,7 +770,7 @@ On HoloLens, this timeout is controlled by the device's system sleep timeout, re | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[0-999]` | | Default Value | 0 | @@ -789,7 +789,7 @@ On HoloLens, this timeout is controlled by the device's system sleep timeout, re | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:x: Pro
:x: Enterprise
:x: Education
:x: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -812,7 +812,7 @@ Sets the maximum timeout value for the external display. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[1-999]` | | Default Value | 0 | @@ -830,7 +830,7 @@ Sets the maximum timeout value for the external display. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -879,7 +879,7 @@ For more information about this policy, see [Exchange ActiveSync Policy Engine O | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | | Dependency [DeviceLock_MinDevicePasswordComplexCharacters_DependencyGroup] | Dependency Type: `DependsOn DependsOn`
Dependency URI: `Device/Vendor/MSFT/Policy/Config/DeviceLock/DevicePasswordEnabled Device/Vendor/MSFT/Policy/Config/DeviceLock/AlphanumericDevicePasswordRequired`
Dependency Allowed Value: `[0] [0]`
Dependency Allowed Value Type: `Range Range`
| @@ -908,7 +908,7 @@ For more information about this policy, see [Exchange ActiveSync Policy Engine O | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -937,7 +937,7 @@ For more information about this policy, see [Exchange ActiveSync Policy Engine O | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[4-16]` | | Default Value | 4 | @@ -979,7 +979,7 @@ The following example shows how to set the minimum password length to 4 characte | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -1002,7 +1002,7 @@ This security setting determines the period of time (in days) that a password mu | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[0-998]` | | Default Value | 1 | @@ -1029,7 +1029,7 @@ This security setting determines the period of time (in days) that a password mu | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows Insider Preview | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows Insider Preview | @@ -1062,7 +1062,7 @@ Complexity requirements are enforced when passwords are changed or created. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[0-1]` | | Default Value | 1 | @@ -1089,7 +1089,7 @@ Complexity requirements are enforced when passwords are changed or created. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows Insider Preview | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows Insider Preview | @@ -1116,7 +1116,7 @@ This security setting determines the number of unique new passwords that have to | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[0-24]` | | Default Value | 24 | @@ -1143,7 +1143,7 @@ This security setting determines the number of unique new passwords that have to | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -1170,7 +1170,7 @@ If you enable this setting, users will no longer be able to enable or disable lo | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1202,7 +1202,7 @@ If you enable this setting, users will no longer be able to enable or disable lo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -1229,7 +1229,7 @@ If you enable this setting, users will no longer be able to modify slide show se | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1261,7 +1261,7 @@ If you enable this setting, users will no longer be able to modify slide show se | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -1284,7 +1284,7 @@ Specifies whether to show a user-configurable setting to control the screen time | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[10-1800]` | | Default Value | 10 | diff --git a/windows/client-management/mdm/policy-csp-display.md b/windows/client-management/mdm/policy-csp-display.md index 19f3a8b859..ea1b11491d 100644 --- a/windows/client-management/mdm/policy-csp-display.md +++ b/windows/client-management/mdm/policy-csp-display.md @@ -4,7 +4,7 @@ description: Learn more about the Display Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 03/23/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -26,7 +26,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -61,7 +61,7 @@ Enabling this setting lets you specify the system-wide default for desktop appli | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `;`) | @@ -92,7 +92,7 @@ Enabling this setting lets you specify the system-wide default for desktop appli | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -144,7 +144,7 @@ Enabling this setting lets you specify the system-wide default for desktop appli | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | @@ -183,7 +183,7 @@ Enabling this setting lets you specify the system-wide default for desktop appli | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -218,7 +218,7 @@ Enabling this setting lets you specify the system-wide default for desktop appli | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `;`) | @@ -249,7 +249,7 @@ Enabling this setting lets you specify the system-wide default for desktop appli | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -289,7 +289,7 @@ If GDI DPI Scaling is configured to both turn-off and turn-on an application, th | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `;`) | @@ -327,7 +327,7 @@ To validate on Desktop, do the following tasks: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -365,7 +365,7 @@ If GDI DPI Scaling is configured to both turn-off and turn-on an application, th | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `;`) | diff --git a/windows/client-management/mdm/policy-csp-dmaguard.md b/windows/client-management/mdm/policy-csp-dmaguard.md index 5827ede22b..6249356995 100644 --- a/windows/client-management/mdm/policy-csp-dmaguard.md +++ b/windows/client-management/mdm/policy-csp-dmaguard.md @@ -26,7 +26,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later | @@ -54,7 +54,7 @@ This policy only takes effect when Kernel DMA Protection is supported and enable | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | diff --git a/windows/client-management/mdm/policy-csp-eap.md b/windows/client-management/mdm/policy-csp-eap.md index e5b3933b3c..26b2475e63 100644 --- a/windows/client-management/mdm/policy-csp-eap.md +++ b/windows/client-management/mdm/policy-csp-eap.md @@ -4,7 +4,7 @@ description: Learn more about the Eap Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 01/09/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -26,7 +26,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -49,7 +49,7 @@ Added in Windows 10, version 21. H1. Allow or disallow use of TLS 1.3 during EAP | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | diff --git a/windows/client-management/mdm/policy-csp-education.md b/windows/client-management/mdm/policy-csp-education.md index 004ce690a4..69c684f79b 100644 --- a/windows/client-management/mdm/policy-csp-education.md +++ b/windows/client-management/mdm/policy-csp-education.md @@ -4,7 +4,7 @@ description: Learn more about the Education Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 03/23/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -26,7 +26,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041] and later | @@ -52,7 +52,7 @@ This policy setting allows you to control whether graphing functionality is avai | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -92,7 +92,7 @@ This policy setting allows you to control whether graphing functionality is avai | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -116,7 +116,7 @@ The policy value is expected to be the name (network host name) of an installed | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -132,7 +132,7 @@ The policy value is expected to be the name (network host name) of an installed | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later | @@ -158,7 +158,7 @@ This policy setting allows you to control whether EDU-specific theme packs are a | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -184,7 +184,7 @@ This policy setting allows you to control whether EDU-specific theme packs are a | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later | @@ -207,7 +207,7 @@ This policy setting allows tenant to control whether to declare this OS as an ed | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -233,7 +233,7 @@ This policy setting allows tenant to control whether to declare this OS as an ed | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -269,7 +269,7 @@ This setting does not delete printers that users have already added. However, if | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -309,7 +309,7 @@ This setting does not delete printers that users have already added. However, if | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -333,7 +333,7 @@ The policy value is expected to be a `````` separated list of printer na | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `0xF000`) | diff --git a/windows/client-management/mdm/policy-csp-enterprisecloudprint.md b/windows/client-management/mdm/policy-csp-enterprisecloudprint.md index 4dcd8140d3..3e576c5845 100644 --- a/windows/client-management/mdm/policy-csp-enterprisecloudprint.md +++ b/windows/client-management/mdm/policy-csp-enterprisecloudprint.md @@ -4,7 +4,7 @@ description: Learn more about the EnterpriseCloudPrint Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 03/23/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -26,7 +26,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -57,7 +57,7 @@ The default value is an empty string. Otherwise, the value should contain the UR | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -73,7 +73,7 @@ The default value is an empty string. Otherwise, the value should contain the UR | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -104,7 +104,7 @@ The default value is an empty string. Otherwise, the value should contain the UR | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -120,7 +120,7 @@ The default value is an empty string. Otherwise, the value should contain the UR | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -151,7 +151,7 @@ The default value is an empty string. Otherwise, the value should contain a GUID | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -167,7 +167,7 @@ The default value is an empty string. Otherwise, the value should contain a GUID | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -198,7 +198,7 @@ The default value is an empty string. Otherwise, the value should contain a URL. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -214,7 +214,7 @@ The default value is an empty string. Otherwise, the value should contain a URL. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -238,7 +238,7 @@ This policy must target ./User, otherwise it fails. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[0-65535]` | | Default Value | 20 | @@ -256,7 +256,7 @@ This policy must target ./User, otherwise it fails. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -286,7 +286,7 @@ The default value is an empty string. Otherwise, the value should contain a URL. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-errorreporting.md b/windows/client-management/mdm/policy-csp-errorreporting.md index dba5efc34f..d5e7653b5e 100644 --- a/windows/client-management/mdm/policy-csp-errorreporting.md +++ b/windows/client-management/mdm/policy-csp-errorreporting.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -65,7 +65,7 @@ This policy setting determines the consent behavior of Windows Error Reporting f | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -96,7 +96,7 @@ This policy setting determines the consent behavior of Windows Error Reporting f | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -123,7 +123,7 @@ This policy setting turns off Windows Error Reporting, so that reports are not c | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -155,7 +155,7 @@ This policy setting turns off Windows Error Reporting, so that reports are not c | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -186,7 +186,7 @@ See also the Configure Error Reporting policy setting. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -218,7 +218,7 @@ See also the Configure Error Reporting policy setting. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -245,7 +245,7 @@ This policy setting controls whether additional data in support of error reports | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -277,7 +277,7 @@ This policy setting controls whether additional data in support of error reports | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -304,7 +304,7 @@ This policy setting prevents the display of the user interface for critical erro | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-eventlogservice.md b/windows/client-management/mdm/policy-csp-eventlogservice.md index 0d042d9a21..8fa6c8fcc7 100644 --- a/windows/client-management/mdm/policy-csp-eventlogservice.md +++ b/windows/client-management/mdm/policy-csp-eventlogservice.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -58,7 +58,7 @@ This policy setting controls Event Log behavior when the log file reaches its ma | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -90,7 +90,7 @@ This policy setting controls Event Log behavior when the log file reaches its ma | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -117,7 +117,7 @@ This policy setting specifies the maximum size of the log file in kilobytes. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -148,7 +148,7 @@ This policy setting specifies the maximum size of the log file in kilobytes. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -175,7 +175,7 @@ This policy setting specifies the maximum size of the log file in kilobytes. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -206,7 +206,7 @@ This policy setting specifies the maximum size of the log file in kilobytes. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -233,7 +233,7 @@ This policy setting specifies the maximum size of the log file in kilobytes. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-experience.md b/windows/client-management/mdm/policy-csp-experience.md index 81806e561d..651623093f 100644 --- a/windows/client-management/mdm/policy-csp-experience.md +++ b/windows/client-management/mdm/policy-csp-experience.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later | @@ -55,7 +55,7 @@ Policy change takes effect immediately. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -105,7 +105,7 @@ Policy change takes effect immediately. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:x: Pro
:x: Enterprise
:x: Education
:x: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -128,7 +128,7 @@ This policy is deprecated. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -154,7 +154,7 @@ This policy is deprecated. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -182,7 +182,7 @@ When Cortana is off, users will still be able to use search to find things on th | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -222,7 +222,7 @@ When Cortana is off, users will still be able to use search to find things on th | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -245,7 +245,7 @@ Allows users to turn on/off device discovery UX. When set to 0 , the projection | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -271,7 +271,7 @@ Allows users to turn on/off device discovery UX. When set to 0 , the projection | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -298,7 +298,7 @@ When Find My Device is off, the device and its location are not registered and t | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -338,7 +338,7 @@ When Find My Device is off, the device and its location are not registered and t | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -364,7 +364,7 @@ Specifies whether to allow the user to delete the workplace account using the wo | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -390,7 +390,7 @@ Specifies whether to allow the user to delete the workplace account using the wo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -413,7 +413,7 @@ This policy is deprecated. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -439,7 +439,7 @@ This policy is deprecated. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -462,7 +462,7 @@ Allow screen capture. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -491,7 +491,7 @@ Allow screen capture. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -514,7 +514,7 @@ This policy is deprecated. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -540,7 +540,7 @@ This policy is deprecated. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -563,7 +563,7 @@ Allow SIM error dialog prompts when no SIM is inserted. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -589,7 +589,7 @@ Allow SIM error dialog prompts when no SIM is inserted. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:x: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:x: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ❌ Pro
✅ Enterprise
✅ Education
❌ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -619,7 +619,7 @@ The following list shows the supported values: | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[0-1]` | | Default Value | 1 | @@ -651,7 +651,7 @@ The following list shows the supported values: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -674,7 +674,7 @@ Allows or disallows all Windows sync settings on the device. For information abo | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -700,7 +700,7 @@ Allows or disallows all Windows sync settings on the device. For information abo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -729,7 +729,7 @@ This policy allows you to prevent Windows from using diagnostic data to provide | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | | Dependency [Experience_AllowTailoredExperiencesWithDiagnosticData_DependencyGroup] | Dependency Type: `DependsOn`
Dependency URI: `User/Vendor/MSFT/Policy/Config/Experience/AllowWindowsSpotlight`
Dependency Allowed Value: `[1]`
Dependency Allowed Value Type: `Range`
| @@ -773,7 +773,7 @@ This policy allows you to prevent Windows from using diagnostic data to provide | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:x: Pro
:x: Enterprise
:x: Education
:x: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -796,7 +796,7 @@ This policy is deprecated. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -822,7 +822,7 @@ This policy is deprecated. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -845,7 +845,7 @@ Specifies whether to allow app and content suggestions from third-party software | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | | Dependency [Experience_AllowThirdPartySuggestionsInWindowsSpotlight_DependencyGroup] | Dependency Type: `DependsOn`
Dependency URI: `User/Vendor/MSFT/Policy/Config/Experience/AllowWindowsSpotlight`
Dependency Allowed Value: `[1]`
Dependency Allowed Value Type: `Range`
| @@ -889,7 +889,7 @@ Specifies whether to allow app and content suggestions from third-party software | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:x: Pro
:x: Enterprise
:x: Education
:x: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -912,7 +912,7 @@ This policy is deprecated. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -938,7 +938,7 @@ This policy is deprecated. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:x: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:x: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ❌ Pro
✅ Enterprise
✅ Education
❌ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -961,7 +961,7 @@ Prior to Windows 10, version 1803, this policy had User scope. This policy allow | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | | Dependency [Experience_AllowWindowsConsumerFeatures_DependencyGroup] | Dependency Type: `DependsOn`
Dependency URI: `User/Vendor/MSFT/Policy/Config/Experience/AllowWindowsSpotlight`
Dependency Allowed Value: `[1]`
Dependency Allowed Value Type: `Range`
| @@ -1002,7 +1002,7 @@ Prior to Windows 10, version 1803, this policy had User scope. This policy allow | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:x: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:x: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ❌ Device
✅ User | ❌ Pro
✅ Enterprise
✅ Education
❌ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -1028,7 +1028,7 @@ Specifies whether to turn off all Windows spotlight features at once. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -1068,7 +1068,7 @@ Specifies whether to turn off all Windows spotlight features at once. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:x: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:x: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ❌ Device
✅ User | ❌ Pro
✅ Enterprise
✅ Education
❌ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -1094,7 +1094,7 @@ This policy allows administrators to prevent Windows spotlight notifications fro | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | | Dependency [Experience_AllowWindowsSpotlightOnActionCenter_DependencyGroup] | Dependency Type: `DependsOn`
Dependency URI: `User/Vendor/MSFT/Policy/Config/Experience/AllowWindowsSpotlight`
Dependency Allowed Value: `[1]`
Dependency Allowed Value Type: `Range`
| @@ -1135,7 +1135,7 @@ This policy allows administrators to prevent Windows spotlight notifications fro | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:x: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:x: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ❌ Device
✅ User | ❌ Pro
✅ Enterprise
✅ Education
❌ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -1158,7 +1158,7 @@ This policy allows IT admins to turn off Suggestions in Settings app. These sugg | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -1198,7 +1198,7 @@ This policy allows IT admins to turn off Suggestions in Settings app. These sugg | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:x: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:x: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ❌ Device
✅ User | ❌ Pro
✅ Enterprise
✅ Education
❌ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -1224,7 +1224,7 @@ This policy setting lets you turn off the Windows spotlight Windows welcome expe | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | | Dependency [Experience_AllowWindowsSpotlightWindowsWelcomeExperience_DependencyGroup] | Dependency Type: `DependsOn`
Dependency URI: `User/Vendor/MSFT/Policy/Config/Experience/AllowWindowsSpotlight`
Dependency Allowed Value: `[1]`
Dependency Allowed Value Type: `Range`
| @@ -1265,7 +1265,7 @@ This policy setting lets you turn off the Windows spotlight Windows welcome expe | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:x: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:x: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ❌ Pro
✅ Enterprise
✅ Education
❌ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -1288,7 +1288,7 @@ Enables or disables Windows Tips / soft landing. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | | Dependency [Experience_AllowWindowsTips_DependencyGroup] | Dependency Type: `DependsOn`
Dependency URI: `User/Vendor/MSFT/Policy/Config/Experience/AllowWindowsSpotlight`
Dependency Allowed Value: `[1]`
Dependency Allowed Value Type: `Range`
| @@ -1332,7 +1332,7 @@ Enables or disables Windows Tips / soft landing. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1365,7 +1365,7 @@ This policy setting allows you to configure the Chat icon on the taskbar. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -1407,7 +1407,7 @@ This policy setting allows you to configure the Chat icon on the taskbar. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:x: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:x: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ❌ Device
✅ User | ❌ Pro
✅ Enterprise
✅ Education
❌ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -1441,7 +1441,7 @@ Additionally, if you check the "Include content from Enterprise spotlight" check | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | | Dependency [Experience_ConfigureWindowsSpotlightOnLockScreen_DependencyGroup] | Dependency Type: `DependsOn`
Dependency URI: `User/Vendor/MSFT/Policy/Config/Experience/AllowWindowsSpotlight`
Dependency Allowed Value: `[1]`
Dependency Allowed Value Type: `Range`
| @@ -1484,7 +1484,7 @@ Additionally, if you check the "Include content from Enterprise spotlight" check | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:x: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:x: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ❌ Pro
✅ Enterprise
✅ Education
❌ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1511,7 +1511,7 @@ This policy setting lets you turn off cloud optimized content in all Windows exp | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -1551,7 +1551,7 @@ This policy setting lets you turn off cloud optimized content in all Windows exp | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:x: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:x: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ❌ Pro
✅ Enterprise
✅ Education
❌ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1578,7 +1578,7 @@ This policy setting lets you turn off cloud consumer account state content in al | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -1618,7 +1618,7 @@ This policy setting lets you turn off cloud consumer account state content in al | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:x: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:x: Windows SE | :heavy_check_mark: Windows Insider Preview | +| ✅ Device
❌ User | ❌ Pro
✅ Enterprise
✅ Education
❌ Windows SE | ✅ Windows Insider Preview | @@ -1641,7 +1641,7 @@ Allows Text Translation feature to be enabled/disabled. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -1667,7 +1667,7 @@ Allows Text Translation feature to be enabled/disabled. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -1697,7 +1697,7 @@ This policy setting allows an organization to prevent its devices from showing f | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -1737,7 +1737,7 @@ This policy setting allows an organization to prevent its devices from showing f | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later | @@ -1767,7 +1767,7 @@ Related policy: [PreventUsersFromTurningOnBrowserSyncing](#preventusersfromturni | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -1824,7 +1824,7 @@ _**Turn syncing off by default but don’t disable**_ | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:x: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:x: Windows SE | :heavy_check_mark: Windows Insider Preview | +| ❌ Device
✅ User | ❌ Pro
✅ Enterprise
✅ Education
❌ Windows SE | ✅ Windows Insider Preview | @@ -1847,7 +1847,7 @@ Organizational messages allow Administrators to deliver messages to their end us | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -1873,7 +1873,7 @@ Organizational messages allow Administrators to deliver messages to their end us | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:x: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:x: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763] and later | +| ✅ Device
❌ User | ❌ Pro
✅ Enterprise
✅ Education
❌ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later | @@ -1896,7 +1896,7 @@ By default, the "browser" group syncs automatically between the user's devices, | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -1956,7 +1956,7 @@ _**Prevent syncing of browser settings and let users turn on syncing**_ | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:x: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:x: Windows SE | :heavy_check_mark: Windows 10, version 1903 [10.0.18362] and later | +| ✅ Device
❌ User | ❌ Pro
✅ Enterprise
✅ Education
❌ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later | @@ -1985,7 +1985,7 @@ Shows or hides lock from the user tile menu. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | diff --git a/windows/client-management/mdm/policy-csp-exploitguard.md b/windows/client-management/mdm/policy-csp-exploitguard.md index 8a44d2c7e1..9ad5c28623 100644 --- a/windows/client-management/mdm/policy-csp-exploitguard.md +++ b/windows/client-management/mdm/policy-csp-exploitguard.md @@ -4,7 +4,7 @@ description: Learn more about the ExploitGuard Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 03/23/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -26,7 +26,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -49,7 +49,7 @@ Enables the IT admin to push out a configuration representing the desired system | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-federatedauthentication.md b/windows/client-management/mdm/policy-csp-federatedauthentication.md index 85326a86f9..535a19e772 100644 --- a/windows/client-management/mdm/policy-csp-federatedauthentication.md +++ b/windows/client-management/mdm/policy-csp-federatedauthentication.md @@ -4,7 +4,7 @@ description: Learn more about the FederatedAuthentication Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 03/23/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -26,7 +26,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later | @@ -51,7 +51,7 @@ Specifies whether web-based sign-in is enabled with the Primary User experience. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | diff --git a/windows/client-management/mdm/policy-csp-fileexplorer.md b/windows/client-management/mdm/policy-csp-fileexplorer.md index 5ba1b3a809..eaae8b1034 100644 --- a/windows/client-management/mdm/policy-csp-fileexplorer.md +++ b/windows/client-management/mdm/policy-csp-fileexplorer.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -55,7 +55,7 @@ When the Network folder is restricted, give the user the option to enumerate and | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -81,7 +81,7 @@ When the Network folder is restricted, give the user the option to enumerate and | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -108,7 +108,7 @@ When This PC location is restricted, give the user the option to enumerate and n | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -134,7 +134,7 @@ When This PC location is restricted, give the user the option to enumerate and n | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later | @@ -157,7 +157,7 @@ Turning off files from Office.com will prevent File Explorer from requesting rec | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -197,7 +197,7 @@ Turning off files from Office.com will prevent File Explorer from requesting rec | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -224,7 +224,7 @@ A value that can represent one or more folder locations in File Explorer. If not | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -254,7 +254,7 @@ A value that can represent one or more folder locations in File Explorer. If not | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -281,7 +281,7 @@ A value that can represent one or more storage locations in File Explorer. If no | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -313,7 +313,7 @@ A value that can represent one or more storage locations in File Explorer. If no | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -336,7 +336,7 @@ Disabling data execution prevention can allow certain legacy plug-in application | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -368,7 +368,7 @@ Disabling data execution prevention can allow certain legacy plug-in application | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -391,7 +391,7 @@ Disabling heap termination on corruption can allow certain legacy plug-in applic | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-games.md b/windows/client-management/mdm/policy-csp-games.md index e27040ab3b..3cbb9c950a 100644 --- a/windows/client-management/mdm/policy-csp-games.md +++ b/windows/client-management/mdm/policy-csp-games.md @@ -4,7 +4,7 @@ description: Learn more about the Games Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 01/09/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -26,7 +26,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -49,7 +49,7 @@ Specifies whether advanced gaming services can be used. These services may send | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | diff --git a/windows/client-management/mdm/policy-csp-handwriting.md b/windows/client-management/mdm/policy-csp-handwriting.md index 92691739f8..c32d17ab4f 100644 --- a/windows/client-management/mdm/policy-csp-handwriting.md +++ b/windows/client-management/mdm/policy-csp-handwriting.md @@ -4,7 +4,7 @@ description: Learn more about the Handwriting Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 01/09/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -26,7 +26,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -52,7 +52,7 @@ The docked mode is especially useful in Kiosk mode, where you don't expect the e | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | diff --git a/windows/client-management/mdm/policy-csp-humanpresence.md b/windows/client-management/mdm/policy-csp-humanpresence.md index a7f792145a..8dd592ade3 100644 --- a/windows/client-management/mdm/policy-csp-humanpresence.md +++ b/windows/client-management/mdm/policy-csp-humanpresence.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:x: Windows SE | :heavy_check_mark: Windows Insider Preview | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE | ✅ Windows Insider Preview | @@ -51,7 +51,7 @@ Determines whether Allow Adaptive Dimming When External Display Connected checkb | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -87,7 +87,7 @@ Determines whether Allow Adaptive Dimming When External Display Connected checkb | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:x: Windows SE | :heavy_check_mark: Windows Insider Preview | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE | ✅ Windows Insider Preview | @@ -110,7 +110,7 @@ Determines whether Allow Lock on Leave When External Display Connected checkbox | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -146,7 +146,7 @@ Determines whether Allow Lock on Leave When External Display Connected checkbox | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:x: Windows SE | :heavy_check_mark: Windows Insider Preview | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE | ✅ Windows Insider Preview | @@ -169,7 +169,7 @@ Determines whether Allow Wake on Approach When External Display Connected checkb | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -205,7 +205,7 @@ Determines whether Allow Wake on Approach When External Display Connected checkb | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:x: Windows SE | :heavy_check_mark: Windows Insider Preview | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE | ✅ Windows Insider Preview | @@ -228,7 +228,7 @@ Determines whether Disable Wake on Approach When Battery Saver On checkbox is fo | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -264,7 +264,7 @@ Determines whether Disable Wake on Approach When Battery Saver On checkbox is fo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:x: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -288,7 +288,7 @@ This is a power saving feature that prolongs battery charge. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -328,7 +328,7 @@ This is a power saving feature that prolongs battery charge. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:x: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -351,7 +351,7 @@ Determines whether Lock on Leave is forced on/off by the MDM policy. The user wi | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -392,7 +392,7 @@ Determines whether Lock on Leave is forced on/off by the MDM policy. The user wi | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:x: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -415,7 +415,7 @@ Determines whether Wake On Arrival is forced on/off by the MDM policy. The user | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -456,7 +456,7 @@ Determines whether Wake On Arrival is forced on/off by the MDM policy. The user | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:x: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -479,7 +479,7 @@ Determines the timeout for Lock on Leave forced by the MDM policy. The user will | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | diff --git a/windows/client-management/mdm/policy-csp-internetexplorer.md b/windows/client-management/mdm/policy-csp-internetexplorer.md index 9c07168c29..5d865bac55 100644 --- a/windows/client-management/mdm/policy-csp-internetexplorer.md +++ b/windows/client-management/mdm/policy-csp-internetexplorer.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -62,7 +62,7 @@ This policy setting allows you to add a specific list of search providers to the | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -94,7 +94,7 @@ This policy setting allows you to add a specific list of search providers to the | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -125,7 +125,7 @@ This policy setting controls the ActiveX Filtering feature for websites that are | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -157,7 +157,7 @@ This policy setting controls the ActiveX Filtering feature for websites that are | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -194,7 +194,7 @@ Value - A number indicating whether Internet Explorer should deny or allow the a | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -226,7 +226,7 @@ Value - A number indicating whether Internet Explorer should deny or allow the a | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -255,7 +255,7 @@ This AutoComplete feature can remember and suggest User names and passwords on F | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -287,7 +287,7 @@ This AutoComplete feature can remember and suggest User names and passwords on F | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -318,7 +318,7 @@ This policy setting allows you to turn on the certificate address mismatch secur | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -350,7 +350,7 @@ This policy setting allows you to turn on the certificate address mismatch secur | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -385,7 +385,7 @@ If the "Prevent access to Delete Browsing History" policy setting is enabled, th | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -417,7 +417,7 @@ If the "Prevent access to Delete Browsing History" policy setting is enabled, th | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -450,7 +450,7 @@ Enhanced Protected Mode provides additional protection against malicious website | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -482,7 +482,7 @@ Enhanced Protected Mode provides additional protection against malicious website | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1903 [10.0.18362] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later | @@ -515,7 +515,7 @@ This policy setting allows Internet Explorer to provide enhanced suggestions as | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -547,7 +547,7 @@ This policy setting allows Internet Explorer to provide enhanced suggestions as | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -578,7 +578,7 @@ If you disable or don't configure this policy setting, the menu option won't app | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -609,7 +609,7 @@ If you disable or don't configure this policy setting, the menu option won't app | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -640,7 +640,7 @@ This policy setting lets you specify where to find the list of websites you want | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -671,7 +671,7 @@ This policy setting lets you specify where to find the list of websites you want | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -700,7 +700,7 @@ If you disable this policy, system defaults will be used. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -731,7 +731,7 @@ If you disable this policy, system defaults will be used. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -762,7 +762,7 @@ This policy setting allows you to add specific sites that must be viewed in Inte | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -793,7 +793,7 @@ This policy setting allows you to add specific sites that must be viewed in Inte | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -826,7 +826,7 @@ This policy setting controls how Internet Explorer displays local intranet conte | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -858,7 +858,7 @@ This policy setting controls how Internet Explorer displays local intranet conte | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -895,7 +895,7 @@ Note. It is recommended to configure template policy settings in one Group Polic | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -927,7 +927,7 @@ Note. It is recommended to configure template policy settings in one Group Polic | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -964,7 +964,7 @@ Note. It is recommended to configure template policy settings in one Group Polic | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -996,7 +996,7 @@ Note. It is recommended to configure template policy settings in one Group Polic | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -1033,7 +1033,7 @@ Note. It is recommended to configure template policy settings in one Group Polic | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1065,7 +1065,7 @@ Note. It is recommended to configure template policy settings in one Group Polic | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -1102,7 +1102,7 @@ Note. It is recommended to configure template policy settings in one Group Polic | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1134,7 +1134,7 @@ Note. It is recommended to configure template policy settings in one Group Polic | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -1171,7 +1171,7 @@ Note. It is recommended to configure template policy settings in one Group Polic | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1203,7 +1203,7 @@ Note. It is recommended to configure template policy settings in one Group Polic | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -1240,7 +1240,7 @@ Note. It is recommended to configure template policy settings in one Group Polic | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1272,7 +1272,7 @@ Note. It is recommended to configure template policy settings in one Group Polic | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -1309,7 +1309,7 @@ Note. It is recommended to configure template policy settings in one Group Polic | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1341,7 +1341,7 @@ Note. It is recommended to configure template policy settings in one Group Polic | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -1372,7 +1372,7 @@ This policy allows the user to go directly to an intranet site for a one-word en | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1404,7 +1404,7 @@ This policy allows the user to go directly to an intranet site for a one-word en | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: [10.0.20348] and later
:heavy_check_mark: Windows 10, version 1903 [10.0.18362.1350] and later
:heavy_check_mark: Windows 10, version 2004 [10.0.19041.789] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ [10.0.20348] and later
✅ Windows 10, version 1903 [10.0.18362.1350] and later
✅ Windows 10, version 2004 [10.0.19041.789] and later | @@ -1437,7 +1437,7 @@ For more information, see | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1483,7 +1483,7 @@ For more information, see | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -1522,7 +1522,7 @@ Value - A number indicating the zone with which this site should be associated f | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1580,7 +1580,7 @@ Value and index pairs in the SyncML example: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -1617,7 +1617,7 @@ Note. It is recommended to configure template policy settings in one Group Polic | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1649,7 +1649,7 @@ Note. It is recommended to configure template policy settings in one Group Polic | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -1682,7 +1682,7 @@ This policy setting allows you to manage whether software, such as ActiveX contr | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1714,7 +1714,7 @@ This policy setting allows you to manage whether software, such as ActiveX contr | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -1751,7 +1751,7 @@ Note. It is recommended to configure template policy settings in one Group Polic | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1783,7 +1783,7 @@ Note. It is recommended to configure template policy settings in one Group Polic | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -1816,7 +1816,7 @@ This policy setting controls the Suggested Sites feature, which recommends websi | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1848,7 +1848,7 @@ This policy setting controls the Suggested Sites feature, which recommends websi | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -1885,7 +1885,7 @@ Note. It is recommended to configure template policy settings in one Group Polic | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1917,7 +1917,7 @@ Note. It is recommended to configure template policy settings in one Group Polic | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -1950,7 +1950,7 @@ This policy setting allows you to manage whether Internet Explorer will check re | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1982,7 +1982,7 @@ This policy setting allows you to manage whether Internet Explorer will check re | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -2015,7 +2015,7 @@ This policy setting allows you to manage whether Internet Explorer checks for di | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2047,7 +2047,7 @@ This policy setting allows you to manage whether Internet Explorer checks for di | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: [10.0.20348] and later
:heavy_check_mark: Windows 10, version 1903 [10.0.18362.1350] and later
:heavy_check_mark: Windows 10, version 2004 [10.0.19041.789] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ [10.0.20348] and later
✅ Windows 10, version 1903 [10.0.18362.1350] and later
✅ Windows 10, version 2004 [10.0.19041.789] and later | @@ -2095,7 +2095,7 @@ If the Windows Update for the next version of Microsoft Edge* or Microsoft Edge | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2333,7 +2333,7 @@ If the Windows Update for the next version of Microsoft Edge* or Microsoft Edge | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -2368,7 +2368,7 @@ This policy setting determines whether Internet Explorer requires that all file- | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2399,7 +2399,7 @@ This policy setting determines whether Internet Explorer requires that all file- | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1903 [10.0.18362] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later | @@ -2428,7 +2428,7 @@ For more information, see "Out-of-date ActiveX control blocking" in the Internet | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2460,7 +2460,7 @@ For more information, see "Out-of-date ActiveX control blocking" in the Internet | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -2491,7 +2491,7 @@ This policy setting determines whether the user can bypass warnings from SmartSc | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2523,7 +2523,7 @@ This policy setting determines whether the user can bypass warnings from SmartSc | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -2554,7 +2554,7 @@ This policy setting determines whether the user can bypass warnings from SmartSc | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2586,7 +2586,7 @@ This policy setting determines whether the user can bypass warnings from SmartSc | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1903 [10.0.18362] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later | @@ -2617,7 +2617,7 @@ This policy setting controls the Compatibility View feature, which allows the us | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2649,7 +2649,7 @@ This policy setting controls the Compatibility View feature, which allows the us | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -2680,7 +2680,7 @@ This setting specifies the number of days that Internet Explorer tracks views of | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2712,7 +2712,7 @@ This setting specifies the number of days that Internet Explorer tracks views of | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -2743,7 +2743,7 @@ This policy setting allows you to manage the crash detection feature of add-on M | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2775,7 +2775,7 @@ This policy setting allows you to manage the crash detection feature of add-on M | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -2808,7 +2808,7 @@ This policy setting prevents the user from participating in the Customer Experie | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2840,7 +2840,7 @@ This policy setting prevents the user from participating in the Customer Experie | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -2875,7 +2875,7 @@ If the "Prevent access to Delete Browsing History" policy setting is enabled, th | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2907,7 +2907,7 @@ If the "Prevent access to Delete Browsing History" policy setting is enabled, th | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -2938,7 +2938,7 @@ This policy setting prevents the user from having enclosures (file attachments) | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2970,7 +2970,7 @@ This policy setting prevents the user from having enclosures (file attachments) | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -3004,7 +3004,7 @@ This policy setting allows you to turn off support for Transport Layer Security | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -3035,7 +3035,7 @@ This policy setting allows you to turn off support for Transport Layer Security | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1903 [10.0.18362] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later | @@ -3066,7 +3066,7 @@ This policy setting controls whether to have background synchronization for feed | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -3098,7 +3098,7 @@ This policy setting controls whether to have background synchronization for feed | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -3134,7 +3134,7 @@ Starting with Windows 8, the "Welcome to Internet Explorer" webpage is not avail | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -3165,7 +3165,7 @@ Starting with Windows 8, the "Welcome to Internet Explorer" webpage is not avail | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -3200,7 +3200,7 @@ Microsoft collects your browsing history to improve how flip ahead with page pre | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -3232,7 +3232,7 @@ Microsoft collects your browsing history to improve how flip ahead with page pre | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1903 [10.0.18362] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later | @@ -3265,7 +3265,7 @@ This policy setting allows you to disable browser geolocation support. This will | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -3297,7 +3297,7 @@ This policy setting allows you to disable browser geolocation support. This will | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -3324,7 +3324,7 @@ The Home page specified on the General tab of the Internet Options dialog box is | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -3356,7 +3356,7 @@ The Home page specified on the General tab of the Internet Options dialog box is | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: [10.0.20348.1060] and later
:heavy_check_mark: Windows 10, version 1809 [10.0.17763.3460] and later
:heavy_check_mark: Windows 10, version 2004 [10.0.19041.2060] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000.1030] and later
:heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ [10.0.20348.1060] and later
✅ Windows 10, version 1809 [10.0.17763.3460] and later
✅ Windows 10, version 2004 [10.0.19041.2060] and later
✅ Windows 11, version 21H2 [10.0.22000.1030] and later
✅ Windows 11, version 22H2 [10.0.22621] and later | @@ -3387,7 +3387,7 @@ This policy setting specifies if running the HTML Application (HTA file) is bloc | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -3419,7 +3419,7 @@ This policy setting specifies if running the HTML Application (HTA file) is bloc | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -3450,7 +3450,7 @@ This policy setting prevents the user from ignoring Secure Sockets Layer/Transpo | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -3482,7 +3482,7 @@ This policy setting prevents the user from ignoring Secure Sockets Layer/Transpo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -3517,7 +3517,7 @@ InPrivate Browsing prevents Internet Explorer from storing data about a user's b | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -3549,7 +3549,7 @@ InPrivate Browsing prevents Internet Explorer from storing data about a user's b | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: [10.0.20348] and later
:heavy_check_mark: Windows 10, version 1903 [10.0.18362.1350] and later
:heavy_check_mark: Windows 10, version 2004 [10.0.19041.789] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ [10.0.20348] and later
✅ Windows 10, version 1903 [10.0.18362.1350] and later
✅ Windows 10, version 2004 [10.0.19041.789] and later | @@ -3588,7 +3588,7 @@ If you disable, or don't configure this policy, all sites are opened using the c | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -3642,7 +3642,7 @@ If you disable, or don't configure this policy, all sites are opened using the c | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -3678,7 +3678,7 @@ This policy setting determines whether Internet Explorer 11 uses 64-bit processe | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -3710,7 +3710,7 @@ This policy setting determines whether Internet Explorer 11 uses 64-bit processe | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -3741,7 +3741,7 @@ This policy setting specifies if a user can change proxy settings. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -3773,7 +3773,7 @@ This policy setting specifies if a user can change proxy settings. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -3804,7 +3804,7 @@ This policy setting prevents the user from changing the default search provider | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -3836,7 +3836,7 @@ This policy setting prevents the user from changing the default search provider | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -3870,7 +3870,7 @@ Secondary home pages are the default Web pages that Internet Explorer loads in s | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -3901,7 +3901,7 @@ Secondary home pages are the default Web pages that Internet Explorer loads in s | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -3932,7 +3932,7 @@ This policy setting turns off the Security Settings Check feature, which checks | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -3964,7 +3964,7 @@ This policy setting turns off the Security Settings Check feature, which checks | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -3993,7 +3993,7 @@ This policy is intended to help the administrator maintain version control for I | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -4025,7 +4025,7 @@ This policy is intended to help the administrator maintain version control for I | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1903 [10.0.18362] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later | @@ -4058,7 +4058,7 @@ This AutoComplete feature suggests possible matches when users are entering Web | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -4090,7 +4090,7 @@ This AutoComplete feature suggests possible matches when users are entering Web | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -4125,7 +4125,7 @@ When Enhanced Protected Mode is enabled, and a user encounters a website that at | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -4157,7 +4157,7 @@ When Enhanced Protected Mode is enabled, and a user encounters a website that at | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -4191,7 +4191,7 @@ Also, see the "Security zones: Use only machine settings" policy. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -4223,7 +4223,7 @@ Also, see the "Security zones: Use only machine settings" policy. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -4257,7 +4257,7 @@ Also, see the "Security zones: Use only machine settings" policy. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -4289,7 +4289,7 @@ Also, see the "Security zones: Use only machine settings" policy. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -4322,7 +4322,7 @@ For more information, see "Outdated ActiveX Controls" in the Internet Explorer T | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -4354,7 +4354,7 @@ For more information, see "Outdated ActiveX Controls" in the Internet Explorer T | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -4392,7 +4392,7 @@ For more information, see "Outdated ActiveX Controls" in the Internet Explorer T | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -4424,7 +4424,7 @@ For more information, see "Outdated ActiveX Controls" in the Internet Explorer T | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: [10.0.20348.143] and later
:heavy_check_mark: Windows 10, version 1903 [10.0.18362.1474] and later
:heavy_check_mark: Windows 10, version 2004 [10.0.19041.906] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ [10.0.20348.143] and later
✅ Windows 10, version 1903 [10.0.18362.1474] and later
✅ Windows 10, version 2004 [10.0.19041.906] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -4457,7 +4457,7 @@ For more information, see | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -4489,7 +4489,7 @@ For more information, see | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: [10.0.20348.558] and later
:heavy_check_mark: Windows 10, version 2004 [10.0.19041.1566] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000.527] and later
:heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ [10.0.20348.558] and later
✅ Windows 10, version 2004 [10.0.19041.1566] and later
✅ Windows 11, version 21H2 [10.0.22000.527] and later
✅ Windows 11, version 22H2 [10.0.22621] and later | @@ -4524,7 +4524,7 @@ To learn more about disabling Internet Explorer 11 as a standalone browser, see | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -4556,7 +4556,7 @@ To learn more about disabling Internet Explorer 11 as a standalone browser, see | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -4589,7 +4589,7 @@ This policy setting controls whether local sites which are not explicitly mapped | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -4621,7 +4621,7 @@ This policy setting controls whether local sites which are not explicitly mapped | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -4654,7 +4654,7 @@ This policy setting controls whether URLs representing UNCs are mapped into the | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -4686,7 +4686,7 @@ This policy setting controls whether URLs representing UNCs are mapped into the | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -4719,7 +4719,7 @@ This policy setting allows you to manage whether Internet Explorer can access da | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -4750,7 +4750,7 @@ This policy setting allows you to manage whether Internet Explorer can access da | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -4783,7 +4783,7 @@ This policy setting manages whether users will be automatically prompted for Act | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -4814,7 +4814,7 @@ This policy setting manages whether users will be automatically prompted for Act | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -4845,7 +4845,7 @@ This policy setting determines whether users will be prompted for non user-initi | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -4876,7 +4876,7 @@ This policy setting determines whether users will be prompted for non user-initi | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -4911,7 +4911,7 @@ If you select Prompt in the drop-down box, users are queried as to whether to pe | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -4942,7 +4942,7 @@ If you select Prompt in the drop-down box, users are queried as to whether to pe | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -4975,7 +4975,7 @@ This policy setting allows you to manage whether users can drag files or copy an | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -5006,7 +5006,7 @@ This policy setting allows you to manage whether users can drag files or copy an | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -5041,7 +5041,7 @@ This policy setting allows you to manage whether pages of the zone may download | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -5072,7 +5072,7 @@ This policy setting allows you to manage whether pages of the zone may download | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -5105,7 +5105,7 @@ This policy setting allows you to manage whether Web sites from less privileged | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -5136,7 +5136,7 @@ This policy setting allows you to manage whether Web sites from less privileged | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -5169,7 +5169,7 @@ This policy setting allows you to manage the loading of Extensible Application M | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -5200,7 +5200,7 @@ This policy setting allows you to manage the loading of Extensible Application M | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -5233,7 +5233,7 @@ This policy setting allows you to manage whether . NET Framework components that | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -5264,7 +5264,7 @@ This policy setting allows you to manage whether . NET Framework components that | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -5295,7 +5295,7 @@ This policy setting controls whether or not the user is prompted to allow Active | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -5326,7 +5326,7 @@ This policy setting controls whether or not the user is prompted to allow Active | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -5357,7 +5357,7 @@ This policy setting controls whether or not the user is allowed to run the TDC A | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -5388,7 +5388,7 @@ This policy setting controls whether or not the user is allowed to run the TDC A | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -5421,7 +5421,7 @@ This policy setting determines whether a page can control embedded WebBrowser co | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -5452,7 +5452,7 @@ This policy setting determines whether a page can control embedded WebBrowser co | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -5485,7 +5485,7 @@ This policy setting allows you to manage restrictions on script-initiated pop-up | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -5516,7 +5516,7 @@ This policy setting allows you to manage restrictions on script-initiated pop-up | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -5549,7 +5549,7 @@ This policy setting allows you to manage whether the user can run scriptlets. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -5580,7 +5580,7 @@ This policy setting allows you to manage whether the user can run scriptlets. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -5616,7 +5616,7 @@ This policy setting controls whether SmartScreen Filter scans pages in this zone | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -5647,7 +5647,7 @@ This policy setting controls whether SmartScreen Filter scans pages in this zone | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -5678,7 +5678,7 @@ This policy setting allows you to manage whether script is allowed to update the | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -5709,7 +5709,7 @@ This policy setting allows you to manage whether script is allowed to update the | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -5742,7 +5742,7 @@ This policy setting allows you to manage the preservation of information in the | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -5773,7 +5773,7 @@ This policy setting allows you to manage the preservation of information in the | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -5808,7 +5808,7 @@ If you do not configure or disable this policy setting, VBScript is prevented fr | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -5839,7 +5839,7 @@ If you do not configure or disable this policy setting, VBScript is prevented fr | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -5872,7 +5872,7 @@ This policy setting determines whether Internet Explorer runs antimalware progra | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -5903,7 +5903,7 @@ This policy setting determines whether Internet Explorer runs antimalware progra | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -5936,7 +5936,7 @@ This policy setting allows you to manage whether users may download signed Activ | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -5967,7 +5967,7 @@ This policy setting allows you to manage whether users may download signed Activ | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -6000,7 +6000,7 @@ This policy setting allows you to manage whether users may download unsigned Act | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -6031,7 +6031,7 @@ This policy setting allows you to manage whether users may download unsigned Act | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -6062,7 +6062,7 @@ This policy controls whether or not the Cross-Site Scripting (XSS) Filter will d | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -6093,7 +6093,7 @@ This policy controls whether or not the Cross-Site Scripting (XSS) Filter will d | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -6128,7 +6128,7 @@ In Internet Explorer 9 and earlier versions, if you disable this policy or do no | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -6159,7 +6159,7 @@ In Internet Explorer 9 and earlier versions, if you disable this policy or do no | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -6194,7 +6194,7 @@ In Internet Explorer 9 and earlier versions, if you disable this policy setting | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -6225,7 +6225,7 @@ In Internet Explorer 9 and earlier versions, if you disable this policy setting | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -6258,7 +6258,7 @@ This policy setting allows you to manage MIME sniffing for file promotion from o | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -6289,7 +6289,7 @@ This policy setting allows you to manage MIME sniffing for file promotion from o | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -6322,7 +6322,7 @@ This policy setting allows you to turn on Protected Mode. Protected Mode helps p | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -6353,7 +6353,7 @@ This policy setting allows you to turn on Protected Mode. Protected Mode helps p | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -6386,7 +6386,7 @@ This policy setting controls whether or not local path information is sent when | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -6417,7 +6417,7 @@ This policy setting controls whether or not local path information is sent when | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -6452,7 +6452,7 @@ This policy setting allows you to manage ActiveX controls not marked as safe. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -6483,7 +6483,7 @@ This policy setting allows you to manage ActiveX controls not marked as safe. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -6522,7 +6522,7 @@ High Safety enables applets to run in their sandbox. Disable Java to prevent any | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -6553,7 +6553,7 @@ High Safety enables applets to run in their sandbox. Disable Java to prevent any | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -6586,7 +6586,7 @@ This policy setting allows you to manage whether applications may be run and fil | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -6617,7 +6617,7 @@ This policy setting allows you to manage whether applications may be run and fil | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -6658,7 +6658,7 @@ Automatic logon with current user name and password to attempt logon using Windo | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -6689,7 +6689,7 @@ Automatic logon with current user name and password to attempt logon using Windo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -6722,7 +6722,7 @@ This policy setting allows you to manage the opening of windows and frames and a | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -6753,7 +6753,7 @@ This policy setting allows you to manage the opening of windows and frames and a | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -6786,7 +6786,7 @@ This policy setting allows you to manage whether . NET Framework components that | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -6817,7 +6817,7 @@ This policy setting allows you to manage whether . NET Framework components that | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -6850,7 +6850,7 @@ This policy setting controls whether or not the "Open File - Security Warning" m | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -6881,7 +6881,7 @@ This policy setting controls whether or not the "Open File - Security Warning" m | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -6914,7 +6914,7 @@ This policy setting allows you to manage whether unwanted pop-up windows appear. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -6945,7 +6945,7 @@ This policy setting allows you to manage whether unwanted pop-up windows appear. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -6978,7 +6978,7 @@ This policy setting allows you to manage whether Internet Explorer can access da | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -7009,7 +7009,7 @@ This policy setting allows you to manage whether Internet Explorer can access da | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -7042,7 +7042,7 @@ This policy setting manages whether users will be automatically prompted for Act | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -7073,7 +7073,7 @@ This policy setting manages whether users will be automatically prompted for Act | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -7104,7 +7104,7 @@ This policy setting determines whether users will be prompted for non user-initi | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -7135,7 +7135,7 @@ This policy setting determines whether users will be prompted for non user-initi | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -7170,7 +7170,7 @@ This policy setting allows you to manage whether pages of the zone may download | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -7201,7 +7201,7 @@ This policy setting allows you to manage whether pages of the zone may download | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -7234,7 +7234,7 @@ This policy setting allows you to manage whether Web sites from less privileged | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -7265,7 +7265,7 @@ This policy setting allows you to manage whether Web sites from less privileged | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -7298,7 +7298,7 @@ This policy setting allows you to manage whether . NET Framework components that | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -7329,7 +7329,7 @@ This policy setting allows you to manage whether . NET Framework components that | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -7362,7 +7362,7 @@ This policy setting allows you to manage whether the user can run scriptlets. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -7393,7 +7393,7 @@ This policy setting allows you to manage whether the user can run scriptlets. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -7429,7 +7429,7 @@ This policy setting controls whether SmartScreen Filter scans pages in this zone | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -7460,7 +7460,7 @@ This policy setting controls whether SmartScreen Filter scans pages in this zone | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -7493,7 +7493,7 @@ This policy setting allows you to manage the preservation of information in the | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -7524,7 +7524,7 @@ This policy setting allows you to manage the preservation of information in the | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -7557,7 +7557,7 @@ This policy setting determines whether Internet Explorer runs antimalware progra | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -7588,7 +7588,7 @@ This policy setting determines whether Internet Explorer runs antimalware progra | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -7623,7 +7623,7 @@ This policy setting allows you to manage ActiveX controls not marked as safe. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -7654,7 +7654,7 @@ This policy setting allows you to manage ActiveX controls not marked as safe. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -7693,7 +7693,7 @@ High Safety enables applets to run in their sandbox. Disable Java to prevent any | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -7724,7 +7724,7 @@ High Safety enables applets to run in their sandbox. Disable Java to prevent any | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -7757,7 +7757,7 @@ This policy setting allows you to manage the opening of windows and frames and a | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -7788,7 +7788,7 @@ This policy setting allows you to manage the opening of windows and frames and a | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -7821,7 +7821,7 @@ This policy setting specifies whether JScript or JScript9Legacy is loaded for MS | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -7853,7 +7853,7 @@ This policy setting specifies whether JScript or JScript9Legacy is loaded for MS | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: [10.0.20348] and later
:heavy_check_mark: Windows 10, version 1903 [10.0.18362.1350] and later
:heavy_check_mark: Windows 10, version 2004 [10.0.19041.789] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ [10.0.20348] and later
✅ Windows 10, version 1903 [10.0.18362.1350] and later
✅ Windows 10, version 2004 [10.0.19041.789] and later | @@ -7893,7 +7893,7 @@ For more info about how to use this policy together with other related policies | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -7948,7 +7948,7 @@ For more info about how to use this policy together with other related policies | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -7981,7 +7981,7 @@ This policy setting allows you to manage whether Internet Explorer can access da | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -8012,7 +8012,7 @@ This policy setting allows you to manage whether Internet Explorer can access da | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -8045,7 +8045,7 @@ This policy setting manages whether users will be automatically prompted for Act | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -8076,7 +8076,7 @@ This policy setting manages whether users will be automatically prompted for Act | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -8107,7 +8107,7 @@ This policy setting determines whether users will be prompted for non user-initi | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -8138,7 +8138,7 @@ This policy setting determines whether users will be prompted for non user-initi | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -8173,7 +8173,7 @@ This policy setting allows you to manage whether pages of the zone may download | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -8204,7 +8204,7 @@ This policy setting allows you to manage whether pages of the zone may download | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -8237,7 +8237,7 @@ This policy setting allows you to manage whether Web sites from less privileged | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -8268,7 +8268,7 @@ This policy setting allows you to manage whether Web sites from less privileged | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -8301,7 +8301,7 @@ This policy setting allows you to manage whether . NET Framework components that | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -8332,7 +8332,7 @@ This policy setting allows you to manage whether . NET Framework components that | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -8365,7 +8365,7 @@ This policy setting allows you to manage whether the user can run scriptlets. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -8396,7 +8396,7 @@ This policy setting allows you to manage whether the user can run scriptlets. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -8432,7 +8432,7 @@ This policy setting controls whether SmartScreen Filter scans pages in this zone | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -8463,7 +8463,7 @@ This policy setting controls whether SmartScreen Filter scans pages in this zone | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -8496,7 +8496,7 @@ This policy setting allows you to manage the preservation of information in the | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -8527,7 +8527,7 @@ This policy setting allows you to manage the preservation of information in the | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -8560,7 +8560,7 @@ This policy setting determines whether Internet Explorer runs antimalware progra | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -8591,7 +8591,7 @@ This policy setting determines whether Internet Explorer runs antimalware progra | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -8626,7 +8626,7 @@ This policy setting allows you to manage ActiveX controls not marked as safe. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -8657,7 +8657,7 @@ This policy setting allows you to manage ActiveX controls not marked as safe. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -8696,7 +8696,7 @@ High Safety enables applets to run in their sandbox. Disable Java to prevent any | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -8727,7 +8727,7 @@ High Safety enables applets to run in their sandbox. Disable Java to prevent any | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -8760,7 +8760,7 @@ This policy setting allows you to manage the opening of windows and frames and a | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -8791,7 +8791,7 @@ This policy setting allows you to manage the opening of windows and frames and a | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -8824,7 +8824,7 @@ This policy setting allows you to manage whether Internet Explorer can access da | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -8855,7 +8855,7 @@ This policy setting allows you to manage whether Internet Explorer can access da | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -8888,7 +8888,7 @@ This policy setting manages whether users will be automatically prompted for Act | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -8919,7 +8919,7 @@ This policy setting manages whether users will be automatically prompted for Act | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -8950,7 +8950,7 @@ This policy setting determines whether users will be prompted for non user-initi | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -8981,7 +8981,7 @@ This policy setting determines whether users will be prompted for non user-initi | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -9016,7 +9016,7 @@ This policy setting allows you to manage whether pages of the zone may download | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -9047,7 +9047,7 @@ This policy setting allows you to manage whether pages of the zone may download | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -9080,7 +9080,7 @@ This policy setting allows you to manage whether Web sites from less privileged | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -9111,7 +9111,7 @@ This policy setting allows you to manage whether Web sites from less privileged | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -9144,7 +9144,7 @@ This policy setting allows you to manage whether . NET Framework components that | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -9175,7 +9175,7 @@ This policy setting allows you to manage whether . NET Framework components that | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -9208,7 +9208,7 @@ This policy setting allows you to manage whether the user can run scriptlets. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -9239,7 +9239,7 @@ This policy setting allows you to manage whether the user can run scriptlets. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -9275,7 +9275,7 @@ This policy setting controls whether SmartScreen Filter scans pages in this zone | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -9306,7 +9306,7 @@ This policy setting controls whether SmartScreen Filter scans pages in this zone | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -9339,7 +9339,7 @@ This policy setting allows you to manage the preservation of information in the | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -9370,7 +9370,7 @@ This policy setting allows you to manage the preservation of information in the | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -9405,7 +9405,7 @@ This policy setting allows you to manage ActiveX controls not marked as safe. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -9436,7 +9436,7 @@ This policy setting allows you to manage ActiveX controls not marked as safe. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -9475,7 +9475,7 @@ High Safety enables applets to run in their sandbox. Disable Java to prevent any | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -9506,7 +9506,7 @@ High Safety enables applets to run in their sandbox. Disable Java to prevent any | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -9539,7 +9539,7 @@ This policy setting allows you to manage the opening of windows and frames and a | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -9570,7 +9570,7 @@ This policy setting allows you to manage the opening of windows and frames and a | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -9609,7 +9609,7 @@ High Safety enables applets to run in their sandbox. Disable Java to prevent any | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -9640,7 +9640,7 @@ High Safety enables applets to run in their sandbox. Disable Java to prevent any | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -9673,7 +9673,7 @@ This policy setting allows you to manage whether Internet Explorer can access da | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -9704,7 +9704,7 @@ This policy setting allows you to manage whether Internet Explorer can access da | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -9737,7 +9737,7 @@ This policy setting manages whether users will be automatically prompted for Act | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -9768,7 +9768,7 @@ This policy setting manages whether users will be automatically prompted for Act | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -9799,7 +9799,7 @@ This policy setting determines whether users will be prompted for non user-initi | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -9830,7 +9830,7 @@ This policy setting determines whether users will be prompted for non user-initi | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -9865,7 +9865,7 @@ This policy setting allows you to manage whether pages of the zone may download | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -9896,7 +9896,7 @@ This policy setting allows you to manage whether pages of the zone may download | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -9929,7 +9929,7 @@ This policy setting allows you to manage whether Web sites from less privileged | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -9960,7 +9960,7 @@ This policy setting allows you to manage whether Web sites from less privileged | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -9993,7 +9993,7 @@ This policy setting allows you to manage whether . NET Framework components that | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -10024,7 +10024,7 @@ This policy setting allows you to manage whether . NET Framework components that | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -10057,7 +10057,7 @@ This policy setting allows you to manage whether the user can run scriptlets. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -10088,7 +10088,7 @@ This policy setting allows you to manage whether the user can run scriptlets. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -10124,7 +10124,7 @@ This policy setting controls whether SmartScreen Filter scans pages in this zone | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -10155,7 +10155,7 @@ This policy setting controls whether SmartScreen Filter scans pages in this zone | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -10188,7 +10188,7 @@ This policy setting allows you to manage the preservation of information in the | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -10219,7 +10219,7 @@ This policy setting allows you to manage the preservation of information in the | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -10254,7 +10254,7 @@ This policy setting allows you to manage ActiveX controls not marked as safe. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -10285,7 +10285,7 @@ This policy setting allows you to manage ActiveX controls not marked as safe. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -10318,7 +10318,7 @@ This policy setting allows you to manage the opening of windows and frames and a | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -10349,7 +10349,7 @@ This policy setting allows you to manage the opening of windows and frames and a | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -10382,7 +10382,7 @@ This policy setting allows you to manage whether Internet Explorer can access da | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -10413,7 +10413,7 @@ This policy setting allows you to manage whether Internet Explorer can access da | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -10446,7 +10446,7 @@ This policy setting manages whether users will be automatically prompted for Act | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -10477,7 +10477,7 @@ This policy setting manages whether users will be automatically prompted for Act | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -10508,7 +10508,7 @@ This policy setting determines whether users will be prompted for non user-initi | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -10539,7 +10539,7 @@ This policy setting determines whether users will be prompted for non user-initi | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -10574,7 +10574,7 @@ This policy setting allows you to manage whether pages of the zone may download | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -10605,7 +10605,7 @@ This policy setting allows you to manage whether pages of the zone may download | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -10638,7 +10638,7 @@ This policy setting allows you to manage whether Web sites from less privileged | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -10669,7 +10669,7 @@ This policy setting allows you to manage whether Web sites from less privileged | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -10702,7 +10702,7 @@ This policy setting allows you to manage whether . NET Framework components that | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -10733,7 +10733,7 @@ This policy setting allows you to manage whether . NET Framework components that | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -10766,7 +10766,7 @@ This policy setting allows you to manage whether the user can run scriptlets. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -10797,7 +10797,7 @@ This policy setting allows you to manage whether the user can run scriptlets. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -10833,7 +10833,7 @@ This policy setting controls whether SmartScreen Filter scans pages in this zone | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -10864,7 +10864,7 @@ This policy setting controls whether SmartScreen Filter scans pages in this zone | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -10897,7 +10897,7 @@ This policy setting allows you to manage the preservation of information in the | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -10928,7 +10928,7 @@ This policy setting allows you to manage the preservation of information in the | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -10963,7 +10963,7 @@ This policy setting allows you to manage ActiveX controls not marked as safe. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -10994,7 +10994,7 @@ This policy setting allows you to manage ActiveX controls not marked as safe. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -11033,7 +11033,7 @@ High Safety enables applets to run in their sandbox. Disable Java to prevent any | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -11064,7 +11064,7 @@ High Safety enables applets to run in their sandbox. Disable Java to prevent any | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -11097,7 +11097,7 @@ This policy setting allows you to manage the opening of windows and frames and a | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -11128,7 +11128,7 @@ This policy setting allows you to manage the opening of windows and frames and a | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -11161,7 +11161,7 @@ This policy setting allows you to manage whether Internet Explorer can access da | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -11192,7 +11192,7 @@ This policy setting allows you to manage whether Internet Explorer can access da | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -11225,7 +11225,7 @@ This policy setting manages whether users will be automatically prompted for Act | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -11256,7 +11256,7 @@ This policy setting manages whether users will be automatically prompted for Act | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -11287,7 +11287,7 @@ This policy setting determines whether users will be prompted for non user-initi | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -11318,7 +11318,7 @@ This policy setting determines whether users will be prompted for non user-initi | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -11353,7 +11353,7 @@ This policy setting allows you to manage whether pages of the zone may download | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -11384,7 +11384,7 @@ This policy setting allows you to manage whether pages of the zone may download | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -11417,7 +11417,7 @@ This policy setting allows you to manage whether Web sites from less privileged | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -11448,7 +11448,7 @@ This policy setting allows you to manage whether Web sites from less privileged | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -11481,7 +11481,7 @@ This policy setting allows you to manage whether . NET Framework components that | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -11512,7 +11512,7 @@ This policy setting allows you to manage whether . NET Framework components that | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -11545,7 +11545,7 @@ This policy setting allows you to manage whether the user can run scriptlets. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -11576,7 +11576,7 @@ This policy setting allows you to manage whether the user can run scriptlets. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -11612,7 +11612,7 @@ This policy setting controls whether SmartScreen Filter scans pages in this zone | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -11643,7 +11643,7 @@ This policy setting controls whether SmartScreen Filter scans pages in this zone | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -11676,7 +11676,7 @@ This policy setting allows you to manage the preservation of information in the | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -11707,7 +11707,7 @@ This policy setting allows you to manage the preservation of information in the | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -11742,7 +11742,7 @@ This policy setting allows you to manage ActiveX controls not marked as safe. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -11773,7 +11773,7 @@ This policy setting allows you to manage ActiveX controls not marked as safe. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -11812,7 +11812,7 @@ High Safety enables applets to run in their sandbox. Disable Java to prevent any | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -11843,7 +11843,7 @@ High Safety enables applets to run in their sandbox. Disable Java to prevent any | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -11876,7 +11876,7 @@ This policy setting allows you to manage the opening of windows and frames and a | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -11907,7 +11907,7 @@ This policy setting allows you to manage the opening of windows and frames and a | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -11940,7 +11940,7 @@ This policy setting allows you to manage whether Internet Explorer can access da | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -11971,7 +11971,7 @@ This policy setting allows you to manage whether Internet Explorer can access da | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -12004,7 +12004,7 @@ This policy setting manages whether users will be automatically prompted for Act | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -12035,7 +12035,7 @@ This policy setting manages whether users will be automatically prompted for Act | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -12066,7 +12066,7 @@ This policy setting determines whether users will be prompted for non user-initi | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -12097,7 +12097,7 @@ This policy setting determines whether users will be prompted for non user-initi | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -12132,7 +12132,7 @@ This policy setting allows you to manage whether pages of the zone may download | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -12163,7 +12163,7 @@ This policy setting allows you to manage whether pages of the zone may download | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -12196,7 +12196,7 @@ This policy setting allows you to manage whether Web sites from less privileged | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -12227,7 +12227,7 @@ This policy setting allows you to manage whether Web sites from less privileged | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -12260,7 +12260,7 @@ This policy setting allows you to manage whether . NET Framework components that | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -12291,7 +12291,7 @@ This policy setting allows you to manage whether . NET Framework components that | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -12324,7 +12324,7 @@ This policy setting allows you to manage whether the user can run scriptlets. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -12355,7 +12355,7 @@ This policy setting allows you to manage whether the user can run scriptlets. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -12391,7 +12391,7 @@ This policy setting controls whether SmartScreen Filter scans pages in this zone | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -12422,7 +12422,7 @@ This policy setting controls whether SmartScreen Filter scans pages in this zone | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -12455,7 +12455,7 @@ This policy setting allows you to manage the preservation of information in the | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -12486,7 +12486,7 @@ This policy setting allows you to manage the preservation of information in the | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -12521,7 +12521,7 @@ This policy setting allows you to manage ActiveX controls not marked as safe. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -12552,7 +12552,7 @@ This policy setting allows you to manage ActiveX controls not marked as safe. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -12591,7 +12591,7 @@ High Safety enables applets to run in their sandbox. Disable Java to prevent any | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -12622,7 +12622,7 @@ High Safety enables applets to run in their sandbox. Disable Java to prevent any | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -12655,7 +12655,7 @@ This policy setting allows you to manage the opening of windows and frames and a | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -12686,7 +12686,7 @@ This policy setting allows you to manage the opening of windows and frames and a | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -12719,7 +12719,7 @@ This policy setting determines whether Internet Explorer MIME sniffing will prev | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -12750,7 +12750,7 @@ This policy setting determines whether Internet Explorer MIME sniffing will prev | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -12783,7 +12783,7 @@ The MK Protocol Security Restriction policy setting reduces attack surface area | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -12814,7 +12814,7 @@ The MK Protocol Security Restriction policy setting reduces attack surface area | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1903 [10.0.18362] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later | @@ -12845,7 +12845,7 @@ This policy setting allows you to specify what is displayed when the user opens | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -12876,7 +12876,7 @@ This policy setting allows you to specify what is displayed when the user opens | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -12909,7 +12909,7 @@ This policy setting allows you to manage whether the Notification bar is display | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -12940,7 +12940,7 @@ This policy setting allows you to manage whether the Notification bar is display | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -12971,7 +12971,7 @@ This policy setting prevents the user from managing SmartScreen Filter, which wa | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -13002,7 +13002,7 @@ This policy setting prevents the user from managing SmartScreen Filter, which wa | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -13033,7 +13033,7 @@ This policy setting allows you to prevent the installation of ActiveX controls o | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -13065,7 +13065,7 @@ This policy setting allows you to prevent the installation of ActiveX controls o | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -13098,7 +13098,7 @@ Internet Explorer places restrictions on each Web page it opens. The restriction | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -13129,7 +13129,7 @@ Internet Explorer places restrictions on each Web page it opens. The restriction | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -13162,7 +13162,7 @@ For more information, see "Outdated ActiveX Controls" in the Internet Explorer T | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -13194,7 +13194,7 @@ For more information, see "Outdated ActiveX Controls" in the Internet Explorer T | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: [10.0.20348.261] and later
:heavy_check_mark: Windows 10, version 1903 [10.0.18362.1832] and later
:heavy_check_mark: Windows 10, version 2004 [10.0.19041.1266] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000.282] and later
:heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ [10.0.20348.261] and later
✅ Windows 10, version 1903 [10.0.18362.1832] and later
✅ Windows 10, version 2004 [10.0.19041.1266] and later
✅ Windows 11, version 21H2 [10.0.22000.282] and later
✅ Windows 11, version 22H2 [10.0.22621] and later | @@ -13227,7 +13227,7 @@ For more information, see | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -13259,7 +13259,7 @@ For more information, see | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -13292,7 +13292,7 @@ This policy setting enables blocking of ActiveX control installation prompts for | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -13323,7 +13323,7 @@ This policy setting enables blocking of ActiveX control installation prompts for | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -13356,7 +13356,7 @@ This policy setting allows you to manage whether Internet Explorer can access da | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -13387,7 +13387,7 @@ This policy setting allows you to manage whether Internet Explorer can access da | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -13420,7 +13420,7 @@ This policy setting allows you to manage whether script code on pages in the zon | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -13451,7 +13451,7 @@ This policy setting allows you to manage whether script code on pages in the zon | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -13484,7 +13484,7 @@ This policy setting manages whether users will be automatically prompted for Act | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -13515,7 +13515,7 @@ This policy setting manages whether users will be automatically prompted for Act | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -13546,7 +13546,7 @@ This policy setting determines whether users will be prompted for non user-initi | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -13577,7 +13577,7 @@ This policy setting determines whether users will be prompted for non user-initi | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -13610,7 +13610,7 @@ This policy setting allows you to manage dynamic binary and script behaviors: co | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -13641,7 +13641,7 @@ This policy setting allows you to manage dynamic binary and script behaviors: co | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -13676,7 +13676,7 @@ If you select Prompt in the drop-down box, users are queried as to whether to pe | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -13707,7 +13707,7 @@ If you select Prompt in the drop-down box, users are queried as to whether to pe | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -13740,7 +13740,7 @@ This policy setting allows you to manage whether users can drag files or copy an | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -13771,7 +13771,7 @@ This policy setting allows you to manage whether users can drag files or copy an | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -13804,7 +13804,7 @@ This policy setting allows you to manage whether file downloads are permitted fr | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -13835,7 +13835,7 @@ This policy setting allows you to manage whether file downloads are permitted fr | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -13870,7 +13870,7 @@ This policy setting allows you to manage whether pages of the zone may download | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -13901,7 +13901,7 @@ This policy setting allows you to manage whether pages of the zone may download | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -13934,7 +13934,7 @@ This policy setting allows you to manage whether Web sites from less privileged | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -13965,7 +13965,7 @@ This policy setting allows you to manage whether Web sites from less privileged | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -13998,7 +13998,7 @@ This policy setting allows you to manage the loading of Extensible Application M | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -14029,7 +14029,7 @@ This policy setting allows you to manage the loading of Extensible Application M | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -14062,7 +14062,7 @@ This policy setting allows you to manage whether a user's browser can be redirec | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -14093,7 +14093,7 @@ This policy setting allows you to manage whether a user's browser can be redirec | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -14126,7 +14126,7 @@ This policy setting allows you to manage whether . NET Framework components that | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -14157,7 +14157,7 @@ This policy setting allows you to manage whether . NET Framework components that | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -14188,7 +14188,7 @@ This policy setting controls whether or not the user is prompted to allow Active | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -14219,7 +14219,7 @@ This policy setting controls whether or not the user is prompted to allow Active | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -14250,7 +14250,7 @@ This policy setting controls whether or not the user is allowed to run the TDC A | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -14281,7 +14281,7 @@ This policy setting controls whether or not the user is allowed to run the TDC A | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -14314,7 +14314,7 @@ This policy setting determines whether a page can control embedded WebBrowser co | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -14345,7 +14345,7 @@ This policy setting determines whether a page can control embedded WebBrowser co | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -14378,7 +14378,7 @@ This policy setting allows you to manage restrictions on script-initiated pop-up | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -14409,7 +14409,7 @@ This policy setting allows you to manage restrictions on script-initiated pop-up | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -14442,7 +14442,7 @@ This policy setting allows you to manage whether the user can run scriptlets. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -14473,7 +14473,7 @@ This policy setting allows you to manage whether the user can run scriptlets. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -14509,7 +14509,7 @@ This policy setting controls whether SmartScreen Filter scans pages in this zone | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -14540,7 +14540,7 @@ This policy setting controls whether SmartScreen Filter scans pages in this zone | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -14571,7 +14571,7 @@ This policy setting allows you to manage whether script is allowed to update the | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -14602,7 +14602,7 @@ This policy setting allows you to manage whether script is allowed to update the | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -14635,7 +14635,7 @@ This policy setting allows you to manage the preservation of information in the | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -14666,7 +14666,7 @@ This policy setting allows you to manage the preservation of information in the | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -14701,7 +14701,7 @@ If you do not configure or disable this policy setting, VBScript is prevented fr | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -14732,7 +14732,7 @@ If you do not configure or disable this policy setting, VBScript is prevented fr | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -14765,7 +14765,7 @@ This policy setting determines whether Internet Explorer runs antimalware progra | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -14796,7 +14796,7 @@ This policy setting determines whether Internet Explorer runs antimalware progra | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -14829,7 +14829,7 @@ This policy setting allows you to manage whether users may download signed Activ | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -14860,7 +14860,7 @@ This policy setting allows you to manage whether users may download signed Activ | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -14893,7 +14893,7 @@ This policy setting allows you to manage whether users may download unsigned Act | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -14924,7 +14924,7 @@ This policy setting allows you to manage whether users may download unsigned Act | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -14955,7 +14955,7 @@ This policy controls whether or not the Cross-Site Scripting (XSS) Filter will d | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -14986,7 +14986,7 @@ This policy controls whether or not the Cross-Site Scripting (XSS) Filter will d | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -15021,7 +15021,7 @@ In Internet Explorer 9 and earlier versions, if you disable this policy or do no | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -15052,7 +15052,7 @@ In Internet Explorer 9 and earlier versions, if you disable this policy or do no | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -15087,7 +15087,7 @@ In Internet Explorer 9 and earlier versions, if you disable this policy setting | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -15118,7 +15118,7 @@ In Internet Explorer 9 and earlier versions, if you disable this policy setting | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -15151,7 +15151,7 @@ This policy setting allows you to manage MIME sniffing for file promotion from o | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -15182,7 +15182,7 @@ This policy setting allows you to manage MIME sniffing for file promotion from o | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -15215,7 +15215,7 @@ This policy setting controls whether or not local path information is sent when | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -15246,7 +15246,7 @@ This policy setting controls whether or not local path information is sent when | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -15281,7 +15281,7 @@ This policy setting allows you to manage ActiveX controls not marked as safe. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -15312,7 +15312,7 @@ This policy setting allows you to manage ActiveX controls not marked as safe. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -15351,7 +15351,7 @@ High Safety enables applets to run in their sandbox. Disable Java to prevent any | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -15382,7 +15382,7 @@ High Safety enables applets to run in their sandbox. Disable Java to prevent any | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -15415,7 +15415,7 @@ This policy setting allows you to manage whether applications may be run and fil | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -15446,7 +15446,7 @@ This policy setting allows you to manage whether applications may be run and fil | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -15487,7 +15487,7 @@ Automatic logon with current user name and password to attempt logon using Windo | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -15518,7 +15518,7 @@ Automatic logon with current user name and password to attempt logon using Windo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -15551,7 +15551,7 @@ This policy setting allows you to manage the opening of windows and frames and a | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -15582,7 +15582,7 @@ This policy setting allows you to manage the opening of windows and frames and a | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -15617,7 +15617,7 @@ If you selected Prompt in the drop-down box, users are asked to choose whether t | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -15648,7 +15648,7 @@ If you selected Prompt in the drop-down box, users are asked to choose whether t | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -15681,7 +15681,7 @@ This policy setting allows you to manage whether . NET Framework components that | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -15712,7 +15712,7 @@ This policy setting allows you to manage whether . NET Framework components that | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -15747,7 +15747,7 @@ If you select Prompt in the drop-down box, users are queried to choose whether t | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -15778,7 +15778,7 @@ If you select Prompt in the drop-down box, users are queried to choose whether t | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -15813,7 +15813,7 @@ If you select Prompt in the drop-down box, users are queried to choose whether t | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -15844,7 +15844,7 @@ If you select Prompt in the drop-down box, users are queried to choose whether t | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -15877,7 +15877,7 @@ This policy setting controls whether or not the "Open File - Security Warning" m | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -15908,7 +15908,7 @@ This policy setting controls whether or not the "Open File - Security Warning" m | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -15941,7 +15941,7 @@ This policy setting allows you to turn on Protected Mode. Protected Mode helps p | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -15972,7 +15972,7 @@ This policy setting allows you to turn on Protected Mode. Protected Mode helps p | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -16005,7 +16005,7 @@ This policy setting allows you to manage whether unwanted pop-up windows appear. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -16036,7 +16036,7 @@ This policy setting allows you to manage whether unwanted pop-up windows appear. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -16069,7 +16069,7 @@ This policy setting enables blocking of file download prompts that are not user | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -16100,7 +16100,7 @@ This policy setting enables blocking of file download prompts that are not user | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -16133,7 +16133,7 @@ Internet Explorer allows scripts to programmatically open, resize, and repositio | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -16164,7 +16164,7 @@ Internet Explorer allows scripts to programmatically open, resize, and repositio | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -16198,7 +16198,7 @@ This policy setting allows you to restrict the search providers that appear in t | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -16230,7 +16230,7 @@ This policy setting allows you to restrict the search providers that appear in t | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -16261,7 +16261,7 @@ Also, see the "Security zones: Do not allow users to change policies" policy. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -16293,7 +16293,7 @@ Also, see the "Security zones: Do not allow users to change policies" policy. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: [10.0.20348] and later
:heavy_check_mark: Windows 10, version 1903 [10.0.18362.1350] and later
:heavy_check_mark: Windows 10, version 2004 [10.0.19041.789] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ [10.0.20348] and later
✅ Windows 10, version 1903 [10.0.18362.1350] and later
✅ Windows 10, version 2004 [10.0.19041.789] and later | @@ -16329,7 +16329,7 @@ Disabling, or not configuring this setting, opens all sites based on the current | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -16384,7 +16384,7 @@ Disabling, or not configuring this setting, opens all sites based on the current | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -16415,7 +16415,7 @@ This policy setting allows you to specify how ActiveX controls are installed. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -16447,7 +16447,7 @@ This policy setting allows you to specify how ActiveX controls are installed. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -16480,7 +16480,7 @@ This policy setting allows you to manage whether Internet Explorer can access da | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -16511,7 +16511,7 @@ This policy setting allows you to manage whether Internet Explorer can access da | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -16544,7 +16544,7 @@ This policy setting manages whether users will be automatically prompted for Act | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -16575,7 +16575,7 @@ This policy setting manages whether users will be automatically prompted for Act | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -16606,7 +16606,7 @@ This policy setting determines whether users will be prompted for non user-initi | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -16637,7 +16637,7 @@ This policy setting determines whether users will be prompted for non user-initi | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -16672,7 +16672,7 @@ This policy setting allows you to manage whether pages of the zone may download | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -16703,7 +16703,7 @@ This policy setting allows you to manage whether pages of the zone may download | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -16736,7 +16736,7 @@ This policy setting allows you to manage whether Web sites from less privileged | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -16767,7 +16767,7 @@ This policy setting allows you to manage whether Web sites from less privileged | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -16800,7 +16800,7 @@ This policy setting allows you to manage whether . NET Framework components that | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -16831,7 +16831,7 @@ This policy setting allows you to manage whether . NET Framework components that | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -16864,7 +16864,7 @@ This policy setting allows you to manage whether the user can run scriptlets. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -16895,7 +16895,7 @@ This policy setting allows you to manage whether the user can run scriptlets. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -16931,7 +16931,7 @@ This policy setting controls whether SmartScreen Filter scans pages in this zone | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -16962,7 +16962,7 @@ This policy setting controls whether SmartScreen Filter scans pages in this zone | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -16995,7 +16995,7 @@ This policy setting allows you to manage the preservation of information in the | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -17026,7 +17026,7 @@ This policy setting allows you to manage the preservation of information in the | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -17059,7 +17059,7 @@ This policy setting determines whether Internet Explorer runs antimalware progra | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -17090,7 +17090,7 @@ This policy setting determines whether Internet Explorer runs antimalware progra | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -17125,7 +17125,7 @@ This policy setting allows you to manage ActiveX controls not marked as safe. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -17156,7 +17156,7 @@ This policy setting allows you to manage ActiveX controls not marked as safe. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -17195,7 +17195,7 @@ High Safety enables applets to run in their sandbox. Disable Java to prevent any | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -17226,7 +17226,7 @@ High Safety enables applets to run in their sandbox. Disable Java to prevent any | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -17259,7 +17259,7 @@ This policy setting allows you to manage the opening of windows and frames and a | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-kerberos.md b/windows/client-management/mdm/policy-csp-kerberos.md index 2083db2928..013665a0e7 100644 --- a/windows/client-management/mdm/policy-csp-kerberos.md +++ b/windows/client-management/mdm/policy-csp-kerberos.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -55,7 +55,7 @@ This policy setting defines the list of trusting forests that the Kerberos clien | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -87,7 +87,7 @@ This policy setting defines the list of trusting forests that the Kerberos clien | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -114,7 +114,7 @@ This policy setting allows retrieving the Azure AD Kerberos Ticket Granting Tick | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -154,7 +154,7 @@ This policy setting allows retrieving the Azure AD Kerberos Ticket Granting Tick | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -181,7 +181,7 @@ This policy setting controls whether a device will request claims and compound a | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -213,7 +213,7 @@ This policy setting controls whether a device will request claims and compound a | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later | @@ -250,7 +250,7 @@ Events generated by this configuration: 205, 206, 207, 208. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -290,7 +290,7 @@ Events generated by this configuration: 205, 206, 207, 208. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later | @@ -320,7 +320,7 @@ If you don't configure this policy, the SHA1 algorithm will assume the **Default | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | | Dependency [PKINIT_Hash_Algorithm_Configuration_DependencyGroup] | Dependency Type: `DependsOn`
Dependency URI: `Device/Vendor/MSFT/Policy/Config/Kerberos/PKInitHashAlgorithmConfigurationEnabled`
Dependency Allowed Value: `[1]`
Dependency Allowed Value Type: `Range`
| @@ -363,7 +363,7 @@ If you don't configure this policy, the SHA1 algorithm will assume the **Default | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later | @@ -393,7 +393,7 @@ If you don't configure this policy, the SHA256 algorithm will assume the **Defau | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | | Dependency [PKINIT_Hash_Algorithm_Configuration_DependencyGroup] | Dependency Type: `DependsOn`
Dependency URI: `Device/Vendor/MSFT/Policy/Config/Kerberos/PKInitHashAlgorithmConfigurationEnabled`
Dependency Allowed Value: `[1]`
Dependency Allowed Value Type: `Range`
| @@ -436,7 +436,7 @@ If you don't configure this policy, the SHA256 algorithm will assume the **Defau | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later | @@ -466,7 +466,7 @@ If you don't configure this policy, the SHA384 algorithm will assume the **Defau | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | | Dependency [PKINIT_Hash_Algorithm_Configuration_DependencyGroup] | Dependency Type: `DependsOn`
Dependency URI: `Device/Vendor/MSFT/Policy/Config/Kerberos/PKInitHashAlgorithmConfigurationEnabled`
Dependency Allowed Value: `[1]`
Dependency Allowed Value Type: `Range`
| @@ -509,7 +509,7 @@ If you don't configure this policy, the SHA384 algorithm will assume the **Defau | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later | @@ -539,7 +539,7 @@ If you don't configure this policy, the SHA512 algorithm will assume the **Defau | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | | Dependency [PKINIT_Hash_Algorithm_Configuration_DependencyGroup] | Dependency Type: `DependsOn`
Dependency URI: `Device/Vendor/MSFT/Policy/Config/Kerberos/PKInitHashAlgorithmConfigurationEnabled`
Dependency Allowed Value: `[1]`
Dependency Allowed Value Type: `Range`
| @@ -582,7 +582,7 @@ If you don't configure this policy, the SHA512 algorithm will assume the **Defau | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -615,7 +615,7 @@ This policy setting controls whether a computer requires that Kerberos message e | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -647,7 +647,7 @@ This policy setting controls whether a computer requires that Kerberos message e | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -674,7 +674,7 @@ This policy setting controls the Kerberos client's behavior in validating the KD | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -706,7 +706,7 @@ This policy setting controls the Kerberos client's behavior in validating the KD | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -738,7 +738,7 @@ The size of the context token buffer determines the maximum size of SSPI context | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -770,7 +770,7 @@ The size of the context token buffer determines the maximum size of SSPI context | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later | @@ -794,7 +794,7 @@ This parameter adds a list of domains that an Azure Active Directory joined devi | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `0xF000`) | diff --git a/windows/client-management/mdm/policy-csp-kioskbrowser.md b/windows/client-management/mdm/policy-csp-kioskbrowser.md index cffc594e00..f63c4c1992 100644 --- a/windows/client-management/mdm/policy-csp-kioskbrowser.md +++ b/windows/client-management/mdm/policy-csp-kioskbrowser.md @@ -4,7 +4,7 @@ description: Learn more about the KioskBrowser Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 01/09/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -26,7 +26,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -55,7 +55,7 @@ List of exceptions to the blocked website URLs (with wildcard support). This is | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `0xF000`) | @@ -72,7 +72,7 @@ List of exceptions to the blocked website URLs (with wildcard support). This is | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -101,7 +101,7 @@ List of blocked website URLs (with wildcard support). This is used to configure | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `0xF000`) | @@ -118,7 +118,7 @@ List of blocked website URLs (with wildcard support). This is used to configure | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -147,7 +147,7 @@ Configures the default URL kiosk browsers to navigate on launch and restart. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -163,7 +163,7 @@ Configures the default URL kiosk browsers to navigate on launch and restart. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -191,7 +191,7 @@ When the policy is enabled, the Kiosk Browser app shows a button to reset the br | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -217,7 +217,7 @@ When the policy is enabled, the Kiosk Browser app shows a button to reset the br | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -246,7 +246,7 @@ Enable/disable kiosk browser's home button. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -272,7 +272,7 @@ Enable/disable kiosk browser's home button. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -301,7 +301,7 @@ Enable/disable kiosk browser's navigation buttons (forward/back). | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -327,7 +327,7 @@ Enable/disable kiosk browser's navigation buttons (forward/back). | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -358,7 +358,7 @@ The value is an int 1-1440 that specifies the number of minutes the session is i | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[1-1440]` | | Default Value | 0 | diff --git a/windows/client-management/mdm/policy-csp-lanmanworkstation.md b/windows/client-management/mdm/policy-csp-lanmanworkstation.md index eeb195ac8a..c508f0c37a 100644 --- a/windows/client-management/mdm/policy-csp-lanmanworkstation.md +++ b/windows/client-management/mdm/policy-csp-lanmanworkstation.md @@ -4,7 +4,7 @@ description: Learn more about the LanmanWorkstation Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 01/09/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -26,7 +26,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -55,7 +55,7 @@ Insecure guest logons are used by file servers to allow unauthenticated access t | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | diff --git a/windows/client-management/mdm/policy-csp-licensing.md b/windows/client-management/mdm/policy-csp-licensing.md index 21a0f1510f..e7688d4418 100644 --- a/windows/client-management/mdm/policy-csp-licensing.md +++ b/windows/client-management/mdm/policy-csp-licensing.md @@ -26,7 +26,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -54,7 +54,7 @@ Policy Options: | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -94,7 +94,7 @@ Policy Options: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -123,7 +123,7 @@ Policy Options: | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | diff --git a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md index 8c594a8378..f739324c11 100644 --- a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md +++ b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md @@ -30,7 +30,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -53,7 +53,7 @@ This policy setting prevents users from adding new Microsoft accounts on this co | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -89,7 +89,7 @@ This policy setting prevents users from adding new Microsoft accounts on this co | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -115,7 +115,7 @@ This security setting determines whether the local Administrator account is enab | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -150,7 +150,7 @@ This security setting determines whether the local Administrator account is enab | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -176,7 +176,7 @@ This security setting determines if the Guest account is enabled or disabled. De | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -211,7 +211,7 @@ This security setting determines if the Guest account is enabled or disabled. De | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -240,7 +240,7 @@ Accounts: Limit local account use of blank passwords to console logon only This | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -275,7 +275,7 @@ Accounts: Limit local account use of blank passwords to console logon only This | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -298,7 +298,7 @@ Accounts: Rename administrator account This security setting determines whether | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Default Value | Administrator | @@ -324,7 +324,7 @@ Accounts: Rename administrator account This security setting determines whether | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -347,7 +347,7 @@ Accounts: Rename guest account This security setting determines whether a differ | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Default Value | Guest | @@ -373,7 +373,7 @@ Accounts: Rename guest account This security setting determines whether a differ | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -396,7 +396,7 @@ Devices: Allowed to format and eject removable media This security setting deter | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -422,7 +422,7 @@ Devices: Allowed to format and eject removable media This security setting deter | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -448,7 +448,7 @@ Devices: Allow undock without having to log on This security setting determines | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -483,7 +483,7 @@ Devices: Allow undock without having to log on This security setting determines | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -509,7 +509,7 @@ Devices: Prevent users from installing printer drivers when connecting to shared | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -544,7 +544,7 @@ Devices: Prevent users from installing printer drivers when connecting to shared | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -567,7 +567,7 @@ Devices: Restrict CD-ROM access to locally logged-on user only This security set | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -593,7 +593,7 @@ Devices: Restrict CD-ROM access to locally logged-on user only This security set | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -616,7 +616,7 @@ Interactive Logon:Display user information when the session is locked User displ | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -653,7 +653,7 @@ Interactive Logon:Display user information when the session is locked User displ | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -676,7 +676,7 @@ Interactive logon: Don't display last signed-in This security setting determines | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -711,7 +711,7 @@ Interactive logon: Don't display last signed-in This security setting determines | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -734,7 +734,7 @@ Interactive logon: Don't display username at sign-in This security setting deter | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -769,7 +769,7 @@ Interactive logon: Don't display username at sign-in This security setting deter | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -792,7 +792,7 @@ Interactive logon: Do not require CTRL+ALT+DEL This security setting determines | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -827,7 +827,7 @@ Interactive logon: Do not require CTRL+ALT+DEL This security setting determines | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -850,7 +850,7 @@ Interactive logon: Machine inactivity limit. Windows notices inactivity of a log | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[0-599940]` | | Default Value | 0 | @@ -880,7 +880,7 @@ Valid values: From 0 to 599940, where the value is the amount of inactivity time | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -903,7 +903,7 @@ Interactive logon: Message text for users attempting to log on This security set | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `0xF000`) | @@ -929,7 +929,7 @@ Interactive logon: Message text for users attempting to log on This security set | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -952,7 +952,7 @@ Interactive logon: Message title for users attempting to log on This security se | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -977,7 +977,7 @@ Interactive logon: Message title for users attempting to log on This security se | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -1003,7 +1003,7 @@ Interactive logon: Smart card removal behavior This security setting determines | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -1040,7 +1040,7 @@ Interactive logon: Smart card removal behavior This security setting determines | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later | @@ -1072,7 +1072,7 @@ Microsoft network client: Digitally sign communications (always) This security s | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -1107,7 +1107,7 @@ Microsoft network client: Digitally sign communications (always) This security s | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -1136,7 +1136,7 @@ Microsoft network client: Digitally sign communications (if server agrees) This | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -1171,7 +1171,7 @@ Microsoft network client: Digitally sign communications (if server agrees) This | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -1194,7 +1194,7 @@ Microsoft network client: Send unencrypted password to connect to third-party SM | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -1229,7 +1229,7 @@ Microsoft network client: Send unencrypted password to connect to third-party SM | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -1261,7 +1261,7 @@ Microsoft network server: Digitally sign communications (always) This security s | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -1296,7 +1296,7 @@ Microsoft network server: Digitally sign communications (always) This security s | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -1325,7 +1325,7 @@ Microsoft network server: Digitally sign communications (if client agrees) This | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -1360,7 +1360,7 @@ Microsoft network server: Digitally sign communications (if client agrees) This | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows Insider Preview | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows Insider Preview | @@ -1385,7 +1385,7 @@ Network access: Allow anonymous SID/name translation This policy setting determi | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -1420,7 +1420,7 @@ Network access: Allow anonymous SID/name translation This policy setting determi | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -1446,7 +1446,7 @@ Network access: Do not allow anonymous enumeration of SAM accounts This security | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -1481,7 +1481,7 @@ Network access: Do not allow anonymous enumeration of SAM accounts This security | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -1504,7 +1504,7 @@ Network access: Do not allow anonymous enumeration of SAM accounts and shares Th | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -1539,7 +1539,7 @@ Network access: Do not allow anonymous enumeration of SAM accounts and shares Th | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -1562,7 +1562,7 @@ Network access: Restrict anonymous access to Named Pipes and Shares When enabled | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -1597,7 +1597,7 @@ Network access: Restrict anonymous access to Named Pipes and Shares When enabled | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -1620,7 +1620,7 @@ Network access: Restrict clients allowed to make remote calls to SAM This policy | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1645,7 +1645,7 @@ Network access: Restrict clients allowed to make remote calls to SAM This policy | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later | @@ -1676,7 +1676,7 @@ Network security: Allow Local System to use computer identity for NTLM This poli | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -1711,7 +1711,7 @@ Network security: Allow Local System to use computer identity for NTLM This poli | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -1734,7 +1734,7 @@ Network security: Allow PKU2U authentication requests to this computer to use on | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -1772,7 +1772,7 @@ Network security: Allow PKU2U authentication requests to this computer to use on | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -1798,7 +1798,7 @@ Network security: Do not store LAN Manager hash value on next password change Th | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -1833,7 +1833,7 @@ Network security: Do not store LAN Manager hash value on next password change Th | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows Insider Preview | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows Insider Preview | @@ -1859,7 +1859,7 @@ Network security: Force logoff when logon hours expire This security setting det | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -1894,7 +1894,7 @@ Network security: Force logoff when logon hours expire This security setting det | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -1920,7 +1920,7 @@ Network security LAN Manager authentication level This security setting determin | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 3 | @@ -1959,7 +1959,7 @@ Network security LAN Manager authentication level This security setting determin | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later | @@ -1982,7 +1982,7 @@ Network security: Minimum session security for NTLM SSP based (including secure | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 536870912 | @@ -2019,7 +2019,7 @@ Network security: Minimum session security for NTLM SSP based (including secure | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -2042,7 +2042,7 @@ Network security: Minimum session security for NTLM SSP based (including secure | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 536870912 | @@ -2079,7 +2079,7 @@ Network security: Minimum session security for NTLM SSP based (including secure | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -2104,7 +2104,7 @@ Network security: Restrict NTLM: Add remote server exceptions for NTLM authentic | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `0xF000`) | @@ -2130,7 +2130,7 @@ Network security: Restrict NTLM: Add remote server exceptions for NTLM authentic | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -2156,7 +2156,7 @@ Network security: Restrict NTLM: Audit Incoming NTLM Traffic This policy setting | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -2192,7 +2192,7 @@ Network security: Restrict NTLM: Audit Incoming NTLM Traffic This policy setting | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -2218,7 +2218,7 @@ Network security: Restrict NTLM: Incoming NTLM traffic This policy setting allow | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -2254,7 +2254,7 @@ Network security: Restrict NTLM: Incoming NTLM traffic This policy setting allow | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -2280,7 +2280,7 @@ Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers This po | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -2316,7 +2316,7 @@ Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers This po | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -2339,7 +2339,7 @@ Shutdown: Allow system to be shut down without having to log on This security se | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -2374,7 +2374,7 @@ Shutdown: Allow system to be shut down without having to log on This security se | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -2397,7 +2397,7 @@ Shutdown: Clear virtual memory pagefile This security setting determines whether | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -2432,7 +2432,7 @@ Shutdown: Clear virtual memory pagefile This security setting determines whether | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -2455,7 +2455,7 @@ User Account Control: Allow UIAccess applications to prompt for elevation withou | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -2490,7 +2490,7 @@ User Account Control: Allow UIAccess applications to prompt for elevation withou | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -2516,7 +2516,7 @@ User Account Control: Behavior of the elevation prompt for administrators in Adm | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 5 | @@ -2555,7 +2555,7 @@ User Account Control: Behavior of the elevation prompt for administrators in Adm | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -2578,7 +2578,7 @@ User Account Control: Behavior of the elevation prompt for standard users This p | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 3 | @@ -2614,7 +2614,7 @@ User Account Control: Behavior of the elevation prompt for standard users This p | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -2637,7 +2637,7 @@ User Account Control: Detect application installations and prompt for elevation | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -2672,7 +2672,7 @@ User Account Control: Detect application installations and prompt for elevation | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -2695,7 +2695,7 @@ User Account Control: Only elevate executable files that are signed and validate | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -2730,7 +2730,7 @@ User Account Control: Only elevate executable files that are signed and validate | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -2753,7 +2753,7 @@ User Account Control: Only elevate UIAccess applications that are installed in s | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -2788,7 +2788,7 @@ User Account Control: Only elevate UIAccess applications that are installed in s | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -2814,7 +2814,7 @@ User Account Control: Turn on Admin Approval Mode This policy setting controls t | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -2849,7 +2849,7 @@ User Account Control: Turn on Admin Approval Mode This policy setting controls t | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -2872,7 +2872,7 @@ User Account Control: Switch to the secure desktop when prompting for elevation | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -2907,7 +2907,7 @@ User Account Control: Switch to the secure desktop when prompting for elevation | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -2930,7 +2930,7 @@ User Account Control: Use Admin Approval Mode for the built-in Administrator acc | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -2965,7 +2965,7 @@ User Account Control: Use Admin Approval Mode for the built-in Administrator acc | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -2988,7 +2988,7 @@ User Account Control: Virtualize file and registry write failures to per-user lo | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | diff --git a/windows/client-management/mdm/policy-csp-localusersandgroups.md b/windows/client-management/mdm/policy-csp-localusersandgroups.md index bf0872d969..116a29e6ce 100644 --- a/windows/client-management/mdm/policy-csp-localusersandgroups.md +++ b/windows/client-management/mdm/policy-csp-localusersandgroups.md @@ -4,7 +4,7 @@ description: Learn more about the LocalUsersAndGroups Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 03/23/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -26,7 +26,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2009 [10.0.19042] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2009 [10.0.19042] and later | @@ -65,7 +65,7 @@ members that are not specified in the policy are removed. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-lockdown.md b/windows/client-management/mdm/policy-csp-lockdown.md index d622ee011f..0061b7380c 100644 --- a/windows/client-management/mdm/policy-csp-lockdown.md +++ b/windows/client-management/mdm/policy-csp-lockdown.md @@ -4,7 +4,7 @@ description: Learn more about the LockDown Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 01/09/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -26,7 +26,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -53,7 +53,7 @@ The easiest way to verify the policy is to restart the explorer process or to re | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | diff --git a/windows/client-management/mdm/policy-csp-lsa.md b/windows/client-management/mdm/policy-csp-lsa.md index 3eeee4eaa8..f756e459bf 100644 --- a/windows/client-management/mdm/policy-csp-lsa.md +++ b/windows/client-management/mdm/policy-csp-lsa.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later | @@ -55,7 +55,7 @@ This policy controls the configuration under which LSASS loads custom SSPs and A | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -87,7 +87,7 @@ This policy controls the configuration under which LSASS loads custom SSPs and A | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later | @@ -118,7 +118,7 @@ This policy controls the configuration under which LSASS is run. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | diff --git a/windows/client-management/mdm/policy-csp-maps.md b/windows/client-management/mdm/policy-csp-maps.md index 60f394302c..e705032c66 100644 --- a/windows/client-management/mdm/policy-csp-maps.md +++ b/windows/client-management/mdm/policy-csp-maps.md @@ -4,7 +4,7 @@ description: Learn more about the Maps Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 01/09/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -26,7 +26,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -49,7 +49,7 @@ Allows the download and update of map data over metered connections. After the p | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 65535 | @@ -76,7 +76,7 @@ Allows the download and update of map data over metered connections. After the p | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -99,7 +99,7 @@ Disables the automatic download and update of map data. After the policy is appl | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 65535 | diff --git a/windows/client-management/mdm/policy-csp-memorydump.md b/windows/client-management/mdm/policy-csp-memorydump.md index 26fdcc2171..0ad94279f0 100644 --- a/windows/client-management/mdm/policy-csp-memorydump.md +++ b/windows/client-management/mdm/policy-csp-memorydump.md @@ -4,7 +4,7 @@ description: Learn more about the MemoryDump Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 01/09/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -26,7 +26,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -49,7 +49,7 @@ This policy setting decides if crash dump collection on the machine is allowed o | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -75,7 +75,7 @@ This policy setting decides if crash dump collection on the machine is allowed o | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -98,7 +98,7 @@ This policy setting decides if live dump collection on the machine is allowed or | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | diff --git a/windows/client-management/mdm/policy-csp-messaging.md b/windows/client-management/mdm/policy-csp-messaging.md index dc279d3c41..0a17aa2d46 100644 --- a/windows/client-management/mdm/policy-csp-messaging.md +++ b/windows/client-management/mdm/policy-csp-messaging.md @@ -4,7 +4,7 @@ description: Learn more about the Messaging Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 01/09/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -26,7 +26,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -51,7 +51,7 @@ Disable this feature to avoid information being stored on servers outside of you | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -91,7 +91,7 @@ Disable this feature to avoid information being stored on servers outside of you | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:x: Pro
:x: Enterprise
:x: Education
:x: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -114,7 +114,7 @@ This policy setting allows you to enable or disable the sending and receiving ce | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -140,7 +140,7 @@ This policy setting allows you to enable or disable the sending and receiving ce | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:x: Pro
:x: Enterprise
:x: Education
:x: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -163,7 +163,7 @@ This policy setting allows you to enable or disable the sending and receiving of | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | diff --git a/windows/client-management/mdm/policy-csp-mixedreality.md b/windows/client-management/mdm/policy-csp-mixedreality.md index 1eb8c7115d..5711be78d6 100644 --- a/windows/client-management/mdm/policy-csp-mixedreality.md +++ b/windows/client-management/mdm/policy-csp-mixedreality.md @@ -29,7 +29,7 @@ These policies are only supported on [Microsoft HoloLens 2](/hololens/hololens2- | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:x: Pro
:x: Enterprise
:x: Education
:x: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041] and later | +| ✅ Device
❌ User | ❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE | ✅ Windows 10, version 2004 [10.0.19041] and later | @@ -65,7 +65,7 @@ Steps to use this policy correctly: | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[0-60]` | | Default Value | 0 | @@ -83,7 +83,7 @@ Steps to use this policy correctly: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:x: Pro
:x: Enterprise
:x: Education
:x: Windows SE | :heavy_check_mark: [10.0.20348] and later | +| ✅ Device
❌ User | ❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE | ✅ [10.0.20348] and later | @@ -107,7 +107,7 @@ This opt-in policy can help with the setup of new devices in new areas or new us | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -133,7 +133,7 @@ This opt-in policy can help with the setup of new devices in new areas or new us | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:x: Pro
:x: Enterprise
:x: Education
:x: Windows SE | :heavy_check_mark: [10.0.20348] and later | +| ✅ Device
❌ User | ❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE | ✅ [10.0.20348] and later | @@ -159,7 +159,7 @@ For more information on the Launcher API, see [Launcher Class (Windows.System) - | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -185,7 +185,7 @@ For more information on the Launcher API, see [Launcher Class (Windows.System) - | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:x: Pro
:x: Enterprise
:x: Education
:x: Windows SE | :heavy_check_mark: [10.0.20348] and later | +| ✅ Device
❌ User | ❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE | ✅ [10.0.20348] and later | @@ -218,7 +218,7 @@ On a device where you configure this policy, the user specified in the policy ne | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -234,7 +234,7 @@ On a device where you configure this policy, the user specified in the policy ne | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:x: Pro
:x: Enterprise
:x: Education
:x: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041] and later | +| ✅ Device
❌ User | ❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE | ✅ Windows 10, version 2004 [10.0.19041] and later | @@ -257,7 +257,7 @@ This policy controls if the HoloLens displays will be automatically adjusted for | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -283,7 +283,7 @@ This policy controls if the HoloLens displays will be automatically adjusted for | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:x: Pro
:x: Enterprise
:x: Education
:x: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041] and later | +| ✅ Device
❌ User | ❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE | ✅ Windows 10, version 2004 [10.0.19041] and later | @@ -306,7 +306,7 @@ This policy setting controls if pressing the brightness button changes the brigh | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -332,7 +332,7 @@ This policy setting controls if pressing the brightness button changes the brigh | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:x: Pro
:x: Enterprise
:x: Education
:x: Windows SE | :heavy_check_mark: [10.0.20348] and later | +| ✅ Device
❌ User | ❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE | ✅ [10.0.20348] and later | @@ -356,7 +356,7 @@ For more information, see [Moving platform mode on low dynamic motion moving pla | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -383,7 +383,7 @@ For more information, see [Moving platform mode on low dynamic motion moving pla | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:x: Pro
:x: Enterprise
:x: Education
:x: Windows SE | :heavy_check_mark: [10.0.20348] and later | +| ✅ Device
❌ User | ❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE | ✅ [10.0.20348] and later | @@ -441,7 +441,7 @@ For more information, see [ADMX_W32Time Policy CSP - W32Time_Policy_Configure_NT | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -487,7 +487,7 @@ The following XML string is an example of the value for this policy: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:x: Pro
:x: Enterprise
:x: Education
:x: Windows SE | :heavy_check_mark: [10.0.20348] and later | +| ✅ Device
❌ User | ❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE | ✅ [10.0.20348] and later | @@ -511,7 +511,7 @@ Windows Network Connectivity Status Indicator may get a false positive internet- | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -537,7 +537,7 @@ Windows Network Connectivity Status Indicator may get a false positive internet- | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:x: Pro
:x: Enterprise
:x: Education
:x: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041] and later | +| ✅ Device
❌ User | ❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE | ✅ Windows 10, version 2004 [10.0.19041] and later | @@ -560,7 +560,7 @@ This policy controls when a new person uses HoloLens device, if HoloLens should | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -586,7 +586,7 @@ This policy controls when a new person uses HoloLens device, if HoloLens should | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:x: Pro
:x: Enterprise
:x: Education
:x: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041] and later | +| ✅ Device
❌ User | ❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE | ✅ Windows 10, version 2004 [10.0.19041] and later | @@ -609,7 +609,7 @@ This policy setting controls, when and if diagnostic logs can be collected using | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 2 | @@ -636,7 +636,7 @@ This policy setting controls, when and if diagnostic logs can be collected using | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:x: Pro
:x: Enterprise
:x: Education
:x: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041] and later | +| ✅ Device
❌ User | ❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE | ✅ Windows 10, version 2004 [10.0.19041] and later | @@ -665,7 +665,7 @@ This policy configures behavior of HUP to determine, which algorithm to use for | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[0-1]` | | Default Value | 0 | @@ -683,7 +683,7 @@ This policy configures behavior of HUP to determine, which algorithm to use for | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:x: Pro
:x: Enterprise
:x: Education
:x: Windows SE | :heavy_check_mark: [10.0.20348] and later | +| ✅ Device
❌ User | ❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE | ✅ [10.0.20348] and later | @@ -707,7 +707,7 @@ When the system automatically determines the down direction, it's using the meas | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -733,7 +733,7 @@ When the system automatically determines the down direction, it's using the meas | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:x: Pro
:x: Enterprise
:x: Education
:x: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041] and later | +| ✅ Device
❌ User | ❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE | ✅ Windows 10, version 2004 [10.0.19041] and later | @@ -756,7 +756,7 @@ This policy setting controls whether microphone on HoloLens 2 is disabled or not | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -782,7 +782,7 @@ This policy setting controls whether microphone on HoloLens 2 is disabled or not | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:x: Pro
:x: Enterprise
:x: Education
:x: Windows SE | :heavy_check_mark: [10.0.20348] and later | +| ✅ Device
❌ User | ❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE | ✅ [10.0.20348] and later | @@ -812,7 +812,7 @@ For more information, see the [ConfigureNtpClient](#configurentpclient) policy. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -851,7 +851,7 @@ The following example XML string shows the value to enable this policy: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:x: Pro
:x: Enterprise
:x: Education
:x: Windows SE | :heavy_check_mark: [10.0.20348] and later | +| ✅ Device
❌ User | ❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE | ✅ [10.0.20348] and later | @@ -876,7 +876,7 @@ This policy configures whether the device will take the user through the eye tra | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -902,7 +902,7 @@ This policy configures whether the device will take the user through the eye tra | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:x: Pro
:x: Enterprise
:x: Education
:x: Windows SE | :heavy_check_mark: [10.0.20348] and later | +| ✅ Device
❌ User | ❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE | ✅ [10.0.20348] and later | @@ -926,7 +926,7 @@ It skips the training experience of interactions with the hummingbird and Start | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -952,7 +952,7 @@ It skips the training experience of interactions with the hummingbird and Start | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:x: Pro
:x: Enterprise
:x: Education
:x: Windows SE | :heavy_check_mark: [10.0.20348] and later | +| ✅ Device
❌ User | ❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE | ✅ [10.0.20348] and later | @@ -975,7 +975,7 @@ This policy controls whether a visitor user will be automatically logged in. Vis | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -1001,7 +1001,7 @@ This policy controls whether a visitor user will be automatically logged in. Vis | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:x: Pro
:x: Enterprise
:x: Education
:x: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041] and later | +| ✅ Device
❌ User | ❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE | ✅ Windows 10, version 2004 [10.0.19041] and later | @@ -1024,7 +1024,7 @@ This policy setting controls if pressing the volume button changes the volume or | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | diff --git a/windows/client-management/mdm/policy-csp-mssecurityguide.md b/windows/client-management/mdm/policy-csp-mssecurityguide.md index f7b38e8274..9223a88620 100644 --- a/windows/client-management/mdm/policy-csp-mssecurityguide.md +++ b/windows/client-management/mdm/policy-csp-mssecurityguide.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -50,7 +50,7 @@ ms.topic: reference | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -78,7 +78,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -100,7 +100,7 @@ ms.topic: reference | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -128,7 +128,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -150,7 +150,7 @@ ms.topic: reference | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -178,7 +178,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -200,7 +200,7 @@ ms.topic: reference | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -228,7 +228,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -250,7 +250,7 @@ ms.topic: reference | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -278,7 +278,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -300,7 +300,7 @@ ms.topic: reference | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-msslegacy.md b/windows/client-management/mdm/policy-csp-msslegacy.md index c91e8380b3..11890d1e1f 100644 --- a/windows/client-management/mdm/policy-csp-msslegacy.md +++ b/windows/client-management/mdm/policy-csp-msslegacy.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -51,7 +51,7 @@ Allow ICMP redirects to override OSPF generated routes. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -79,7 +79,7 @@ Allow ICMP redirects to override OSPF generated routes. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -102,7 +102,7 @@ Allow the computer to ignore NetBIOS name release requests except from WINS serv | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -130,7 +130,7 @@ Allow the computer to ignore NetBIOS name release requests except from WINS serv | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -153,7 +153,7 @@ IP source routing protection level (protects against packet spoofing). | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -181,7 +181,7 @@ IP source routing protection level (protects against packet spoofing). | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -204,7 +204,7 @@ IPv6 source routing protection level (protects against packet spoofing). | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-multitasking.md b/windows/client-management/mdm/policy-csp-multitasking.md index c4a07c645d..bd5f22db3a 100644 --- a/windows/client-management/mdm/policy-csp-multitasking.md +++ b/windows/client-management/mdm/policy-csp-multitasking.md @@ -4,7 +4,7 @@ description: Learn more about the Multitasking Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 03/23/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -26,7 +26,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -60,7 +60,7 @@ This policy only applies to the Alt+Tab switcher. When the policy isn't enabled, | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | diff --git a/windows/client-management/mdm/policy-csp-networkisolation.md b/windows/client-management/mdm/policy-csp-networkisolation.md index ec7813abdb..8936eb9ae7 100644 --- a/windows/client-management/mdm/policy-csp-networkisolation.md +++ b/windows/client-management/mdm/policy-csp-networkisolation.md @@ -4,7 +4,7 @@ description: Learn more about the NetworkIsolation Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 03/23/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -26,7 +26,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -59,7 +59,7 @@ For more information see: | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `|`) | @@ -90,7 +90,7 @@ For more information see: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -125,7 +125,7 @@ For more information see: | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `,`) | @@ -156,7 +156,7 @@ For more information see: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -193,7 +193,7 @@ For more information see: | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `,`) | @@ -234,7 +234,7 @@ fd00::-fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -265,7 +265,7 @@ For more information see: | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -305,7 +305,7 @@ For more information see: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -336,7 +336,7 @@ For more information, see the following APIs: | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `,`) | @@ -353,7 +353,7 @@ For more information, see the following APIs: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -386,7 +386,7 @@ For more information see: | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `,`) | @@ -417,7 +417,7 @@ For more information see: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -448,7 +448,7 @@ For more information see: | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -488,7 +488,7 @@ For more information see: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -515,7 +515,7 @@ For more information see: | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `,`) | diff --git a/windows/client-management/mdm/policy-csp-networklistmanager.md b/windows/client-management/mdm/policy-csp-networklistmanager.md index 783e4f6580..d911d882c5 100644 --- a/windows/client-management/mdm/policy-csp-networklistmanager.md +++ b/windows/client-management/mdm/policy-csp-networklistmanager.md @@ -4,7 +4,7 @@ description: Learn more about the NetworkListManager Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 03/23/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -26,7 +26,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:x: Windows SE | :heavy_check_mark: Windows 10, version 2009 [10.0.19042] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE | ✅ Windows 10, version 2009 [10.0.19042] and later | @@ -62,7 +62,7 @@ Invoke-WebRequest -Uri https://nls.corp.contoso.com -Method get -UseBasicParsing | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `0xF000`) | @@ -79,7 +79,7 @@ Invoke-WebRequest -Uri https://nls.corp.contoso.com -Method get -UseBasicParsing | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:x: Windows SE | :heavy_check_mark: Windows 10, version 2009 [10.0.19042] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE | ✅ Windows 10, version 2009 [10.0.19042] and later | @@ -104,7 +104,7 @@ This policy setting provides the string that names a network. If this setting is | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-newsandinterests.md b/windows/client-management/mdm/policy-csp-newsandinterests.md index 7fa317d7de..6a7e6d6ca2 100644 --- a/windows/client-management/mdm/policy-csp-newsandinterests.md +++ b/windows/client-management/mdm/policy-csp-newsandinterests.md @@ -4,7 +4,7 @@ description: Learn more about the NewsAndInterests Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 01/09/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -26,7 +26,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -53,7 +53,7 @@ This policy applies to the entire widgets experience, including content on the t | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | diff --git a/windows/client-management/mdm/policy-csp-notifications.md b/windows/client-management/mdm/policy-csp-notifications.md index 5f2769f2f1..45942077f7 100644 --- a/windows/client-management/mdm/policy-csp-notifications.md +++ b/windows/client-management/mdm/policy-csp-notifications.md @@ -4,7 +4,7 @@ description: Learn more about the Notifications Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 03/23/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -26,7 +26,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -68,7 +68,7 @@ To validate the configuration: | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -108,7 +108,7 @@ To validate the configuration: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -139,7 +139,7 @@ This feature can be turned off by apps that don't want to participate in notific | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -179,7 +179,7 @@ This feature can be turned off by apps that don't want to participate in notific | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -208,7 +208,7 @@ No reboots or service restarts are required for this policy setting to take effe | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -248,7 +248,7 @@ No reboots or service restarts are required for this policy setting to take effe | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1620] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1620] and later | @@ -274,7 +274,7 @@ This policy setting turns on multiple expanded toast notifications in action cen | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -309,7 +309,7 @@ This policy setting turns on multiple expanded toast notifications in action cen | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -339,7 +339,7 @@ If you disable or don't configure this setting, the push notifications will conn | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-power.md b/windows/client-management/mdm/policy-csp-power.md index fae68da678..3de93912e8 100644 --- a/windows/client-management/mdm/policy-csp-power.md +++ b/windows/client-management/mdm/policy-csp-power.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -51,7 +51,7 @@ This policy setting decides if hibernate on the machine is allowed or not. Suppo | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -77,7 +77,7 @@ This policy setting decides if hibernate on the machine is allowed or not. Suppo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -104,7 +104,7 @@ This policy setting manages whether or not Windows is allowed to use standby sta | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -136,7 +136,7 @@ This policy setting manages whether or not Windows is allowed to use standby sta | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -163,7 +163,7 @@ This policy setting manages whether or not Windows is allowed to use standby sta | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -195,7 +195,7 @@ This policy setting manages whether or not Windows is allowed to use standby sta | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -224,7 +224,7 @@ If the user has configured a slide show to run on the lock screen when the machi | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -255,7 +255,7 @@ If the user has configured a slide show to run on the lock screen when the machi | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -284,7 +284,7 @@ If the user has configured a slide show to run on the lock screen when the machi | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -315,7 +315,7 @@ If the user has configured a slide show to run on the lock screen when the machi | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1903 [10.0.18362] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later | @@ -342,7 +342,7 @@ This policy setting allows you to specify battery charge level at which Energy S | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[0-100]` | | Default Value | 0 | @@ -374,7 +374,7 @@ This policy setting allows you to specify battery charge level at which Energy S | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1903 [10.0.18362] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later | @@ -401,7 +401,7 @@ This policy setting allows you to specify battery charge level at which Energy S | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[0-100]` | | Default Value | 0 | @@ -433,7 +433,7 @@ This policy setting allows you to specify battery charge level at which Energy S | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -462,7 +462,7 @@ If the user has configured a slide show to run on the lock screen when the machi | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -493,7 +493,7 @@ If the user has configured a slide show to run on the lock screen when the machi | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -522,7 +522,7 @@ If the user has configured a slide show to run on the lock screen when the machi | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -553,7 +553,7 @@ If the user has configured a slide show to run on the lock screen when the machi | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -580,7 +580,7 @@ This policy setting specifies whether or not the user is prompted for a password | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -612,7 +612,7 @@ This policy setting specifies whether or not the user is prompted for a password | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -639,7 +639,7 @@ This policy setting specifies whether or not the user is prompted for a password | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -671,7 +671,7 @@ This policy setting specifies whether or not the user is prompted for a password | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1903 [10.0.18362] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later | @@ -705,7 +705,7 @@ Possible actions include: | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -747,7 +747,7 @@ Possible actions include: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1903 [10.0.18362] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later | @@ -781,7 +781,7 @@ Possible actions include: | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -823,7 +823,7 @@ Possible actions include: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1903 [10.0.18362] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later | @@ -857,7 +857,7 @@ Possible actions include: | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -899,7 +899,7 @@ Possible actions include: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1903 [10.0.18362] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later | @@ -933,7 +933,7 @@ Possible actions include: | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -975,7 +975,7 @@ Possible actions include: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1903 [10.0.18362] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later | @@ -1009,7 +1009,7 @@ Possible actions include: | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -1051,7 +1051,7 @@ Possible actions include: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1903 [10.0.18362] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later | @@ -1085,7 +1085,7 @@ Possible actions include: | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -1127,7 +1127,7 @@ Possible actions include: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -1156,7 +1156,7 @@ If the user has configured a slide show to run on the lock screen when the machi | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1187,7 +1187,7 @@ If the user has configured a slide show to run on the lock screen when the machi | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -1216,7 +1216,7 @@ If the user has configured a slide show to run on the lock screen when the machi | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1247,7 +1247,7 @@ If the user has configured a slide show to run on the lock screen when the machi | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1903 [10.0.18362] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later | @@ -1274,7 +1274,7 @@ This policy setting allows you to turn off hybrid sleep. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -1314,7 +1314,7 @@ This policy setting allows you to turn off hybrid sleep. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1903 [10.0.18362] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later | @@ -1341,7 +1341,7 @@ This policy setting allows you to turn off hybrid sleep. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -1381,7 +1381,7 @@ This policy setting allows you to turn off hybrid sleep. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1903 [10.0.18362] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later | @@ -1410,7 +1410,7 @@ If the user has configured a slide show to run on the lock screen when the machi | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[0-4294967295]` | | Default Value | 0 | @@ -1442,7 +1442,7 @@ If the user has configured a slide show to run on the lock screen when the machi | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1903 [10.0.18362] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later | @@ -1471,7 +1471,7 @@ If the user has configured a slide show to run on the lock screen when the machi | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[0-4294967295]` | | Default Value | 0 | diff --git a/windows/client-management/mdm/policy-csp-printers.md b/windows/client-management/mdm/policy-csp-printers.md index 2efba00c84..1777863e8e 100644 --- a/windows/client-management/mdm/policy-csp-printers.md +++ b/windows/client-management/mdm/policy-csp-printers.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -56,7 +56,7 @@ The format of this setting is `/[,/]`. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -87,7 +87,7 @@ The format of this setting is `/[,/]`. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -115,7 +115,7 @@ The format of this setting is `/[,/]`. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -146,7 +146,7 @@ The format of this setting is `/[,/]`. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later | @@ -184,7 +184,7 @@ The following are the supported values: | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -215,7 +215,7 @@ The following are the supported values: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later | @@ -265,7 +265,7 @@ The following are the supported values: | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -296,7 +296,7 @@ The following are the supported values: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later | @@ -329,7 +329,7 @@ The following are the supported values: | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -361,7 +361,7 @@ The following are the supported values: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later | @@ -401,7 +401,7 @@ The following are the supported values: | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -432,7 +432,7 @@ The following are the supported values: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later | @@ -454,7 +454,7 @@ The following are the supported values: | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -482,7 +482,7 @@ The following are the supported values: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later | @@ -520,7 +520,7 @@ If you disable or do not configure this policy setting, the above defaults will | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -551,7 +551,7 @@ If you disable or do not configure this policy setting, the above defaults will | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later | @@ -589,7 +589,7 @@ If you disable or do not configure this policy setting, the above defaults will | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -620,7 +620,7 @@ If you disable or do not configure this policy setting, the above defaults will | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later | @@ -651,7 +651,7 @@ If you disable or do not configure this policy setting, dynamic TCP ports are us | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -682,7 +682,7 @@ If you disable or do not configure this policy setting, dynamic TCP ports are us | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -711,7 +711,7 @@ By default, there are no restrictions to printing based on connection type or pr | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -743,7 +743,7 @@ By default, there are no restrictions to printing based on connection type or pr | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -772,7 +772,7 @@ By default, there are no restrictions to printing based on connection type or pr | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -804,7 +804,7 @@ By default, there are no restrictions to printing based on connection type or pr | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later | @@ -833,7 +833,7 @@ If you disable or do not configure this policy setting, the registry key and val | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -864,7 +864,7 @@ If you disable or do not configure this policy setting, the registry key and val | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -907,7 +907,7 @@ This policy setting controls the client Point and Print behavior, including the | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -939,7 +939,7 @@ This policy setting controls the client Point and Print behavior, including the | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -982,7 +982,7 @@ This policy setting controls the client Point and Print behavior, including the | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1014,7 +1014,7 @@ This policy setting controls the client Point and Print behavior, including the | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -1044,7 +1044,7 @@ Determines whether the computer's shared printers can be published in Active Dir | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1076,7 +1076,7 @@ Determines whether the computer's shared printers can be published in Active Dir | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later | @@ -1105,7 +1105,7 @@ By default, users that aren't Administrators can't install print drivers on this | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-privacy.md b/windows/client-management/mdm/policy-csp-privacy.md index 507250a860..c0cf8e14bf 100644 --- a/windows/client-management/mdm/policy-csp-privacy.md +++ b/windows/client-management/mdm/policy-csp-privacy.md @@ -4,7 +4,7 @@ description: Learn more about the Privacy Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 04/26/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -26,7 +26,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -52,7 +52,7 @@ Allows or disallows the automatic acceptance of the pairing and privacy user con | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -78,7 +78,7 @@ Allows or disallows the automatic acceptance of the pairing and privacy user con | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later | @@ -107,7 +107,7 @@ Most restrictive value is `0` to not allow cross-device clipboard. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -147,7 +147,7 @@ Most restrictive value is `0` to not allow cross-device clipboard. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -180,7 +180,7 @@ The most restrictive value is `0` to not allow speech services. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -220,7 +220,7 @@ The most restrictive value is `0` to not allow speech services. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -247,7 +247,7 @@ This policy setting turns off the advertising ID, preventing apps from using the | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 65535 | @@ -288,7 +288,7 @@ This policy setting turns off the advertising ID, preventing apps from using the | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later | @@ -321,7 +321,7 @@ In some managed environments, the privacy settings may be set by other policies. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -361,7 +361,7 @@ In some managed environments, the privacy settings may be set by other policies. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -388,7 +388,7 @@ Policy change takes effect immediately. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -428,7 +428,7 @@ Policy change takes effect immediately. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -465,7 +465,7 @@ The most restrictive value is `2` to deny apps access to account information. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -506,7 +506,7 @@ The most restrictive value is `2` to deny apps access to account information. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -541,7 +541,7 @@ If an app is open when this Group Policy object is applied on a device, employee | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `;`) | @@ -571,7 +571,7 @@ If an app is open when this Group Policy object is applied on a device, employee | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -606,7 +606,7 @@ If an app is open when this Group Policy object is applied on a device, employee | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `;`) | @@ -636,7 +636,7 @@ If an app is open when this Group Policy object is applied on a device, employee | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -671,7 +671,7 @@ If an app is open when this Group Policy object is applied on a device, employee | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `;`) | @@ -701,7 +701,7 @@ If an app is open when this Group Policy object is applied on a device, employee | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1903 [10.0.18362] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later | @@ -726,7 +726,7 @@ This policy setting specifies whether Windows apps can access the movement of th | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -753,7 +753,7 @@ This policy setting specifies whether Windows apps can access the movement of th | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1903 [10.0.18362] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later | @@ -778,7 +778,7 @@ List of semi-colon delimited Package Family Names of Windows Store Apps. Listed | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `;`) | @@ -795,7 +795,7 @@ List of semi-colon delimited Package Family Names of Windows Store Apps. Listed | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1903 [10.0.18362] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later | @@ -821,7 +821,7 @@ List of semi-colon delimited Package Family Names of Windows Store Apps. Listed | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `;`) | @@ -838,7 +838,7 @@ List of semi-colon delimited Package Family Names of Windows Store Apps. Listed | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1903 [10.0.18362] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later | @@ -864,7 +864,7 @@ List of semi-colon delimited Package Family Names of Windows Store Apps. The use | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `;`) | @@ -881,7 +881,7 @@ List of semi-colon delimited Package Family Names of Windows Store Apps. The use | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -918,7 +918,7 @@ The most restrictive value is `2` to deny apps access to the calendar. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -959,7 +959,7 @@ The most restrictive value is `2` to deny apps access to the calendar. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -994,7 +994,7 @@ If an app is open when this Group Policy object is applied on a device, employee | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `;`) | @@ -1024,7 +1024,7 @@ If an app is open when this Group Policy object is applied on a device, employee | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -1059,7 +1059,7 @@ If an app is open when this Group Policy object is applied on a device, employee | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `;`) | @@ -1089,7 +1089,7 @@ If an app is open when this Group Policy object is applied on a device, employee | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -1124,7 +1124,7 @@ If an app is open when this Group Policy object is applied on a device, employee | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `;`) | @@ -1154,7 +1154,7 @@ If an app is open when this Group Policy object is applied on a device, employee | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -1191,7 +1191,7 @@ The most restrictive value is `2` to deny apps access to call history. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -1232,7 +1232,7 @@ The most restrictive value is `2` to deny apps access to call history. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -1267,7 +1267,7 @@ If an app is open when this Group Policy object is applied on a device, employee | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `;`) | @@ -1297,7 +1297,7 @@ If an app is open when this Group Policy object is applied on a device, employee | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -1332,7 +1332,7 @@ If an app is open when this Group Policy object is applied on a device, employee | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `;`) | @@ -1362,7 +1362,7 @@ If an app is open when this Group Policy object is applied on a device, employee | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -1397,7 +1397,7 @@ If an app is open when this Group Policy object is applied on a device, employee | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `;`) | @@ -1427,7 +1427,7 @@ If an app is open when this Group Policy object is applied on a device, employee | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -1464,7 +1464,7 @@ The most restrictive value is `2` to deny apps access to the camera. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -1505,7 +1505,7 @@ The most restrictive value is `2` to deny apps access to the camera. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -1540,7 +1540,7 @@ If an app is open when this Group Policy object is applied on a device, employee | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `;`) | @@ -1570,7 +1570,7 @@ If an app is open when this Group Policy object is applied on a device, employee | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -1605,7 +1605,7 @@ If an app is open when this Group Policy object is applied on a device, employee | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `;`) | @@ -1635,7 +1635,7 @@ If an app is open when this Group Policy object is applied on a device, employee | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -1670,7 +1670,7 @@ If an app is open when this Group Policy object is applied on a device, employee | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `;`) | @@ -1700,7 +1700,7 @@ If an app is open when this Group Policy object is applied on a device, employee | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -1737,7 +1737,7 @@ The most restrictive value is `2` to deny apps access to contacts. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -1778,7 +1778,7 @@ The most restrictive value is `2` to deny apps access to contacts. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -1813,7 +1813,7 @@ If an app is open when this Group Policy object is applied on a device, employee | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `;`) | @@ -1843,7 +1843,7 @@ If an app is open when this Group Policy object is applied on a device, employee | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -1878,7 +1878,7 @@ If an app is open when this Group Policy object is applied on a device, employee | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `;`) | @@ -1908,7 +1908,7 @@ If an app is open when this Group Policy object is applied on a device, employee | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -1943,7 +1943,7 @@ If an app is open when this Group Policy object is applied on a device, employee | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `;`) | @@ -1973,7 +1973,7 @@ If an app is open when this Group Policy object is applied on a device, employee | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -2010,7 +2010,7 @@ The most restrictive value is `2` to deny apps access to email. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -2051,7 +2051,7 @@ The most restrictive value is `2` to deny apps access to email. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -2086,7 +2086,7 @@ If an app is open when this Group Policy object is applied on a device, employee | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `;`) | @@ -2116,7 +2116,7 @@ If an app is open when this Group Policy object is applied on a device, employee | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -2151,7 +2151,7 @@ If an app is open when this Group Policy object is applied on a device, employee | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `;`) | @@ -2181,7 +2181,7 @@ If an app is open when this Group Policy object is applied on a device, employee | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -2216,7 +2216,7 @@ If an app is open when this Group Policy object is applied on a device, employee | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `;`) | @@ -2246,7 +2246,7 @@ If an app is open when this Group Policy object is applied on a device, employee | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -2269,7 +2269,7 @@ This policy setting specifies whether Windows apps can access the eye tracker. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[0-2]` | | Default Value | 0 | @@ -2287,7 +2287,7 @@ This policy setting specifies whether Windows apps can access the eye tracker. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -2310,7 +2310,7 @@ List of semi-colon delimited Package Family Names of Windows Store Apps. Listed | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `;`) | @@ -2327,7 +2327,7 @@ List of semi-colon delimited Package Family Names of Windows Store Apps. Listed | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -2350,7 +2350,7 @@ List of semi-colon delimited Package Family Names of Windows Store Apps. Listed | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `;`) | @@ -2367,7 +2367,7 @@ List of semi-colon delimited Package Family Names of Windows Store Apps. Listed | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -2390,7 +2390,7 @@ List of semi-colon delimited Package Family Names of Windows Store Apps. The use | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `;`) | @@ -2407,7 +2407,7 @@ List of semi-colon delimited Package Family Names of Windows Store Apps. The use | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2442,7 +2442,7 @@ If an app is open when this Group Policy object is applied on a device, employee | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[0-2]` | | Default Value | 0 | @@ -2473,7 +2473,7 @@ If an app is open when this Group Policy object is applied on a device, employee | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2508,7 +2508,7 @@ If an app is open when this Group Policy object is applied on a device, employee | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `;`) | @@ -2538,7 +2538,7 @@ If an app is open when this Group Policy object is applied on a device, employee | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2573,7 +2573,7 @@ If an app is open when this Group Policy object is applied on a device, employee | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `;`) | @@ -2603,7 +2603,7 @@ If an app is open when this Group Policy object is applied on a device, employee | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2638,7 +2638,7 @@ If an app is open when this Group Policy object is applied on a device, employee | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `;`) | @@ -2668,7 +2668,7 @@ If an app is open when this Group Policy object is applied on a device, employee | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2703,7 +2703,7 @@ If an app is open when this Group Policy object is applied on a device, employee | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[0-2]` | | Default Value | 0 | @@ -2735,7 +2735,7 @@ If an app is open when this Group Policy object is applied on a device, employee | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2770,7 +2770,7 @@ If an app is open when this Group Policy object is applied on a device, employee | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `;`) | @@ -2800,7 +2800,7 @@ If an app is open when this Group Policy object is applied on a device, employee | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2835,7 +2835,7 @@ If an app is open when this Group Policy object is applied on a device, employee | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `;`) | @@ -2865,7 +2865,7 @@ If an app is open when this Group Policy object is applied on a device, employee | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2900,7 +2900,7 @@ If an app is open when this Group Policy object is applied on a device, employee | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `;`) | @@ -2930,7 +2930,7 @@ If an app is open when this Group Policy object is applied on a device, employee | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: [10.0.25000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ [10.0.25000] and later | @@ -2953,7 +2953,7 @@ This policy setting specifies whether Windows apps can access the human presence | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -2990,7 +2990,7 @@ This policy setting specifies whether Windows apps can access the human presence | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: [10.0.25000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ [10.0.25000] and later | @@ -3013,7 +3013,7 @@ List of semi-colon delimited Package Family Names of Microsoft Store Apps. Liste | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `;`) | @@ -3040,7 +3040,7 @@ List of semi-colon delimited Package Family Names of Microsoft Store Apps. Liste | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: [10.0.25000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ [10.0.25000] and later | @@ -3063,7 +3063,7 @@ List of semi-colon delimited Package Family Names of Microsoft Store Apps. Liste | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `;`) | @@ -3090,7 +3090,7 @@ List of semi-colon delimited Package Family Names of Microsoft Store Apps. Liste | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: [10.0.25000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ [10.0.25000] and later | @@ -3113,7 +3113,7 @@ List of semi-colon delimited Package Family Names of Microsoft Store Apps. The u | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `;`) | @@ -3140,7 +3140,7 @@ List of semi-colon delimited Package Family Names of Microsoft Store Apps. The u | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -3177,7 +3177,7 @@ The most restrictive value is `2` to deny apps access to the device's location. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -3218,7 +3218,7 @@ The most restrictive value is `2` to deny apps access to the device's location. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -3253,7 +3253,7 @@ If an app is open when this Group Policy object is applied on a device, employee | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `;`) | @@ -3283,7 +3283,7 @@ If an app is open when this Group Policy object is applied on a device, employee | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -3318,7 +3318,7 @@ If an app is open when this Group Policy object is applied on a device, employee | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `;`) | @@ -3348,7 +3348,7 @@ If an app is open when this Group Policy object is applied on a device, employee | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -3383,7 +3383,7 @@ If an app is open when this Group Policy object is applied on a device, employee | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `;`) | @@ -3413,7 +3413,7 @@ If an app is open when this Group Policy object is applied on a device, employee | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -3450,7 +3450,7 @@ The most restrictive value is `2` to deny apps access to messaging. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -3491,7 +3491,7 @@ The most restrictive value is `2` to deny apps access to messaging. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -3526,7 +3526,7 @@ If an app is open when this Group Policy object is applied on a device, employee | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `;`) | @@ -3556,7 +3556,7 @@ If an app is open when this Group Policy object is applied on a device, employee | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -3591,7 +3591,7 @@ If an app is open when this Group Policy object is applied on a device, employee | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `;`) | @@ -3621,7 +3621,7 @@ If an app is open when this Group Policy object is applied on a device, employee | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -3656,7 +3656,7 @@ If an app is open when this Group Policy object is applied on a device, employee | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `;`) | @@ -3686,7 +3686,7 @@ If an app is open when this Group Policy object is applied on a device, employee | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -3723,7 +3723,7 @@ The most restrictive value is `2` to deny apps access to the microphone. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -3764,7 +3764,7 @@ The most restrictive value is `2` to deny apps access to the microphone. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -3799,7 +3799,7 @@ If an app is open when this Group Policy object is applied on a device, employee | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `;`) | @@ -3829,7 +3829,7 @@ If an app is open when this Group Policy object is applied on a device, employee | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -3864,7 +3864,7 @@ If an app is open when this Group Policy object is applied on a device, employee | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `;`) | @@ -3894,7 +3894,7 @@ If an app is open when this Group Policy object is applied on a device, employee | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -3929,7 +3929,7 @@ If an app is open when this Group Policy object is applied on a device, employee | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `;`) | @@ -3959,7 +3959,7 @@ If an app is open when this Group Policy object is applied on a device, employee | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -3996,7 +3996,7 @@ The most restrictive value is `2` to deny apps access to motion data. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -4037,7 +4037,7 @@ The most restrictive value is `2` to deny apps access to motion data. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -4072,7 +4072,7 @@ If an app is open when this Group Policy object is applied on a device, employee | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `;`) | @@ -4102,7 +4102,7 @@ If an app is open when this Group Policy object is applied on a device, employee | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -4137,7 +4137,7 @@ If an app is open when this Group Policy object is applied on a device, employee | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `;`) | @@ -4167,7 +4167,7 @@ If an app is open when this Group Policy object is applied on a device, employee | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -4202,7 +4202,7 @@ If an app is open when this Group Policy object is applied on a device, employee | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `;`) | @@ -4232,7 +4232,7 @@ If an app is open when this Group Policy object is applied on a device, employee | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -4269,7 +4269,7 @@ The most restrictive value is `2` to deny apps access to notifications. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -4310,7 +4310,7 @@ The most restrictive value is `2` to deny apps access to notifications. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -4345,7 +4345,7 @@ If an app is open when this Group Policy object is applied on a device, employee | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `;`) | @@ -4375,7 +4375,7 @@ If an app is open when this Group Policy object is applied on a device, employee | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -4410,7 +4410,7 @@ If an app is open when this Group Policy object is applied on a device, employee | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `;`) | @@ -4440,7 +4440,7 @@ If an app is open when this Group Policy object is applied on a device, employee | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -4475,7 +4475,7 @@ If an app is open when this Group Policy object is applied on a device, employee | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `;`) | @@ -4505,7 +4505,7 @@ If an app is open when this Group Policy object is applied on a device, employee | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -4542,7 +4542,7 @@ The most restrictive value is `2` to deny apps access to make phone calls. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -4583,7 +4583,7 @@ The most restrictive value is `2` to deny apps access to make phone calls. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -4618,7 +4618,7 @@ If an app is open when this Group Policy object is applied on a device, employee | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `;`) | @@ -4648,7 +4648,7 @@ If an app is open when this Group Policy object is applied on a device, employee | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -4683,7 +4683,7 @@ If an app is open when this Group Policy object is applied on a device, employee | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `;`) | @@ -4713,7 +4713,7 @@ If an app is open when this Group Policy object is applied on a device, employee | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -4748,7 +4748,7 @@ If an app is open when this Group Policy object is applied on a device, employee | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `;`) | @@ -4778,7 +4778,7 @@ If an app is open when this Group Policy object is applied on a device, employee | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -4815,7 +4815,7 @@ The most restrictive value is `2` to deny apps access to control radios. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -4856,7 +4856,7 @@ The most restrictive value is `2` to deny apps access to control radios. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -4891,7 +4891,7 @@ If an app is open when this Group Policy object is applied on a device, employee | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `;`) | @@ -4921,7 +4921,7 @@ If an app is open when this Group Policy object is applied on a device, employee | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -4956,7 +4956,7 @@ If an app is open when this Group Policy object is applied on a device, employee | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `;`) | @@ -4986,7 +4986,7 @@ If an app is open when this Group Policy object is applied on a device, employee | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -5021,7 +5021,7 @@ If an app is open when this Group Policy object is applied on a device, employee | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `;`) | @@ -5051,7 +5051,7 @@ If an app is open when this Group Policy object is applied on a device, employee | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -5086,7 +5086,7 @@ If an app is open when this Group Policy object is applied on a device, employee | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[0-2]` | | Default Value | 0 | @@ -5118,7 +5118,7 @@ If an app is open when this Group Policy object is applied on a device, employee | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -5153,7 +5153,7 @@ If an app is open when this Group Policy object is applied on a device, employee | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `;`) | @@ -5183,7 +5183,7 @@ If an app is open when this Group Policy object is applied on a device, employee | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -5218,7 +5218,7 @@ If an app is open when this Group Policy object is applied on a device, employee | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `;`) | @@ -5248,7 +5248,7 @@ If an app is open when this Group Policy object is applied on a device, employee | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -5283,7 +5283,7 @@ If an app is open when this Group Policy object is applied on a device, employee | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `;`) | @@ -5313,7 +5313,7 @@ If an app is open when this Group Policy object is applied on a device, employee | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -5350,7 +5350,7 @@ The most restrictive value is `2` to deny apps access trusted devices. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -5391,7 +5391,7 @@ The most restrictive value is `2` to deny apps access trusted devices. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -5426,7 +5426,7 @@ If an app is open when this Group Policy object is applied on a device, employee | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `;`) | @@ -5456,7 +5456,7 @@ If an app is open when this Group Policy object is applied on a device, employee | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -5491,7 +5491,7 @@ If an app is open when this Group Policy object is applied on a device, employee | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `;`) | @@ -5521,7 +5521,7 @@ If an app is open when this Group Policy object is applied on a device, employee | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -5556,7 +5556,7 @@ If an app is open when this Group Policy object is applied on a device, employee | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `;`) | @@ -5586,7 +5586,7 @@ If an app is open when this Group Policy object is applied on a device, employee | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1903 [10.0.18362] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later | @@ -5619,7 +5619,7 @@ This policy is applied to Windows apps and Cortana. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -5660,7 +5660,7 @@ This policy is applied to Windows apps and Cortana. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1903 [10.0.18362] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later | @@ -5693,7 +5693,7 @@ This policy is applied to Windows apps and Cortana. It takes precedence of the " | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -5734,7 +5734,7 @@ This policy is applied to Windows apps and Cortana. It takes precedence of the " | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -5771,7 +5771,7 @@ The most restrictive value is `2` to deny apps access to diagnostic data. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -5812,7 +5812,7 @@ The most restrictive value is `2` to deny apps access to diagnostic data. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -5847,7 +5847,7 @@ If an app is open when this Group Policy object is applied on a device, employee | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `;`) | @@ -5877,7 +5877,7 @@ If an app is open when this Group Policy object is applied on a device, employee | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -5912,7 +5912,7 @@ If an app is open when this Group Policy object is applied on a device, employee | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `;`) | @@ -5942,7 +5942,7 @@ If an app is open when this Group Policy object is applied on a device, employee | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -5977,7 +5977,7 @@ If an app is open when this Group Policy object is applied on a device, employee | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `;`) | @@ -6007,7 +6007,7 @@ If an app is open when this Group Policy object is applied on a device, employee | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -6046,7 +6046,7 @@ The most restrictive value is `2` to deny apps from running in the background. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -6087,7 +6087,7 @@ The most restrictive value is `2` to deny apps from running in the background. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -6122,7 +6122,7 @@ If an app is open when this Group Policy object is applied on a device, employee | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `;`) | @@ -6152,7 +6152,7 @@ If an app is open when this Group Policy object is applied on a device, employee | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -6187,7 +6187,7 @@ If an app is open when this Group Policy object is applied on a device, employee | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `;`) | @@ -6217,7 +6217,7 @@ If an app is open when this Group Policy object is applied on a device, employee | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -6252,7 +6252,7 @@ If an app is open when this Group Policy object is applied on a device, employee | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `;`) | @@ -6282,7 +6282,7 @@ If an app is open when this Group Policy object is applied on a device, employee | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -6319,7 +6319,7 @@ The most restrictive value is `2` to deny apps syncing with devices. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -6360,7 +6360,7 @@ The most restrictive value is `2` to deny apps syncing with devices. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -6395,7 +6395,7 @@ If an app is open when this Group Policy object is applied on a device, employee | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `;`) | @@ -6425,7 +6425,7 @@ If an app is open when this Group Policy object is applied on a device, employee | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -6460,7 +6460,7 @@ If an app is open when this Group Policy object is applied on a device, employee | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `;`) | @@ -6490,7 +6490,7 @@ If an app is open when this Group Policy object is applied on a device, employee | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -6525,7 +6525,7 @@ If an app is open when this Group Policy object is applied on a device, employee | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `;`) | @@ -6555,7 +6555,7 @@ If an app is open when this Group Policy object is applied on a device, employee | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -6584,7 +6584,7 @@ For more information, see [Windows activity history and your privacy](https://su | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -6624,7 +6624,7 @@ For more information, see [Windows activity history and your privacy](https://su | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -6654,7 +6654,7 @@ For more information, see [Windows activity history and your privacy](https://su | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | diff --git a/windows/client-management/mdm/policy-csp-remoteassistance.md b/windows/client-management/mdm/policy-csp-remoteassistance.md index 0e564b40f5..f461aaea70 100644 --- a/windows/client-management/mdm/policy-csp-remoteassistance.md +++ b/windows/client-management/mdm/policy-csp-remoteassistance.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -61,7 +61,7 @@ The "Display warning message before connecting" policy setting allows you to spe | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -93,7 +93,7 @@ The "Display warning message before connecting" policy setting allows you to spe | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -122,7 +122,7 @@ This policy setting allows you to turn logging on or off. Log files are located | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -154,7 +154,7 @@ This policy setting allows you to turn logging on or off. Log files are located | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -191,7 +191,7 @@ The "Select the method for sending email invitations" setting specifies which em | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -223,7 +223,7 @@ The "Select the method for sending email invitations" setting specifies which em | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -283,7 +283,7 @@ Allow Remote Desktop Exception. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-remotedesktop.md b/windows/client-management/mdm/policy-csp-remotedesktop.md index 6144dbef4f..de30e58549 100644 --- a/windows/client-management/mdm/policy-csp-remotedesktop.md +++ b/windows/client-management/mdm/policy-csp-remotedesktop.md @@ -4,7 +4,7 @@ description: Learn more about the RemoteDesktop Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 03/23/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -26,7 +26,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1370] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1370] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1370] and later
:heavy_check_mark: Windows 10, version 21H2 [10.0.19044.1370] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1370] and later
✅ Windows 10, version 2009 [10.0.19042.1370] and later
✅ Windows 10, version 21H1 [10.0.19043.1370] and later
✅ Windows 10, version 21H2 [10.0.19044.1370] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -53,7 +53,7 @@ To automatically subscribe to [Azure Virtual Desktop](/azure/virtual-desktop/ove | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `|`) | @@ -84,7 +84,7 @@ To automatically subscribe to [Azure Virtual Desktop](/azure/virtual-desktop/ove | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -109,7 +109,7 @@ This policy allows the user to load the data protection API (DPAPI) cred key fro | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | diff --git a/windows/client-management/mdm/policy-csp-remotedesktopservices.md b/windows/client-management/mdm/policy-csp-remotedesktopservices.md index c8aa5f13b5..239739fed5 100644 --- a/windows/client-management/mdm/policy-csp-remotedesktopservices.md +++ b/windows/client-management/mdm/policy-csp-remotedesktopservices.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -62,7 +62,7 @@ You can limit the number of users who can connect simultaneously by configuring | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -93,7 +93,7 @@ You can limit the number of users who can connect simultaneously by configuring | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -130,7 +130,7 @@ FIPS compliance can be configured through the System cryptography. Use FIPS comp | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -161,7 +161,7 @@ FIPS compliance can be configured through the System cryptography. Use FIPS comp | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -192,7 +192,7 @@ By default, an RD Session Host server maps client drives automatically upon conn | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -224,7 +224,7 @@ By default, an RD Session Host server maps client drives automatically upon conn | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -251,7 +251,7 @@ Controls whether passwords can be saved on this computer from Remote Desktop Con | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -283,7 +283,7 @@ Controls whether passwords can be saved on this computer from Remote Desktop Con | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later | @@ -312,7 +312,7 @@ By default, Remote Desktop allows redirection of WebAuthn requests. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -344,7 +344,7 @@ By default, Remote Desktop allows redirection of WebAuthn requests. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -377,7 +377,7 @@ By default, Remote Desktop Services allows users to automatically log on by ente | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -409,7 +409,7 @@ By default, Remote Desktop Services allows users to automatically log on by ente | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -443,7 +443,7 @@ If the status is set to Not Configured, unsecured communication is allowed. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-remotemanagement.md b/windows/client-management/mdm/policy-csp-remotemanagement.md index 1c99376bd4..79e8cdf2e6 100644 --- a/windows/client-management/mdm/policy-csp-remotemanagement.md +++ b/windows/client-management/mdm/policy-csp-remotemanagement.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -55,7 +55,7 @@ This policy setting allows you to manage whether the Windows Remote Management ( | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -87,7 +87,7 @@ This policy setting allows you to manage whether the Windows Remote Management ( | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -114,7 +114,7 @@ This policy setting allows you to manage whether the Windows Remote Management ( | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -146,7 +146,7 @@ This policy setting allows you to manage whether the Windows Remote Management ( | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -173,7 +173,7 @@ This policy setting allows you to manage whether the Windows Remote Management ( | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -205,7 +205,7 @@ This policy setting allows you to manage whether the Windows Remote Management ( | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -232,7 +232,7 @@ This policy setting allows you to manage whether the Windows Remote Management ( | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -264,7 +264,7 @@ This policy setting allows you to manage whether the Windows Remote Management ( | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -304,7 +304,7 @@ Example IPv6 filters:\n3FFE:FFFF:7654:FEDA:1245:BA98:0000:0000-3. FFE:FFFF:7654: | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -336,7 +336,7 @@ Example IPv6 filters:\n3FFE:FFFF:7654:FEDA:1245:BA98:0000:0000-3. FFE:FFFF:7654: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -363,7 +363,7 @@ This policy setting allows you to manage whether the Windows Remote Management ( | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -395,7 +395,7 @@ This policy setting allows you to manage whether the Windows Remote Management ( | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -422,7 +422,7 @@ This policy setting allows you to manage whether the Windows Remote Management ( | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -454,7 +454,7 @@ This policy setting allows you to manage whether the Windows Remote Management ( | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -481,7 +481,7 @@ This policy setting allows you to manage whether the Windows Remote Management ( | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -513,7 +513,7 @@ This policy setting allows you to manage whether the Windows Remote Management ( | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -540,7 +540,7 @@ This policy setting allows you to manage whether the Windows Remote Management ( | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -572,7 +572,7 @@ This policy setting allows you to manage whether the Windows Remote Management ( | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -599,7 +599,7 @@ This policy setting allows you to manage whether the Windows Remote Management ( | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -631,7 +631,7 @@ This policy setting allows you to manage whether the Windows Remote Management ( | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -660,7 +660,7 @@ If you enable and then disable this policy setting,any values that were previous | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -692,7 +692,7 @@ If you enable and then disable this policy setting,any values that were previous | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -725,7 +725,7 @@ If HardeningLevel is set to None, all requests are accepted (though they are not | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -757,7 +757,7 @@ If HardeningLevel is set to None, all requests are accepted (though they are not | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -784,7 +784,7 @@ This policy setting allows you to manage whether the Windows Remote Management ( | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -816,7 +816,7 @@ This policy setting allows you to manage whether the Windows Remote Management ( | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -847,7 +847,7 @@ A listener might be automatically created on port 80 to ensure backward compatib | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -879,7 +879,7 @@ A listener might be automatically created on port 80 to ensure backward compatib | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -910,7 +910,7 @@ A listener might be automatically created on port 443 to ensure backward compati | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-remoteprocedurecall.md b/windows/client-management/mdm/policy-csp-remoteprocedurecall.md index 1661c9101c..441e1e3670 100644 --- a/windows/client-management/mdm/policy-csp-remoteprocedurecall.md +++ b/windows/client-management/mdm/policy-csp-remoteprocedurecall.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -68,7 +68,7 @@ This policy setting impacts all RPC applications. In a domain environment this p | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -99,7 +99,7 @@ This policy setting impacts all RPC applications. In a domain environment this p | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -131,7 +131,7 @@ This policy setting controls whether RPC clients authenticate with the Endpoint | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-remoteshell.md b/windows/client-management/mdm/policy-csp-remoteshell.md index c7a1cff498..47b67eaf8a 100644 --- a/windows/client-management/mdm/policy-csp-remoteshell.md +++ b/windows/client-management/mdm/policy-csp-remoteshell.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -55,7 +55,7 @@ If you set this policy to 'disabled', new remote shell connections are rejected | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -87,7 +87,7 @@ If you set this policy to 'disabled', new remote shell connections are rejected | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -116,7 +116,7 @@ The value can be any number from 1 to 100. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -147,7 +147,7 @@ The value can be any number from 1 to 100. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -176,7 +176,7 @@ Any value from 0 to 0x7FFFFFFF can be set. A minimum of 60000 milliseconds (1 mi | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -207,7 +207,7 @@ Any value from 0 to 0x7FFFFFFF can be set. A minimum of 60000 milliseconds (1 mi | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -236,7 +236,7 @@ Any value from 0 to 0x7FFFFFFF can be set, where 0 equals unlimited memory, whic | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -267,7 +267,7 @@ Any value from 0 to 0x7FFFFFFF can be set, where 0 equals unlimited memory, whic | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -294,7 +294,7 @@ This policy setting configures the maximum number of processes a remote shell is | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -325,7 +325,7 @@ This policy setting configures the maximum number of processes a remote shell is | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -354,7 +354,7 @@ Any number from 0 to 0x7FFFFFFF cand be set, where 0 means unlimited number of s | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -385,7 +385,7 @@ Any number from 0 to 0x7FFFFFFF cand be set, where 0 means unlimited number of s | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -408,7 +408,7 @@ This policy setting is deprecated and has no effect when set to any state: Enabl | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-restrictedgroups.md b/windows/client-management/mdm/policy-csp-restrictedgroups.md index f148ceb767..24a1da37ef 100644 --- a/windows/client-management/mdm/policy-csp-restrictedgroups.md +++ b/windows/client-management/mdm/policy-csp-restrictedgroups.md @@ -4,7 +4,7 @@ description: Learn more about the RestrictedGroups Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 03/23/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -31,7 +31,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -63,7 +63,7 @@ This security setting allows an administrator to define the members of a securit | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-search.md b/windows/client-management/mdm/policy-csp-search.md index badb2712d0..6b860a78dc 100644 --- a/windows/client-management/mdm/policy-csp-search.md +++ b/windows/client-management/mdm/policy-csp-search.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -51,7 +51,7 @@ Allow search and Cortana to search cloud sources like OneDrive and SharePoint. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -91,7 +91,7 @@ Allow search and Cortana to search cloud sources like OneDrive and SharePoint. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -114,7 +114,7 @@ Allow the cortana opt-in page during windows setup out of the box experience. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -154,7 +154,7 @@ Allow the cortana opt-in page during windows setup out of the box experience. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1903 [10.0.18362] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later | @@ -179,7 +179,7 @@ This policy controls whether the user can configure search to *Find My Files* mo | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -214,7 +214,7 @@ This policy controls whether the user can configure search to *Find My Files* mo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -251,7 +251,7 @@ The most restrictive value is `0` to not allow indexing of encrypted items. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -291,7 +291,7 @@ The most restrictive value is `0` to not allow indexing of encrypted items. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | | @@ -321,7 +321,7 @@ Disabling this setting turns off search highlights in the start menu search box | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[0-1]` | | Default Value | 1 | @@ -353,7 +353,7 @@ Disabling this setting turns off search highlights in the start menu search box | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -380,7 +380,7 @@ The most restrictive value is `0` to not allow search to use location. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -420,7 +420,7 @@ The most restrictive value is `0` to not allow search to use location. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -443,7 +443,7 @@ This policy has been deprecated. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -469,7 +469,7 @@ This policy has been deprecated. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -501,7 +501,7 @@ The most restrictive value is `0` to not allow the use of diacritics. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -541,7 +541,7 @@ The most restrictive value is `0` to not allow the use of diacritics. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -564,7 +564,7 @@ Allow Windows indexer. Value type is integer. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[0-3]` | | Default Value | 3 | @@ -582,7 +582,7 @@ Allow Windows indexer. Value type is integer. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -610,7 +610,7 @@ The most restrictive value is `0` to now allow automatic language detection. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -650,7 +650,7 @@ The most restrictive value is `0` to now allow automatic language detection. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows Insider Preview | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows Insider Preview | @@ -683,7 +683,7 @@ This policy setting allows you to configure search on the taskbar. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 3 | @@ -725,7 +725,7 @@ This policy setting allows you to configure search on the taskbar. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -748,7 +748,7 @@ If enabled, the search indexer backoff feature will be disabled. Indexing will c | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -788,7 +788,7 @@ If enabled, the search indexer backoff feature will be disabled. Indexing will c | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -815,7 +815,7 @@ This policy setting configures whether or not locations on removable drives can | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -855,7 +855,7 @@ This policy setting configures whether or not locations on removable drives can | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later | @@ -881,7 +881,7 @@ This policy setting configures whether or not locations on removable drives can | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -921,7 +921,7 @@ This policy setting configures whether or not locations on removable drives can | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -950,7 +950,7 @@ This policy setting allows you to control whether or not Search can perform quer | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -990,7 +990,7 @@ This policy setting allows you to control whether or not Search can perform quer | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -1013,7 +1013,7 @@ Enabling this policy prevents indexing from continuing after less than the speci | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -1052,7 +1052,7 @@ Enabling this policy prevents indexing from continuing after less than the speci | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -1075,7 +1075,7 @@ If enabled, clients will be unable to query this computer's index remotely. Thus | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -1118,7 +1118,7 @@ If enabled, clients will be unable to query this computer's index remotely. Thus | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:x: Pro
:x: Enterprise
:x: Education
:x: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -1141,7 +1141,7 @@ This policy is deprecated. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | diff --git a/windows/client-management/mdm/policy-csp-security.md b/windows/client-management/mdm/policy-csp-security.md index da0b3fb337..fc91e1eb56 100644 --- a/windows/client-management/mdm/policy-csp-security.md +++ b/windows/client-management/mdm/policy-csp-security.md @@ -4,7 +4,7 @@ description: Learn more about the Security Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 03/23/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -26,7 +26,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -49,7 +49,7 @@ Specifies whether to allow the runtime configuration agent to install provisioni | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -78,7 +78,7 @@ Specifies whether to allow the runtime configuration agent to install provisioni | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:x: Pro
:x: Enterprise
:x: Education
:x: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -101,7 +101,7 @@ This policy is deprecated. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -127,7 +127,7 @@ This policy is deprecated. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -150,7 +150,7 @@ Specifies whether to allow the runtime configuration agent to remove provisionin | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -179,7 +179,7 @@ Specifies whether to allow the runtime configuration agent to remove provisionin | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:x: Pro
:x: Enterprise
:x: Education
:x: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -202,7 +202,7 @@ This policy is deprecated. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -228,7 +228,7 @@ This policy is deprecated. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -251,7 +251,7 @@ This policy setting configures the system to prompt the user to clear the TPM if | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -291,7 +291,7 @@ This policy setting configures the system to prompt the user to clear the TPM if | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -316,7 +316,7 @@ Configures the use of passwords for Windows features. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 2 | @@ -343,7 +343,7 @@ Configures the use of passwords for Windows features. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -368,7 +368,7 @@ For more information, see [BitLocker Device Encryption](/windows/security/inform | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -394,7 +394,7 @@ For more information, see [BitLocker Device Encryption](/windows/security/inform | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later | @@ -442,7 +442,7 @@ The following table shows what behavior is expected for the policy settings with | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -469,7 +469,7 @@ The following table shows what behavior is expected for the policy settings with | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -492,7 +492,7 @@ Allows enterprise to turn on internal storage encryption. Most restricted value | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -518,7 +518,7 @@ Allows enterprise to turn on internal storage encryption. Most restricted value | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -541,7 +541,7 @@ Specifies whether provisioning packages must have a certificate signed by a devi | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -567,7 +567,7 @@ Specifies whether provisioning packages must have a certificate signed by a devi | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -593,7 +593,7 @@ Specifies whether to retrieve and post TCG Boot logs, and get or cache an encryp | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | diff --git a/windows/client-management/mdm/policy-csp-servicecontrolmanager.md b/windows/client-management/mdm/policy-csp-servicecontrolmanager.md index 92e2b28765..4aed2782cb 100644 --- a/windows/client-management/mdm/policy-csp-servicecontrolmanager.md +++ b/windows/client-management/mdm/policy-csp-servicecontrolmanager.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:x: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:x: Windows SE | :heavy_check_mark: Windows 10, version 1903 [10.0.18362] and later | +| ✅ Device
❌ User | ❌ Pro
✅ Enterprise
✅ Education
❌ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later | @@ -62,7 +62,7 @@ If you enable this policy, it adds code integrity guard (CIG) and arbitrary code | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-settings.md b/windows/client-management/mdm/policy-csp-settings.md index 4102db4c23..579400ce44 100644 --- a/windows/client-management/mdm/policy-csp-settings.md +++ b/windows/client-management/mdm/policy-csp-settings.md @@ -4,7 +4,7 @@ description: Learn more about the Settings Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 03/23/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -26,7 +26,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -52,7 +52,7 @@ Allows the user to change Auto Play settings. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -78,7 +78,7 @@ Allows the user to change Auto Play settings. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -104,7 +104,7 @@ Allows the user to change Data Sense settings. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -130,7 +130,7 @@ Allows the user to change Data Sense settings. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -153,7 +153,7 @@ Allows the user to change date and time settings. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -179,7 +179,7 @@ Allows the user to change date and time settings. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -202,7 +202,7 @@ Allows the user to edit the device name. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -228,7 +228,7 @@ Allows the user to edit the device name. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -251,7 +251,7 @@ Allows the user to change the language settings. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -277,7 +277,7 @@ Allows the user to change the language settings. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -302,7 +302,7 @@ If disabled, Settings will not contact Microsoft content services to retrieve ti | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -342,7 +342,7 @@ If disabled, Settings will not contact Microsoft content services to retrieve ti | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -365,7 +365,7 @@ Allows the user to change power and sleep settings. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -391,7 +391,7 @@ Allows the user to change power and sleep settings. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -414,7 +414,7 @@ Allows the user to change the region settings. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -440,7 +440,7 @@ Allows the user to change the region settings. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -463,7 +463,7 @@ Allows the user to change sign-in options. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -489,7 +489,7 @@ Allows the user to change sign-in options. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -512,7 +512,7 @@ Allows the user to change VPN settings. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -538,7 +538,7 @@ Allows the user to change VPN settings. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -561,7 +561,7 @@ Allows user to change workplace settings. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -587,7 +587,7 @@ Allows user to change workplace settings. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -610,7 +610,7 @@ Allows user to change account settings. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -636,7 +636,7 @@ Allows user to change account settings. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -665,7 +665,7 @@ By default, the calendar is set according to the locale of the operating system, | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -707,7 +707,7 @@ By default, the calendar is set according to the locale of the operating system, | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -756,7 +756,7 @@ To validate this policy, use the following steps: | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-settingssync.md b/windows/client-management/mdm/policy-csp-settingssync.md index 6b07bd1695..cd348c3428 100644 --- a/windows/client-management/mdm/policy-csp-settingssync.md +++ b/windows/client-management/mdm/policy-csp-settingssync.md @@ -30,7 +30,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows Insider Preview | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows Insider Preview | @@ -59,7 +59,7 @@ If you do not set or disable this setting, syncing of the "accessibility" group | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -91,7 +91,7 @@ If you do not set or disable this setting, syncing of the "accessibility" group | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows Insider Preview | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows Insider Preview | @@ -113,7 +113,7 @@ If you do not set or disable this setting, syncing of the "accessibility" group | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-smartscreen.md b/windows/client-management/mdm/policy-csp-smartscreen.md index 8c3978aae7..5d3adfc05d 100644 --- a/windows/client-management/mdm/policy-csp-smartscreen.md +++ b/windows/client-management/mdm/policy-csp-smartscreen.md @@ -4,7 +4,7 @@ description: Learn more about the SmartScreen Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 03/23/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -26,7 +26,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -65,7 +65,7 @@ App Install Control is a feature of Windows Defender SmartScreen that helps prot | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -105,7 +105,7 @@ App Install Control is a feature of Windows Defender SmartScreen that helps prot | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -143,7 +143,7 @@ Some information is sent to Microsoft about files and programs run on PCs with t | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -183,7 +183,7 @@ Some information is sent to Microsoft about files and programs run on PCs with t | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -221,7 +221,7 @@ Some information is sent to Microsoft about files and programs run on PCs with t | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | diff --git a/windows/client-management/mdm/policy-csp-speech.md b/windows/client-management/mdm/policy-csp-speech.md index 967b68b67e..58eef7e770 100644 --- a/windows/client-management/mdm/policy-csp-speech.md +++ b/windows/client-management/mdm/policy-csp-speech.md @@ -4,7 +4,7 @@ description: Learn more about the Speech Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 01/09/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -26,7 +26,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -53,7 +53,7 @@ If enabled (default), the device will periodically check for updated speech mode | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | diff --git a/windows/client-management/mdm/policy-csp-start.md b/windows/client-management/mdm/policy-csp-start.md index 2907090931..3d078e6ef4 100644 --- a/windows/client-management/mdm/policy-csp-start.md +++ b/windows/client-management/mdm/policy-csp-start.md @@ -26,7 +26,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -49,7 +49,7 @@ This policy controls the visibility of the Documents shortcut on the Start menu. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 65535 | @@ -76,7 +76,7 @@ This policy controls the visibility of the Documents shortcut on the Start menu. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -99,7 +99,7 @@ This policy controls the visibility of the Downloads shortcut on the Start menu. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 65535 | @@ -126,7 +126,7 @@ This policy controls the visibility of the Downloads shortcut on the Start menu. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -149,7 +149,7 @@ This policy controls the visibility of the File Explorer shortcut on the Start m | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 65535 | @@ -176,7 +176,7 @@ This policy controls the visibility of the File Explorer shortcut on the Start m | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -199,7 +199,7 @@ This policy controls the visibility of the HomeGroup shortcut on the Start menu. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 65535 | @@ -226,7 +226,7 @@ This policy controls the visibility of the HomeGroup shortcut on the Start menu. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -249,7 +249,7 @@ This policy controls the visibility of the Music shortcut on the Start menu. The | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 65535 | @@ -276,7 +276,7 @@ This policy controls the visibility of the Music shortcut on the Start menu. The | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -299,7 +299,7 @@ This policy controls the visibility of the Network shortcut on the Start menu. T | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 65535 | @@ -326,7 +326,7 @@ This policy controls the visibility of the Network shortcut on the Start menu. T | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -349,7 +349,7 @@ This policy controls the visibility of the PersonalFolder shortcut on the Start | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 65535 | @@ -376,7 +376,7 @@ This policy controls the visibility of the PersonalFolder shortcut on the Start | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -399,7 +399,7 @@ This policy controls the visibility of the Pictures shortcut on the Start menu. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 65535 | @@ -426,7 +426,7 @@ This policy controls the visibility of the Pictures shortcut on the Start menu. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -449,7 +449,7 @@ This policy controls the visibility of the Settings shortcut on the Start menu. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 65535 | @@ -476,7 +476,7 @@ This policy controls the visibility of the Settings shortcut on the Start menu. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -499,7 +499,7 @@ This policy controls the visibility of the Videos shortcut on the Start menu. Th | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 65535 | @@ -526,7 +526,7 @@ This policy controls the visibility of the Videos shortcut on the Start menu. Th | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -559,7 +559,7 @@ This string policy takes a JSON file named `LayoutModification.json`. The file e | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -584,7 +584,7 @@ This string policy takes a JSON file named `LayoutModification.json`. The file e | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -613,7 +613,7 @@ If you enable this policy, then invocations of context menus within the Start Me | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -653,7 +653,7 @@ If you enable this policy, then invocations of context menus within the Start Me | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later | @@ -682,7 +682,7 @@ A reboot is required for this policy setting to take effect. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -721,7 +721,7 @@ A reboot is required for this policy setting to take effect. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later | @@ -747,7 +747,7 @@ A reboot is required for this policy setting to take effect. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -787,7 +787,7 @@ A reboot is required for this policy setting to take effect. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -819,7 +819,7 @@ If there's a policy configuration conflict, the latest configuration request is | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -859,7 +859,7 @@ If there's a policy configuration conflict, the latest configuration request is | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -903,7 +903,7 @@ To validate this policy, do the following steps: | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -931,7 +931,7 @@ To validate this policy, do the following steps: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -954,7 +954,7 @@ Enabling this policy hides "Change account settings" from appearing in the user | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -980,7 +980,7 @@ Enabling this policy hides "Change account settings" from appearing in the user | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -1022,7 +1022,7 @@ To validate this policy, do the following steps: | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -1062,7 +1062,7 @@ To validate this policy, do the following steps: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -1088,7 +1088,7 @@ Enabling this policy hides "Hibernate" from appearing in the power button in the | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -1114,7 +1114,7 @@ Enabling this policy hides "Hibernate" from appearing in the power button in the | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -1137,7 +1137,7 @@ Enabling this policy hides "Lock" from appearing in the user tile in the start m | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | | Dependency [Start_HideLock_DependencyGroup] | Dependency Type: `DependsOn`
Dependency URI: `Device/Vendor/MSFT/Policy/Config/Start/HideUserTile`
Dependency Allowed Value: `[0]`
Dependency Allowed Value Type: `Range`
| @@ -1164,7 +1164,7 @@ Enabling this policy hides "Lock" from appearing in the user tile in the start m | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -1189,7 +1189,7 @@ If you enable this policy the people icon will be removed from the taskbar, the | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -1229,7 +1229,7 @@ If you enable this policy the people icon will be removed from the taskbar, the | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -1255,7 +1255,7 @@ Enabling this policy hides the power button from appearing in the start menu. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -1281,7 +1281,7 @@ Enabling this policy hides the power button from appearing in the start menu. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -1323,7 +1323,7 @@ To validate this policy, do the following steps: | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -1349,7 +1349,7 @@ To validate this policy, do the following steps: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -1390,7 +1390,7 @@ To validate this policy, do the following steps: | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -1430,7 +1430,7 @@ To validate this policy, do the following steps: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | | @@ -1457,7 +1457,7 @@ This policy setting allows you to hide the personalized websites in the recommen | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -1492,7 +1492,7 @@ This policy setting allows you to hide the personalized websites in the recommen | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later | @@ -1521,7 +1521,7 @@ If you enable this policy setting, the Start Menu will no longer show the sectio | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -1561,7 +1561,7 @@ If you enable this policy setting, the Start Menu will no longer show the sectio | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -1584,7 +1584,7 @@ Enabling this policy hides "Restart/Update and restart" from appearing in the po | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -1610,7 +1610,7 @@ Enabling this policy hides "Restart/Update and restart" from appearing in the po | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -1633,7 +1633,7 @@ Enabling this policy hides "Shut down/Update and shut down" from appearing in th | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -1659,7 +1659,7 @@ Enabling this policy hides "Shut down/Update and shut down" from appearing in th | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -1682,7 +1682,7 @@ Enabling this policy hides "Sign out" from appearing in the user tile in the sta | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | | Dependency [Start_HideSignOut_DependencyGroup] | Dependency Type: `DependsOn`
Dependency URI: `Device/Vendor/MSFT/Policy/Config/Start/HideUserTile`
Dependency Allowed Value: `[0]`
Dependency Allowed Value Type: `Range`
| @@ -1709,7 +1709,7 @@ Enabling this policy hides "Sign out" from appearing in the user tile in the sta | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -1732,7 +1732,7 @@ Enabling this policy hides "Sleep" from appearing in the power button in the sta | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -1758,7 +1758,7 @@ Enabling this policy hides "Sleep" from appearing in the power button in the sta | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -1781,7 +1781,7 @@ Enabling this policy hides "Switch account" from appearing in the user tile in t | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -1807,7 +1807,7 @@ Enabling this policy hides "Switch account" from appearing in the user tile in t | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later | @@ -1836,7 +1836,7 @@ If you enable this policy setting, the TaskView button will be hidden and the Se | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -1876,7 +1876,7 @@ If you enable this policy setting, the TaskView button will be hidden and the Se | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -1902,7 +1902,7 @@ Enabling this policy hides the user tile from appearing in the start menu. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -1928,7 +1928,7 @@ Enabling this policy hides the user tile from appearing in the start menu. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -1968,7 +1968,7 @@ To validate this policy, do the following steps: | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1984,7 +1984,7 @@ To validate this policy, do the following steps: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -2018,7 +2018,7 @@ To validate this policy, do the following steps: | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -2044,7 +2044,7 @@ To validate this policy, do the following steps: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2079,7 +2079,7 @@ Note configuring this policy to "Show" or "Hide" on supported versions of Window | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -2119,7 +2119,7 @@ Note configuring this policy to "Show" or "Hide" on supported versions of Window | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later | @@ -2145,7 +2145,7 @@ Note configuring this policy to "Show" or "Hide" on supported versions of Window | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -2185,7 +2185,7 @@ Note configuring this policy to "Show" or "Hide" on supported versions of Window | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -2223,7 +2223,7 @@ For more information on how to customize the Start layout, see [Customize the St | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-stickers.md b/windows/client-management/mdm/policy-csp-stickers.md index d57c186ddb..204d831614 100644 --- a/windows/client-management/mdm/policy-csp-stickers.md +++ b/windows/client-management/mdm/policy-csp-stickers.md @@ -4,7 +4,7 @@ description: Learn more about the Stickers Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/01/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -26,7 +26,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:x: Pro
:x: Enterprise
:x: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later | +| ✅ Device
❌ User | ❌ Pro
❌ Enterprise
❌ Education
✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later | @@ -49,7 +49,7 @@ This policy setting allows you to control whether you want to allow stickers to | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | diff --git a/windows/client-management/mdm/policy-csp-storage.md b/windows/client-management/mdm/policy-csp-storage.md index 598a78f960..1c5a0027b5 100644 --- a/windows/client-management/mdm/policy-csp-storage.md +++ b/windows/client-management/mdm/policy-csp-storage.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -60,7 +60,7 @@ Same as Enabled. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -100,7 +100,7 @@ Same as Enabled. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1903 [10.0.18362] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later | @@ -132,7 +132,7 @@ By default, Storage Sense is turned off until the user runs into low disk space | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -172,7 +172,7 @@ By default, Storage Sense is turned off until the user runs into low disk space | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1903 [10.0.18362] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later | @@ -206,7 +206,7 @@ By default, Storage Sense will delete the user's temporary files. Users can conf | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -246,7 +246,7 @@ By default, Storage Sense will delete the user's temporary files. Users can conf | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1903 [10.0.18362] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later | @@ -278,7 +278,7 @@ By default, Storage Sense will not dehydrate any cloud-backed content. Users can | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[0-365]` | | Default Value | 0 | @@ -309,7 +309,7 @@ By default, Storage Sense will not dehydrate any cloud-backed content. Users can | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1903 [10.0.18362] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later | @@ -341,7 +341,7 @@ By default, Storage Sense will not delete files in the user's Downloads folder. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[0-365]` | | Default Value | 0 | @@ -372,7 +372,7 @@ By default, Storage Sense will not delete files in the user's Downloads folder. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1903 [10.0.18362] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later | @@ -410,7 +410,7 @@ Use the following integer values for the supported options: | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[0-4294967295]` | | Default Value | 0 | @@ -441,7 +441,7 @@ Use the following integer values for the supported options: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1903 [10.0.18362] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later | @@ -473,7 +473,7 @@ By default, Storage Sense will delete files in the user's Recycle Bin that have | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[0-365]` | | Default Value | 30 | @@ -504,7 +504,7 @@ By default, Storage Sense will delete files in the user's Recycle Bin that have | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -531,7 +531,7 @@ This policy setting configures whether or not Windows will activate an Enhanced | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -563,7 +563,7 @@ This policy setting configures whether or not Windows will activate an Enhanced | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later | @@ -593,7 +593,7 @@ This policy setting denies write access to removable disks. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -632,7 +632,7 @@ This policy setting denies write access to removable disks. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -670,7 +670,7 @@ To enable this policy, the minimum OS requirement is Windows 10, version 1809 an | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -702,7 +702,7 @@ To enable this policy, the minimum OS requirement is Windows 10, version 1809 an | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -740,7 +740,7 @@ To enable this policy, the minimum OS requirement is Windows 10, version 1809 an | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -772,7 +772,7 @@ To enable this policy, the minimum OS requirement is Windows 10, version 1809 an | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -810,7 +810,7 @@ To enable this policy, the minimum OS requirement is Windows 10, version 1809 an | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -842,7 +842,7 @@ To enable this policy, the minimum OS requirement is Windows 10, version 1809 an | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -880,7 +880,7 @@ To enable this policy, the minimum OS requirement is Windows 10, version 1809 an | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-system.md b/windows/client-management/mdm/policy-csp-system.md index 6b4ab26843..b0fa9f686b 100644 --- a/windows/client-management/mdm/policy-csp-system.md +++ b/windows/client-management/mdm/policy-csp-system.md @@ -30,7 +30,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -59,7 +59,7 @@ This policy is only supported up to Windows 10, Version 1703. Please use 'Manage | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 2 | @@ -100,7 +100,7 @@ This policy is only supported up to Windows 10, Version 1703. Please use 'Manage | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1903 [10.0.18362] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later | @@ -136,7 +136,7 @@ See the documentation at for i | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -175,7 +175,7 @@ See the documentation at for i | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763.1217] and later
:heavy_check_mark: Windows 10, version 1903 [10.0.18362.836] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763.1217] and later
✅ Windows 10, version 1903 [10.0.18362.836] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -210,7 +210,7 @@ This setting has no effect on devices unless they are properly enrolled in Deskt | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -249,7 +249,7 @@ This setting has no effect on devices unless they are properly enrolled in Deskt | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later | @@ -274,7 +274,7 @@ If you disable or do not configure this policy setting, then device name will no | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -313,7 +313,7 @@ If you disable or do not configure this policy setting, then device name will no | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -336,7 +336,7 @@ Specifies whether set general purpose device to be in embedded mode. Most restri | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -362,7 +362,7 @@ Specifies whether set general purpose device to be in embedded mode. Most restri | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -387,7 +387,7 @@ Specifies whether set general purpose device to be in embedded mode. Most restri | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -414,7 +414,7 @@ Specifies whether set general purpose device to be in embedded mode. Most restri | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -449,7 +449,7 @@ This setting is used by lower-level components for text display and fond handlin | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -489,7 +489,7 @@ This setting is used by lower-level components for text display and fond handlin | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -512,7 +512,7 @@ Specifies whether to allow app access to the Location service. Most restricted v | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -553,7 +553,7 @@ Specifies whether to allow app access to the Location service. Most restricted v | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763.1217] and later
:heavy_check_mark: Windows 10, version 1903 [10.0.18362.836] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763.1217] and later
✅ Windows 10, version 1903 [10.0.18362.836] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -582,7 +582,7 @@ This setting has no effect on devices unless they are properly enrolled in Micro | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -608,7 +608,7 @@ This setting has no effect on devices unless they are properly enrolled in Micro | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -631,7 +631,7 @@ Controls whether the user is allowed to use the storage card for device storage. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -657,7 +657,7 @@ Controls whether the user is allowed to use the storage card for device storage. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -693,7 +693,7 @@ The "Configure diagnostic data opt-in settings user interface" group policy can | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -733,7 +733,7 @@ The "Configure diagnostic data opt-in settings user interface" group policy can | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763.1217] and later
:heavy_check_mark: Windows 10, version 1903 [10.0.18362.836] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763.1217] and later
✅ Windows 10, version 1903 [10.0.18362.836] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -768,7 +768,7 @@ If you disable or do not configure this policy setting, devices will not appear | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -807,7 +807,7 @@ If you disable or do not configure this policy setting, devices will not appear | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -830,7 +830,7 @@ Specifies whether to allow the user to factory reset the device by using control | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -856,7 +856,7 @@ Specifies whether to allow the user to factory reset the device by using control | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763.1217] and later
:heavy_check_mark: Windows 10, version 1903 [10.0.18362.836] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763.1217] and later
✅ Windows 10, version 1903 [10.0.18362.836] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -890,7 +890,7 @@ If you disable or do not configure this policy setting, devices enrolled to the | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -929,7 +929,7 @@ If you disable or do not configure this policy setting, devices enrolled to the | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -963,7 +963,7 @@ If your malware detection application does not include an Early Launch Antimalwa | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -995,7 +995,7 @@ If your malware detection application does not include an Early Launch Antimalwa | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later | @@ -1021,7 +1021,7 @@ The value for this setting will be provided by Microsoft as part of the onboardi | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1051,7 +1051,7 @@ The value for this setting will be provided by Microsoft as part of the onboardi | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -1078,7 +1078,7 @@ If you set this policy setting to "Enable diagnostic data change notifications" | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -1117,7 +1117,7 @@ If you set this policy setting to "Enable diagnostic data change notifications" | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -1147,7 +1147,7 @@ To set a limit on the amount of diagnostic data that is sent to Microsoft by you | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -1186,7 +1186,7 @@ To set a limit on the amount of diagnostic data that is sent to Microsoft by you | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later | @@ -1213,7 +1213,7 @@ This policy setting controls whether the Delete diagnostic data button is enable | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -1252,7 +1252,7 @@ This policy setting controls whether the Delete diagnostic data button is enable | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later | @@ -1279,7 +1279,7 @@ This policy setting controls whether users can enable and launch the Diagnostic | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -1318,7 +1318,7 @@ This policy setting controls whether users can enable and launch the Diagnostic | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1903 [10.0.18362] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later | @@ -1341,7 +1341,7 @@ This group policy allows control over whether the DirectX Database Updater task | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -1376,7 +1376,7 @@ This group policy allows control over whether the DirectX Database Updater task | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -1399,7 +1399,7 @@ This policy setting blocks the Connected User Experience and Telemetry service f | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -1438,7 +1438,7 @@ This policy setting blocks the Connected User Experience and Telemetry service f | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -1471,7 +1471,7 @@ This policy setting lets you prevent apps and features from working with files o | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -1511,7 +1511,7 @@ This policy setting lets you prevent apps and features from working with files o | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1538,7 +1538,7 @@ This policy setting controls whether Windows attempts to connect with the OneSet | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -1577,7 +1577,7 @@ This policy setting controls whether Windows attempts to connect with the OneSet | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -1610,7 +1610,7 @@ Also, see the "Turn off System Restore configuration" policy setting. If the "Tu | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1642,7 +1642,7 @@ Also, see the "Turn off System Restore configuration" policy setting. If the "Tu | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1669,7 +1669,7 @@ This policy setting controls whether Windows records attempts to connect with th | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -1708,7 +1708,7 @@ This policy setting controls whether Windows records attempts to connect with th | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -1731,7 +1731,7 @@ Diagnostic files created when a feedback is filed in the Feedback Hub app will a | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -1757,7 +1757,7 @@ Diagnostic files created when a feedback is filed in the Feedback Hub app will a | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows Insider Preview | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows Insider Preview | @@ -1784,7 +1784,7 @@ This policy controls messages which are shown when Windows is running on a devic | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -1824,7 +1824,7 @@ This policy controls messages which are shown when Windows is running on a devic | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1851,7 +1851,7 @@ If you disable or do not configure this policy setting, we may occasionally coll | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -1890,7 +1890,7 @@ If you disable or do not configure this policy setting, we may occasionally coll | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1917,7 +1917,7 @@ If you disable or do not configure this policy setting, we may occasionally coll | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -1956,7 +1956,7 @@ If you disable or do not configure this policy setting, we may occasionally coll | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -1991,7 +1991,7 @@ If you disable or do not configure this policy setting, diagnostic data collecti | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -2030,7 +2030,7 @@ If you disable or do not configure this policy setting, diagnostic data collecti | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -2057,7 +2057,7 @@ The format for this setting is ``:`` | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2087,7 +2087,7 @@ The format for this setting is ``:`` | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1903 [10.0.18362] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later | @@ -2114,7 +2114,7 @@ This policy setting allows you to turn off File History. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | diff --git a/windows/client-management/mdm/policy-csp-systemservices.md b/windows/client-management/mdm/policy-csp-systemservices.md index 7cfbd6b1fa..86d77f042f 100644 --- a/windows/client-management/mdm/policy-csp-systemservices.md +++ b/windows/client-management/mdm/policy-csp-systemservices.md @@ -4,7 +4,7 @@ description: Learn more about the SystemServices Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 01/09/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -26,7 +26,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -49,7 +49,7 @@ This setting determines whether the service's start type is Automatic(2), Manual | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[2-4]` | | Default Value | 3 | @@ -76,7 +76,7 @@ This setting determines whether the service's start type is Automatic(2), Manual | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -99,7 +99,7 @@ This setting determines whether the service's start type is Automatic(2), Manual | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[2-4]` | | Default Value | 3 | @@ -126,7 +126,7 @@ This setting determines whether the service's start type is Automatic(2), Manual | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -149,7 +149,7 @@ This setting determines whether the service's start type is Automatic(2), Manual | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 3 | @@ -185,7 +185,7 @@ This setting determines whether the service's start type is Automatic(2), Manual | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -208,7 +208,7 @@ This setting determines whether the service's start type is Automatic(2), Manual | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 3 | @@ -244,7 +244,7 @@ This setting determines whether the service's start type is Automatic(2), Manual | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -267,7 +267,7 @@ This setting determines whether the service's start type is Automatic(2), Manual | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 3 | @@ -303,7 +303,7 @@ This setting determines whether the service's start type is Automatic(2), Manual | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -326,7 +326,7 @@ This setting determines whether the service's start type is Automatic(2), Manual | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 3 | diff --git a/windows/client-management/mdm/policy-csp-taskmanager.md b/windows/client-management/mdm/policy-csp-taskmanager.md index 398334874d..e98120e09d 100644 --- a/windows/client-management/mdm/policy-csp-taskmanager.md +++ b/windows/client-management/mdm/policy-csp-taskmanager.md @@ -4,7 +4,7 @@ description: Learn more about the TaskManager Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 03/23/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -26,7 +26,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later | @@ -49,7 +49,7 @@ This setting determines whether non-administrators can use Task Manager to end t | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | diff --git a/windows/client-management/mdm/policy-csp-taskscheduler.md b/windows/client-management/mdm/policy-csp-taskscheduler.md index 855e816358..04de59a638 100644 --- a/windows/client-management/mdm/policy-csp-taskscheduler.md +++ b/windows/client-management/mdm/policy-csp-taskscheduler.md @@ -4,7 +4,7 @@ description: Learn more about the TaskScheduler Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 01/09/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -26,7 +26,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -49,7 +49,7 @@ This setting determines whether the specific task is enabled (1) or disabled (0) | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | diff --git a/windows/client-management/mdm/policy-csp-tenantdefinedtelemetry.md b/windows/client-management/mdm/policy-csp-tenantdefinedtelemetry.md index a3d3f7355e..d5880e8a2f 100644 --- a/windows/client-management/mdm/policy-csp-tenantdefinedtelemetry.md +++ b/windows/client-management/mdm/policy-csp-tenantdefinedtelemetry.md @@ -4,7 +4,7 @@ description: Learn more about the TenantDefinedTelemetry Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 01/09/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -26,7 +26,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:x: Pro
:x: Enterprise
:x: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later | +| ✅ Device
❌ User | ❌ Pro
❌ Enterprise
❌ Education
✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later | @@ -49,7 +49,7 @@ This policy is used to let mission control what type of Edition we are currently | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | diff --git a/windows/client-management/mdm/policy-csp-tenantrestrictions.md b/windows/client-management/mdm/policy-csp-tenantrestrictions.md index 6741a05f01..8b1720e1fa 100644 --- a/windows/client-management/mdm/policy-csp-tenantrestrictions.md +++ b/windows/client-management/mdm/policy-csp-tenantrestrictions.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: [10.0.20348.320] and later
:heavy_check_mark: Windows 10, version 2004 [10.0.19041.1320] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1320] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1320] and later
:heavy_check_mark: Windows 10, version 21H2 [10.0.19044] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ [10.0.20348.320] and later
✅ Windows 10, version 2004 [10.0.19041.1320] and later
✅ Windows 10, version 2009 [10.0.19042.1320] and later
✅ Windows 10, version 21H1 [10.0.19043.1320] and later
✅ Windows 10, version 21H2 [10.0.19044] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -61,7 +61,7 @@ For details about setting up WDAC with tenant restrictions, see diff --git a/windows/client-management/mdm/policy-csp-textinput.md b/windows/client-management/mdm/policy-csp-textinput.md index d8aa0c4571..dbd01ced03 100644 --- a/windows/client-management/mdm/policy-csp-textinput.md +++ b/windows/client-management/mdm/policy-csp-textinput.md @@ -26,7 +26,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -49,7 +49,7 @@ Placeholder only. Do not use in production environment. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -75,7 +75,7 @@ Placeholder only. Do not use in production environment. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -98,7 +98,7 @@ Allows the user to turn on and off the logging for incorrect conversion and savi | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -124,7 +124,7 @@ Allows the user to turn on and off the logging for incorrect conversion and savi | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -147,7 +147,7 @@ Allows the user to turn on Open Extended Dictionary, Internet search integration | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -173,7 +173,7 @@ Allows the user to turn on Open Extended Dictionary, Internet search integration | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -196,7 +196,7 @@ Allows the IT admin to disable the touch/handwriting keyboard on Windows. Most r | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -222,7 +222,7 @@ Allows the IT admin to disable the touch/handwriting keyboard on Windows. Most r | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -245,7 +245,7 @@ Allows the Japanese IME surrogate pair characters. Most restricted value is 0. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -271,7 +271,7 @@ Allows the Japanese IME surrogate pair characters. Most restricted value is 0. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -294,7 +294,7 @@ Allows Japanese Ideographic Variation Sequence (IVS) characters. Most restricted | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -320,7 +320,7 @@ Allows Japanese Ideographic Variation Sequence (IVS) characters. Most restricted | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -343,7 +343,7 @@ Allows the Japanese non-publishing standard glyph. Most restricted value is 0. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -369,7 +369,7 @@ Allows the Japanese non-publishing standard glyph. Most restricted value is 0. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -392,7 +392,7 @@ Allows the Japanese user dictionary. Most restricted value is 0. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -418,7 +418,7 @@ Allows the Japanese user dictionary. Most restricted value is 0. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -446,7 +446,7 @@ To validate that text prediction is disabled on Windows 10 for desktop, do the f | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -472,7 +472,7 @@ To validate that text prediction is disabled on Windows 10 for desktop, do the f | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -495,7 +495,7 @@ When this policy setting is enabled, some language features (such as handwriting | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -535,7 +535,7 @@ When this policy setting is enabled, some language features (such as handwriting | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -558,7 +558,7 @@ This policy setting controls the ability to send inking and typing data to Micro | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -598,7 +598,7 @@ This policy setting controls the ability to send inking and typing data to Micro | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -621,7 +621,7 @@ Allows the user to turn on or off the automatic downloading of newer versions of | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -647,7 +647,7 @@ Allows the user to turn on or off the automatic downloading of newer versions of | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041] and later | @@ -681,7 +681,7 @@ This Policy setting applies only to Microsoft Japanese IME. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -722,7 +722,7 @@ This Policy setting applies only to Microsoft Japanese IME. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -756,7 +756,7 @@ This Policy setting applies only to Microsoft Korean IME. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[0-2]` | | Default Value | 0 | @@ -788,7 +788,7 @@ This Policy setting applies only to Microsoft Korean IME. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041] and later | @@ -822,7 +822,7 @@ This Policy setting applies only to Microsoft Simplified Chinese IME. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -863,7 +863,7 @@ This Policy setting applies only to Microsoft Simplified Chinese IME. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041] and later | @@ -897,7 +897,7 @@ This Policy setting applies only to Microsoft Traditional Chinese IME. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -938,7 +938,7 @@ This Policy setting applies only to Microsoft Traditional Chinese IME. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -961,7 +961,7 @@ This policy allows the IT admin to control whether the touch keyboard should sho | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -988,7 +988,7 @@ This policy allows the IT admin to control whether the touch keyboard should sho | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -1011,7 +1011,7 @@ Allows the users to restrict character code range of conversion by setting the c | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -1037,7 +1037,7 @@ Allows the users to restrict character code range of conversion by setting the c | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -1060,7 +1060,7 @@ Allows the users to restrict character code range of conversion by setting the c | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -1086,7 +1086,7 @@ Allows the users to restrict character code range of conversion by setting the c | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -1109,7 +1109,7 @@ Allows the users to restrict character code range of conversion by setting the c | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -1135,7 +1135,7 @@ Allows the users to restrict character code range of conversion by setting the c | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -1158,7 +1158,7 @@ Specifies the touch keyboard is always docked. When this policy is set to enable | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -1185,7 +1185,7 @@ Specifies the touch keyboard is always docked. When this policy is set to enable | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -1208,7 +1208,7 @@ Specifies whether the dictation input button is enabled or disabled for the touc | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -1235,7 +1235,7 @@ Specifies whether the dictation input button is enabled or disabled for the touc | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -1258,7 +1258,7 @@ Specifies whether the emoji button is enabled or disabled for the touch keyboard | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -1285,7 +1285,7 @@ Specifies whether the emoji button is enabled or disabled for the touch keyboard | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -1308,7 +1308,7 @@ Specifies whether the full keyboard mode is enabled or disabled for the touch ke | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -1335,7 +1335,7 @@ Specifies whether the full keyboard mode is enabled or disabled for the touch ke | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -1358,7 +1358,7 @@ Specifies whether the handwriting input panel is enabled or disabled. When this | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -1385,7 +1385,7 @@ Specifies whether the handwriting input panel is enabled or disabled. When this | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -1408,7 +1408,7 @@ Specifies whether the narrow keyboard mode is enabled or disabled for the touch | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -1435,7 +1435,7 @@ Specifies whether the narrow keyboard mode is enabled or disabled for the touch | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -1458,7 +1458,7 @@ Specifies whether the split keyboard mode is enabled or disabled for the touch k | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -1485,7 +1485,7 @@ Specifies whether the split keyboard mode is enabled or disabled for the touch k | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -1508,7 +1508,7 @@ Specifies whether the wide keyboard mode is enabled or disabled for the touch ke | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | diff --git a/windows/client-management/mdm/policy-csp-timelanguagesettings.md b/windows/client-management/mdm/policy-csp-timelanguagesettings.md index 7a3dfd08c5..57634c16d2 100644 --- a/windows/client-management/mdm/policy-csp-timelanguagesettings.md +++ b/windows/client-management/mdm/policy-csp-timelanguagesettings.md @@ -4,7 +4,7 @@ description: Learn more about the TimeLanguageSettings Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 01/09/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -29,7 +29,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:x: Pro
:x: Enterprise
:x: Education
:x: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -52,7 +52,7 @@ This policy is deprecated. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -78,7 +78,7 @@ This policy is deprecated. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -105,7 +105,7 @@ This policy setting controls whether the LPRemove task will run to clean up lang | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -145,7 +145,7 @@ This policy setting controls whether the LPRemove task will run to clean up lang | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1903 [10.0.18362] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later | @@ -170,7 +170,7 @@ Specifies the time zone to be applied to the device. This is the standard Window | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -186,7 +186,7 @@ Specifies the time zone to be applied to the device. This is the standard Window | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -213,7 +213,7 @@ This policy setting controls which UI language is used for computers with more t | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -253,7 +253,7 @@ This policy setting controls which UI language is used for computers with more t | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -280,7 +280,7 @@ This policy setting restricts the install of language packs and language feature | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | diff --git a/windows/client-management/mdm/policy-csp-troubleshooting.md b/windows/client-management/mdm/policy-csp-troubleshooting.md index ddcdb2743d..4d38c6e260 100644 --- a/windows/client-management/mdm/policy-csp-troubleshooting.md +++ b/windows/client-management/mdm/policy-csp-troubleshooting.md @@ -4,7 +4,7 @@ description: Learn more about the Troubleshooting Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 01/09/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -26,7 +26,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1903 [10.0.18362] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later | @@ -73,7 +73,7 @@ schtasks /run /TN "\Microsoft\Windows\Diagnosis\RecommendedTroubleshootingScanne | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | diff --git a/windows/client-management/mdm/policy-csp-update.md b/windows/client-management/mdm/policy-csp-update.md index 64420bd95f..1b64f21d76 100644 --- a/windows/client-management/mdm/policy-csp-update.md +++ b/windows/client-management/mdm/policy-csp-update.md @@ -112,7 +112,7 @@ Update CSP policies are listed below based on the group policy area: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows Insider Preview | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows Insider Preview | @@ -135,7 +135,7 @@ When enabled, devices will not automatically restart outside of active hours unt | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -171,7 +171,7 @@ When enabled, devices will not automatically restart outside of active hours unt | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows Insider Preview | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows Insider Preview | @@ -194,7 +194,7 @@ When enabled, devices will not automatically restart outside of active hours unt | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -232,7 +232,7 @@ When enabled, devices will not automatically restart outside of active hours unt | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -255,7 +255,7 @@ Allows the IT admin to manage whether Automatic Updates accepts updates signed b | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -281,7 +281,7 @@ Allows the IT admin to manage whether Automatic Updates accepts updates signed b | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1903 [10.0.18362] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later | @@ -310,7 +310,7 @@ The maintenance wakeup policy specifies if Automatic Maintenance should make a w | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -350,7 +350,7 @@ The maintenance wakeup policy specifies if Automatic Maintenance should make a w | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -377,7 +377,7 @@ Pause Updates | To prevent Feature Updates from being offered to the device, you | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 16 | @@ -420,7 +420,7 @@ Pause Updates | To prevent Feature Updates from being offered to the device, you | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -447,7 +447,7 @@ Pause Updates | To prevent Feature Updates from being offered to the device, you | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[0-365]` | | Default Value | 0 | @@ -479,7 +479,7 @@ Pause Updates | To prevent Feature Updates from being offered to the device, you | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -510,7 +510,7 @@ If you disable or do not configure this policy, Windows Update will not alter it | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[0-30]` | | Default Value | 0 | @@ -542,7 +542,7 @@ If you disable or do not configure this policy, Windows Update will not alter it | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763.1490] and later
:heavy_check_mark: Windows 10, version 1903 [10.0.18362.1110] and later
:heavy_check_mark: Windows 10, version 1909 [10.0.18363.1110] and later
:heavy_check_mark: Windows 10, version 2004 [10.0.19041.546] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763.1490] and later
✅ Windows 10, version 1903 [10.0.18362.1110] and later
✅ Windows 10, version 1909 [10.0.18363.1110] and later
✅ Windows 10, version 2004 [10.0.19041.546] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -575,7 +575,7 @@ IT admins can, if necessary, opt devices out of safeguard protections using this | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -601,7 +601,7 @@ IT admins can, if necessary, opt devices out of safeguard protections using this | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -626,7 +626,7 @@ If you disable or do not configure this policy, Windows Update will include upda | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -666,7 +666,7 @@ If you disable or do not configure this policy, Windows Update will include upda | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -706,7 +706,7 @@ If you disable or do not configure this policy, Windows Update will not offer yo | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 3 | @@ -747,7 +747,7 @@ If you disable or do not configure this policy, Windows Update will not offer yo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -776,7 +776,7 @@ Pause Updates | To prevent Feature Updates from being offered to the device, you | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -815,7 +815,7 @@ Pause Updates | To prevent Feature Updates from being offered to the device, you | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -838,7 +838,7 @@ Specifies the date and time when the IT admin wants to start pausing the Feature | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -868,7 +868,7 @@ Specifies the date and time when the IT admin wants to start pausing the Feature | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -901,7 +901,7 @@ If you disable or do not configure this policy, Windows Update will not alter it | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -940,7 +940,7 @@ If you disable or do not configure this policy, Windows Update will not alter it | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -965,7 +965,7 @@ Specifies the date and time when the IT admin wants to start pausing the Quality | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -995,7 +995,7 @@ Specifies the date and time when the IT admin wants to start pausing the Quality | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later
✅ Windows 10, version 2009 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1033,7 +1033,7 @@ Supported value type is a string containing a Windows product. For example, "Win | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1063,7 +1063,7 @@ Supported value type is a string containing a Windows product. For example, "Win | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134.1488] and later
:heavy_check_mark: Windows 10, version 1809 [10.0.17763.1217] and later
:heavy_check_mark: Windows 10, version 1903 [10.0.18362.836] and later
:heavy_check_mark: Windows 10, version 1909 [10.0.18363.836] and later
:heavy_check_mark: Windows 10, version 2004 [10.0.19041] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134.1488] and later
✅ Windows 10, version 1809 [10.0.17763.1217] and later
✅ Windows 10, version 1903 [10.0.18362.836] and later
✅ Windows 10, version 1909 [10.0.18363.836] and later
✅ Windows 10, version 2004 [10.0.19041] and later | @@ -1095,7 +1095,7 @@ Supported value type is a string containing Windows version number. For example, | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1127,7 +1127,7 @@ Supported value type is a string containing Windows version number. For example, | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -1153,7 +1153,7 @@ Specifies whether the device could use Microsoft Update, Windows Server Update S | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -1192,7 +1192,7 @@ Specifies whether the device could use Microsoft Update, Windows Server Update S | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -1232,7 +1232,7 @@ This policy should be enabled only when [UpdateServiceUrl](#updateserviceurl) is | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[1-22]` | | Default Value | 22 | @@ -1264,7 +1264,7 @@ This policy should be enabled only when [UpdateServiceUrl](#updateserviceurl) is | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240.18818] and later
:heavy_check_mark: Windows 10, version 1607 [10.0.14393.4169] and later
:heavy_check_mark: Windows 10, version 1703 [10.0.15063.2108] and later
:heavy_check_mark: Windows 10, version 1709 [10.0.16299.2166] and later
:heavy_check_mark: Windows 10, version 1803 [10.0.17134.1967] and later
:heavy_check_mark: Windows 10, version 1809 [10.0.17763.1697] and later
:heavy_check_mark: Windows 10, version 1903 [10.0.18362.1316] and later
:heavy_check_mark: Windows 10, version 1909 [10.0.18363.1316] and later
:heavy_check_mark: Windows 10, version 2004 [10.0.19041.746] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.746] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240.18818] and later
✅ Windows 10, version 1607 [10.0.14393.4169] and later
✅ Windows 10, version 1703 [10.0.15063.2108] and later
✅ Windows 10, version 1709 [10.0.16299.2166] and later
✅ Windows 10, version 1803 [10.0.17134.1967] and later
✅ Windows 10, version 1809 [10.0.17763.1697] and later
✅ Windows 10, version 1903 [10.0.18362.1316] and later
✅ Windows 10, version 1909 [10.0.18363.1316] and later
✅ Windows 10, version 2004 [10.0.19041.746] and later
✅ Windows 10, version 2009 [10.0.19042.746] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1288,7 +1288,7 @@ This policy should be enabled only when [UpdateServiceUrl](#updateserviceurl) is | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -1328,7 +1328,7 @@ This policy should be enabled only when [UpdateServiceUrl](#updateserviceurl) is | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -1354,7 +1354,7 @@ Allows Windows Update Agent to determine the download URL when it is missing fro | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -1394,7 +1394,7 @@ Allows Windows Update Agent to determine the download URL when it is missing fro | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1424,7 +1424,7 @@ Configure this policy to specify whether to receive **Windows Driver Updates** f | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -1463,7 +1463,7 @@ Configure this policy to specify whether to receive **Windows Driver Updates** f | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1493,7 +1493,7 @@ Configure this policy to specify whether to receive **Windows Feature Updates** | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -1532,7 +1532,7 @@ Configure this policy to specify whether to receive **Windows Feature Updates** | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1562,7 +1562,7 @@ Configure this policy to specify whether to receive **Other Updates** from Windo | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -1601,7 +1601,7 @@ Configure this policy to specify whether to receive **Other Updates** from Windo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1631,7 +1631,7 @@ Configure this policy to specify whether to receive **Windows Quality Updates** | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -1670,7 +1670,7 @@ Configure this policy to specify whether to receive **Windows Quality Updates** | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240.18696] and later
:heavy_check_mark: Windows 10, version 1607 [10.0.14393.3930] and later
:heavy_check_mark: Windows 10, version 1703 [10.0.15063.2500] and later
:heavy_check_mark: Windows 10, version 1709 [10.0.16299.2107] and later
:heavy_check_mark: Windows 10, version 1803 [10.0.17134.1726] and later
:heavy_check_mark: Windows 10, version 1809 [10.0.17763.1457] and later
:heavy_check_mark: Windows 10, version 1903 [10.0.18362.1082] and later
:heavy_check_mark: Windows 10, version 1909 [10.0.18363.1082] and later
:heavy_check_mark: Windows 10, version 2004 [10.0.19041.508] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240.18696] and later
✅ Windows 10, version 1607 [10.0.14393.3930] and later
✅ Windows 10, version 1703 [10.0.15063.2500] and later
✅ Windows 10, version 1709 [10.0.16299.2107] and later
✅ Windows 10, version 1803 [10.0.17134.1726] and later
✅ Windows 10, version 1809 [10.0.17763.1457] and later
✅ Windows 10, version 1903 [10.0.18362.1082] and later
✅ Windows 10, version 1909 [10.0.18363.1082] and later
✅ Windows 10, version 2004 [10.0.19041.508] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1698,7 +1698,7 @@ This policy setting doesn't impact those customers who have, per Microsoft recom | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -1738,7 +1738,7 @@ This policy setting doesn't impact those customers who have, per Microsoft recom | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -1765,7 +1765,7 @@ The following list shows the supported values: | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Default Value | CorpWSUS | @@ -1813,7 +1813,7 @@ The following list shows the supported values: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -1839,7 +1839,7 @@ Specifies an alternate intranet server to host updates from Microsoft Update. Yo | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1871,7 +1871,7 @@ Specifies an alternate intranet server to host updates from Microsoft Update. Yo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -1906,7 +1906,7 @@ Note that the default max active hours range is 18 hours from the active hours s | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[0-23]` | | Default Value | 17 | @@ -1938,7 +1938,7 @@ Note that the default max active hours range is 18 hours from the active hours s | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -1965,7 +1965,7 @@ If you disable or do not configure this policy, the default max active hours ran | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[8-18]` | | Default Value | 18 | @@ -1997,7 +1997,7 @@ If you disable or do not configure this policy, the default max active hours ran | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -2032,7 +2032,7 @@ Note that the default max active hours range is 18 hours from the active hours s | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[0-23]` | | Default Value | 8 | @@ -2064,7 +2064,7 @@ Note that the default max active hours range is 18 hours from the active hours s | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -2120,7 +2120,7 @@ If the status is set to Not Configured, use of Automatic Updates is not specifie | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 2 | @@ -2164,7 +2164,7 @@ If the status is set to Not Configured, use of Automatic Updates is not specifie | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -2190,7 +2190,7 @@ This policy is accessible through the Update setting in the user interface or Gr | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -2230,7 +2230,7 @@ This policy is accessible through the Update setting in the user interface or Gr | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -2293,7 +2293,7 @@ If the status is set to Not Configured, use of Automatic Updates is not specifie | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -2333,7 +2333,7 @@ If the status is set to Not Configured, use of Automatic Updates is not specifie | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 22H2 [10.0.22621.1344] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621.1344] and later | @@ -2364,7 +2364,7 @@ Features introduced via servicing (outside of the annual feature update) are off | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -2404,7 +2404,7 @@ Features introduced via servicing (outside of the annual feature update) are off | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1903 [10.0.18362] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later | @@ -2429,7 +2429,7 @@ Number of days before feature updates are installed on devices automatically reg | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[0-30]` | | Default Value | 2 | @@ -2461,7 +2461,7 @@ Number of days before feature updates are installed on devices automatically reg | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1903 [10.0.18362] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later | @@ -2486,7 +2486,7 @@ Number of days before quality updates are installed on devices automatically reg | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[0-30]` | | Default Value | 7 | @@ -2518,7 +2518,7 @@ Number of days before quality updates are installed on devices automatically reg | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1903 [10.0.18362] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later | @@ -2541,7 +2541,7 @@ Minimum number of days from update installation until restarts occur automatical | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[0-7]` | | Default Value | 2 | @@ -2573,7 +2573,7 @@ Minimum number of days from update installation until restarts occur automatical | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763.1852] and later
:heavy_check_mark: Windows 10, version 1909 [10.0.18363.1474] and later
:heavy_check_mark: Windows 10, version 2004 [10.0.19041.906] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.906] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763.1852] and later
✅ Windows 10, version 1909 [10.0.18363.1474] and later
✅ Windows 10, version 2004 [10.0.19041.906] and later
✅ Windows 10, version 2009 [10.0.19042.906] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2596,7 +2596,7 @@ Minimum number of days from update installation until restarts occur automatical | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[0-7]` | | Default Value | 7 | @@ -2628,7 +2628,7 @@ Minimum number of days from update installation until restarts occur automatical | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1903 [10.0.18362] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later | @@ -2651,7 +2651,7 @@ When enabled, devices will not automatically restart outside of active hours unt | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -2691,7 +2691,7 @@ When enabled, devices will not automatically restart outside of active hours unt | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -2714,7 +2714,7 @@ Enable enterprises/IT admin to configure feature update uninstall period. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[2-60]` | | Default Value | 10 | @@ -2732,7 +2732,7 @@ Enable enterprises/IT admin to configure feature update uninstall period. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later | @@ -2765,7 +2765,7 @@ If you select "Apply only during active hours" in conjunction with Option 1 or 2 | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -2805,7 +2805,7 @@ If you select "Apply only during active hours" in conjunction with Option 1 or 2 | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -2863,7 +2863,7 @@ If the status is set to Not Configured, use of Automatic Updates is not specifie | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -2909,7 +2909,7 @@ If the status is set to Not Configured, use of Automatic Updates is not specifie | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -2967,7 +2967,7 @@ If the status is set to Not Configured, use of Automatic Updates is not specifie | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -3007,7 +3007,7 @@ If the status is set to Not Configured, use of Automatic Updates is not specifie | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -3074,7 +3074,7 @@ These policies are not exclusive and can be used in any combination. Together wi | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -3114,7 +3114,7 @@ These policies are not exclusive and can be used in any combination. Together wi | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -3181,7 +3181,7 @@ These policies are not exclusive and can be used in any combination. Together wi | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -3221,7 +3221,7 @@ These policies are not exclusive and can be used in any combination. Together wi | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -3288,7 +3288,7 @@ These policies are not exclusive and can be used in any combination. Together wi | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -3328,7 +3328,7 @@ These policies are not exclusive and can be used in any combination. Together wi | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -3395,7 +3395,7 @@ These policies are not exclusive and can be used in any combination. Together wi | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -3435,7 +3435,7 @@ These policies are not exclusive and can be used in any combination. Together wi | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -3495,7 +3495,7 @@ If the status is set to Not Configured, use of Automatic Updates is not specifie | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[0-23]` | | Default Value | 3 | @@ -3527,7 +3527,7 @@ If the status is set to Not Configured, use of Automatic Updates is not specifie | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later | @@ -3552,7 +3552,7 @@ Once enabled user access to pause updates is removed. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -3592,7 +3592,7 @@ Once enabled user access to pause updates is removed. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later | @@ -3617,7 +3617,7 @@ If you enable this setting user access to Windows Update scan, download and inst | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -3657,7 +3657,7 @@ If you enable this setting user access to Windows Update scan, download and inst | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -3690,7 +3690,7 @@ These settings are designed for education devices that remain in carts overnight | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -3730,7 +3730,7 @@ These settings are designed for education devices that remain in carts overnight | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later | @@ -3761,7 +3761,7 @@ If you select "Apply only during active hours" in conjunction with Option 1 or 2 | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -3804,7 +3804,7 @@ If you select "Apply only during active hours" in conjunction with Option 1 or 2 | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -3836,7 +3836,7 @@ Enabling either of the following two policies will override the above policy: | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[2-30]` | | Default Value | 7 | @@ -3868,7 +3868,7 @@ Enabling either of the following two policies will override the above policy: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later | @@ -3900,7 +3900,7 @@ Enabling either of the following two policies will override the above policy: | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[2-30]` | | Default Value | 7 | @@ -3932,7 +3932,7 @@ Enabling either of the following two policies will override the above policy: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -3959,7 +3959,7 @@ If you disable or do not configure this policy, the default period will be used. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 15 | @@ -4002,7 +4002,7 @@ If you disable or do not configure this policy, the default period will be used. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -4029,7 +4029,7 @@ If you disable or do not configure this policy, the default method will be used. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -4069,7 +4069,7 @@ If you disable or do not configure this policy, the default method will be used. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -4128,7 +4128,7 @@ Other/can't defer: | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[0-4]` | | Default Value | 0 | @@ -4156,7 +4156,7 @@ Other/can't defer: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -4185,7 +4185,7 @@ Allows IT Admins to specify additional upgrade delays for up to 8 months. Suppor | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[0-8]` | | Default Value | 0 | @@ -4213,7 +4213,7 @@ Allows IT Admins to specify additional upgrade delays for up to 8 months. Suppor | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -4243,7 +4243,7 @@ If this policy is disabled or not configured, then the Windows Update client may | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -4283,7 +4283,7 @@ If this policy is disabled or not configured, then the Windows Update client may | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -4321,7 +4321,7 @@ Enabling any of the following policies will override the above policy: | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[2-30]` | | Default Value | 14 | @@ -4353,7 +4353,7 @@ Enabling any of the following policies will override the above policy: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later | @@ -4391,7 +4391,7 @@ Enabling any of the following policies will override the above policy: | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[2-30]` | | Default Value | 14 | @@ -4423,7 +4423,7 @@ Enabling any of the following policies will override the above policy: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -4461,7 +4461,7 @@ Enabling any of the following policies will override the above policy: | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[1-3]` | | Default Value | 3 | @@ -4493,7 +4493,7 @@ Enabling any of the following policies will override the above policy: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later | @@ -4531,7 +4531,7 @@ Enabling any of the following policies will override the above policy: | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[1-3]` | | Default Value | 3 | @@ -4563,7 +4563,7 @@ Enabling any of the following policies will override the above policy: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -4601,7 +4601,7 @@ Enabling any of the following policies will override the above policy: | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[0-30]` | | Default Value | 7 | @@ -4633,7 +4633,7 @@ Enabling any of the following policies will override the above policy: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later | @@ -4671,7 +4671,7 @@ Enabling any of the following policies will override the above policy: | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[0-30]` | | Default Value | 7 | @@ -4703,7 +4703,7 @@ Enabling any of the following policies will override the above policy: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -4737,7 +4737,7 @@ To validate this policy: | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -4763,7 +4763,7 @@ To validate this policy: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -4797,7 +4797,7 @@ To validate this policy: | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -4823,7 +4823,7 @@ To validate this policy: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -4848,7 +4848,7 @@ To validate this policy: | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -4884,7 +4884,7 @@ To validate this policy: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -4907,7 +4907,7 @@ This policy is deprecated. Use Update/RequireUpdateApproval instead. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[0-4]` | | Default Value | 4 | @@ -4925,7 +4925,7 @@ This policy is deprecated. Use Update/RequireUpdateApproval instead. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -4950,7 +4950,7 @@ This policy is deprecated. Use Update/RequireUpdateApproval instead. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -4986,7 +4986,7 @@ This policy is deprecated. Use Update/RequireUpdateApproval instead. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -5011,7 +5011,7 @@ This policy is deprecated. Use Update/RequireUpdateApproval instead. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -5037,7 +5037,7 @@ This policy is deprecated. Use Update/RequireUpdateApproval instead. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -5066,7 +5066,7 @@ If you disable or do not configure this policy, the default notification behavio | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 15 | @@ -5107,7 +5107,7 @@ If you disable or do not configure this policy, the default notification behavio | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -5136,7 +5136,7 @@ If you disable or do not configure this policy, the default notification behavio | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 4 | @@ -5179,7 +5179,7 @@ If you disable or do not configure this policy, the default notification behavio | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -5206,7 +5206,7 @@ If you disable or do not configure this policy, the default notification behavio | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | diff --git a/windows/client-management/mdm/policy-csp-userrights.md b/windows/client-management/mdm/policy-csp-userrights.md index f5abeb78ce..c6f35c8564 100644 --- a/windows/client-management/mdm/policy-csp-userrights.md +++ b/windows/client-management/mdm/policy-csp-userrights.md @@ -112,7 +112,7 @@ For example, the following syntax grants user rights to a specific user or group | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -135,7 +135,7 @@ This user right is used by Credential Manager during Backup/Restore. No accounts | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `0xF000`) | @@ -161,7 +161,7 @@ This user right is used by Credential Manager during Backup/Restore. No accounts | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -184,7 +184,7 @@ This user right determines which users and groups are allowed to connect to the | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `0xF000`) | @@ -210,7 +210,7 @@ This user right determines which users and groups are allowed to connect to the | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -236,7 +236,7 @@ This user right allows a process to impersonate any user without authentication. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `0xF000`) | @@ -262,7 +262,7 @@ This user right allows a process to impersonate any user without authentication. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -288,7 +288,7 @@ This user right determines which users can log on to the computer. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `0xF000`) | @@ -314,7 +314,7 @@ This user right determines which users can log on to the computer. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -340,7 +340,7 @@ This user right determines which users can bypass file, directory, registry, and | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `0xF000`) | @@ -366,7 +366,7 @@ This user right determines which users can bypass file, directory, registry, and | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows Insider Preview | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows Insider Preview | @@ -389,7 +389,7 @@ This user right determines which users can traverse directory trees even though | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `0xF000`) | @@ -415,7 +415,7 @@ This user right determines which users can traverse directory trees even though | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -447,7 +447,7 @@ This user right determines which users and groups can change the time and date o | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `0xF000`) | @@ -473,7 +473,7 @@ This user right determines which users and groups can change the time and date o | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows Insider Preview | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows Insider Preview | @@ -496,7 +496,7 @@ This user right determines which users and groups can change the time zone used | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `0xF000`) | @@ -522,7 +522,7 @@ This user right determines which users and groups can change the time zone used | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -548,7 +548,7 @@ This security setting determines whether users can create global objects that ar | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `0xF000`) | @@ -574,7 +574,7 @@ This security setting determines whether users can create global objects that ar | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -597,7 +597,7 @@ This user right determines which users and groups can call an internal applicati | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `0xF000`) | @@ -623,7 +623,7 @@ This user right determines which users and groups can call an internal applicati | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -646,7 +646,7 @@ This user right determines which accounts can be used by processes to create a d | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `0xF000`) | @@ -672,7 +672,7 @@ This user right determines which accounts can be used by processes to create a d | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -701,7 +701,7 @@ This user right determines if the user can create a symbolic link from the compu | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `0xF000`) | @@ -727,7 +727,7 @@ This user right determines if the user can create a symbolic link from the compu | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -753,7 +753,7 @@ This user right determines which accounts can be used by processes to create a t | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `0xF000`) | @@ -779,7 +779,7 @@ This user right determines which accounts can be used by processes to create a t | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -805,7 +805,7 @@ This user right determines which users can attach a debugger to any process or t | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `0xF000`) | @@ -831,7 +831,7 @@ This user right determines which users can attach a debugger to any process or t | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -854,7 +854,7 @@ This user right determines which users are prevented from accessing a computer o | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `0xF000`) | @@ -880,7 +880,7 @@ This user right determines which users are prevented from accessing a computer o | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -907,7 +907,7 @@ This security setting determines which service accounts are prevented from regis | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `0xF000`) | @@ -933,7 +933,7 @@ This security setting determines which service accounts are prevented from regis | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows Insider Preview | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows Insider Preview | @@ -956,7 +956,7 @@ This security setting determines which accounts are prevented from being able to | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `0xF000`) | @@ -982,7 +982,7 @@ This security setting determines which accounts are prevented from being able to | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows Insider Preview | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows Insider Preview | @@ -1008,7 +1008,7 @@ Deny log on as a service -This security setting determines which service account | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `0xF000`) | @@ -1034,7 +1034,7 @@ Deny log on as a service -This security setting determines which service account | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -1057,7 +1057,7 @@ This user right determines which users and groups are prohibited from logging on | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `0xF000`) | @@ -1083,7 +1083,7 @@ This user right determines which users and groups are prohibited from logging on | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -1109,7 +1109,7 @@ This user right determines which users can set the Trusted for Delegation settin | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `0xF000`) | @@ -1135,7 +1135,7 @@ This user right determines which users can set the Trusted for Delegation settin | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -1158,7 +1158,7 @@ This user right determines which accounts can be used by a process to add entrie | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `0xF000`) | @@ -1184,7 +1184,7 @@ This user right determines which accounts can be used by a process to add entrie | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -1216,7 +1216,7 @@ Assigning this user right to a user allows programs running on behalf of that us | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `0xF000`) | @@ -1242,7 +1242,7 @@ Assigning this user right to a user allows programs running on behalf of that us | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows Insider Preview | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows Insider Preview | @@ -1268,7 +1268,7 @@ Increase a process working set. This privilege determines which user accounts ca | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `0xF000`) | @@ -1294,7 +1294,7 @@ Increase a process working set. This privilege determines which user accounts ca | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -1322,7 +1322,7 @@ This user right determines which accounts can use a process with Write Property | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `0xF000`) | @@ -1348,7 +1348,7 @@ This user right determines which accounts can use a process with Write Property | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -1374,7 +1374,7 @@ This user right determines which users can dynamically load and unload device dr | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `0xF000`) | @@ -1400,7 +1400,7 @@ This user right determines which users can dynamically load and unload device dr | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -1423,7 +1423,7 @@ This user right determines which accounts can use a process to keep data in phys | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `0xF000`) | @@ -1449,7 +1449,7 @@ This user right determines which accounts can use a process to keep data in phys | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows Insider Preview | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows Insider Preview | @@ -1472,7 +1472,7 @@ This security setting allows a user to be logged on by means of a batch-queue fa | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `0xF000`) | @@ -1498,7 +1498,7 @@ This security setting allows a user to be logged on by means of a batch-queue fa | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows Insider Preview | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows Insider Preview | @@ -1521,7 +1521,7 @@ This security setting allows a security principal to log on as a service. Servic | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `0xF000`) | @@ -1547,7 +1547,7 @@ This security setting allows a security principal to log on as a service. Servic | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -1570,7 +1570,7 @@ This user right determines which users can specify object access auditing option | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `0xF000`) | @@ -1596,7 +1596,7 @@ This user right determines which users can specify object access auditing option | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -1619,7 +1619,7 @@ This user right determines which users and groups can run maintenance tasks on a | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `0xF000`) | @@ -1645,7 +1645,7 @@ This user right determines which users and groups can run maintenance tasks on a | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -1668,7 +1668,7 @@ This user right determines who can modify firmware environment values. Firmware | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `0xF000`) | @@ -1694,7 +1694,7 @@ This user right determines who can modify firmware environment values. Firmware | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -1717,7 +1717,7 @@ This user right determines which user accounts can modify the integrity label of | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `0xF000`) | @@ -1743,7 +1743,7 @@ This user right determines which user accounts can modify the integrity label of | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -1766,7 +1766,7 @@ This user right determines which users can use performance monitoring tools to m | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `0xF000`) | @@ -1792,7 +1792,7 @@ This user right determines which users can use performance monitoring tools to m | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows Insider Preview | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows Insider Preview | @@ -1815,7 +1815,7 @@ This security setting determines which users can use performance monitoring tool | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `0xF000`) | @@ -1841,7 +1841,7 @@ This security setting determines which users can use performance monitoring tool | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -1864,7 +1864,7 @@ This user right determines which users are allowed to shut down a computer from | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `0xF000`) | @@ -1890,7 +1890,7 @@ This user right determines which users are allowed to shut down a computer from | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows Insider Preview | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows Insider Preview | @@ -1913,7 +1913,7 @@ This security setting determines which user accounts can call the CreateProcessA | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `0xF000`) | @@ -1939,7 +1939,7 @@ This security setting determines which user accounts can call the CreateProcessA | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -1965,7 +1965,7 @@ This user right determines which users can bypass file, directory, registry, and | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `0xF000`) | @@ -1991,7 +1991,7 @@ This user right determines which users can bypass file, directory, registry, and | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows Insider Preview | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows Insider Preview | @@ -2014,7 +2014,7 @@ This security setting determines which users who are logged on locally to the co | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `0xF000`) | @@ -2040,7 +2040,7 @@ This security setting determines which users who are logged on locally to the co | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -2066,7 +2066,7 @@ This user right determines which users can take ownership of any securable objec | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `0xF000`) | diff --git a/windows/client-management/mdm/policy-csp-virtualizationbasedtechnology.md b/windows/client-management/mdm/policy-csp-virtualizationbasedtechnology.md index c0ee21c83b..0c7bdc6147 100644 --- a/windows/client-management/mdm/policy-csp-virtualizationbasedtechnology.md +++ b/windows/client-management/mdm/policy-csp-virtualizationbasedtechnology.md @@ -4,7 +4,7 @@ description: Learn more about the VirtualizationBasedTechnology Area in Policy C author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 03/23/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -26,7 +26,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:x: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -49,7 +49,7 @@ Hypervisor-Protected Code Integrity: 0 - Turns off Hypervisor-Protected Code Int | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -90,7 +90,7 @@ Hypervisor-Protected Code Integrity: 0 - Turns off Hypervisor-Protected Code Int | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:x: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -113,7 +113,7 @@ Require UEFI Memory Attributes Table. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | diff --git a/windows/client-management/mdm/policy-csp-webthreatdefense.md b/windows/client-management/mdm/policy-csp-webthreatdefense.md index 6636dccdfb..8b1d4c3d0b 100644 --- a/windows/client-management/mdm/policy-csp-webthreatdefense.md +++ b/windows/client-management/mdm/policy-csp-webthreatdefense.md @@ -30,7 +30,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows Insider Preview | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows Insider Preview | @@ -53,7 +53,7 @@ Automatically collect website or app content when additional analysis is needed | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -88,7 +88,7 @@ Automatically collect website or app content when additional analysis is needed | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later | @@ -115,7 +115,7 @@ This policy setting determines whether Enhanced Phishing Protection in Microsoft | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -155,7 +155,7 @@ This policy setting determines whether Enhanced Phishing Protection in Microsoft | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later | @@ -182,7 +182,7 @@ This policy setting determines whether Enhanced Phishing Protection in Microsoft | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -222,7 +222,7 @@ This policy setting determines whether Enhanced Phishing Protection in Microsoft | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later | @@ -249,7 +249,7 @@ This policy setting determines whether Enhanced Phishing Protection in Microsoft | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -289,7 +289,7 @@ This policy setting determines whether Enhanced Phishing Protection in Microsoft | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later | @@ -318,7 +318,7 @@ This policy setting determines whether Enhanced Phishing Protection in Microsoft | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | diff --git a/windows/client-management/mdm/policy-csp-wifi.md b/windows/client-management/mdm/policy-csp-wifi.md index ddbe42c056..58cdee589d 100644 --- a/windows/client-management/mdm/policy-csp-wifi.md +++ b/windows/client-management/mdm/policy-csp-wifi.md @@ -26,7 +26,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -59,7 +59,7 @@ This policy setting determines whether users can enable the following WLAN setti | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -99,7 +99,7 @@ This policy setting determines whether users can enable the following WLAN setti | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -142,7 +142,7 @@ By default, ICS is disabled when you create a remote access connection, but admi | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -182,7 +182,7 @@ By default, ICS is disabled when you create a remote access connection, but admi | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -208,7 +208,7 @@ Allow or disallow connecting to Wi-Fi outside of MDM server-installed networks. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -234,7 +234,7 @@ Allow or disallow connecting to Wi-Fi outside of MDM server-installed networks. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | | @@ -257,7 +257,7 @@ Allow or disallow the device to use the DSCP to UP Mapping feature from the Wi-F | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 2 | @@ -284,7 +284,7 @@ Allow or disallow the device to use the DSCP to UP Mapping feature from the Wi-F | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | | @@ -307,7 +307,7 @@ Allow or disallow the device to automatically request to enable Mirrored Stream | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -333,7 +333,7 @@ Allow or disallow the device to automatically request to enable Mirrored Stream | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -356,7 +356,7 @@ Allow or disallow WiFi connection. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -382,7 +382,7 @@ Allow or disallow WiFi connection. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -405,7 +405,7 @@ Allow WiFi Direct connection. . | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -431,7 +431,7 @@ Allow WiFi Direct connection. . | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -454,7 +454,7 @@ Allow an enterprise to control the WLAN scanning behavior and how aggressively d | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[0-500]` | | Default Value | 0 | diff --git a/windows/client-management/mdm/policy-csp-windowsautopilot.md b/windows/client-management/mdm/policy-csp-windowsautopilot.md index 1780b6b35e..6836a98ead 100644 --- a/windows/client-management/mdm/policy-csp-windowsautopilot.md +++ b/windows/client-management/mdm/policy-csp-windowsautopilot.md @@ -4,7 +4,7 @@ description: Learn more about the WindowsAutopilot Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 01/09/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -26,7 +26,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:x: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -49,7 +49,7 @@ Specifies whether to check for Windows Autopilot updates after enrollment. Most | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | diff --git a/windows/client-management/mdm/policy-csp-windowsconnectionmanager.md b/windows/client-management/mdm/policy-csp-windowsconnectionmanager.md index fe7ad2b015..9200c24281 100644 --- a/windows/client-management/mdm/policy-csp-windowsconnectionmanager.md +++ b/windows/client-management/mdm/policy-csp-windowsconnectionmanager.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -63,7 +63,7 @@ Manual connection attempts | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md b/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md index fb3028ad8d..407393166b 100644 --- a/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md +++ b/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md @@ -26,7 +26,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -58,7 +58,7 @@ Same as Disabled. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -88,7 +88,7 @@ Same as Disabled. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -120,7 +120,7 @@ Same as Disabled. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -160,7 +160,7 @@ Same as Disabled. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -192,7 +192,7 @@ Same as Disabled. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -232,7 +232,7 @@ Same as Disabled. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later | @@ -264,7 +264,7 @@ Same as Disabled. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -304,7 +304,7 @@ Same as Disabled. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -336,7 +336,7 @@ Same as Disabled. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -376,7 +376,7 @@ Same as Disabled. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -410,7 +410,7 @@ Same as Disabled. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -450,7 +450,7 @@ Same as Disabled. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -482,7 +482,7 @@ Same as Disabled. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -522,7 +522,7 @@ Same as Disabled. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -554,7 +554,7 @@ Same as Disabled. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -594,7 +594,7 @@ Same as Disabled. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -626,7 +626,7 @@ Same as Disabled. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -666,7 +666,7 @@ Same as Disabled. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -698,7 +698,7 @@ Same as Disabled. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -738,7 +738,7 @@ Same as Disabled. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later | @@ -770,7 +770,7 @@ Same as Disabled. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -810,7 +810,7 @@ Same as Disabled. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -842,7 +842,7 @@ Same as Disabled. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -882,7 +882,7 @@ Same as Disabled. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -914,7 +914,7 @@ Same as Disabled. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -954,7 +954,7 @@ Same as Disabled. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -988,7 +988,7 @@ Same as Disabled. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1018,7 +1018,7 @@ Same as Disabled. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -1057,7 +1057,7 @@ Same as Disabled. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -1097,7 +1097,7 @@ Same as Disabled. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -1135,7 +1135,7 @@ Same as Disabled. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -1175,7 +1175,7 @@ Same as Disabled. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -1207,7 +1207,7 @@ Same as Disabled. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -1247,7 +1247,7 @@ Same as Disabled. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -1279,7 +1279,7 @@ Same as Disabled. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -1319,7 +1319,7 @@ Same as Disabled. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -1351,7 +1351,7 @@ Same as Disabled. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -1391,7 +1391,7 @@ Same as Disabled. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later | @@ -1425,7 +1425,7 @@ Same as Disabled. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -1465,7 +1465,7 @@ Same as Disabled. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -1499,7 +1499,7 @@ Same as Disabled. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1529,7 +1529,7 @@ Same as Disabled. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -1563,7 +1563,7 @@ Same as Disabled. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-windowsinkworkspace.md b/windows/client-management/mdm/policy-csp-windowsinkworkspace.md index 3b22eda9a0..913ae9adfa 100644 --- a/windows/client-management/mdm/policy-csp-windowsinkworkspace.md +++ b/windows/client-management/mdm/policy-csp-windowsinkworkspace.md @@ -4,7 +4,7 @@ description: Learn more about the WindowsInkWorkspace Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 03/23/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -26,7 +26,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -49,7 +49,7 @@ Allow suggested apps in Windows Ink Workspace. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -89,7 +89,7 @@ Allow suggested apps in Windows Ink Workspace. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -112,7 +112,7 @@ Allow Windows Ink Workspace. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 2 | diff --git a/windows/client-management/mdm/policy-csp-windowslogon.md b/windows/client-management/mdm/policy-csp-windowslogon.md index b6368f9893..f5b8e657ba 100644 --- a/windows/client-management/mdm/policy-csp-windowslogon.md +++ b/windows/client-management/mdm/policy-csp-windowslogon.md @@ -30,7 +30,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1903 [10.0.18362] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later | @@ -63,7 +63,7 @@ After enabling this policy, you can configure its settings through the ConfigAut | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -95,7 +95,7 @@ After enabling this policy, you can configure its settings through the ConfigAut | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1903 [10.0.18362] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later | @@ -130,7 +130,7 @@ BitLocker is suspended during updates if: | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -161,7 +161,7 @@ BitLocker is suspended during updates if: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -188,7 +188,7 @@ This policy setting allows you to prevent app notifications from appearing on th | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -220,7 +220,7 @@ This policy setting allows you to prevent app notifications from appearing on th | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -247,7 +247,7 @@ This policy setting allows you to control whether anyone can interact with avail | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -305,7 +305,7 @@ Here's an example to enable this policy: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1903 [10.0.18362] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later | @@ -337,7 +337,7 @@ This policy setting allows you to control whether users see the first sign-in an | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -377,7 +377,7 @@ This policy setting allows you to control whether users see the first sign-in an | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later | @@ -404,7 +404,7 @@ This policy controls the configuration under which winlogon sends MPR notificati | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -436,7 +436,7 @@ This policy controls the configuration under which winlogon sends MPR notificati | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -463,7 +463,7 @@ This policy setting allows local users to be enumerated on domain-joined compute | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -495,7 +495,7 @@ This policy setting allows local users to be enumerated on domain-joined compute | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -524,7 +524,7 @@ The locations that Switch User interface appear are in the Logon UI, the Start m | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -564,7 +564,7 @@ The locations that Switch User interface appear are in the Logon UI, the Start m | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows Insider Preview | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows Insider Preview | @@ -587,7 +587,7 @@ OverrideShellProgram policy allows IT admin to configure the shell program for W | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | | Dependency [BootToCloudModeDependencyGroup] | Dependency Type: `DependsOn`
Dependency URI: `Device/Vendor/MSFT/Policy/Config/CloudDesktop/BootToCloudMode`
Dependency Allowed Value: `[1]`
Dependency Allowed Value Type: `Range`
| diff --git a/windows/client-management/mdm/policy-csp-windowspowershell.md b/windows/client-management/mdm/policy-csp-windowspowershell.md index e8f69c71f2..43baed45d4 100644 --- a/windows/client-management/mdm/policy-csp-windowspowershell.md +++ b/windows/client-management/mdm/policy-csp-windowspowershell.md @@ -28,7 +28,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -66,7 +66,7 @@ starts or stops. Enabling Invocation Logging generates a high volume of event lo | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/policy-csp-windowssandbox.md b/windows/client-management/mdm/policy-csp-windowssandbox.md index 9113c5049b..2aa8eeaf02 100644 --- a/windows/client-management/mdm/policy-csp-windowssandbox.md +++ b/windows/client-management/mdm/policy-csp-windowssandbox.md @@ -26,7 +26,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -59,7 +59,7 @@ Note that there may be security implications of exposing host audio input to the | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[0-1]` | | Default Value | 1 | @@ -91,7 +91,7 @@ Note that there may be security implications of exposing host audio input to the | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -122,7 +122,7 @@ This policy setting enables or disables clipboard sharing with the sandbox. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[0-1]` | | Default Value | 1 | @@ -154,7 +154,7 @@ This policy setting enables or disables clipboard sharing with the sandbox. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -187,7 +187,7 @@ Note that enabling networking can expose untrusted applications to the internal | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[0-1]` | | Default Value | 1 | @@ -219,7 +219,7 @@ Note that enabling networking can expose untrusted applications to the internal | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -250,7 +250,7 @@ This policy setting enables or disables printer sharing from the host into the S | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[0-1]` | | Default Value | 1 | @@ -282,7 +282,7 @@ This policy setting enables or disables printer sharing from the host into the S | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -315,7 +315,7 @@ Note that enabling virtualized GPU can potentially increase the attack surface o | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[0-1]` | | Default Value | 1 | @@ -347,7 +347,7 @@ Note that enabling virtualized GPU can potentially increase the attack surface o | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -380,7 +380,7 @@ Note that there may be security implications of exposing host video input to the | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[0-1]` | | Default Value | 1 | diff --git a/windows/client-management/mdm/policy-csp-wirelessdisplay.md b/windows/client-management/mdm/policy-csp-wirelessdisplay.md index 2bfc6d28b5..7453986004 100644 --- a/windows/client-management/mdm/policy-csp-wirelessdisplay.md +++ b/windows/client-management/mdm/policy-csp-wirelessdisplay.md @@ -4,7 +4,7 @@ description: Learn more about the WirelessDisplay Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 01/09/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -26,7 +26,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -49,7 +49,7 @@ This policy setting allows you to turn off the Wireless Display multicast DNS se | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -75,7 +75,7 @@ This policy setting allows you to turn off the Wireless Display multicast DNS se | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -98,7 +98,7 @@ This policy setting allows you to turn off discovering the display service adver | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -124,7 +124,7 @@ This policy setting allows you to turn off discovering the display service adver | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -149,7 +149,7 @@ If you set it to 1, your PC will detect that you have moved and will automatical | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -175,7 +175,7 @@ If you set it to 1, your PC will detect that you have moved and will automatical | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -200,7 +200,7 @@ If you set it to 1, your PC may receive the incoming projection as a TCP server. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -226,7 +226,7 @@ If you set it to 1, your PC may receive the incoming projection as a TCP server. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -251,7 +251,7 @@ If you set it to 1, your PC may start an outgoing projection as a TCP client. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -277,7 +277,7 @@ If you set it to 1, your PC may start an outgoing projection as a TCP client. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -302,7 +302,7 @@ If you set it to 1, your PC can discover and project to other devices. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -328,7 +328,7 @@ If you set it to 1, your PC can discover and project to other devices. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -353,7 +353,7 @@ If you set it to 1, your PC can discover and project to other devices over infra | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -379,7 +379,7 @@ If you set it to 1, your PC can discover and project to other devices over infra | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -406,7 +406,7 @@ If you turn it off or don't configure it, your PC is discoverable and can be pro | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -446,7 +446,7 @@ If you turn it off or don't configure it, your PC is discoverable and can be pro | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -471,7 +471,7 @@ If you set it to 1, your PC can be discoverable and can be projected to over inf | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -497,7 +497,7 @@ If you set it to 1, your PC can be discoverable and can be projected to over inf | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -520,7 +520,7 @@ Setting this policy controls whether or not the wireless display can send input- | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -546,7 +546,7 @@ Setting this policy controls whether or not the wireless display can send input- | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -575,7 +575,7 @@ If you set this to 'Always', all pairings will require PIN. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | diff --git a/windows/client-management/mdm/printerprovisioning-csp.md b/windows/client-management/mdm/printerprovisioning-csp.md index 8a3d772e6f..5ab140e5fc 100644 --- a/windows/client-management/mdm/printerprovisioning-csp.md +++ b/windows/client-management/mdm/printerprovisioning-csp.md @@ -39,7 +39,7 @@ The following list shows the PrinterProvisioning configuration service provider | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2009 [10.0.19042.1806] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1806] and later
:heavy_check_mark: Windows 10, version 21H2 [10.0.19044.1806] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2009 [10.0.19042.1806] and later
✅ Windows 10, version 21H1 [10.0.19043.1806] and later
✅ Windows 10, version 21H2 [10.0.19044.1806] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -62,7 +62,7 @@ This setting will take the action on the specified user account to install or un | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -78,7 +78,7 @@ This setting will take the action on the specified user account to install or un | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2009 [10.0.19042.1806] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1806] and later
:heavy_check_mark: Windows 10, version 21H2 [10.0.19044.1806] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2009 [10.0.19042.1806] and later
✅ Windows 10, version 21H1 [10.0.19043.1806] and later
✅ Windows 10, version 21H2 [10.0.19044.1806] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -101,7 +101,7 @@ Identifies the Universal Print printer, by its Share ID, you wish to install on | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Delete, Get | | Dynamic Node Naming | UniqueName: PrinterSharedID from the Universal Print system, which is used to discover and install Univeral Print printer | @@ -118,7 +118,7 @@ Identifies the Universal Print printer, by its Share ID, you wish to install on | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2009 [10.0.19042.1806] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1806] and later
:heavy_check_mark: Windows 10, version 21H2 [10.0.19044.1806] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2009 [10.0.19042.1806] and later
✅ Windows 10, version 21H1 [10.0.19043.1806] and later
✅ Windows 10, version 21H2 [10.0.19044.1806] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -141,7 +141,7 @@ Identifies the Universal Print printer, by its Printer ID, you wish to install o | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -157,7 +157,7 @@ Identifies the Universal Print printer, by its Printer ID, you wish to install o | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2009 [10.0.19042.1806] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1806] and later
:heavy_check_mark: Windows 10, version 21H2 [10.0.19044.1806] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2009 [10.0.19042.1806] and later
✅ Windows 10, version 21H1 [10.0.19043.1806] and later
✅ Windows 10, version 21H2 [10.0.19044.1806] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -180,7 +180,7 @@ HRESULT of the last installation returned code. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | @@ -196,7 +196,7 @@ HRESULT of the last installation returned code. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2009 [10.0.19042.1806] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1806] and later
:heavy_check_mark: Windows 10, version 21H2 [10.0.19044.1806] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2009 [10.0.19042.1806] and later
✅ Windows 10, version 21H1 [10.0.19043.1806] and later
✅ Windows 10, version 21H2 [10.0.19044.1806] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -219,7 +219,7 @@ Support async execute. Install Universal Print printer. | Property name | Property value | |:--|:--| -| Format | null | +| Format | `null` | | Access Type | Exec, Get | @@ -235,7 +235,7 @@ Support async execute. Install Universal Print printer. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2009 [10.0.19042.1806] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1806] and later
:heavy_check_mark: Windows 10, version 21H2 [10.0.19044.1806] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2009 [10.0.19042.1806] and later
✅ Windows 10, version 21H1 [10.0.19043.1806] and later
✅ Windows 10, version 21H2 [10.0.19044.1806] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -258,7 +258,7 @@ Identifies the Universal Print printer, by its Share Name, you wish to install o | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -274,7 +274,7 @@ Identifies the Universal Print printer, by its Share Name, you wish to install o | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2009 [10.0.19042.1806] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1806] and later
:heavy_check_mark: Windows 10, version 21H2 [10.0.19044.1806] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2009 [10.0.19042.1806] and later
✅ Windows 10, version 21H1 [10.0.19043.1806] and later
✅ Windows 10, version 21H2 [10.0.19044.1806] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -297,7 +297,7 @@ Identifies the Universal Print printer, by its Share Name, you wish to install o | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | diff --git a/windows/client-management/mdm/reboot-csp.md b/windows/client-management/mdm/reboot-csp.md index 32c31c0461..b2fdf60bb4 100644 --- a/windows/client-management/mdm/reboot-csp.md +++ b/windows/client-management/mdm/reboot-csp.md @@ -4,7 +4,7 @@ description: Learn more about the Reboot CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/01/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -38,7 +38,7 @@ The following list shows the Reboot configuration service provider nodes: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -61,7 +61,7 @@ This node executes a reboot of the device. RebootNow triggers a reboot within 5 | Property name | Property value | |:--|:--| -| Format | null | +| Format | `null` | | Access Type | Exec, Get | @@ -77,7 +77,7 @@ This node executes a reboot of the device. RebootNow triggers a reboot within 5 | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -100,7 +100,7 @@ The supported operation is Get. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -116,7 +116,7 @@ The supported operation is Get. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -139,7 +139,7 @@ Value in ISO8601, time is required. Either setting DailyRecurrent or WeeklyRecur | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -155,7 +155,7 @@ Value in ISO8601, time is required. Either setting DailyRecurrent or WeeklyRecur | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -178,7 +178,7 @@ Value in ISO8601, both the date and time are required. A reboot will be schedule | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -194,7 +194,7 @@ Value in ISO8601, both the date and time are required. A reboot will be schedule | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later | @@ -217,7 +217,7 @@ Value in ISO8601, time is required. Either setting DailyRecurrent or WeeklyRecur | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/remotewipe-csp.md b/windows/client-management/mdm/remotewipe-csp.md index 89cac77fc9..fb31d8961d 100644 --- a/windows/client-management/mdm/remotewipe-csp.md +++ b/windows/client-management/mdm/remotewipe-csp.md @@ -4,7 +4,7 @@ description: Learn more about the RemoteWipe CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 02/28/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -44,7 +44,7 @@ The following list shows the RemoteWipe configuration service provider nodes: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:x: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later | @@ -67,7 +67,7 @@ Node for the Autopilot Reset operation. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -83,7 +83,7 @@ Node for the Autopilot Reset operation. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:x: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later | @@ -106,7 +106,7 @@ Exec on this node triggers Autopilot Reset operation. This works like PC Reset, | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Exec | @@ -122,7 +122,7 @@ Exec on this node triggers Autopilot Reset operation. This works like PC Reset, | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:x: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later | @@ -145,7 +145,7 @@ Error value, if any, associated with Automatic Redeployment operation (typically | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | | Default Value | 0 | @@ -162,7 +162,7 @@ Error value, if any, associated with Automatic Redeployment operation (typically | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:x: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later | @@ -185,7 +185,7 @@ Status value indicating current state of an Automatic Redeployment operation. 0: | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | | Default Value | 0 | @@ -202,7 +202,7 @@ Status value indicating current state of an Automatic Redeployment operation. 0: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:x: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -226,7 +226,7 @@ A remote reset is equivalent to running **Reset this PC** > **Remove everything* | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Exec | @@ -242,7 +242,7 @@ A remote reset is equivalent to running **Reset this PC** > **Remove everything* | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:x: Windows SE | :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later | @@ -265,7 +265,7 @@ Exec on this node will perform a cloud-based remote wipe on the device. The retu | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Exec | @@ -281,7 +281,7 @@ Exec on this node will perform a cloud-based remote wipe on the device. The retu | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:x: Windows SE | :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later | @@ -304,7 +304,7 @@ Exec on this node will back up provisioning data to a persistent location and pe | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Exec | @@ -320,7 +320,7 @@ Exec on this node will back up provisioning data to a persistent location and pe | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:x: Windows SE | :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later | @@ -343,7 +343,7 @@ Exec on this node will perform a cloud-based remote reset on the device and pers | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Exec | @@ -359,7 +359,7 @@ Exec on this node will perform a cloud-based remote reset on the device and pers | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:x: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -383,7 +383,7 @@ Provisioning packages are persisted in `%SystemDrive%\ProgramData\Microsoft\Prov | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Exec | @@ -399,7 +399,7 @@ Provisioning packages are persisted in `%SystemDrive%\ProgramData\Microsoft\Prov | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:x: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -423,7 +423,7 @@ Exec on this node will perform a remote reset on the device and persist user acc | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Exec | @@ -439,7 +439,7 @@ Exec on this node will perform a remote reset on the device and persist user acc | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:x: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -464,7 +464,7 @@ Exec on this node will perform a remote wipe on the device and fully clean the i | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Exec | diff --git a/windows/client-management/mdm/rootcacertificates-csp.md b/windows/client-management/mdm/rootcacertificates-csp.md index 9da01ea478..437dc7ac26 100644 --- a/windows/client-management/mdm/rootcacertificates-csp.md +++ b/windows/client-management/mdm/rootcacertificates-csp.md @@ -4,7 +4,7 @@ description: Learn more about the RootCATrustedCertificates CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 03/23/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -125,7 +125,7 @@ The following list shows the RootCATrustedCertificates configuration service pro | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -148,7 +148,7 @@ Node for CA certificates. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -164,7 +164,7 @@ Node for CA certificates. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -187,7 +187,7 @@ Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certifi | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Delete, Get | | Dynamic Node Naming | UniqueName: Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certificate hash is specified as a hexadecimal string value. | @@ -204,7 +204,7 @@ Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certifi | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -227,7 +227,7 @@ Specifies the X.509 certificate as a Base64-encoded string. The Base-64 string v | Property name | Property value | |:--|:--| -| Format | b64 | +| Format | `b64` | | Access Type | Add, Get, Replace | @@ -243,7 +243,7 @@ Specifies the X.509 certificate as a Base64-encoded string. The Base-64 string v | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -266,7 +266,7 @@ Returns the name of the certificate issuer. This is equivalent to the Issuer mem | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -282,7 +282,7 @@ Returns the name of the certificate issuer. This is equivalent to the Issuer mem | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -305,7 +305,7 @@ Returns the name of the certificate subject. This is equivalent to the Subject m | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -321,7 +321,7 @@ Returns the name of the certificate subject. This is equivalent to the Subject m | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -344,7 +344,7 @@ Returns the certificate template name. Supported operation is Get. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -360,7 +360,7 @@ Returns the certificate template name. Supported operation is Get. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -383,7 +383,7 @@ Returns the starting date of the certificate's validity. Supported operation is | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -399,7 +399,7 @@ Returns the starting date of the certificate's validity. Supported operation is | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -422,7 +422,7 @@ Returns the expiration date of the certificate. Supported operation is Get. This | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -438,7 +438,7 @@ Returns the expiration date of the certificate. Supported operation is Get. This | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -461,7 +461,7 @@ Node for OEM eSIM certificates. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -477,7 +477,7 @@ Node for OEM eSIM certificates. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -500,7 +500,7 @@ Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certifi | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Delete, Get | | Dynamic Node Naming | UniqueName: Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certificate hash is specified as a hexadecimal string value. | @@ -517,7 +517,7 @@ Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certifi | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -540,7 +540,7 @@ Specifies the X.509 certificate as a Base64-encoded string. The Base-64 string v | Property name | Property value | |:--|:--| -| Format | b64 | +| Format | `b64` | | Access Type | Add, Get, Replace | @@ -556,7 +556,7 @@ Specifies the X.509 certificate as a Base64-encoded string. The Base-64 string v | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -579,7 +579,7 @@ Returns the name of the certificate issuer. This is equivalent to the Issuer mem | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -595,7 +595,7 @@ Returns the name of the certificate issuer. This is equivalent to the Issuer mem | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -618,7 +618,7 @@ Returns the name of the certificate subject. This is equivalent to the Subject m | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -634,7 +634,7 @@ Returns the name of the certificate subject. This is equivalent to the Subject m | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -657,7 +657,7 @@ Returns the certificate template name. Supported operation is Get. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -673,7 +673,7 @@ Returns the certificate template name. Supported operation is Get. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -696,7 +696,7 @@ Returns the starting date of the certificate's validity. Supported operation is | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -712,7 +712,7 @@ Returns the starting date of the certificate's validity. Supported operation is | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -735,7 +735,7 @@ Returns the expiration date of the certificate. Supported operation is Get. This | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -751,7 +751,7 @@ Returns the expiration date of the certificate. Supported operation is Get. This | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -774,7 +774,7 @@ Defines the certificate store that contains root, or self-signed certificates, i | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -790,7 +790,7 @@ Defines the certificate store that contains root, or self-signed certificates, i | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -813,7 +813,7 @@ Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certifi | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Delete, Get | @@ -829,7 +829,7 @@ Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certifi | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -852,7 +852,7 @@ Specifies the X.509 certificate as a Base64-encoded string. The Base-64 string v | Property name | Property value | |:--|:--| -| Format | b64 | +| Format | `b64` | | Access Type | Add, Get, Replace | | Dynamic Node Naming | UniqueName: Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certificate hash is specified as a hexadecimal string value. | @@ -869,7 +869,7 @@ Specifies the X.509 certificate as a Base64-encoded string. The Base-64 string v | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -892,7 +892,7 @@ Returns the name of the certificate issuer. This is equivalent to the Issuer mem | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -908,7 +908,7 @@ Returns the name of the certificate issuer. This is equivalent to the Issuer mem | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -931,7 +931,7 @@ Returns the name of the certificate subject. This is equivalent to the Subject m | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -947,7 +947,7 @@ Returns the name of the certificate subject. This is equivalent to the Subject m | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -970,7 +970,7 @@ Returns the certificate template name. Supported operation is Get. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -986,7 +986,7 @@ Returns the certificate template name. Supported operation is Get. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1009,7 +1009,7 @@ Returns the starting date of the certificate's validity. Supported operation is | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -1025,7 +1025,7 @@ Returns the starting date of the certificate's validity. Supported operation is | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1048,7 +1048,7 @@ Returns the expiration date of the certificate. Supported operation is Get. This | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -1064,7 +1064,7 @@ Returns the expiration date of the certificate. Supported operation is Get. This | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1087,7 +1087,7 @@ Node for trusted people certificates. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -1103,7 +1103,7 @@ Node for trusted people certificates. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1126,7 +1126,7 @@ Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certifi | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Delete, Get | | Dynamic Node Naming | UniqueName: Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certificate hash is specified as a hexadecimal string value. | @@ -1143,7 +1143,7 @@ Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certifi | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1166,7 +1166,7 @@ Specifies the X.509 certificate as a Base64-encoded string. The Base-64 string v | Property name | Property value | |:--|:--| -| Format | b64 | +| Format | `b64` | | Access Type | Add, Get, Replace | @@ -1182,7 +1182,7 @@ Specifies the X.509 certificate as a Base64-encoded string. The Base-64 string v | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1205,7 +1205,7 @@ Returns the name of the certificate issuer. This is equivalent to the Issuer mem | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -1221,7 +1221,7 @@ Returns the name of the certificate issuer. This is equivalent to the Issuer mem | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1244,7 +1244,7 @@ Returns the name of the certificate subject. This is equivalent to the Subject m | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -1260,7 +1260,7 @@ Returns the name of the certificate subject. This is equivalent to the Subject m | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1283,7 +1283,7 @@ Returns the certificate template name. Supported operation is Get. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -1299,7 +1299,7 @@ Returns the certificate template name. Supported operation is Get. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1322,7 +1322,7 @@ Returns the starting date of the certificate's validity. Supported operation is | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -1338,7 +1338,7 @@ Returns the starting date of the certificate's validity. Supported operation is | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1361,7 +1361,7 @@ Returns the expiration date of the certificate. Supported operation is Get. This | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -1377,7 +1377,7 @@ Returns the expiration date of the certificate. Supported operation is Get. This | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1400,7 +1400,7 @@ Node for trusted publisher certificates. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -1416,7 +1416,7 @@ Node for trusted publisher certificates. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1439,7 +1439,7 @@ Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certifi | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Delete, Get | | Dynamic Node Naming | UniqueName: Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certificate hash is specified as a hexadecimal string value. | @@ -1456,7 +1456,7 @@ Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certifi | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1479,7 +1479,7 @@ Specifies the X.509 certificate as a Base64-encoded string. The Base-64 string v | Property name | Property value | |:--|:--| -| Format | b64 | +| Format | `b64` | | Access Type | Add, Get, Replace | @@ -1495,7 +1495,7 @@ Specifies the X.509 certificate as a Base64-encoded string. The Base-64 string v | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1518,7 +1518,7 @@ Returns the name of the certificate issuer. This is equivalent to the Issuer mem | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -1534,7 +1534,7 @@ Returns the name of the certificate issuer. This is equivalent to the Issuer mem | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1557,7 +1557,7 @@ Returns the name of the certificate subject. This is equivalent to the Subject m | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -1573,7 +1573,7 @@ Returns the name of the certificate subject. This is equivalent to the Subject m | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1596,7 +1596,7 @@ Returns the certificate template name. Supported operation is Get. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -1612,7 +1612,7 @@ Returns the certificate template name. Supported operation is Get. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1635,7 +1635,7 @@ Returns the starting date of the certificate's validity. Supported operation is | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -1651,7 +1651,7 @@ Returns the starting date of the certificate's validity. Supported operation is | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1674,7 +1674,7 @@ Returns the expiration date of the certificate. Supported operation is Get. This | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -1690,7 +1690,7 @@ Returns the expiration date of the certificate. Supported operation is Get. This | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -1713,7 +1713,7 @@ Node for certificates that are not trusted. IT admin can use this node to immedi | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -1729,7 +1729,7 @@ Node for certificates that are not trusted. IT admin can use this node to immedi | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -1752,7 +1752,7 @@ Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certifi | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Delete, Get | | Dynamic Node Naming | UniqueName: Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certificate hash is specified as a hexadecimal string value. | @@ -1769,7 +1769,7 @@ Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certifi | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -1792,7 +1792,7 @@ Specifies the X.509 certificate as a Base64-encoded string. The Base-64 string v | Property name | Property value | |:--|:--| -| Format | b64 | +| Format | `b64` | | Access Type | Add, Get, Replace | @@ -1808,7 +1808,7 @@ Specifies the X.509 certificate as a Base64-encoded string. The Base-64 string v | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -1831,7 +1831,7 @@ Returns the name of the certificate issuer. This is equivalent to the Issuer mem | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -1847,7 +1847,7 @@ Returns the name of the certificate issuer. This is equivalent to the Issuer mem | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -1870,7 +1870,7 @@ Returns the name of the certificate subject. This is equivalent to the Subject m | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -1886,7 +1886,7 @@ Returns the name of the certificate subject. This is equivalent to the Subject m | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -1909,7 +1909,7 @@ Returns the certificate template name. Supported operation is Get. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -1925,7 +1925,7 @@ Returns the certificate template name. Supported operation is Get. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -1948,7 +1948,7 @@ Returns the starting date of the certificate's validity. Supported operation is | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -1964,7 +1964,7 @@ Returns the starting date of the certificate's validity. Supported operation is | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -1987,7 +1987,7 @@ Returns the expiration date of the certificate. Supported operation is Get. This | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -2003,7 +2003,7 @@ Returns the expiration date of the certificate. Supported operation is Get. This | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -2026,7 +2026,7 @@ Node for CA certificates. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -2042,7 +2042,7 @@ Node for CA certificates. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -2065,7 +2065,7 @@ Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certifi | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Delete, Get | | Dynamic Node Naming | UniqueName: Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certificate hash is specified as a hexadecimal string value. | @@ -2082,7 +2082,7 @@ Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certifi | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -2105,7 +2105,7 @@ Specifies the X.509 certificate as a Base64-encoded string. The Base-64 string v | Property name | Property value | |:--|:--| -| Format | b64 | +| Format | `b64` | | Access Type | Add, Get, Replace | @@ -2121,7 +2121,7 @@ Specifies the X.509 certificate as a Base64-encoded string. The Base-64 string v | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -2144,7 +2144,7 @@ Returns the name of the certificate issuer. This is equivalent to the Issuer mem | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -2160,7 +2160,7 @@ Returns the name of the certificate issuer. This is equivalent to the Issuer mem | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -2183,7 +2183,7 @@ Returns the name of the certificate subject. This is equivalent to the Subject m | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -2199,7 +2199,7 @@ Returns the name of the certificate subject. This is equivalent to the Subject m | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -2222,7 +2222,7 @@ Returns the certificate template name. Supported operation is Get. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -2238,7 +2238,7 @@ Returns the certificate template name. Supported operation is Get. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -2261,7 +2261,7 @@ Returns the starting date of the certificate's validity. Supported operation is | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -2277,7 +2277,7 @@ Returns the starting date of the certificate's validity. Supported operation is | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -2300,7 +2300,7 @@ Returns the expiration date of the certificate. Supported operation is Get. This | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -2316,7 +2316,7 @@ Returns the expiration date of the certificate. Supported operation is Get. This | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2339,7 +2339,7 @@ Node for OEM eSIM certificates. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -2355,7 +2355,7 @@ Node for OEM eSIM certificates. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2378,7 +2378,7 @@ Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certifi | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Delete, Get | | Dynamic Node Naming | UniqueName: Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certificate hash is specified as a hexadecimal string value. | @@ -2395,7 +2395,7 @@ Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certifi | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2418,7 +2418,7 @@ Specifies the X.509 certificate as a Base64-encoded string. The Base-64 string v | Property name | Property value | |:--|:--| -| Format | b64 | +| Format | `b64` | | Access Type | Add, Get, Replace | @@ -2434,7 +2434,7 @@ Specifies the X.509 certificate as a Base64-encoded string. The Base-64 string v | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2457,7 +2457,7 @@ Returns the name of the certificate issuer. This is equivalent to the Issuer mem | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -2473,7 +2473,7 @@ Returns the name of the certificate issuer. This is equivalent to the Issuer mem | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2496,7 +2496,7 @@ Returns the name of the certificate subject. This is equivalent to the Subject m | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -2512,7 +2512,7 @@ Returns the name of the certificate subject. This is equivalent to the Subject m | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2535,7 +2535,7 @@ Returns the certificate template name. Supported operation is Get. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -2551,7 +2551,7 @@ Returns the certificate template name. Supported operation is Get. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2574,7 +2574,7 @@ Returns the starting date of the certificate's validity. Supported operation is | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -2590,7 +2590,7 @@ Returns the starting date of the certificate's validity. Supported operation is | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -2613,7 +2613,7 @@ Returns the expiration date of the certificate. Supported operation is Get. This | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -2629,7 +2629,7 @@ Returns the expiration date of the certificate. Supported operation is Get. This | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -2652,7 +2652,7 @@ Node for trusted people certificates. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -2668,7 +2668,7 @@ Node for trusted people certificates. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -2691,7 +2691,7 @@ Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certifi | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Delete, Get | | Dynamic Node Naming | UniqueName: Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certificate hash is specified as a hexadecimal string value. | @@ -2708,7 +2708,7 @@ Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certifi | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -2731,7 +2731,7 @@ Specifies the X.509 certificate as a Base64-encoded string. The Base-64 string v | Property name | Property value | |:--|:--| -| Format | b64 | +| Format | `b64` | | Access Type | Add, Get, Replace | @@ -2747,7 +2747,7 @@ Specifies the X.509 certificate as a Base64-encoded string. The Base-64 string v | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -2770,7 +2770,7 @@ Returns the name of the certificate issuer. This is equivalent to the Issuer mem | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -2786,7 +2786,7 @@ Returns the name of the certificate issuer. This is equivalent to the Issuer mem | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -2809,7 +2809,7 @@ Returns the name of the certificate subject. This is equivalent to the Subject m | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -2825,7 +2825,7 @@ Returns the name of the certificate subject. This is equivalent to the Subject m | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -2848,7 +2848,7 @@ Returns the certificate template name. Supported operation is Get. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -2864,7 +2864,7 @@ Returns the certificate template name. Supported operation is Get. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -2887,7 +2887,7 @@ Returns the starting date of the certificate's validity. Supported operation is | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -2903,7 +2903,7 @@ Returns the starting date of the certificate's validity. Supported operation is | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -2926,7 +2926,7 @@ Returns the expiration date of the certificate. Supported operation is Get. This | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -2942,7 +2942,7 @@ Returns the expiration date of the certificate. Supported operation is Get. This | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -2965,7 +2965,7 @@ Node for trusted publisher certificates. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -2981,7 +2981,7 @@ Node for trusted publisher certificates. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -3004,7 +3004,7 @@ Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certifi | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Delete, Get | | Dynamic Node Naming | UniqueName: Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certificate hash is specified as a hexadecimal string value. | @@ -3021,7 +3021,7 @@ Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certifi | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -3044,7 +3044,7 @@ Specifies the X.509 certificate as a Base64-encoded string. The Base-64 string v | Property name | Property value | |:--|:--| -| Format | b64 | +| Format | `b64` | | Access Type | Add, Get, Replace | @@ -3060,7 +3060,7 @@ Specifies the X.509 certificate as a Base64-encoded string. The Base-64 string v | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -3083,7 +3083,7 @@ Returns the name of the certificate issuer. This is equivalent to the Issuer mem | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -3099,7 +3099,7 @@ Returns the name of the certificate issuer. This is equivalent to the Issuer mem | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -3122,7 +3122,7 @@ Returns the name of the certificate subject. This is equivalent to the Subject m | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -3138,7 +3138,7 @@ Returns the name of the certificate subject. This is equivalent to the Subject m | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -3161,7 +3161,7 @@ Returns the certificate template name. Supported operation is Get. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -3177,7 +3177,7 @@ Returns the certificate template name. Supported operation is Get. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -3200,7 +3200,7 @@ Returns the starting date of the certificate's validity. Supported operation is | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -3216,7 +3216,7 @@ Returns the starting date of the certificate's validity. Supported operation is | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -3239,7 +3239,7 @@ Returns the expiration date of the certificate. Supported operation is Get. This | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -3255,7 +3255,7 @@ Returns the expiration date of the certificate. Supported operation is Get. This | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -3278,7 +3278,7 @@ Node for certificates that are not trusted. IT admin can use this node to immedi | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -3294,7 +3294,7 @@ Node for certificates that are not trusted. IT admin can use this node to immedi | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -3317,7 +3317,7 @@ Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certifi | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Delete, Get | | Dynamic Node Naming | UniqueName: Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certificate hash is specified as a hexadecimal string value. | @@ -3334,7 +3334,7 @@ Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certifi | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -3357,7 +3357,7 @@ Specifies the X.509 certificate as a Base64-encoded string. The Base-64 string v | Property name | Property value | |:--|:--| -| Format | b64 | +| Format | `b64` | | Access Type | Add, Get, Replace | @@ -3373,7 +3373,7 @@ Specifies the X.509 certificate as a Base64-encoded string. The Base-64 string v | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -3396,7 +3396,7 @@ Returns the name of the certificate issuer. This is equivalent to the Issuer mem | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -3412,7 +3412,7 @@ Returns the name of the certificate issuer. This is equivalent to the Issuer mem | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -3435,7 +3435,7 @@ Returns the name of the certificate subject. This is equivalent to the Subject m | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -3451,7 +3451,7 @@ Returns the name of the certificate subject. This is equivalent to the Subject m | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -3474,7 +3474,7 @@ Returns the certificate template name. Supported operation is Get. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -3490,7 +3490,7 @@ Returns the certificate template name. Supported operation is Get. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -3513,7 +3513,7 @@ Returns the starting date of the certificate's validity. Supported operation is | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -3529,7 +3529,7 @@ Returns the starting date of the certificate's validity. Supported operation is | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -3552,7 +3552,7 @@ Returns the expiration date of the certificate. Supported operation is Get. This | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | diff --git a/windows/client-management/mdm/sharedpc-csp.md b/windows/client-management/mdm/sharedpc-csp.md index b899a7c5ee..2fe0cc255c 100644 --- a/windows/client-management/mdm/sharedpc-csp.md +++ b/windows/client-management/mdm/sharedpc-csp.md @@ -4,7 +4,7 @@ description: Learn more about the SharedPC CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 02/28/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -51,7 +51,7 @@ The following list shows the SharedPC configuration service provider nodes: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -74,7 +74,7 @@ Configures which type of accounts are allowed to use the PC. Allowed values: 0 ( | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -101,7 +101,7 @@ Configures which type of accounts are allowed to use the PC. Allowed values: 0 ( | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -124,7 +124,7 @@ Configures when accounts will be deleted. Allowed values: 0 (delete immediately) | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -151,7 +151,7 @@ Configures when accounts will be deleted. Allowed values: 0 (delete immediately) | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -174,7 +174,7 @@ Stop deleting accounts when available disk space reaches this threshold, given a | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[0-100]` | | Default Value | 50 | @@ -192,7 +192,7 @@ Stop deleting accounts when available disk space reaches this threshold, given a | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -216,7 +216,7 @@ For example, if the DiskLevelCaching is set to 50 and the DiskLevelDeletion is s | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[0-100]` | | Default Value | 25 | @@ -234,7 +234,7 @@ For example, if the DiskLevelCaching is set to 50 and the DiskLevelDeletion is s | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -257,7 +257,7 @@ Enable the account manager for shared PC mode. If used, this value must be set b | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Add, Delete, Get, Replace | | Default Value | false | @@ -283,7 +283,7 @@ Enable the account manager for shared PC mode. If used, this value must be set b | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -306,7 +306,7 @@ Setting this node to "true" triggers the action to configure a device to Shared | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Add, Delete, Get, Replace | | Default Value | false | @@ -332,7 +332,7 @@ Setting this node to "true" triggers the action to configure a device to Shared | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later | @@ -355,7 +355,7 @@ Setting this node to "1" triggers the action to configure a device to Shared PC | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Add, Delete, Get, Replace | | Default Value | false | @@ -381,7 +381,7 @@ Setting this node to "1" triggers the action to configure a device to Shared PC | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later | @@ -404,7 +404,7 @@ Setting this node to "1" enables Windows Insider Preview flighting and the abili | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Add, Delete, Get, Replace | | Default Value | false | @@ -430,7 +430,7 @@ Setting this node to "1" enables Windows Insider Preview flighting and the abili | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -453,7 +453,7 @@ Accounts will start being deleted when they have not been logged on during the s | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[0-4294967295]` | | Default Value | 30 | @@ -471,7 +471,7 @@ Accounts will start being deleted when they have not been logged on during the s | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -494,7 +494,7 @@ Specifies the AUMID of the app to use with assigned access. If used, this value | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -510,7 +510,7 @@ Specifies the AUMID of the app to use with assigned access. If used, this value | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -533,7 +533,7 @@ Specifies the display text for the account shown on the sign-in screen which lau | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -549,7 +549,7 @@ Specifies the display text for the account shown on the sign-in screen which lau | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -572,7 +572,7 @@ Daily start time of maintenance hour. Given in minutes from midnight. Default is | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[0-1440]` | | Default Value | 0 | @@ -590,7 +590,7 @@ Daily start time of maintenance hour. Given in minutes from midnight. Default is | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -613,7 +613,7 @@ Maximum size of the paging file in MB. Applies only to systems with less than 32 | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[0-32768]` | | Default Value | 1024 | @@ -631,7 +631,7 @@ Maximum size of the paging file in MB. Applies only to systems with less than 32 | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -654,7 +654,7 @@ Restricts the user from using local storage. This node is optional. If used, thi | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Add, Delete, Get, Replace | | Default Value | false | @@ -680,7 +680,7 @@ Restricts the user from using local storage. This node is optional. If used, thi | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -704,7 +704,7 @@ A boolean value that specifies whether the policies for education environment ar | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Add, Delete, Get, Replace | | Default Value | false | @@ -730,7 +730,7 @@ A boolean value that specifies whether the policies for education environment ar | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -754,7 +754,7 @@ The default value is Not Configured and the effective power settings are determi | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Add, Delete, Get, Replace | | Default Value | false | @@ -780,7 +780,7 @@ The default value is Not Configured and the effective power settings are determi | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -803,7 +803,7 @@ Require signing in on waking up from sleep. If used, this value must be set befo | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Add, Delete, Get, Replace | | Default Value | false | @@ -829,7 +829,7 @@ Require signing in on waking up from sleep. If used, this value must be set befo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -852,7 +852,7 @@ The amount of time before the PC sleeps, giving in seconds. 0 means the PC never | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[0-4294967295]` | | Default Value | 300 | diff --git a/windows/client-management/mdm/supl-csp.md b/windows/client-management/mdm/supl-csp.md index 7abf6ccc77..2ff3f418bf 100644 --- a/windows/client-management/mdm/supl-csp.md +++ b/windows/client-management/mdm/supl-csp.md @@ -89,7 +89,7 @@ The following list shows the SUPL configuration service provider nodes: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -112,7 +112,7 @@ Required for SUPL. Defines the account for the SUPL Enabled Terminal (SET) node. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -128,7 +128,7 @@ Required for SUPL. Defines the account for the SUPL Enabled Terminal (SET) node. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -154,7 +154,7 @@ For OMA DM, if the format for this node is incorrect the entry will be ignored a | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get, Replace | @@ -170,7 +170,7 @@ For OMA DM, if the format for this node is incorrect the entry will be ignored a | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -193,7 +193,7 @@ Required. The AppID for SUPL is automatically set to "ap0004". This is a read-on | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -209,7 +209,7 @@ Required. The AppID for SUPL is automatically set to "ap0004". This is a read-on | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -231,7 +231,7 @@ Required. The AppID for SUPL is automatically set to "ap0004". This is a read-on | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -247,7 +247,7 @@ Required. The AppID for SUPL is automatically set to "ap0004". This is a read-on | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -269,7 +269,7 @@ Required. The AppID for SUPL is automatically set to "ap0004". This is a read-on | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -285,7 +285,7 @@ Required. The AppID for SUPL is automatically set to "ap0004". This is a read-on | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041] and later | @@ -308,7 +308,7 @@ Optional. Determines the full version (X. Y. Z where X, Y and Z are major versio | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get, Replace | | Allowed Values | Regular Expression: `^(\d+\.)?(\d+\.)?(\*|\d+)$` | | Default Value | 1.0.0 | @@ -326,7 +326,7 @@ Optional. Determines the full version (X. Y. Z where X, Y and Z are major versio | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -351,7 +351,7 @@ Optional. Specifies the positioning method that the SUPL client will use for mob | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get, Replace | | Default Value | 0 | @@ -381,7 +381,7 @@ Optional. Specifies the positioning method that the SUPL client will use for mob | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -423,7 +423,7 @@ For OMA DM, if the format for this node is incorrect then an entry will be ignor | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Get, Replace | | Default Value | true | @@ -449,7 +449,7 @@ For OMA DM, if the format for this node is incorrect then an entry will be ignor | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -475,7 +475,7 @@ For OMA DM, if the format for this node is incorrect then an entry will be ignor | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get, Replace | @@ -491,7 +491,7 @@ For OMA DM, if the format for this node is incorrect then an entry will be ignor | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -514,7 +514,7 @@ Optional. Time in seconds that the network-initiated location request is display | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get, Replace | | Default Value | 30 | @@ -531,7 +531,7 @@ Optional. Time in seconds that the network-initiated location request is display | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -554,7 +554,7 @@ Required. Specifies the root certificate for the H-SLP server. Windows does not | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -570,7 +570,7 @@ Required. Specifies the root certificate for the H-SLP server. Windows does not | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -593,7 +593,7 @@ The base 64 encoded blob of the H-SLP root certificate. | Property name | Property value | |:--|:--| -| Format | b64 | +| Format | `b64` | | Access Type | Get, Replace | @@ -609,7 +609,7 @@ The base 64 encoded blob of the H-SLP root certificate. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -632,7 +632,7 @@ Specifies the name of the H-SLP root certificate as a string, in the format name | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get, Replace | @@ -648,7 +648,7 @@ Specifies the name of the H-SLP root certificate as a string, in the format name | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -671,7 +671,7 @@ Specifies the root certificate for the H-SLP server. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -687,7 +687,7 @@ Specifies the root certificate for the H-SLP server. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -710,7 +710,7 @@ The base 64 encoded blob of the H-SLP root certificate. | Property name | Property value | |:--|:--| -| Format | b64 | +| Format | `b64` | | Access Type | Get, Replace | @@ -726,7 +726,7 @@ The base 64 encoded blob of the H-SLP root certificate. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -749,7 +749,7 @@ Specifies the name of the H-SLP root certificate as a string, in the format name | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get, Replace | @@ -765,7 +765,7 @@ Specifies the name of the H-SLP root certificate as a string, in the format name | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -788,7 +788,7 @@ Specifies the root certificate for the H-SLP server. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -804,7 +804,7 @@ Specifies the root certificate for the H-SLP server. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -827,7 +827,7 @@ The base 64 encoded blob of the H-SLP root certificate. | Property name | Property value | |:--|:--| -| Format | b64 | +| Format | `b64` | | Access Type | Get, Replace | @@ -843,7 +843,7 @@ The base 64 encoded blob of the H-SLP root certificate. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -866,7 +866,7 @@ Specifies the name of the H-SLP root certificate as a string, in the format name | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get, Replace | @@ -882,7 +882,7 @@ Specifies the name of the H-SLP root certificate as a string, in the format name | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later | @@ -905,7 +905,7 @@ Specifies the root certificate for the H-SLP server. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -921,7 +921,7 @@ Specifies the root certificate for the H-SLP server. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later | @@ -944,7 +944,7 @@ The base 64 encoded blob of the H-SLP root certificate. | Property name | Property value | |:--|:--| -| Format | b64 | +| Format | `b64` | | Access Type | Get, Replace | @@ -960,7 +960,7 @@ The base 64 encoded blob of the H-SLP root certificate. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later | @@ -983,7 +983,7 @@ Specifies the name of the H-SLP root certificate as a string, in the format name | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get, Replace | @@ -999,7 +999,7 @@ Specifies the name of the H-SLP root certificate as a string, in the format name | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later | @@ -1022,7 +1022,7 @@ Specifies the root certificate for the H-SLP server. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -1038,7 +1038,7 @@ Specifies the root certificate for the H-SLP server. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later | @@ -1061,7 +1061,7 @@ The base 64 encoded blob of the H-SLP root certificate. | Property name | Property value | |:--|:--| -| Format | b64 | +| Format | `b64` | | Access Type | Get, Replace | @@ -1077,7 +1077,7 @@ The base 64 encoded blob of the H-SLP root certificate. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later | @@ -1100,7 +1100,7 @@ Specifies the name of the H-SLP root certificate as a string, in the format name | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get, Replace | @@ -1116,7 +1116,7 @@ Specifies the name of the H-SLP root certificate as a string, in the format name | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later | @@ -1139,7 +1139,7 @@ Specifies the root certificate for the H-SLP server. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -1155,7 +1155,7 @@ Specifies the root certificate for the H-SLP server. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later | @@ -1178,7 +1178,7 @@ The base 64 encoded blob of the H-SLP root certificate. | Property name | Property value | |:--|:--| -| Format | b64 | +| Format | `b64` | | Access Type | Get, Replace | @@ -1194,7 +1194,7 @@ The base 64 encoded blob of the H-SLP root certificate. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later | @@ -1217,7 +1217,7 @@ Specifies the name of the H-SLP root certificate as a string, in the format name | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get, Replace | @@ -1233,7 +1233,7 @@ Specifies the name of the H-SLP root certificate as a string, in the format name | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -1256,7 +1256,7 @@ Optional. Integer. Defines the minimum interval of time in seconds between mobil | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get, Replace | | Default Value | 60 | @@ -1273,7 +1273,7 @@ Optional. Integer. Defines the minimum interval of time in seconds between mobil | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -1296,7 +1296,7 @@ Optional. Determines the major version of the SUPL protocol to use. For SUPL 1.0 | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get, Replace | | Allowed Values | Range: `[1-2]` | | Default Value | 1 | @@ -1314,7 +1314,7 @@ Optional. Determines the major version of the SUPL protocol to use. For SUPL 1.0 | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -1337,7 +1337,7 @@ Required for V2 UPL for CDMA. Specifies the account settings for user plane loca | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -1353,7 +1353,7 @@ Required for V2 UPL for CDMA. Specifies the account settings for user plane loca | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -1376,7 +1376,7 @@ Required. This value must always be set to 00000011. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -1392,7 +1392,7 @@ Required. This value must always be set to 00000011. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -1415,7 +1415,7 @@ Optional. Boolean. Specifies whether the location toggle on the location screen | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Get, Replace | | Default Value | true | @@ -1441,7 +1441,7 @@ Optional. Boolean. Specifies whether the location toggle on the location screen | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -1464,7 +1464,7 @@ Optional. The address of the mobile positioning center (MPC), in the format ipAd | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get, Replace | @@ -1480,7 +1480,7 @@ Optional. The address of the mobile positioning center (MPC), in the format ipAd | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -1503,7 +1503,7 @@ Optional. Time in seconds that the network-initiated location request is display | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get, Replace | | Default Value | 30 | @@ -1520,7 +1520,7 @@ Optional. Time in seconds that the network-initiated location request is display | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -1543,7 +1543,7 @@ Optional. The address of the Position Determination Entity (PDE), in the format | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get, Replace | @@ -1559,7 +1559,7 @@ Optional. The address of the Position Determination Entity (PDE), in the format | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -1582,7 +1582,7 @@ Optional. Specifies the positioning method that the SUPL client will use for mob | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get, Replace | | Default Value | 0 | @@ -1611,7 +1611,7 @@ Optional. Specifies the positioning method that the SUPL client will use for mob | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -1634,7 +1634,7 @@ Optional. Integer. Defines the minimum interval of time in seconds between mobil | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get, Replace | | Default Value | 60 | diff --git a/windows/client-management/mdm/surfacehub-csp.md b/windows/client-management/mdm/surfacehub-csp.md index 0f7ea67116..354095bc43 100644 --- a/windows/client-management/mdm/surfacehub-csp.md +++ b/windows/client-management/mdm/surfacehub-csp.md @@ -94,7 +94,7 @@ The following list shows the SurfaceHub configuration service provider nodes: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -119,7 +119,7 @@ Node for setting device account information. A device account is a Microsoft Exc | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | | Case Sensitive | True | @@ -185,7 +185,7 @@ Node for setting device account information. A device account is a Microsoft Exc | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -208,7 +208,7 @@ Specifies whether calendar sync and other Exchange server services is enabled. | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Get, Replace | @@ -233,7 +233,7 @@ Specifies whether calendar sync and other Exchange server services is enabled. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -256,7 +256,7 @@ Domain of the device account when you are using Active Directory. To use a devic | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get, Replace | @@ -272,7 +272,7 @@ Domain of the device account when you are using Active Directory. To use a devic | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -295,7 +295,7 @@ Email address of the device account. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get, Replace | @@ -311,7 +311,7 @@ Email address of the device account. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -344,7 +344,7 @@ Possible error values: | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | @@ -360,7 +360,7 @@ Possible error values: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.789] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.789] and later
:heavy_check_mark: Windows Insider Preview [99.9.9999] | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.789] and later
✅ Windows 10, version 2009 [10.0.19042.789] and later
✅ Windows Insider Preview [99.9.9999] | @@ -383,7 +383,7 @@ Specifies whether Device Account calendar sync will attempt to use token-based M | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Get, Replace | | Default Value | True | @@ -409,7 +409,7 @@ Specifies whether Device Account calendar sync will attempt to use token-based M | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -432,7 +432,7 @@ Exchange server of the device account. Normally, the device will try to auto-dis | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get, Replace | @@ -448,7 +448,7 @@ Exchange server of the device account. Normally, the device will try to auto-dis | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -471,7 +471,7 @@ Password for the device account. Get is allowed here, but will always return a b | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get, Replace | @@ -487,7 +487,7 @@ Password for the device account. Get is allowed here, but will always return a b | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -510,7 +510,7 @@ Specifies whether automatic password rotation is enabled. If you enforce a passw | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get, Replace | @@ -535,7 +535,7 @@ Specifies whether automatic password rotation is enabled. If you enforce a passw | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -558,7 +558,7 @@ Session Initiation Protocol (SIP) address of the device account. Normally, the d | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get, Replace | @@ -574,7 +574,7 @@ Session Initiation Protocol (SIP) address of the device account. Normally, the d | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -597,7 +597,7 @@ Username of the device account when you are using Active Directory. To use a dev | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get, Replace | @@ -613,7 +613,7 @@ Username of the device account when you are using Active Directory. To use a dev | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -636,7 +636,7 @@ User principal name (UPN) of the device account. To use a device account from Az | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get, Replace | @@ -652,7 +652,7 @@ User principal name (UPN) of the device account. To use a device account from Az | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -675,7 +675,7 @@ This method validates the data provided and then commits the changes. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Exec | @@ -691,7 +691,7 @@ This method validates the data provided and then commits the changes. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299.64] and later
:heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299.64] and later
✅ Windows 10, version 1803 [10.0.17134] and later | @@ -714,7 +714,7 @@ Parent node. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -730,7 +730,7 @@ Parent node. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299.64] and later
:heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299.64] and later
✅ Windows 10, version 1803 [10.0.17134] and later | @@ -753,7 +753,7 @@ Used to specify credentials to authenticate device to the network. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get, Replace | @@ -769,7 +769,7 @@ Used to specify credentials to authenticate device to the network. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299.64] and later
:heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299.64] and later
✅ Windows 10, version 1803 [10.0.17134] and later | @@ -792,7 +792,7 @@ Used to specify credentials to authenticate device to the network. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get, Replace | @@ -808,7 +808,7 @@ Used to specify credentials to authenticate device to the network. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -831,7 +831,7 @@ Node for the in-box app settings. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -847,7 +847,7 @@ Node for the in-box app settings. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -870,7 +870,7 @@ Node for the Connect app. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -886,7 +886,7 @@ Node for the Connect app. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -909,7 +909,7 @@ Specifies whether to automatically launch the Connect app whenever a projection | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Get, Replace | @@ -934,7 +934,7 @@ Specifies whether to automatically launch the Connect app whenever a projection | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -957,7 +957,7 @@ Node for the Skype for Business settings. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -973,7 +973,7 @@ Node for the Skype for Business settings. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -996,7 +996,7 @@ Specifies the domain of the Skype for Business account when you are using Active | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get, Replace | @@ -1012,7 +1012,7 @@ Specifies the domain of the Skype for Business account when you are using Active | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.450] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.450] and later
✅ Windows 10, version 2009 [10.0.19042] and later | @@ -1035,7 +1035,7 @@ This node controls policies specific to the Teams App on Surface Hub. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -1051,7 +1051,7 @@ This node controls policies specific to the Teams App on Surface Hub. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.450] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.450] and later
✅ Windows 10, version 2009 [10.0.19042] and later | @@ -1074,7 +1074,7 @@ String to contain Teams policy configs. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get, Replace | @@ -1090,7 +1090,7 @@ String to contain Teams policy configs. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1113,7 +1113,7 @@ Node for the welcome screen. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -1129,7 +1129,7 @@ Node for the welcome screen. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1152,7 +1152,7 @@ Setting for the screen to wake up and stay on with sensor activity. | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Get, Replace | @@ -1177,7 +1177,7 @@ Setting for the screen to wake up and stay on with sensor activity. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1200,7 +1200,7 @@ Background image for the welcome screen. To set this, specify an https URL to a | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get, Replace | @@ -1216,7 +1216,7 @@ Background image for the welcome screen. To set this, specify an https URL to a | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1239,7 +1239,7 @@ Meeting information displayed on the welcome screen. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get, Replace | @@ -1264,7 +1264,7 @@ Meeting information displayed on the welcome screen. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1903 [10.0.18362.449] and later
:heavy_check_mark: Windows 10, version 1909 [10.0.18363] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362.449] and later
✅ Windows 10, version 1909 [10.0.18363] and later | @@ -1287,7 +1287,7 @@ This node controls policies specific to the Whiteboard App on Surface Hub. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -1303,7 +1303,7 @@ This node controls policies specific to the Whiteboard App on Surface Hub. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1903 [10.0.18362.449] and later
:heavy_check_mark: Windows 10, version 1909 [10.0.18363] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362.449] and later
✅ Windows 10, version 1909 [10.0.18363] and later | @@ -1326,7 +1326,7 @@ When enabled, prevents a user from initiating a collaborative session on the dev | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Get, Replace | @@ -1351,7 +1351,7 @@ When enabled, prevents a user from initiating a collaborative session on the dev | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1903 [10.0.18362.449] and later
:heavy_check_mark: Windows 10, version 1909 [10.0.18363] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362.449] and later
✅ Windows 10, version 1909 [10.0.18363] and later | @@ -1374,7 +1374,7 @@ When enabled, prevents a user from Signing into Whiteboard on the device. | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Get, Replace | | Default Value | False | @@ -1400,7 +1400,7 @@ When enabled, prevents a user from Signing into Whiteboard on the device. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1903 [10.0.18362.449] and later
:heavy_check_mark: Windows 10, version 1909 [10.0.18363] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362.449] and later
✅ Windows 10, version 1909 [10.0.18363] and later | @@ -1423,7 +1423,7 @@ When enabled, prevents Whiteboard from sending telemetry from the device. | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Get, Replace | | Default Value | False | @@ -1449,7 +1449,7 @@ When enabled, prevents Whiteboard from sending telemetry from the device. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1472,7 +1472,7 @@ Node for the wireless projector app settings. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -1488,7 +1488,7 @@ Node for the wireless projector app settings. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1518,7 +1518,7 @@ Outside of regulatory concerns, if the channel is configured incorrectly, the dr | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get, Replace | | Default Value | 255 | @@ -1535,7 +1535,7 @@ Outside of regulatory concerns, if the channel is configured incorrectly, the dr | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1558,7 +1558,7 @@ Enables wireless projection to the device. | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Get, Replace | @@ -1583,7 +1583,7 @@ Enables wireless projection to the device. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1606,7 +1606,7 @@ Users must enter a PIN to wirelessly project to the device. | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Get, Replace | @@ -1631,7 +1631,7 @@ Users must enter a PIN to wirelessly project to the device. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1654,7 +1654,7 @@ Node for maintenance schedule. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -1670,7 +1670,7 @@ Node for maintenance schedule. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1693,7 +1693,7 @@ Node for maintenance schedule. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -1709,7 +1709,7 @@ Node for maintenance schedule. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1732,7 +1732,7 @@ Specifies the duration of maintenance window in minutes. For example, to set a 3 | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get, Replace | | Allowed Values | Range: `[0-1439]` | @@ -1749,7 +1749,7 @@ Specifies the duration of maintenance window in minutes. For example, to set a 3 | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1772,7 +1772,7 @@ Specifies the start time for maintenance hours in minutes from midnight. For exa | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get, Replace | | Allowed Values | Range: `[0-1439]` | @@ -1789,7 +1789,7 @@ Specifies the start time for maintenance hours in minutes from midnight. For exa | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393.969] and later
:heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393.969] and later
✅ Windows 10, version 1703 [10.0.15063] and later | @@ -1812,7 +1812,7 @@ Not a supported scenario. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -1828,7 +1828,7 @@ Not a supported scenario. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393.969] and later
:heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393.969] and later
✅ Windows 10, version 1703 [10.0.15063] and later | @@ -1851,7 +1851,7 @@ The name of the domain admin group to add to the administrators group on the dev | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get, Replace | @@ -1867,7 +1867,7 @@ The name of the domain admin group to add to the administrators group on the dev | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393.969] and later
:heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393.969] and later
✅ Windows 10, version 1703 [10.0.15063] and later | @@ -1890,7 +1890,7 @@ The sid of the domain admin group to add to the administrators group on the devi | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get, Replace | @@ -1906,7 +1906,7 @@ The sid of the domain admin group to add to the administrators group on the devi | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1929,7 +1929,7 @@ Node for the Microsoft Operations Management Suite. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -1945,7 +1945,7 @@ Node for the Microsoft Operations Management Suite. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1968,7 +1968,7 @@ GUID identifying the Microsoft Operations Management Suite workspace ID to colle | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get, Replace | @@ -1984,7 +1984,7 @@ GUID identifying the Microsoft Operations Management Suite workspace ID to colle | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -2007,7 +2007,7 @@ Primary key for authenticating with workspace. Will always return an empty strin | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get, Replace | @@ -2023,7 +2023,7 @@ Primary key for authenticating with workspace. Will always return an empty strin | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -2046,7 +2046,7 @@ Node for the device properties. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -2062,7 +2062,7 @@ Node for the device properties. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -2085,7 +2085,7 @@ Specifies whether to use the device account for proxy authentication. If this se | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Get, Replace | | Default Value | true | @@ -2111,7 +2111,7 @@ Specifies whether to use the device account for proxy authentication. If this se | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -2134,7 +2134,7 @@ Specifies whether to allow the ability to resume a session when the session time | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Get, Replace | | Default Value | true | @@ -2160,7 +2160,7 @@ Specifies whether to allow the ability to resume a session when the session time | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -2183,7 +2183,7 @@ Specifies the default volume value for a new session. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get, Replace | | Allowed Values | Range: `[0-100]` | | Default Value | 45 | @@ -2201,7 +2201,7 @@ Specifies the default volume value for a new session. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -2224,7 +2224,7 @@ Specifies whether to disable auto-populating of the sign-in dialog with invitees | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Get, Replace | | Default Value | false | @@ -2250,7 +2250,7 @@ Specifies whether to disable auto-populating of the sign-in dialog with invitees | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -2273,7 +2273,7 @@ Specifies whether to disable the "My meetings and files" feature in the Start me | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Get, Replace | | Default Value | false | @@ -2299,7 +2299,7 @@ Specifies whether to disable the "My meetings and files" feature in the Start me | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -2322,7 +2322,7 @@ Friendly name of the device. Specifies the name that users see when they want to | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get, Replace | @@ -2338,7 +2338,7 @@ Friendly name of the device. Specifies the name that users see when they want to | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -2362,7 +2362,7 @@ Specifies hostnames of proxy servers to automatically provide device account cre | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Delete, Get, Replace | @@ -2378,7 +2378,7 @@ Specifies hostnames of proxy servers to automatically provide device account cre | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -2401,7 +2401,7 @@ Specifies the number of minutes until the Hub screen turns off. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get, Replace | | Default Value | 5 | @@ -2436,7 +2436,7 @@ Specifies the number of minutes until the Hub screen turns off. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -2459,7 +2459,7 @@ Specifies the number of minutes until the session times out. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get, Replace | | Default Value | 1 | @@ -2494,7 +2494,7 @@ Specifies the number of minutes until the session times out. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -2517,7 +2517,7 @@ Specifies the type of sleep mode for the Surface Hub. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get, Replace | | Default Value | 0 | @@ -2543,7 +2543,7 @@ Specifies the type of sleep mode for the Surface Hub. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -2566,7 +2566,7 @@ Specifies the number of minutes until the Hub enters sleep mode. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get, Replace | | Default Value | 5 | @@ -2601,7 +2601,7 @@ Specifies the number of minutes until the Hub enters sleep mode. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393.969] and later
:heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393.969] and later
✅ Windows 10, version 1703 [10.0.15063] and later | @@ -2624,7 +2624,7 @@ Teams mode. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Delete, Get, Replace | | Allowed Values | Range: `[0-2]` | | Default Value | 0 | @@ -2642,7 +2642,7 @@ Teams mode. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393.969] and later
:heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393.969] and later
✅ Windows 10, version 1703 [10.0.15063] and later | @@ -2665,7 +2665,7 @@ App name. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Delete, Get, Replace | diff --git a/windows/client-management/mdm/vpnv2-csp.md b/windows/client-management/mdm/vpnv2-csp.md index dadf9c0cbd..c22d60eab5 100644 --- a/windows/client-management/mdm/vpnv2-csp.md +++ b/windows/client-management/mdm/vpnv2-csp.md @@ -250,7 +250,7 @@ The following list shows the VPNv2 configuration service provider nodes: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -273,7 +273,7 @@ Unique alpha numeric identifier for the profile. The profile name must not inclu | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Delete, Get, Replace | | Atomic Required | True | | Dynamic Node Naming | ServerGeneratedUniqueIdentifier | @@ -292,7 +292,7 @@ Unique alpha numeric identifier for the profile. The profile name must not inclu | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -315,7 +315,7 @@ An optional flag to enable Always On mode. This will automatically connect the V | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Add, Delete, Get, Replace | | Default Value | false | @@ -341,7 +341,7 @@ An optional flag to enable Always On mode. This will automatically connect the V | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -364,7 +364,7 @@ An optional flag to activate Always On mode. This is true by default if AlwaysOn | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -390,7 +390,7 @@ An optional flag to activate Always On mode. This is true by default if AlwaysOn | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -413,7 +413,7 @@ Reserved for future use. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -429,7 +429,7 @@ Reserved for future use. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -452,7 +452,7 @@ Reserved for future use. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -468,7 +468,7 @@ Reserved for future use. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -491,7 +491,7 @@ Reserved for future use. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -507,7 +507,7 @@ Reserved for future use. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -530,7 +530,7 @@ Reserved for future use. | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Add, Delete, Get, Replace | @@ -546,7 +546,7 @@ Reserved for future use. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -569,7 +569,7 @@ Reserved for future use. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -585,7 +585,7 @@ Reserved for future use. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -608,7 +608,7 @@ Reserved for future use. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -624,7 +624,7 @@ Reserved for future use. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -647,7 +647,7 @@ Reserved for future use. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -663,7 +663,7 @@ Reserved for future use. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -686,7 +686,7 @@ List of applications set to trigger the VPN. If any of these apps are launched a | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -702,7 +702,7 @@ List of applications set to trigger the VPN. If any of these apps are launched a | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -725,7 +725,7 @@ A sequential integer identifier which allows the ability to specify multiple app | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Delete, Get | | Dynamic Node Naming | UniqueName: A sequential integer identifier which allows the ability to specify multiple apps for App Trigger. Sequencing must start at 0 and you should not skip numbers. | @@ -742,7 +742,7 @@ A sequential integer identifier which allows the ability to specify multiple app | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -765,7 +765,7 @@ App Node under the Row Id. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -781,7 +781,7 @@ App Node under the Row Id. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -804,7 +804,7 @@ App Identity. Specified, based on the Type Field. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -820,7 +820,7 @@ App Identity. Specified, based on the Type Field. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -843,7 +843,7 @@ Returns the type of App/Id. This value can be either of the following: PackageFa | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -859,7 +859,7 @@ Returns the type of App/Id. This value can be either of the following: PackageFa | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -885,7 +885,7 @@ Optional. When this setting is True, requests to local resources that are availa | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Add, Delete, Get, Replace | @@ -901,7 +901,7 @@ Optional. When this setting is True, requests to local resources that are availa | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -924,7 +924,7 @@ Determines the level of data encryption required for the connection. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Default Value | Require | @@ -952,7 +952,7 @@ Determines the level of data encryption required for the connection. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -975,7 +975,7 @@ Nodes under DeviceCompliance can be used to enable AAD based Conditional Access | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Get | @@ -991,7 +991,7 @@ Nodes under DeviceCompliance can be used to enable AAD based Conditional Access | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -1014,7 +1014,7 @@ Enables the Device Compliance flow from the client. If marked as True, the VPN C | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Add, Delete, Get, Replace | @@ -1039,7 +1039,7 @@ Enables the Device Compliance flow from the client. If marked as True, the VPN C | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -1062,7 +1062,7 @@ Nodes under SSO can be used to choose a certificate different from the VPN Authe | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Get | @@ -1078,7 +1078,7 @@ Nodes under SSO can be used to choose a certificate different from the VPN Authe | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -1101,7 +1101,7 @@ Comma Separated list of EKU's for the VPN Client to look for the correct certifi | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1117,7 +1117,7 @@ Comma Separated list of EKU's for the VPN Client to look for the correct certifi | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -1140,7 +1140,7 @@ If this field is set to True the VPN Client will look for a separate certificate | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Add, Delete, Get, Replace | @@ -1165,7 +1165,7 @@ If this field is set to True the VPN Client will look for a separate certificate | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -1188,7 +1188,7 @@ Comma Separated list of Issuer Hashes for the VPN Client to look for the correct | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1204,7 +1204,7 @@ Comma Separated list of Issuer Hashes for the VPN Client to look for the correct | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -1231,7 +1231,7 @@ A device tunnel profile must be deleted before another device tunnel profile can | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Add, Delete, Get, Replace | | Default Value | false | @@ -1257,7 +1257,7 @@ A device tunnel profile must be deleted before another device tunnel profile can | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1280,7 +1280,7 @@ Optional. When this setting is True, the Advanced Options page will have its edi | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Add, Delete, Get, Replace | @@ -1305,7 +1305,7 @@ Optional. When this setting is True, the Advanced Options page will have its edi | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1328,7 +1328,7 @@ Optional. When this setting is True, the Disconnect button will not be visible f | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Add, Delete, Get, Replace | @@ -1353,7 +1353,7 @@ Optional. When this setting is True, the Disconnect button will not be visible f | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1376,7 +1376,7 @@ Set to disable IKEv2 Fragmentation. | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Add, Delete, Get, Replace | | Default Value | false | @@ -1402,7 +1402,7 @@ Set to disable IKEv2 Fragmentation. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1425,7 +1425,7 @@ Specifies one or more comma separated DNS suffixes. The first in the list is als | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1441,7 +1441,7 @@ Specifies one or more comma separated DNS suffixes. The first in the list is als | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1466,7 +1466,7 @@ NRPT ([Name Resolution Policy Table](/previous-versions/windows/it-pro/windows-s | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -1482,7 +1482,7 @@ NRPT ([Name Resolution Policy Table](/previous-versions/windows/it-pro/windows-s | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1505,7 +1505,7 @@ A sequential integer identifier for the Domain Name information. Sequencing must | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Delete, Get | | Dynamic Node Naming | UniqueName: A sequential integer identifier for the Domain Name information. Sequencing must start at 0. | @@ -1522,7 +1522,7 @@ A sequential integer identifier for the Domain Name information. Sequencing must | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -1545,7 +1545,7 @@ Boolean to determine whether this domain name rule will trigger the VPN. | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Add, Delete, Get, Replace | | Default Value | false | @@ -1571,7 +1571,7 @@ Boolean to determine whether this domain name rule will trigger the VPN. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1594,7 +1594,7 @@ Comma Seperated list of IP addresses for the DNS Servers to use for the domain n | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1610,7 +1610,7 @@ Comma Seperated list of IP addresses for the DNS Servers to use for the domain n | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1633,7 +1633,7 @@ Used to indicate the namespace to which the policy applies. When a Name query is | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1649,7 +1649,7 @@ Used to indicate the namespace to which the policy applies. When a Name query is | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1672,7 +1672,7 @@ Returns the namespace type. This value can be one of the following: FQDN - If th | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -1688,7 +1688,7 @@ Returns the namespace type. This value can be one of the following: FQDN - If th | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -1711,7 +1711,7 @@ A boolean value that specifies if the rule being added should persist even when | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Add, Delete, Get, Replace | | Default Value | false | @@ -1737,7 +1737,7 @@ A boolean value that specifies if the rule being added should persist even when | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1760,7 +1760,7 @@ Web Proxy Server IP address if you are redirecting traffic through your intranet | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1776,7 +1776,7 @@ Web Proxy Server IP address if you are redirecting traffic through your intranet | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1799,7 +1799,7 @@ Enterprise ID, which is required for connecting this VPN profile with an WIP pol | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -1815,7 +1815,7 @@ Enterprise ID, which is required for connecting this VPN profile with an WIP pol | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1838,7 +1838,7 @@ The metric for the IPv4 interface. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[1-9999]` | @@ -1855,7 +1855,7 @@ The metric for the IPv4 interface. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -1878,7 +1878,7 @@ The metric for the IPv6 interface. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[1-9999]` | @@ -1895,7 +1895,7 @@ The metric for the IPv6 interface. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1918,7 +1918,7 @@ Nodes under NativeProfile are required when using a Windows Inbox VPN Protocol ( | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Get | @@ -1934,7 +1934,7 @@ Nodes under NativeProfile are required when using a Windows Inbox VPN Protocol ( | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1957,7 +1957,7 @@ Required node for native profile. It contains authentication information for the | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -1973,7 +1973,7 @@ Required node for native profile. It contains authentication information for the | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1996,7 +1996,7 @@ Reserved for future use. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -2012,7 +2012,7 @@ Reserved for future use. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -2035,7 +2035,7 @@ Reserved for future use. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2051,7 +2051,7 @@ Reserved for future use. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -2074,7 +2074,7 @@ Reserved for future use. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2090,7 +2090,7 @@ Reserved for future use. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -2113,7 +2113,7 @@ Required when the native profile specifies EAP authentication. EAP configuration | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -2129,7 +2129,7 @@ Required when the native profile specifies EAP authentication. EAP configuration | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -2152,7 +2152,7 @@ HTML encoded XML of the EAP configuration. For more information,see [EAP configu | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2168,7 +2168,7 @@ HTML encoded XML of the EAP configuration. For more information,see [EAP configu | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -2194,7 +2194,7 @@ Required node for EAP profiles. This specifies the EAP Type ID | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | @@ -2210,7 +2210,7 @@ Required node for EAP profiles. This specifies the EAP Type ID | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -2233,7 +2233,7 @@ This is only supported in IKEv2. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2257,7 +2257,7 @@ This is only supported in IKEv2. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -2280,7 +2280,7 @@ Type of user authentication. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2305,7 +2305,7 @@ Type of user authentication. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -2328,7 +2328,7 @@ Properties of IPSec tunnels. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -2344,7 +2344,7 @@ Properties of IPSec tunnels. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -2367,7 +2367,7 @@ Type of authentication transform constant. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2396,7 +2396,7 @@ Type of authentication transform constant. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -2419,7 +2419,7 @@ Type of Cipher transform constant. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2450,7 +2450,7 @@ Type of Cipher transform constant. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -2473,7 +2473,7 @@ Group used for DH (Diffie-Hellman). | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2503,7 +2503,7 @@ Group used for DH (Diffie-Hellman). | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -2526,7 +2526,7 @@ Type of encryption method. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2556,7 +2556,7 @@ Type of encryption method. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -2579,7 +2579,7 @@ Type of integrity check. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2606,7 +2606,7 @@ Type of integrity check. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -2629,7 +2629,7 @@ Group used for PFS (Perfect Forward Secrecy). | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2660,7 +2660,7 @@ Group used for PFS (Perfect Forward Secrecy). | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -2683,7 +2683,7 @@ Specifies the class based default routes. For example, if the interface IP begin | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Add, Delete, Get, Replace | @@ -2708,7 +2708,7 @@ Specifies the class based default routes. For example, if the interface IP begin | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -2731,7 +2731,7 @@ The preshared key used for an L2TP connection. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2747,7 +2747,7 @@ The preshared key used for an L2TP connection. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -2770,7 +2770,7 @@ Required for native profiles. Type of tunneling protocol used. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -2799,7 +2799,7 @@ Required for native profiles. Type of tunneling protocol used. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041] and later | @@ -2822,7 +2822,7 @@ True: Plumb traffic selectors as routes onto VPN interface, False: Do not plumb | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Add, Delete, Get, Replace | @@ -2838,7 +2838,7 @@ True: Plumb traffic selectors as routes onto VPN interface, False: Do not plumb | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: [10.0.20207] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ [10.0.20207] and later | @@ -2860,7 +2860,7 @@ True: Plumb traffic selectors as routes onto VPN interface, False: Do not plumb | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -2876,7 +2876,7 @@ True: Plumb traffic selectors as routes onto VPN interface, False: Do not plumb | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: [10.0.20207] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ [10.0.20207] and later | @@ -2899,7 +2899,7 @@ List of inbox VPN protocols in priority order. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -2915,7 +2915,7 @@ List of inbox VPN protocols in priority order. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: [10.0.20207] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ [10.0.20207] and later | @@ -2937,7 +2937,7 @@ List of inbox VPN protocols in priority order. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Delete, Get | @@ -2953,7 +2953,7 @@ List of inbox VPN protocols in priority order. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: [10.0.20207] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ [10.0.20207] and later | @@ -2976,7 +2976,7 @@ Inbox VPN protocols type. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -3003,7 +3003,7 @@ Inbox VPN protocols type. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: [10.0.20207] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ [10.0.20207] and later | @@ -3026,7 +3026,7 @@ Default 168, max 500000. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | @@ -3042,7 +3042,7 @@ Default 168, max 500000. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -3065,7 +3065,7 @@ Type of routing policy. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -3090,7 +3090,7 @@ Type of routing policy. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -3113,7 +3113,7 @@ Required for native profiles. Public or routable IP address or DNS name for the | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -3129,7 +3129,7 @@ Required for native profiles. Public or routable IP address or DNS name for the | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -3152,7 +3152,7 @@ The amount of time in seconds the network is allowed to idle. 0 means no limit. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[0-4294967295]` | @@ -3169,7 +3169,7 @@ The amount of time in seconds the network is allowed to idle. 0 means no limit. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -3192,7 +3192,7 @@ Nodes under the PluginProfile are required when using a Microsoft Store based VP | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Get | @@ -3208,7 +3208,7 @@ Nodes under the PluginProfile are required when using a Microsoft Store based VP | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -3231,7 +3231,7 @@ Optional. This is an HTML encoded XML blob for SSL-VPN plug-in specific configur | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -3247,7 +3247,7 @@ Optional. This is an HTML encoded XML blob for SSL-VPN plug-in specific configur | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -3270,7 +3270,7 @@ Required for Plugin Profiles. This node specifies the Package Family Name of the | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -3286,7 +3286,7 @@ Required for Plugin Profiles. This node specifies the Package Family Name of the | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -3309,7 +3309,7 @@ Required for plug-in profiles. Semicolon-separated list of servers in URL, hostn | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -3325,7 +3325,7 @@ Required for plug-in profiles. Semicolon-separated list of servers in URL, hostn | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -3348,7 +3348,7 @@ Determines whether the VPN connection is public or private. | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Add, Delete, Get, Replace | | Default Value | true | @@ -3374,7 +3374,7 @@ Determines whether the VPN connection is public or private. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -3397,7 +3397,7 @@ The XML schema for provisioning all the fields of a VPN. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | See [ProfileXML XSD Schema](#profilexml-xsd-schema) | @@ -3414,7 +3414,7 @@ The XML schema for provisioning all the fields of a VPN. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -3437,7 +3437,7 @@ A collection of configuration objects to enable a post-connect proxy support for | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -3453,7 +3453,7 @@ A collection of configuration objects to enable a post-connect proxy support for | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -3476,7 +3476,7 @@ Optional. Set a URL to automatically retrieve the proxy settings. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -3492,7 +3492,7 @@ Optional. Set a URL to automatically retrieve the proxy settings. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -3515,7 +3515,7 @@ Optional node containing the manual server settings. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -3531,7 +3531,7 @@ Optional node containing the manual server settings. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -3554,7 +3554,7 @@ Optional. The value is the proxy server address as a fully qualified hostname or | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -3570,7 +3570,7 @@ Optional. The value is the proxy server address as a fully qualified hostname or | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -3593,7 +3593,7 @@ Allows registration of the connection's address in DNS. | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Add, Delete, Get, Replace | | Default Value | false | @@ -3619,7 +3619,7 @@ Allows registration of the connection's address in DNS. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -3642,7 +3642,7 @@ Boolean value (true or false) for caching credentials. | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Add, Delete, Get, Replace | | Default Value | false | @@ -3668,7 +3668,7 @@ Boolean value (true or false) for caching credentials. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -3691,7 +3691,7 @@ List of routes to be added to the Routing table for the VPN Interface. Required | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -3707,7 +3707,7 @@ List of routes to be added to the Routing table for the VPN Interface. Required | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -3730,7 +3730,7 @@ A sequential integer identifier for the RouteList. This is required if you are a | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Delete, Get | | Dynamic Node Naming | UniqueName: A sequential integer identifier for the RouteList. This is required if you are adding routes. Sequencing must start at 0. | @@ -3747,7 +3747,7 @@ A sequential integer identifier for the RouteList. This is required if you are a | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -3770,7 +3770,7 @@ Subnet address in IPv4/v6 address format which, along with the prefix will be us | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -3786,7 +3786,7 @@ Subnet address in IPv4/v6 address format which, along with the prefix will be us | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -3809,7 +3809,7 @@ A boolean value that specifies if the route being added should point to the VPN | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Add, Delete, Get, Replace | | Default Value | false | @@ -3835,7 +3835,7 @@ A boolean value that specifies if the route being added should point to the VPN | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -3858,7 +3858,7 @@ The route's metric. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | @@ -3874,7 +3874,7 @@ The route's metric. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -3897,7 +3897,7 @@ The subnet prefix size part of the destination prefix for the route entry. This, | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[0-4294967295]` | @@ -3914,7 +3914,7 @@ The subnet prefix size part of the destination prefix for the route entry. This, | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -3939,7 +3939,7 @@ A list of rules allowing traffic over the VPN Interface. Each Rule ID is OR'ed. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -3955,7 +3955,7 @@ A list of rules allowing traffic over the VPN Interface. Each Rule ID is OR'ed. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -3978,7 +3978,7 @@ A sequential integer identifier for the Traffic Filter rules. Sequencing must st | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Delete, Get | | Dynamic Node Naming | UniqueName: A sequential integer identifier for the Traffic Filter rules. Sequencing must start at 0. | @@ -3995,7 +3995,7 @@ A sequential integer identifier for the Traffic Filter rules. Sequencing must st | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -4018,7 +4018,7 @@ Per App VPN Rule. This will Allow only the Apps specified to be allowed over VPN | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -4034,7 +4034,7 @@ Per App VPN Rule. This will Allow only the Apps specified to be allowed over VPN | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -4057,7 +4057,7 @@ App identity for the app-based traffic filter. The value for this node can be on | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -4073,7 +4073,7 @@ App identity for the app-based traffic filter. The value for this node can be on | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -4096,7 +4096,7 @@ Returns the type of ID of the App/Id. Either PackageFamilyName, FilePath, or Sys | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -4112,7 +4112,7 @@ Returns the type of ID of the App/Id. Either PackageFamilyName, FilePath, or Sys | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -4135,7 +4135,7 @@ Specifies a rule in Security Descriptor Definition Language (SDDL) format to che | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -4151,7 +4151,7 @@ Specifies a rule in Security Descriptor Definition Language (SDDL) format to che | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041] and later | @@ -4175,7 +4175,7 @@ Inbound - The traffic filter allows traffic coming from external locations match | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -4191,7 +4191,7 @@ Inbound - The traffic filter allows traffic coming from external locations match | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -4214,7 +4214,7 @@ A list of comma separated values specifying local IP address ranges to allow. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -4230,7 +4230,7 @@ A list of comma separated values specifying local IP address ranges to allow. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -4253,7 +4253,7 @@ Comma Separated list of ranges for eg. 100-120,200,300-320. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Regular Expression: `^[\d]*$` | | Dependency [ProtocolDependency] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/VPNv2/[ProfileName]/TrafficFilterList/[trafficFilterId]/Protocol`
Dependency Allowed Value: `[6,17]`
Dependency Allowed Value Type: `Range`
| @@ -4271,7 +4271,7 @@ Comma Separated list of ranges for eg. 100-120,200,300-320. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -4294,7 +4294,7 @@ Comma Separated list of ranges for eg. 100-120,200,300-320. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[0-255]` | @@ -4311,7 +4311,7 @@ Comma Separated list of ranges for eg. 100-120,200,300-320. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -4334,7 +4334,7 @@ A list of comma separated values specifying remote IP address ranges to allow. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -4350,7 +4350,7 @@ A list of comma separated values specifying remote IP address ranges to allow. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -4373,7 +4373,7 @@ A list of comma separated values specifying remote port ranges to allow. For exa | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Regular Expression: `^[\d]*$` | | Dependency [ProtocolDependency] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/VPNv2/[ProfileName]/TrafficFilterList/[trafficFilterId]/Protocol`
Dependency Allowed Value: `[6,17]`
Dependency Allowed Value Type: `Range`
| @@ -4391,7 +4391,7 @@ A list of comma separated values specifying remote port ranges to allow. For exa | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -4414,7 +4414,7 @@ Specifies the routing policy if an App or Claims type is used in the traffic fil | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -4439,7 +4439,7 @@ Specifies the routing policy if an App or Claims type is used in the traffic fil | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -4462,7 +4462,7 @@ Comma separated string to identify the trusted network. VPN will not connect aut | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | `,` | @@ -4479,7 +4479,7 @@ Comma separated string to identify the trusted network. VPN will not connect aut | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -4502,7 +4502,7 @@ Determines whether the credential manager will save ras credentials after a conn | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Add, Delete, Get, Replace | | Default Value | true | @@ -4528,7 +4528,7 @@ Determines whether the credential manager will save ras credentials after a conn | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -4551,7 +4551,7 @@ Unique alpha numeric identifier for the profile. The profile name must not inclu | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Delete, Get, Replace | | Atomic Required | True | | Dynamic Node Naming | ServerGeneratedUniqueIdentifier | @@ -4570,7 +4570,7 @@ Unique alpha numeric identifier for the profile. The profile name must not inclu | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -4593,7 +4593,7 @@ An optional flag to enable Always On mode. This will automatically connect the V | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Add, Delete, Get, Replace | | Default Value | false | @@ -4619,7 +4619,7 @@ An optional flag to enable Always On mode. This will automatically connect the V | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -4642,7 +4642,7 @@ An optional flag to activate Always On mode. This is true by default if AlwaysOn | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -4668,7 +4668,7 @@ An optional flag to activate Always On mode. This is true by default if AlwaysOn | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -4691,7 +4691,7 @@ Reserved for future use. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -4707,7 +4707,7 @@ Reserved for future use. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -4730,7 +4730,7 @@ Reserved for future use. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -4746,7 +4746,7 @@ Reserved for future use. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -4769,7 +4769,7 @@ Reserved for future use. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -4785,7 +4785,7 @@ Reserved for future use. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -4808,7 +4808,7 @@ Reserved for future use. | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Add, Delete, Get, Replace | @@ -4824,7 +4824,7 @@ Reserved for future use. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -4847,7 +4847,7 @@ Reserved for future use. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -4863,7 +4863,7 @@ Reserved for future use. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -4886,7 +4886,7 @@ Reserved for future use. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -4902,7 +4902,7 @@ Reserved for future use. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -4925,7 +4925,7 @@ Reserved for future use. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -4941,7 +4941,7 @@ Reserved for future use. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -4964,7 +4964,7 @@ List of applications set to trigger the VPN. If any of these apps are launched a | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -4980,7 +4980,7 @@ List of applications set to trigger the VPN. If any of these apps are launched a | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -5003,7 +5003,7 @@ A sequential integer identifier which allows the ability to specify multiple app | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Delete, Get | | Dynamic Node Naming | UniqueName: A sequential integer identifier which allows the ability to specify multiple apps for App Trigger. Sequencing must start at 0 and you should not skip numbers. | @@ -5020,7 +5020,7 @@ A sequential integer identifier which allows the ability to specify multiple app | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -5043,7 +5043,7 @@ App Node under the Row Id. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -5059,7 +5059,7 @@ App Node under the Row Id. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -5082,7 +5082,7 @@ App Identity. Specified, based on the Type Field. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -5098,7 +5098,7 @@ App Identity. Specified, based on the Type Field. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -5121,7 +5121,7 @@ Returns the type of App/Id. This value can be either of the following: PackageFa | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -5137,7 +5137,7 @@ Returns the type of App/Id. This value can be either of the following: PackageFa | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -5163,7 +5163,7 @@ Optional. When this setting is True, requests to local resources that are availa | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Add, Delete, Get, Replace | @@ -5179,7 +5179,7 @@ Optional. When this setting is True, requests to local resources that are availa | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -5202,7 +5202,7 @@ Determines the level of data encryption required for the connection. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Default Value | Require | @@ -5230,7 +5230,7 @@ Determines the level of data encryption required for the connection. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -5253,7 +5253,7 @@ Nodes under DeviceCompliance can be used to enable AAD based Conditional Access | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Get | @@ -5269,7 +5269,7 @@ Nodes under DeviceCompliance can be used to enable AAD based Conditional Access | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -5292,7 +5292,7 @@ Enables the Device Compliance flow from the client. If marked as True, the VPN C | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Add, Delete, Get, Replace | @@ -5317,7 +5317,7 @@ Enables the Device Compliance flow from the client. If marked as True, the VPN C | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -5340,7 +5340,7 @@ Nodes under SSO can be used to choose a certificate different from the VPN Authe | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Get | @@ -5356,7 +5356,7 @@ Nodes under SSO can be used to choose a certificate different from the VPN Authe | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -5379,7 +5379,7 @@ Comma Separated list of EKU's for the VPN Client to look for the correct certifi | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -5395,7 +5395,7 @@ Comma Separated list of EKU's for the VPN Client to look for the correct certifi | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -5418,7 +5418,7 @@ If this field is set to True the VPN Client will look for a separate certificate | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Add, Delete, Get, Replace | @@ -5443,7 +5443,7 @@ If this field is set to True the VPN Client will look for a separate certificate | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -5466,7 +5466,7 @@ Comma Separated list of Issuer Hashes for the VPN Client to look for the correct | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -5482,7 +5482,7 @@ Comma Separated list of Issuer Hashes for the VPN Client to look for the correct | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -5505,7 +5505,7 @@ Optional. When this setting is True, the Advanced Options page will have its edi | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Add, Delete, Get, Replace | @@ -5530,7 +5530,7 @@ Optional. When this setting is True, the Advanced Options page will have its edi | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -5553,7 +5553,7 @@ Optional. When this setting is True, the Disconnect button will not be visible f | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Add, Delete, Get, Replace | @@ -5578,7 +5578,7 @@ Optional. When this setting is True, the Disconnect button will not be visible f | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -5601,7 +5601,7 @@ Set to disable IKEv2 Fragmentation. | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Add, Delete, Get, Replace | | Default Value | false | @@ -5627,7 +5627,7 @@ Set to disable IKEv2 Fragmentation. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -5650,7 +5650,7 @@ Specifies one or more comma separated DNS suffixes. The first in the list is als | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -5666,7 +5666,7 @@ Specifies one or more comma separated DNS suffixes. The first in the list is als | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -5691,7 +5691,7 @@ NRPT ([Name Resolution Policy Table](/previous-versions/windows/it-pro/windows-s | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -5707,7 +5707,7 @@ NRPT ([Name Resolution Policy Table](/previous-versions/windows/it-pro/windows-s | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -5730,7 +5730,7 @@ A sequential integer identifier for the Domain Name information. Sequencing must | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Delete, Get | | Dynamic Node Naming | UniqueName: A sequential integer identifier for the Domain Name information. Sequencing must start at 0. | @@ -5747,7 +5747,7 @@ A sequential integer identifier for the Domain Name information. Sequencing must | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -5770,7 +5770,7 @@ Boolean to determine whether this domain name rule will trigger the VPN. | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Add, Delete, Get, Replace | | Default Value | false | @@ -5796,7 +5796,7 @@ Boolean to determine whether this domain name rule will trigger the VPN. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -5819,7 +5819,7 @@ Comma Seperated list of IP addresses for the DNS Servers to use for the domain n | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -5835,7 +5835,7 @@ Comma Seperated list of IP addresses for the DNS Servers to use for the domain n | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -5858,7 +5858,7 @@ Used to indicate the namespace to which the policy applies. When a Name query is | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -5874,7 +5874,7 @@ Used to indicate the namespace to which the policy applies. When a Name query is | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -5897,7 +5897,7 @@ Returns the namespace type. This value can be one of the following: FQDN - If th | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -5913,7 +5913,7 @@ Returns the namespace type. This value can be one of the following: FQDN - If th | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -5936,7 +5936,7 @@ A boolean value that specifies if the rule being added should persist even when | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Add, Delete, Get, Replace | | Default Value | false | @@ -5962,7 +5962,7 @@ A boolean value that specifies if the rule being added should persist even when | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -5985,7 +5985,7 @@ Web Proxy Server IP address if you are redirecting traffic through your intranet | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -6001,7 +6001,7 @@ Web Proxy Server IP address if you are redirecting traffic through your intranet | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -6024,7 +6024,7 @@ Enterprise ID, which is required for connecting this VPN profile with an WIP pol | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -6040,7 +6040,7 @@ Enterprise ID, which is required for connecting this VPN profile with an WIP pol | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -6063,7 +6063,7 @@ The metric for the IPv4 interface. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[1-9999]` | @@ -6080,7 +6080,7 @@ The metric for the IPv4 interface. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -6103,7 +6103,7 @@ The metric for the IPv6 interface. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[1-9999]` | @@ -6120,7 +6120,7 @@ The metric for the IPv6 interface. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -6143,7 +6143,7 @@ InboxNodes under NativeProfile are required when using a Windows Inbox VPN Proto | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Get | @@ -6159,7 +6159,7 @@ InboxNodes under NativeProfile are required when using a Windows Inbox VPN Proto | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -6182,7 +6182,7 @@ Required node for native profile. It contains authentication information for the | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -6198,7 +6198,7 @@ Required node for native profile. It contains authentication information for the | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -6221,7 +6221,7 @@ Reserved for future use. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -6237,7 +6237,7 @@ Reserved for future use. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -6260,7 +6260,7 @@ Reserved for future use. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -6276,7 +6276,7 @@ Reserved for future use. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -6299,7 +6299,7 @@ Reserved for future use. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -6315,7 +6315,7 @@ Reserved for future use. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -6338,7 +6338,7 @@ Required when the native profile specifies EAP authentication. EAP configuration | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -6354,7 +6354,7 @@ Required when the native profile specifies EAP authentication. EAP configuration | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -6377,7 +6377,7 @@ HTML encoded XML of the EAP configuration. For more information,see [EAP configu | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -6393,7 +6393,7 @@ HTML encoded XML of the EAP configuration. For more information,see [EAP configu | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -6419,7 +6419,7 @@ Required node for EAP profiles. This specifies the EAP Type ID | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | @@ -6435,7 +6435,7 @@ Required node for EAP profiles. This specifies the EAP Type ID | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -6458,7 +6458,7 @@ This is only supported in IKEv2. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -6482,7 +6482,7 @@ This is only supported in IKEv2. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -6505,7 +6505,7 @@ This value can be one of the following: EAP or MSChapv2 (This is not supported f | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -6530,7 +6530,7 @@ This value can be one of the following: EAP or MSChapv2 (This is not supported f | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -6553,7 +6553,7 @@ Properties of IPSec tunnels. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -6569,7 +6569,7 @@ Properties of IPSec tunnels. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -6592,7 +6592,7 @@ Type of authentication transform constant. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -6621,7 +6621,7 @@ Type of authentication transform constant. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -6644,7 +6644,7 @@ Type of Cipher transform constant. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -6675,7 +6675,7 @@ Type of Cipher transform constant. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -6698,7 +6698,7 @@ Group used for DH (Diffie-Hellman). | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -6728,7 +6728,7 @@ Group used for DH (Diffie-Hellman). | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -6751,7 +6751,7 @@ Type of encryption method. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -6781,7 +6781,7 @@ Type of encryption method. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -6804,7 +6804,7 @@ Type of integrity check. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -6831,7 +6831,7 @@ Type of integrity check. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -6854,7 +6854,7 @@ Group used for PFS (Perfect Forward Secrecy). | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -6885,7 +6885,7 @@ Group used for PFS (Perfect Forward Secrecy). | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -6908,7 +6908,7 @@ Specifies the class based default routes. For example, if the interface IP begin | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Add, Delete, Get, Replace | @@ -6933,7 +6933,7 @@ Specifies the class based default routes. For example, if the interface IP begin | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -6956,7 +6956,7 @@ The preshared key used for an L2TP connection. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -6972,7 +6972,7 @@ The preshared key used for an L2TP connection. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -6995,7 +6995,7 @@ Required for native profiles. Type of tunneling protocol used. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -7024,7 +7024,7 @@ Required for native profiles. Type of tunneling protocol used. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041] and later | @@ -7047,7 +7047,7 @@ True: Plumb traffic selectors as routes onto VPN interface, False: Do not plumb | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Add, Delete, Get, Replace | @@ -7063,7 +7063,7 @@ True: Plumb traffic selectors as routes onto VPN interface, False: Do not plumb | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: [10.0.20207] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ [10.0.20207] and later | @@ -7085,7 +7085,7 @@ True: Plumb traffic selectors as routes onto VPN interface, False: Do not plumb | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -7101,7 +7101,7 @@ True: Plumb traffic selectors as routes onto VPN interface, False: Do not plumb | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: [10.0.20207] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ [10.0.20207] and later | @@ -7124,7 +7124,7 @@ List of inbox VPN protocols in priority order. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -7140,7 +7140,7 @@ List of inbox VPN protocols in priority order. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: [10.0.20207] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ [10.0.20207] and later | @@ -7162,7 +7162,7 @@ List of inbox VPN protocols in priority order. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Delete, Get | @@ -7178,7 +7178,7 @@ List of inbox VPN protocols in priority order. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: [10.0.20207] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ [10.0.20207] and later | @@ -7201,7 +7201,7 @@ Inbox VPN protocols type. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -7228,7 +7228,7 @@ Inbox VPN protocols type. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: [10.0.20207] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ [10.0.20207] and later | @@ -7251,7 +7251,7 @@ Default 168, max 500000. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | @@ -7267,7 +7267,7 @@ Default 168, max 500000. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -7290,7 +7290,7 @@ Type of routing policy. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -7315,7 +7315,7 @@ Type of routing policy. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -7338,7 +7338,7 @@ Required for native profiles. Public or routable IP address or DNS name for the | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -7354,7 +7354,7 @@ Required for native profiles. Public or routable IP address or DNS name for the | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -7377,7 +7377,7 @@ The amount of time in seconds the network is allowed to idle. 0 means no limit. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[0-4294967295]` | @@ -7394,7 +7394,7 @@ The amount of time in seconds the network is allowed to idle. 0 means no limit. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -7417,7 +7417,7 @@ Nodes under the PluginProfile are required when using a Microsoft Store based VP | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Get | @@ -7433,7 +7433,7 @@ Nodes under the PluginProfile are required when using a Microsoft Store based VP | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -7456,7 +7456,7 @@ Optional. This is an HTML encoded XML blob for SSL-VPN plug-in specific configur | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -7472,7 +7472,7 @@ Optional. This is an HTML encoded XML blob for SSL-VPN plug-in specific configur | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -7495,7 +7495,7 @@ Required for Plugin Profiles. This node specifies the Package Family Name of the | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -7511,7 +7511,7 @@ Required for Plugin Profiles. This node specifies the Package Family Name of the | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -7534,7 +7534,7 @@ Required for plug-in profiles. Semicolon-separated list of servers in URL, hostn | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -7550,7 +7550,7 @@ Required for plug-in profiles. Semicolon-separated list of servers in URL, hostn | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -7573,7 +7573,7 @@ Determines whether the VPN connection is public or private. | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Add, Delete, Get, Replace | | Default Value | true | @@ -7599,7 +7599,7 @@ Determines whether the VPN connection is public or private. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -7622,7 +7622,7 @@ The XML schema for provisioning all the fields of a VPN. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | See [ProfileXML XSD Schema](#profilexml-xsd-schema) | @@ -7639,7 +7639,7 @@ The XML schema for provisioning all the fields of a VPN. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -7662,7 +7662,7 @@ A collection of configuration objects to enable a post-connect proxy support for | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -7678,7 +7678,7 @@ A collection of configuration objects to enable a post-connect proxy support for | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -7701,7 +7701,7 @@ Optional. Set a URL to automatically retrieve the proxy settings. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -7717,7 +7717,7 @@ Optional. Set a URL to automatically retrieve the proxy settings. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -7740,7 +7740,7 @@ Optional node containing the manual server settings. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -7756,7 +7756,7 @@ Optional node containing the manual server settings. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -7779,7 +7779,7 @@ Optional. The value is the proxy server address as a fully qualified hostname or | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -7795,7 +7795,7 @@ Optional. The value is the proxy server address as a fully qualified hostname or | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -7818,7 +7818,7 @@ Allows registration of the connection's address in DNS. | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Add, Delete, Get, Replace | | Default Value | false | @@ -7844,7 +7844,7 @@ Allows registration of the connection's address in DNS. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -7867,7 +7867,7 @@ Boolean value (true or false) for caching credentials. | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Add, Delete, Get, Replace | | Default Value | false | @@ -7893,7 +7893,7 @@ Boolean value (true or false) for caching credentials. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: [10.0.19628] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ [10.0.19628] and later | @@ -7921,7 +7921,7 @@ Optional. This node is only relevant for AppContainer profiles (i.e. using the V | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Add, Delete, Get, Replace | @@ -7937,7 +7937,7 @@ Optional. This node is only relevant for AppContainer profiles (i.e. using the V | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -7960,7 +7960,7 @@ List of routes to be added to the Routing table for the VPN Interface. Required | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -7976,7 +7976,7 @@ List of routes to be added to the Routing table for the VPN Interface. Required | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -7999,7 +7999,7 @@ A sequential integer identifier for the RouteList. This is required if you are a | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Delete, Get | | Dynamic Node Naming | UniqueName: A sequential integer identifier for the RouteList. This is required if you are adding routes. Sequencing must start at 0. | @@ -8016,7 +8016,7 @@ A sequential integer identifier for the RouteList. This is required if you are a | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -8039,7 +8039,7 @@ Subnet address in IPv4/v6 address format which, along with the prefix will be us | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -8055,7 +8055,7 @@ Subnet address in IPv4/v6 address format which, along with the prefix will be us | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -8078,7 +8078,7 @@ A boolean value that specifies if the route being added should point to the VPN | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Add, Delete, Get, Replace | | Default Value | false | @@ -8104,7 +8104,7 @@ A boolean value that specifies if the route being added should point to the VPN | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -8127,7 +8127,7 @@ The route's metric. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | @@ -8143,7 +8143,7 @@ The route's metric. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -8166,7 +8166,7 @@ The subnet prefix size part of the destination prefix for the route entry. This, | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[0-4294967295]` | @@ -8183,7 +8183,7 @@ The subnet prefix size part of the destination prefix for the route entry. This, | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -8208,7 +8208,7 @@ A list of rules allowing traffic over the VPN Interface. Each Rule ID is OR'ed. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -8224,7 +8224,7 @@ A list of rules allowing traffic over the VPN Interface. Each Rule ID is OR'ed. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -8247,7 +8247,7 @@ A sequential integer identifier for the Traffic Filter rules. Sequencing must st | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Delete, Get | | Dynamic Node Naming | UniqueName: A sequential integer identifier for the Traffic Filter rules. Sequencing must start at 0. | @@ -8264,7 +8264,7 @@ A sequential integer identifier for the Traffic Filter rules. Sequencing must st | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -8287,7 +8287,7 @@ Per App VPN Rule. This will Allow only the Apps specified to be allowed over VPN | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -8303,7 +8303,7 @@ Per App VPN Rule. This will Allow only the Apps specified to be allowed over VPN | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -8326,7 +8326,7 @@ App identity for the app-based traffic filter. The value for this node can be on | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -8342,7 +8342,7 @@ App identity for the app-based traffic filter. The value for this node can be on | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -8365,7 +8365,7 @@ Returns the type of ID of the App/Id. Either PackageFamilyName, FilePath, or Sys | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -8381,7 +8381,7 @@ Returns the type of ID of the App/Id. Either PackageFamilyName, FilePath, or Sys | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -8404,7 +8404,7 @@ Specifies a rule in Security Descriptor Definition Language (SDDL) format to che | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -8420,7 +8420,7 @@ Specifies a rule in Security Descriptor Definition Language (SDDL) format to che | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041] and later | @@ -8444,7 +8444,7 @@ Inbound - The traffic filter allows traffic coming from external locations match | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -8460,7 +8460,7 @@ Inbound - The traffic filter allows traffic coming from external locations match | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -8483,7 +8483,7 @@ A list of comma separated values specifying local IP address ranges to allow. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -8499,7 +8499,7 @@ A list of comma separated values specifying local IP address ranges to allow. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -8522,7 +8522,7 @@ Comma Separated list of ranges for eg. 100-120,200,300-320. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Regular Expression: `^[\d]*$` | | Dependency [ProtocolDependency] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/VPNv2/[ProfileName]/TrafficFilterList/[trafficFilterId]/Protocol`
Dependency Allowed Value: `[6,17]`
Dependency Allowed Value Type: `Range`
| @@ -8540,7 +8540,7 @@ Comma Separated list of ranges for eg. 100-120,200,300-320. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -8563,7 +8563,7 @@ Comma Separated list of ranges for eg. 100-120,200,300-320. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[0-255]` | @@ -8580,7 +8580,7 @@ Comma Separated list of ranges for eg. 100-120,200,300-320. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -8603,7 +8603,7 @@ A list of comma separated values specifying remote IP address ranges to allow. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -8619,7 +8619,7 @@ A list of comma separated values specifying remote IP address ranges to allow. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -8642,7 +8642,7 @@ A list of comma separated values specifying remote port ranges to allow. For exa | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Regular Expression: `^[\d]*$` | | Dependency [ProtocolDependency] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/VPNv2/[ProfileName]/TrafficFilterList/[trafficFilterId]/Protocol`
Dependency Allowed Value: `[6,17]`
Dependency Allowed Value Type: `Range`
| @@ -8660,7 +8660,7 @@ A list of comma separated values specifying remote port ranges to allow. For exa | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -8683,7 +8683,7 @@ Specifies the routing policy if an App or Claims type is used in the traffic fil | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -8708,7 +8708,7 @@ Specifies the routing policy if an App or Claims type is used in the traffic fil | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -8731,7 +8731,7 @@ Comma separated string to identify the trusted network. VPN will not connect aut | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | `,` | @@ -8748,7 +8748,7 @@ Comma separated string to identify the trusted network. VPN will not connect aut | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -8771,7 +8771,7 @@ Determines whether the credential manager will save ras credentials after a conn | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Add, Delete, Get, Replace | | Default Value | true | diff --git a/windows/client-management/mdm/wifi-csp.md b/windows/client-management/mdm/wifi-csp.md index 7bc7eec664..84e529b875 100644 --- a/windows/client-management/mdm/wifi-csp.md +++ b/windows/client-management/mdm/wifi-csp.md @@ -4,7 +4,7 @@ description: Learn more about the WiFi CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 02/28/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -59,7 +59,7 @@ The following list shows the WiFi configuration service provider nodes: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -82,7 +82,7 @@ Identifies the Wi-Fi network configuration. Each Wi-Fi network configuration is | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -98,7 +98,7 @@ Identifies the Wi-Fi network configuration. Each Wi-Fi network configuration is | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -124,7 +124,7 @@ SSID is the name of network you're connecting to, while Profile name is the name | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Delete, Get, Replace | | Atomic Required | True | | Dynamic Node Naming | ServerGeneratedUniqueIdentifier | @@ -142,7 +142,7 @@ SSID is the name of network you're connecting to, while Profile name is the name | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later | @@ -165,7 +165,7 @@ Allows for defining which administrative entity is setting this Wi-Fi profile. T | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get, Replace | | Default Value | 0 | @@ -191,7 +191,7 @@ Allows for defining which administrative entity is setting this Wi-Fi profile. T | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -214,7 +214,7 @@ Optional node. The format is url:port. Configuration of the network proxy (if an | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -230,7 +230,7 @@ Optional node. The format is url:port. Configuration of the network proxy (if an | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -255,7 +255,7 @@ Optional node. URL to the PAC file location. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -271,7 +271,7 @@ Optional node. URL to the PAC file location. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -296,7 +296,7 @@ Optional node. The presence of the field enables WPAD for proxy lookup. | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Add, Delete, Get, Replace | @@ -321,7 +321,7 @@ Optional node. The presence of the field enables WPAD for proxy lookup. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later | @@ -344,7 +344,7 @@ Optional node. If the policy is active selecting one of the values from the foll | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -371,7 +371,7 @@ Optional node. If the policy is active selecting one of the values from the foll | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -401,7 +401,7 @@ If it exists in the blob, the **keyType** and **protected** elements must come b | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -417,7 +417,7 @@ If it exists in the blob, the **keyType** and **protected** elements must come b | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -440,7 +440,7 @@ Identifies the Wi-Fi network configuration. Each Wi-Fi network configuration is | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -456,7 +456,7 @@ Identifies the Wi-Fi network configuration. Each Wi-Fi network configuration is | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -482,7 +482,7 @@ SSID is the name of network you're connecting to, while Profile name is the name | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Add, Delete, Get, Replace | | Atomic Required | True | | Dynamic Node Naming | ServerGeneratedUniqueIdentifier | @@ -500,7 +500,7 @@ SSID is the name of network you're connecting to, while Profile name is the name | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later | @@ -523,7 +523,7 @@ Allows for defining which administrative entity is setting this Wi-Fi profile. T | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get, Replace | | Default Value | 0 | @@ -549,7 +549,7 @@ Allows for defining which administrative entity is setting this Wi-Fi profile. T | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -572,7 +572,7 @@ Optional node. The format is url:port. Configuration of the network proxy (if an | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -588,7 +588,7 @@ Optional node. The format is url:port. Configuration of the network proxy (if an | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -613,7 +613,7 @@ Optional node. URL to the PAC file location. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -629,7 +629,7 @@ Optional node. URL to the PAC file location. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -654,7 +654,7 @@ Optional node. The presence of the field enables WPAD for proxy lookup. | Property name | Property value | |:--|:--| -| Format | bool | +| Format | `bool` | | Access Type | Add, Delete, Get, Replace | @@ -679,7 +679,7 @@ Optional node. The presence of the field enables WPAD for proxy lookup. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later | @@ -702,7 +702,7 @@ Optional node. If the policy is active selecting one of the values from the foll | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 1 | @@ -729,7 +729,7 @@ Optional node. If the policy is active selecting one of the values from the foll | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -759,7 +759,7 @@ If it exists in the blob, the **keyType** and **protected** elements must come b | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | diff --git a/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md b/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md index a92d9f018f..387aa261ca 100644 --- a/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md +++ b/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md @@ -4,7 +4,7 @@ description: Learn more about the WindowsDefenderApplicationGuard CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 02/28/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -49,7 +49,7 @@ The following list shows the WindowsDefenderApplicationGuard configuration servi | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -72,7 +72,7 @@ Interior node for Audit. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -88,7 +88,7 @@ Interior node for Audit. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -111,7 +111,7 @@ This policy setting allows you to decide whether auditing events can be collecte | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -151,7 +151,7 @@ This policy setting allows you to decide whether auditing events can be collecte | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -174,7 +174,7 @@ Initiates remote installation of Application Guard feature. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Exec, Get | @@ -199,7 +199,7 @@ Initiates remote installation of Application Guard feature. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041] and later | @@ -222,7 +222,7 @@ Returns bitmask that indicates status of Application Guard platform installation | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | @@ -238,7 +238,7 @@ Returns bitmask that indicates status of Application Guard platform installation | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -261,7 +261,7 @@ Interior Node for Settings. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -277,7 +277,7 @@ Interior Node for Settings. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later | @@ -303,7 +303,7 @@ This policy setting allows you to determine whether applications inside Microsof | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -343,7 +343,7 @@ This policy setting allows you to determine whether applications inside Microsof | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -366,7 +366,7 @@ This policy setting allows you to decide whether data should persist across diff | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | @@ -405,7 +405,7 @@ This policy setting allows you to decide whether data should persist across diff | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -430,7 +430,7 @@ This policy setting allows you to determine whether Application Guard can use th | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -470,7 +470,7 @@ This policy setting allows you to determine whether Application Guard can use th | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -493,7 +493,7 @@ Turn on Microsoft Defender Application Guard in Enterprise Mode. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | @@ -532,7 +532,7 @@ Turn on Microsoft Defender Application Guard in Enterprise Mode. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -557,7 +557,7 @@ This policy setting allows you to decide whether websites can load non-enterpris | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -597,7 +597,7 @@ This policy setting allows you to decide whether websites can load non-enterpris | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later | @@ -625,7 +625,7 @@ This policy setting allows certain device level Root Certificates to be shared w | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | | Allowed Values | List (Delimiter: `,`) | @@ -655,7 +655,7 @@ This policy setting allows certain device level Root Certificates to be shared w | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -678,7 +678,7 @@ Determines the type of content that can be copied from the host to Application G | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | @@ -717,7 +717,7 @@ Determines the type of content that can be copied from the host to Application G | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -740,7 +740,7 @@ This policy setting allows you to decide how the clipboard behaves while in Appl | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -781,7 +781,7 @@ This policy setting allows you to decide how the clipboard behaves while in Appl | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -804,7 +804,7 @@ This policy setting allows you to decide how the print functionality behaves whi | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -857,7 +857,7 @@ This policy setting allows you to decide how the print functionality behaves whi | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later | @@ -880,7 +880,7 @@ This policy setting allows you to determine whether users can elect to download | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | @@ -920,7 +920,7 @@ This policy setting allows you to determine whether users can elect to download | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -943,7 +943,7 @@ Returns bitmask that indicates status of Application Guard installation and pre- | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | diff --git a/windows/client-management/mdm/windowslicensing-csp.md b/windows/client-management/mdm/windowslicensing-csp.md index 8c55c2fd8e..671928655e 100644 --- a/windows/client-management/mdm/windowslicensing-csp.md +++ b/windows/client-management/mdm/windowslicensing-csp.md @@ -4,7 +4,7 @@ description: Learn more about the WindowsLicensing CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/01/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -59,7 +59,7 @@ The following list shows the WindowsLicensing configuration service provider nod | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:x: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | @@ -82,7 +82,7 @@ Installs a product key for Windows 10 desktop devices. Does not reboot. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Exec | @@ -98,7 +98,7 @@ Installs a product key for Windows 10 desktop devices. Does not reboot. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:x: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -121,7 +121,7 @@ Returns TRUE if the entered product key can be used for an edition upgrade of Wi | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Exec | @@ -161,7 +161,7 @@ Returns TRUE if the entered product key can be used for an edition upgrade of Wi | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:x: Windows SE | :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later | @@ -184,7 +184,7 @@ Device Based Subscription. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -200,7 +200,7 @@ Device Based Subscription. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:x: Windows SE | :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later | @@ -223,7 +223,7 @@ Returns the last error code of Refresh/Remove Device License operation. Value wo | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | @@ -239,7 +239,7 @@ Returns the last error code of Refresh/Remove Device License operation. Value wo | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:x: Windows SE | :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later | @@ -262,7 +262,7 @@ Returns last error description from Device Licensing. Value would be empty, if e | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -278,7 +278,7 @@ Returns last error description from Device Licensing. Value would be empty, if e | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:x: Windows SE | :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later | @@ -301,7 +301,7 @@ Returns the status of Refresh/Remove Device License operation. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | @@ -317,7 +317,7 @@ Returns the status of Refresh/Remove Device License operation. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:x: Windows SE | :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later | @@ -340,7 +340,7 @@ License Type: User Based Subscription or Device Based Subscription. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get, Replace | @@ -365,7 +365,7 @@ License Type: User Based Subscription or Device Based Subscription. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:x: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -388,7 +388,7 @@ Returns a value that maps to the Windows 10 edition running on desktop or mobile | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | @@ -421,7 +421,7 @@ Returns a value that maps to the Windows 10 edition running on desktop or mobile | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:x: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -444,7 +444,7 @@ Returns the parameter type used by Windows 10 devices for an edition upgrade. Wi | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -477,7 +477,7 @@ Returns the parameter type used by Windows 10 devices for an edition upgrade. Wi | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:x: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later | @@ -500,7 +500,7 @@ Interior node for managing S mode. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -516,7 +516,7 @@ Interior node for managing S mode. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:x: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later | @@ -546,7 +546,7 @@ Possible values: | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | @@ -581,7 +581,7 @@ Possible values: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:x: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later | @@ -604,7 +604,7 @@ Switches a device out of S mode if possible. Does not reboot. | Property name | Property value | |:--|:--| -| Format | null | +| Format | `null` | | Access Type | Exec | @@ -644,7 +644,7 @@ Switches a device out of S mode if possible. Does not reboot. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:x: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later | @@ -668,7 +668,7 @@ This setting is only applicable to devices available in S mode. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | @@ -784,7 +784,7 @@ This setting is only applicable to devices available in S mode. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:x: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -807,7 +807,7 @@ Returns the status of an edition upgrade on Windows 10 desktop and mobile device | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | @@ -840,7 +840,7 @@ Returns the status of an edition upgrade on Windows 10 desktop and mobile device | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:x: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -863,7 +863,7 @@ Node for subscriptions. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | @@ -879,7 +879,7 @@ Node for subscriptions. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:x: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -902,7 +902,7 @@ Node for subscription IDs. | Property name | Property value | |:--|:--| -| Format | node | +| Format | `node` | | Access Type | Get | | Dynamic Node Naming | ClientInventory | @@ -919,7 +919,7 @@ Node for subscription IDs. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:x: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -942,7 +942,7 @@ Returns the name of the subscription. | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -958,7 +958,7 @@ Returns the name of the subscription. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:x: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -981,7 +981,7 @@ Returns the status of the subscription. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | @@ -997,7 +997,7 @@ Returns the status of the subscription. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:x: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -1020,7 +1020,7 @@ Disable or Enable subscription activation on a device. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Replace | @@ -1045,7 +1045,7 @@ Disable or Enable subscription activation on a device. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:x: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -1068,7 +1068,7 @@ Remove subscription uninstall subscription license. It also reset subscription t | Property name | Property value | |:--|:--| -| Format | null | +| Format | `null` | | Access Type | Exec | @@ -1084,7 +1084,7 @@ Remove subscription uninstall subscription license. It also reset subscription t | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:x: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -1107,7 +1107,7 @@ Error code of last subscription operation. Value would be empty(0) in absence of | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | @@ -1123,7 +1123,7 @@ Error code of last subscription operation. Value would be empty(0) in absence of | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:x: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -1146,7 +1146,7 @@ Error description of last subscription operation. Value would be empty, if error | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Get | @@ -1162,7 +1162,7 @@ Error description of last subscription operation. Value would be empty, if error | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:x: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -1185,7 +1185,7 @@ Status of last subscription operation. | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get | @@ -1201,7 +1201,7 @@ Status of last subscription operation. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:x: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | @@ -1224,7 +1224,7 @@ Set device to Device Based Subscription or User Based Subscription. For Device B | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Get, Replace | @@ -1252,7 +1252,7 @@ Set device to Device Based Subscription or User Based Subscription. For Device B | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:x: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1275,7 +1275,7 @@ Provide a license for an edition upgrade of Windows 10 mobile devices. Does not | Property name | Property value | |:--|:--| -| Format | xml | +| Format | `xml` | | Access Type | Exec | @@ -1291,7 +1291,7 @@ Provide a license for an edition upgrade of Windows 10 mobile devices. Does not | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:x: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later | @@ -1343,7 +1343,7 @@ Activation or changing a product key can be carried out on the following edition | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Exec | | Reboot Behavior | Automatic | diff --git a/windows/client-management/mdm/wirednetwork-csp.md b/windows/client-management/mdm/wirednetwork-csp.md index b4cc4b0e26..40515a8bd6 100644 --- a/windows/client-management/mdm/wirednetwork-csp.md +++ b/windows/client-management/mdm/wirednetwork-csp.md @@ -4,7 +4,7 @@ description: Learn more about the WiredNetwork CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 02/28/2023 +ms.date: 05/10/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -38,7 +38,7 @@ The following list shows the WiredNetwork configuration service provider nodes: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later | @@ -61,7 +61,7 @@ Enable block period (minutes), used to specify the duration for which automatic | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[0-4294967295]` | @@ -78,7 +78,7 @@ Enable block period (minutes), used to specify the duration for which automatic | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later | @@ -101,7 +101,7 @@ XML describing the wired network configuration and follows the LAN_profile schem | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | @@ -117,7 +117,7 @@ XML describing the wired network configuration and follows the LAN_profile schem | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later | @@ -140,7 +140,7 @@ Enable block period (minutes), used to specify the duration for which automatic | Property name | Property value | |:--|:--| -| Format | int | +| Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[0-4294967295]` | @@ -157,7 +157,7 @@ Enable block period (minutes), used to specify the duration for which automatic | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later | @@ -180,7 +180,7 @@ XML describing the wired network configuration and follows the LAN_profile schem | Property name | Property value | |:--|:--| -| Format | chr (string) | +| Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | From 4387e0d578a2862cce92f42b394464f54f0f92f3 Mon Sep 17 00:00:00 2001 From: Vinay Pamnani <37223378+vinaypamnani-msft@users.noreply.github.com> Date: Wed, 10 May 2023 18:21:07 -0400 Subject: [PATCH 117/258] Use contractions --- .../client-management/mdm/activesync-csp.md | 12 +- .../mdm/applicationcontrol-csp.md | 2 +- .../client-management/mdm/applocker-csp.md | 22 +- .../client-management/mdm/bitlocker-csp.md | 94 +- .../mdm/certificatestore-csp.md | 6 +- .../mdm/clientcertificateinstall-csp.md | 52 +- windows/client-management/mdm/defender-csp.md | 16 +- .../client-management/mdm/devdetail-csp.md | 4 +- .../mdm/devicepreparation-csp.md | 4 +- .../client-management/mdm/devicestatus-csp.md | 16 +- .../mdm/diagnosticlog-csp.md | 6 +- windows/client-management/mdm/dmacc-csp.md | 10 +- windows/client-management/mdm/dmclient-csp.md | 92 +- windows/client-management/mdm/email2-csp.md | 16 +- .../mdm/enterprisedesktopappmanagement-csp.md | 4 +- .../mdm/enterprisemodernappmanagement-csp.md | 54 +- windows/client-management/mdm/euiccs-csp.md | 8 +- windows/client-management/mdm/firewall-csp.md | 126 +- .../mdm/healthattestation-csp.md | 6 +- windows/client-management/mdm/laps-csp.md | 10 +- .../client-management/mdm/networkproxy-csp.md | 6 +- .../client-management/mdm/nodecache-csp.md | 12 +- .../mdm/passportforwork-csp.md | 90 +- .../policy-configuration-service-provider.md | 6 +- .../mdm/policy-csp-accounts.md | 6 +- .../mdm/policy-csp-activexcontrols.md | 4 +- .../policy-csp-admx-activexinstallservice.md | 2 +- .../mdm/policy-csp-admx-addremoveprograms.md | 60 +- .../mdm/policy-csp-admx-appcompat.md | 26 +- .../mdm/policy-csp-admx-appxpackagemanager.md | 2 +- .../mdm/policy-csp-admx-appxruntime.md | 16 +- .../mdm/policy-csp-admx-attachmentmanager.md | 14 +- .../mdm/policy-csp-admx-auditsettings.md | 2 +- .../mdm/policy-csp-admx-bits.md | 50 +- .../mdm/policy-csp-admx-ciphersuiteorder.md | 4 +- .../mdm/policy-csp-admx-com.md | 12 +- .../mdm/policy-csp-admx-controlpanel.md | 12 +- .../policy-csp-admx-controlpaneldisplay.md | 58 +- .../mdm/policy-csp-admx-cpls.md | 4 +- .../policy-csp-admx-credentialproviders.md | 8 +- .../mdm/policy-csp-admx-credssp.md | 48 +- .../mdm/policy-csp-admx-credui.md | 2 +- .../mdm/policy-csp-admx-ctrlaltdel.md | 16 +- .../mdm/policy-csp-admx-datacollection.md | 2 +- .../mdm/policy-csp-admx-dcom.md | 14 +- .../mdm/policy-csp-admx-desktop.md | 94 +- .../mdm/policy-csp-admx-deviceguard.md | 2 +- .../mdm/policy-csp-admx-deviceinstallation.md | 24 +- .../mdm/policy-csp-admx-devicesetup.md | 10 +- .../mdm/policy-csp-admx-dfs.md | 2 +- .../mdm/policy-csp-admx-digitallocker.md | 8 +- .../mdm/policy-csp-admx-diskdiagnostic.md | 14 +- .../mdm/policy-csp-admx-disknvcache.md | 14 +- .../mdm/policy-csp-admx-diskquota.md | 34 +- ...policy-csp-admx-distributedlinktracking.md | 2 +- .../mdm/policy-csp-admx-dnsclient.md | 86 +- .../mdm/policy-csp-admx-dwm.md | 28 +- .../mdm/policy-csp-admx-eaime.md | 38 +- .../mdm/policy-csp-admx-encryptfilesonmove.md | 4 +- .../mdm/policy-csp-admx-enhancedstorage.md | 16 +- .../mdm/policy-csp-admx-errorreporting.md | 118 +- .../mdm/policy-csp-admx-eventforwarding.md | 4 +- .../mdm/policy-csp-admx-eventlog.md | 60 +- .../mdm/policy-csp-admx-eventlogging.md | 2 +- .../mdm/policy-csp-admx-explorer.md | 16 +- .../mdm/policy-csp-admx-externalboot.md | 6 +- .../mdm/policy-csp-admx-filerecovery.md | 6 +- .../mdm/policy-csp-admx-filerevocation.md | 4 +- .../mdm/policy-csp-admx-folderredirection.md | 16 +- .../mdm/policy-csp-admx-framepanes.md | 12 +- .../mdm/policy-csp-admx-fthsvc.md | 8 +- .../mdm/policy-csp-admx-globalization.md | 134 +- .../mdm/policy-csp-admx-grouppolicy.md | 190 +-- .../mdm/policy-csp-admx-help.md | 18 +- .../mdm/policy-csp-admx-helpandsupport.md | 14 +- .../mdm/policy-csp-admx-hotspotauth.md | 4 +- .../mdm/policy-csp-admx-icm.md | 100 +- .../mdm/policy-csp-admx-iis.md | 4 +- .../mdm/policy-csp-admx-iscsi.md | 4 +- .../mdm/policy-csp-admx-kdc.md | 28 +- .../mdm/policy-csp-admx-kerberos.md | 24 +- .../mdm/policy-csp-admx-lanmanserver.md | 20 +- .../mdm/policy-csp-admx-lanmanworkstation.md | 12 +- .../mdm/policy-csp-admx-leakdiagnostic.md | 8 +- ...icy-csp-admx-linklayertopologydiscovery.md | 4 +- .../policy-csp-admx-locationprovideradm.md | 4 +- .../mdm/policy-csp-admx-logon.md | 50 +- ...icy-csp-admx-microsoftdefenderantivirus.md | 220 +-- .../mdm/policy-csp-admx-mmc.md | 42 +- .../mdm/policy-csp-admx-mmcsnapins.md | 1248 ++++++++--------- .../policy-csp-admx-mobilepcmobilitycenter.md | 8 +- ...y-csp-admx-mobilepcpresentationsettings.md | 8 +- .../mdm/policy-csp-admx-msapolicy.md | 6 +- .../mdm/policy-csp-admx-msched.md | 4 +- .../mdm/policy-csp-admx-msdt.md | 16 +- .../mdm/policy-csp-admx-msi.md | 80 +- .../mdm/policy-csp-admx-msifilerecovery.md | 6 +- .../mdm/policy-csp-admx-nca.md | 16 +- .../mdm/policy-csp-admx-ncsi.md | 4 +- .../mdm/policy-csp-admx-netlogon.md | 122 +- .../mdm/policy-csp-admx-networkconnections.md | 168 +-- .../mdm/policy-csp-admx-offlinefiles.md | 182 +-- .../mdm/policy-csp-admx-pca.md | 16 +- .../mdm/policy-csp-admx-peertopeercaching.md | 60 +- .../mdm/policy-csp-admx-pentraining.md | 8 +- .../policy-csp-admx-performancediagnostics.md | 32 +- .../mdm/policy-csp-admx-power.md | 62 +- ...licy-csp-admx-powershellexecutionpolicy.md | 8 +- .../mdm/policy-csp-admx-previousversions.md | 40 +- .../mdm/policy-csp-admx-printing.md | 108 +- .../mdm/policy-csp-admx-printing2.md | 42 +- .../mdm/policy-csp-admx-programs.md | 26 +- .../mdm/policy-csp-admx-pushtoinstall.md | 2 +- .../mdm/policy-csp-admx-qos.md | 24 +- .../mdm/policy-csp-admx-radar.md | 8 +- .../mdm/policy-csp-admx-reliability.md | 16 +- .../mdm/policy-csp-admx-remoteassistance.md | 6 +- .../mdm/policy-csp-admx-removablestorage.md | 68 +- .../mdm/policy-csp-admx-rpc.md | 30 +- .../mdm/policy-csp-admx-sam.md | 6 +- .../mdm/policy-csp-admx-scripts.md | 42 +- .../mdm/policy-csp-admx-sdiageng.md | 12 +- .../mdm/policy-csp-admx-sdiagschd.md | 6 +- .../mdm/policy-csp-admx-securitycenter.md | 8 +- .../mdm/policy-csp-admx-sensors.md | 18 +- .../mdm/policy-csp-admx-servermanager.md | 18 +- .../mdm/policy-csp-admx-servicing.md | 4 +- .../mdm/policy-csp-admx-settingsync.md | 32 +- .../mdm/policy-csp-admx-sharedfolders.md | 12 +- .../mdm/policy-csp-admx-sharing.md | 8 +- ...csp-admx-shellcommandpromptregedittools.md | 16 +- .../mdm/policy-csp-admx-smartcard.md | 56 +- .../mdm/policy-csp-admx-snmp.md | 18 +- .../mdm/policy-csp-admx-soundrec.md | 8 +- .../mdm/policy-csp-admx-srmfci.md | 8 +- .../mdm/policy-csp-admx-startmenu.md | 248 ++-- .../mdm/policy-csp-admx-systemrestore.md | 2 +- .../mdm/policy-csp-admx-tabletpcinputpanel.md | 120 +- .../mdm/policy-csp-admx-tabletshell.md | 72 +- .../mdm/policy-csp-admx-taskbar.md | 80 +- .../mdm/policy-csp-admx-tcpip.md | 52 +- .../mdm/policy-csp-admx-terminalserver.md | 388 ++--- .../mdm/policy-csp-admx-thumbnails.md | 8 +- .../mdm/policy-csp-admx-touchinput.md | 24 +- .../mdm/policy-csp-admx-tpm.md | 38 +- ...y-csp-admx-userexperiencevirtualization.md | 332 ++--- .../mdm/policy-csp-admx-userprofiles.md | 40 +- .../mdm/policy-csp-admx-w32time.md | 22 +- .../mdm/policy-csp-admx-wcm.md | 6 +- .../mdm/policy-csp-admx-wdi.md | 12 +- .../mdm/policy-csp-admx-wincal.md | 4 +- .../mdm/policy-csp-admx-windowscolorsystem.md | 8 +- .../mdm/policy-csp-admx-windowsconnectnow.md | 6 +- .../mdm/policy-csp-admx-windowsexplorer.md | 248 ++-- .../mdm/policy-csp-admx-windowsmediadrm.md | 2 +- .../mdm/policy-csp-admx-windowsmediaplayer.md | 106 +- ...policy-csp-admx-windowsremotemanagement.md | 8 +- .../mdm/policy-csp-admx-windowsstore.md | 8 +- .../mdm/policy-csp-admx-wininit.md | 8 +- .../mdm/policy-csp-admx-winlogon.md | 28 +- .../mdm/policy-csp-admx-winsrv.md | 4 +- .../mdm/policy-csp-admx-wlansvc.md | 8 +- .../mdm/policy-csp-admx-workfoldersclient.md | 8 +- .../mdm/policy-csp-admx-wpn.md | 36 +- .../mdm/policy-csp-applicationdefaults.md | 4 +- .../mdm/policy-csp-applicationmanagement.md | 30 +- .../mdm/policy-csp-appruntime.md | 2 +- .../mdm/policy-csp-appvirtualization.md | 14 +- .../mdm/policy-csp-attachmentmanager.md | 12 +- .../client-management/mdm/policy-csp-audit.md | 106 +- .../mdm/policy-csp-authentication.md | 10 +- .../mdm/policy-csp-autoplay.md | 8 +- .../client-management/mdm/policy-csp-bits.md | 24 +- .../mdm/policy-csp-bluetooth.md | 10 +- .../mdm/policy-csp-browser.md | 38 +- .../mdm/policy-csp-camera.md | 2 +- .../mdm/policy-csp-cellular.md | 26 +- .../mdm/policy-csp-clouddesktop.md | 2 +- .../mdm/policy-csp-connectivity.md | 48 +- .../mdm/policy-csp-controlpolicyconflict.md | 2 +- .../mdm/policy-csp-credentialproviders.md | 2 +- .../mdm/policy-csp-credentialsdelegation.md | 2 +- .../mdm/policy-csp-credentialsui.md | 6 +- .../mdm/policy-csp-dataprotection.md | 4 +- .../mdm/policy-csp-datausage.md | 8 +- .../mdm/policy-csp-defender.md | 106 +- .../mdm/policy-csp-deliveryoptimization.md | 26 +- .../mdm/policy-csp-desktopappinstaller.md | 46 +- .../mdm/policy-csp-devicehealthmonitoring.md | 6 +- .../mdm/policy-csp-deviceinstallation.md | 38 +- .../mdm/policy-csp-devicelock.md | 18 +- .../mdm/policy-csp-display.md | 34 +- .../mdm/policy-csp-dmaguard.md | 2 +- .../client-management/mdm/policy-csp-eap.md | 2 +- .../mdm/policy-csp-education.md | 10 +- .../mdm/policy-csp-errorreporting.md | 18 +- .../mdm/policy-csp-eventlogservice.md | 10 +- .../mdm/policy-csp-experience.md | 54 +- .../mdm/policy-csp-exploitguard.md | 2 +- .../mdm/policy-csp-fileexplorer.md | 2 +- .../mdm/policy-csp-humanpresence.md | 14 +- .../mdm/policy-csp-internetexplorer.md | 990 ++++++------- .../mdm/policy-csp-kerberos.md | 26 +- .../mdm/policy-csp-kioskbrowser.md | 2 +- .../mdm/policy-csp-lanmanworkstation.md | 4 +- .../mdm/policy-csp-licensing.md | 6 +- ...policy-csp-localpoliciessecurityoptions.md | 96 +- .../mdm/policy-csp-localusersandgroups.md | 4 +- .../mdm/policy-csp-lockdown.md | 4 +- .../client-management/mdm/policy-csp-lsa.md | 14 +- .../mdm/policy-csp-messaging.md | 2 +- .../mdm/policy-csp-mixedreality.md | 40 +- .../mdm/policy-csp-networkisolation.md | 26 +- .../mdm/policy-csp-notifications.md | 14 +- .../client-management/mdm/policy-csp-power.md | 64 +- .../mdm/policy-csp-printers.md | 60 +- .../mdm/policy-csp-privacy.md | 516 +++---- .../mdm/policy-csp-remoteassistance.md | 18 +- .../mdm/policy-csp-remotedesktopservices.md | 26 +- .../mdm/policy-csp-remotemanagement.md | 46 +- .../mdm/policy-csp-remoteprocedurecall.md | 14 +- .../mdm/policy-csp-remoteshell.md | 16 +- .../mdm/policy-csp-restrictedgroups.md | 2 +- .../mdm/policy-csp-search.md | 32 +- .../mdm/policy-csp-security.md | 6 +- .../mdm/policy-csp-servicecontrolmanager.md | 2 +- .../mdm/policy-csp-settings.md | 12 +- .../mdm/policy-csp-settingssync.md | 4 +- .../mdm/policy-csp-smartscreen.md | 22 +- .../client-management/mdm/policy-csp-start.md | 56 +- .../mdm/policy-csp-storage.md | 50 +- .../mdm/policy-csp-system.md | 86 +- .../mdm/policy-csp-tenantrestrictions.md | 2 +- .../mdm/policy-csp-textinput.md | 30 +- .../mdm/policy-csp-timelanguagesettings.md | 10 +- .../mdm/policy-csp-troubleshooting.md | 10 +- .../mdm/policy-csp-update.md | 254 ++-- .../mdm/policy-csp-userrights.md | 44 +- ...olicy-csp-virtualizationbasedtechnology.md | 2 +- .../mdm/policy-csp-webthreatdefense.md | 10 +- .../client-management/mdm/policy-csp-wifi.md | 14 +- .../policy-csp-windowsconnectionmanager.md | 2 +- ...olicy-csp-windowsdefendersecuritycenter.md | 38 +- .../mdm/policy-csp-windowsinkworkspace.md | 2 +- .../mdm/policy-csp-windowslogon.md | 32 +- .../mdm/policy-csp-windowssandbox.md | 16 +- .../mdm/policy-csp-wirelessdisplay.md | 16 +- .../mdm/rootcacertificates-csp.md | 26 +- windows/client-management/mdm/sharedpc-csp.md | 2 +- windows/client-management/mdm/supl-csp.md | 6 +- .../client-management/mdm/surfacehub-csp.md | 12 +- windows/client-management/mdm/vpnv2-csp.md | 72 +- .../windowsdefenderapplicationguard-csp.md | 8 +- .../mdm/windowslicensing-csp.md | 4 +- 254 files changed, 5393 insertions(+), 5393 deletions(-) diff --git a/windows/client-management/mdm/activesync-csp.md b/windows/client-management/mdm/activesync-csp.md index 2ddd6377b1..685680a0db 100644 --- a/windows/client-management/mdm/activesync-csp.md +++ b/windows/client-management/mdm/activesync-csp.md @@ -252,7 +252,7 @@ The name that refers to the account on the device. -Specify the account type. This value is entered during setup and cannot be modified once entered. An Exchange account is indicated by the string value "Exchange". +Specify the account type. This value is entered during setup and can't be modified once entered. An Exchange account is indicated by the string value "Exchange". @@ -330,7 +330,7 @@ Domain name of the Exchange server. -The email address the user entered during setup. This is the email address that is associated with the Exchange ActiveSync account and it is required. +The email address the user entered during setup. This is the email address that's associated with the Exchange ActiveSync account and it's required. @@ -770,7 +770,7 @@ Indicates format type of the Email. Supported values are 0 (none), 1 (text), 2 ( -This setting specifies the size beyond which HTML-formatted e-mail messages are truncated when they are synchronized to the mobile phone. The value is specified in KB. A value of -1 disables truncation. +This setting specifies the size beyond which HTML-formatted e-mail messages are truncated when they're synchronized to the mobile phone. The value is specified in KB. A value of -1 disables truncation. @@ -809,7 +809,7 @@ This setting specifies the size beyond which HTML-formatted e-mail messages are -This setting specifies the size beyond which text-formatted e-mail messages are truncated when they are synchronized to the mobile phone. The value is specified in KB. A value of -1 disables truncation. +This setting specifies the size beyond which text-formatted e-mail messages are truncated when they're synchronized to the mobile phone. The value is specified in KB. A value of -1 disables truncation. @@ -911,7 +911,7 @@ Specifies whether SSL is used. | Value | Description | |:--|:--| -| 0 | SSL is not used. | +| 0 | SSL isn't used. | | 1 (Default) | SSL is used. | @@ -1142,7 +1142,7 @@ Specifies the server name used by the account. -Specifies the user name for the account. The user name cannot be changed after a sync has been successfully performed. The user name can be in the fully qualified format "`someone@example.com`", or just "username", depending on the type of account created. For most Exchange accounts, the user name format is just "username", whereas for Microsoft, Google, Yahoo, and most POP/IMAP accounts, the user name format is "`someone@example.com`". +Specifies the user name for the account. The user name can't be changed after a sync has been successfully performed. The user name can be in the fully qualified format "`someone@example.com`", or just "username", depending on the type of account created. For most Exchange accounts, the user name format is just "username", whereas for Microsoft, Google, Yahoo, and most POP/IMAP accounts, the user name format is "`someone@example.com`". diff --git a/windows/client-management/mdm/applicationcontrol-csp.md b/windows/client-management/mdm/applicationcontrol-csp.md index 24af4a6e2c..0e70e6f96a 100644 --- a/windows/client-management/mdm/applicationcontrol-csp.md +++ b/windows/client-management/mdm/applicationcontrol-csp.md @@ -431,7 +431,7 @@ Supported values are as follows: -TRUE/FALSE if the Policy is a System Policy, that is a policy managed by Microsoft as part of the OS. +TRUE/FALSE if the Policy is a System Policy, that's a policy managed by Microsoft as part of the OS. diff --git a/windows/client-management/mdm/applocker-csp.md b/windows/client-management/mdm/applocker-csp.md index 8d475b120c..608969a753 100644 --- a/windows/client-management/mdm/applocker-csp.md +++ b/windows/client-management/mdm/applocker-csp.md @@ -133,7 +133,7 @@ Defines restrictions for applications. -Grouping nodes are dynamic nodes, and there may be any number of them for a given enrollment (or a given context). The actual identifiers are selected by the management endpoint, whose job it is to determine what their purpose is, and to not conflict with other identifiers that they define. Different enrollments and contexts may use the same Authority identifier, even if many such identifiers are active at the same time. +Grouping nodes are dynamic nodes, and there may be any number of them for a given enrollment (or a given context). The actual identifiers are selected by the management endpoint, whose job it's to determine what their purpose is, and to not conflict with other identifiers that they define. Different enrollments and contexts may use the same Authority identifier, even if many such identifiers are active at the same time. @@ -292,7 +292,7 @@ Defines restrictions for processing DLL files. -The EnforcementMode node for Windows Information Protection (formerly known as Enterprise Data Protection) does not affect the behavior of EnterpriseDataProtection. The EDPEnforcementLevel from Policy CSP should be used to enable and disable Windows Information Protection (formerly known as Enterprise Data Protection). +The EnforcementMode node for Windows Information Protection (formerly known as Enterprise Data Protection) doesn't affect the behavior of EnterpriseDataProtection. The EDPEnforcementLevel from Policy CSP should be used to enable and disable Windows Information Protection (formerly known as Enterprise Data Protection). @@ -449,7 +449,7 @@ Defines restrictions for launching executable applications. -The EnforcementMode node for Windows Information Protection (formerly known as Enterprise Data Protection) does not affect the behavior of EnterpriseDataProtection. The EDPEnforcementLevel from Policy CSP should be used to enable and disable Windows Information Protection (formerly known as Enterprise Data Protection). +The EnforcementMode node for Windows Information Protection (formerly known as Enterprise Data Protection) doesn't affect the behavior of EnterpriseDataProtection. The EDPEnforcementLevel from Policy CSP should be used to enable and disable Windows Information Protection (formerly known as Enterprise Data Protection). @@ -606,7 +606,7 @@ Defines restrictions for executing Windows Installer files. -The EnforcementMode node for Windows Information Protection (formerly known as Enterprise Data Protection) does not affect the behavior of EnterpriseDataProtection. The EDPEnforcementLevel from Policy CSP should be used to enable and disable Windows Information Protection (formerly known as Enterprise Data Protection). +The EnforcementMode node for Windows Information Protection (formerly known as Enterprise Data Protection) doesn't affect the behavior of EnterpriseDataProtection. The EDPEnforcementLevel from Policy CSP should be used to enable and disable Windows Information Protection (formerly known as Enterprise Data Protection). @@ -725,7 +725,7 @@ Defines restrictions for running scripts. -The EnforcementMode node for Windows Information Protection (formerly known as Enterprise Data Protection) does not affect the behavior of EnterpriseDataProtection. The EDPEnforcementLevel from Policy CSP should be used to enable and disable Windows Information Protection (formerly known as Enterprise Data Protection). +The EnforcementMode node for Windows Information Protection (formerly known as Enterprise Data Protection) doesn't affect the behavior of EnterpriseDataProtection. The EDPEnforcementLevel from Policy CSP should be used to enable and disable Windows Information Protection (formerly known as Enterprise Data Protection). @@ -844,7 +844,7 @@ Defines restrictions for running apps from the Microsoft Store. -The EnforcementMode node for Windows Information Protection (formerly known as Enterprise Data Protection) does not affect the behavior of EnterpriseDataProtection. The EDPEnforcementLevel from Policy CSP should be used to enable and disable Windows Information Protection (formerly known as Enterprise Data Protection). +The EnforcementMode node for Windows Information Protection (formerly known as Enterprise Data Protection) doesn't affect the behavior of EnterpriseDataProtection. The EDPEnforcementLevel from Policy CSP should be used to enable and disable Windows Information Protection (formerly known as Enterprise Data Protection). @@ -983,7 +983,7 @@ Additional information: -Grouping nodes are dynamic nodes, and there may be any number of them for a given enrollment (or a given context). The actual identifiers are selected by the management endpoint, whose job it is to determine what their purpose is, and to not conflict with other identifiers that they define. Different enrollments and contexts may use the same Authority identifier, even if many such identifiers are active at the same time. +Grouping nodes are dynamic nodes, and there may be any number of them for a given enrollment (or a given context). The actual identifiers are selected by the management endpoint, whose job it's to determine what their purpose is, and to not conflict with other identifiers that they define. Different enrollments and contexts may use the same Authority identifier, even if many such identifiers are active at the same time. @@ -1298,7 +1298,7 @@ Policy nodes define the policy for launching executables, Windows Installer file -The EnforcementMode node for Windows Information Protection (formerly known as Enterprise Data Protection) does not affect the behavior of EnterpriseDataProtection. The EDPEnforcementLevel from Policy CSP should be used to enable and disable Windows Information Protection (formerly known as Enterprise Data Protection). +The EnforcementMode node for Windows Information Protection (formerly known as Enterprise Data Protection) doesn't affect the behavior of EnterpriseDataProtection. The EDPEnforcementLevel from Policy CSP should be used to enable and disable Windows Information Protection (formerly known as Enterprise Data Protection). @@ -1416,7 +1416,7 @@ Policy nodes define the policy for launching executables, Windows Installer file -The EnforcementMode node for Windows Information Protection (formerly known as Enterprise Data Protection) does not affect the behavior of EnterpriseDataProtection. The EDPEnforcementLevel from Policy CSP should be used to enable and disable Windows Information Protection (formerly known as Enterprise Data Protection). +The EnforcementMode node for Windows Information Protection (formerly known as Enterprise Data Protection) doesn't affect the behavior of EnterpriseDataProtection. The EDPEnforcementLevel from Policy CSP should be used to enable and disable Windows Information Protection (formerly known as Enterprise Data Protection). @@ -1611,7 +1611,7 @@ Policy nodes define the policy for launching executables, Windows Installer file -The EnforcementMode node for Windows Information Protection (formerly known as Enterprise Data Protection) does not affect the behavior of EnterpriseDataProtection. The EDPEnforcementLevel from Policy CSP should be used to enable and disable Windows Information Protection (formerly known as Enterprise Data Protection). +The EnforcementMode node for Windows Information Protection (formerly known as Enterprise Data Protection) doesn't affect the behavior of EnterpriseDataProtection. The EDPEnforcementLevel from Policy CSP should be used to enable and disable Windows Information Protection (formerly known as Enterprise Data Protection). @@ -1729,7 +1729,7 @@ Policy nodes define the policy for launching executables, Windows Installer file -The EnforcementMode node for Windows Information Protection (formerly known as Enterprise Data Protection) does not affect the behavior of EnterpriseDataProtection. The EDPEnforcementLevel from Policy CSP should be used to enable and disable Windows Information Protection (formerly known as Enterprise Data Protection). +The EnforcementMode node for Windows Information Protection (formerly known as Enterprise Data Protection) doesn't affect the behavior of EnterpriseDataProtection. The EDPEnforcementLevel from Policy CSP should be used to enable and disable Windows Information Protection (formerly known as Enterprise Data Protection). diff --git a/windows/client-management/mdm/bitlocker-csp.md b/windows/client-management/mdm/bitlocker-csp.md index 5a2a1cbdf3..248d7b95f8 100644 --- a/windows/client-management/mdm/bitlocker-csp.md +++ b/windows/client-management/mdm/bitlocker-csp.md @@ -87,16 +87,16 @@ The following list shows the BitLocker configuration service provider nodes: -Allows Admin to enforce "RequireDeviceEncryption" policy for scenarios where policy is pushed while current logged on user is non-admin/standard user. +Allows Admin to enforce "RequireDeviceEncryption" policy for scenarios where policy is pushed while current logged-on user is non-admin/standard user. "AllowStandardUserEncryption" policy is tied to "AllowWarningForOtherDiskEncryption" policy being set to "0", i.e, Silent encryption is enforced. -If "AllowWarningForOtherDiskEncryption" is not set, or is set to "1", "RequireDeviceEncryption" policy will not try to encrypt drive(s) if a standard user -is the current logged on user in the system. +If "AllowWarningForOtherDiskEncryption" isn't set, or is set to "1", "RequireDeviceEncryption" policy won't try to encrypt drive(s) if a standard user +is the current logged-on user in the system. The expected values for this policy are: 1 = "RequireDeviceEncryption" policy will try to enable encryption on all fixed drives even if a current logged in user is standard user. -0 = This is the default, when the policy is not set. If current logged on user is a standard user, "RequireDeviceEncryption" policy -will not try to enable encryption on any drive. +0 = This is the default, when the policy isn't set. If current logged-on user is a standard user, "RequireDeviceEncryption" policy +won't try to enable encryption on any drive. @@ -119,7 +119,7 @@ will not try to enable encryption on any drive. | Value | Description | |:--|:--| -| 0 (Default) | This is the default, when the policy is not set. If current logged on user is a standard user, "RequireDeviceEncryption" policy will not try to enable encryption on any drive. | +| 0 (Default) | This is the default, when the policy isn't set. If current logged-on user is a standard user, "RequireDeviceEncryption" policy won't try to enable encryption on any drive. | | 1 | "RequireDeviceEncryption" policy will try to enable encryption on all fixed drives even if a current logged in user is standard user. | @@ -172,7 +172,7 @@ This policy setting allows suspending protection for BitLocker Drive Encryption The expected values for this policy are: 0 = Prevent BitLocker Drive Encryption protection from being suspended. -1 = This is the default, when the policy is not set. Allows suspending BitLocker Drive Encryption protection. +1 = This is the default, when the policy isn't set. Allows suspending BitLocker Drive Encryption protection. @@ -195,7 +195,7 @@ The expected values for this policy are: | Value | Description | |:--|:--| | 0 | Prevent BitLocker Drive Encryption protection from being suspended. | -| 1 (Default) | This is the default, when the policy is not set. Allows suspending BitLocker Drive Encryption protection. | +| 1 (Default) | This is the default, when the policy isn't set. Allows suspending BitLocker Drive Encryption protection. | @@ -233,9 +233,9 @@ require reinstallation of Windows. The expected values for this policy are: -1 = This is the default, when the policy is not set. Warning prompt and encryption notification is allowed. +1 = This is the default, when the policy isn't set. Warning prompt and encryption notification is allowed. 0 = Disables the warning prompt and encryption notification. Starting in Windows 10, next major update, -the value 0 only takes affect on Azure Active Directory joined devices. +the value 0 only takes effect on Azure Active Directory joined devices. Windows will attempt to silently enable BitLocker for value 0. @@ -370,11 +370,11 @@ Supported Values: 0 - Numeric Recovery Passwords rotation OFF. This policy setting configures whether BitLocker protection is required for a computer to be able to write data to a removable data drive. -- If you enable this policy setting, all removable data drives that are not BitLocker-protected will be mounted as read-only. If the drive is protected by BitLocker, it will be mounted with read and write access. +- If you enable this policy setting, all removable data drives that aren't BitLocker-protected will be mounted as read-only. If the drive is protected by BitLocker, it will be mounted with read and write access. If the "Deny write access to devices configured in another organization" option is selected, only drives with identification fields matching the computer's identification fields will be given write access. When a removable data drive is accessed it will be checked for valid identification field and allowed identification fields. These fields are defined by the "Provide the unique identifiers for your organization" policy setting. -- If you disable or do not configure this policy setting, all removable data drives on the computer will be mounted with read and write access. +- If you disable or don't configure this policy setting, all removable data drives on the computer will be mounted with read and write access. > [!NOTE] > This policy setting can be overridden by the policy settings under User Configuration\Administrative Templates\System\Removable Storage Access. If the "Removable Disks: Deny write access" policy setting is enabled this policy setting will be ignored. @@ -476,9 +476,9 @@ To disable this policy, use the following SyncML: This policy setting allows you to configure the encryption type used by BitLocker Drive Encryption. This policy setting is applied when you turn on BitLocker. Changing the encryption type has no effect if the drive is already encrypted or if encryption is in progress. Choose full encryption to require that the entire drive be encrypted when BitLocker is turned on. Choose used space only encryption to require that only the portion of the drive used to store data is encrypted when BitLocker is turned on. -- If you enable this policy setting the encryption type that BitLocker will use to encrypt drives is defined by this policy and the encryption type option will not be presented in the BitLocker setup wizard. +- If you enable this policy setting the encryption type that BitLocker will use to encrypt drives is defined by this policy and the encryption type option won't be presented in the BitLocker setup wizard. -- If you disable or do not configure this policy setting, the BitLocker setup wizard will ask the user to select the encryption type before turning on BitLocker. +- If you disable or don't configure this policy setting, the BitLocker setup wizard will ask the user to select the encryption type before turning on BitLocker. @@ -555,7 +555,7 @@ The "Allow data recovery agent" check box is used to specify whether a data reco In "Configure user storage of BitLocker recovery information" select whether users are allowed, required, or not allowed to generate a 48-digit recovery password or a 256-bit recovery key. -Select "Omit recovery options from the BitLocker setup wizard" to prevent users from specifying recovery options when they turn on BitLocker on a drive. This means that you will not be able to specify which recovery option to use when you turn on BitLocker, instead BitLocker recovery options for the drive are determined by the policy setting. +Select "Omit recovery options from the BitLocker setup wizard" to prevent users from specifying recovery options when they turn on BitLocker on a drive. This means that you won't be able to specify which recovery option to use when you turn on BitLocker, instead BitLocker recovery options for the drive are determined by the policy setting. In "Save BitLocker recovery information to Active Directory Domain Services" choose which BitLocker recovery information to store in AD DS for fixed data drives. If you select "Backup recovery password and key package", both the BitLocker recovery password and key package are stored in AD DS. Storing the key package supports recovering data from a drive that has been physically corrupted. If you select "Backup recovery password only," only the recovery password is stored in AD DS. @@ -566,7 +566,7 @@ Select the "Do not enable BitLocker until recovery information is stored in AD D - If you enable this policy setting, you can control the methods available to users to recover data from BitLocker-protected fixed data drives. -- If this policy setting is not configured or disabled, the default recovery options are supported for BitLocker recovery. By default a DRA is allowed, the recovery options can be specified by the user including the recovery password and recovery key, and recovery information is not backed up to AD DS. +- If this policy setting isn't configured or disabled, the default recovery options are supported for BitLocker recovery. By default a DRA is allowed, the recovery options can be specified by the user including the recovery password and recovery key, and recovery information isn't backed up to AD DS. @@ -678,9 +678,9 @@ To disable this policy, use the following SyncML: This policy setting determines whether BitLocker protection is required for fixed data drives to be writable on a computer. -- If you enable this policy setting, all fixed data drives that are not BitLocker-protected will be mounted as read-only. If the drive is protected by BitLocker, it will be mounted with read and write access. +- If you enable this policy setting, all fixed data drives that aren't BitLocker-protected will be mounted as read-only. If the drive is protected by BitLocker, it will be mounted with read and write access. -- If you disable or do not configure this policy setting, all fixed data drives on the computer will be mounted with read and write access. +- If you disable or don't configure this policy setting, all fixed data drives on the computer will be mounted with read and write access. @@ -754,9 +754,9 @@ To disable this policy, use hte following SyncML: -This policy setting allows you to associate unique organizational identifiers to a new drive that is enabled with BitLocker. These identifiers are stored as the identification field and allowed identification field. The identification field allows you to associate a unique organizational identifier to BitLocker-protected drives. This identifier is automatically added to new BitLocker-protected drives and can be updated on existing BitLocker-protected drives using the [manage-bde](/windows-server/administration/windows-commands/manage-bde) command-line tool. An identification field is required for management of certificate-based data recovery agents on BitLocker-protected drives and for potential updates to the BitLocker To Go Reader. BitLocker will only manage and update data recovery agents when the identification field on the drive matches the value configured in the identification field. In a similar manner, BitLocker will only update the BitLocker To Go Reader when the identification field on the drive matches the value configured for the identification field. +This policy setting allows you to associate unique organizational identifiers to a new drive that's enabled with BitLocker. These identifiers are stored as the identification field and allowed identification field. The identification field allows you to associate a unique organizational identifier to BitLocker-protected drives. This identifier is automatically added to new BitLocker-protected drives and can be updated on existing BitLocker-protected drives using the [manage-bde](/windows-server/administration/windows-commands/manage-bde) command-line tool. An identification field is required for management of certificate-based data recovery agents on BitLocker-protected drives and for potential updates to the BitLocker To Go Reader. BitLocker will only manage and update data recovery agents when the identification field on the drive matches the value configured in the identification field. In a similar manner, BitLocker will only update the BitLocker To Go Reader when the identification field on the drive matches the value configured for the identification field. -The allowed identification field is used in combination with the "Deny write access to removable drives not protected by BitLocker" policy setting to help control the use of removable drives in your organization. It is a comma separated list of identification fields from your organization or other external organizations. +The allowed identification field is used in combination with the "Deny write access to removable drives not protected by BitLocker" policy setting to help control the use of removable drives in your organization. It's a comma separated list of identification fields from your organization or other external organizations. You can configure the identification fields on existing drives by using [manage-bde](/windows-server/administration/windows-commands/manage-bde).exe. @@ -764,7 +764,7 @@ You can configure the identification fields on existing drives by using [manage- When a BitLocker-protected drive is mounted on another BitLocker-enabled computer the identification field and allowed identification field will be used to determine whether the drive is from an outside organization. -- If you disable or do not configure this policy setting, the identification field is not required. +- If you disable or don't configure this policy setting, the identification field isn't required. > [!NOTE] > Identification fields are required for management of certificate-based data recovery agents on BitLocker-protected drives. BitLocker will only manage and update certificate-based data recovery agents when the identification field is present on a drive and is identical to the value configured on the computer. The identification field can be any value of 260 characters or fewer. @@ -838,9 +838,9 @@ This policy setting controls the use of BitLocker on removable data drives. This When this policy setting is enabled you can select property settings that control how users can configure BitLocker. Choose "Allow users to apply BitLocker protection on removable data drives" to permit the user to run the BitLocker setup wizard on a removable data drive. Choose "Allow users to suspend and decrypt BitLocker on removable data drives" to permit the user to remove BitLocker Drive encryption from the drive or suspend the encryption while maintenance is performed. For information about suspending BitLocker protection, see [BitLocker Basic Deployment](/windows/security/information-protection/bitlocker/bitlocker-basic-deployment). -- If you do not configure this policy setting, users can use BitLocker on removable disk drives. +- If you don't configure this policy setting, users can use BitLocker on removable disk drives. -- If you disable this policy setting, users cannot use BitLocker on removable disk drives. +- If you disable this policy setting, users can't use BitLocker on removable disk drives. @@ -909,9 +909,9 @@ Sample value for this node to enable this policy is: This policy setting allows you to configure the encryption type used by BitLocker Drive Encryption. This policy setting is applied when you turn on BitLocker. Changing the encryption type has no effect if the drive is already encrypted or if encryption is in progress. Choose full encryption to require that the entire drive be encrypted when BitLocker is turned on. Choose used space only encryption to require that only the portion of the drive used to store data is encrypted when BitLocker is turned on. -- If you enable this policy setting the encryption type that BitLocker will use to encrypt drives is defined by this policy and the encryption type option will not be presented in the BitLocker setup wizard. +- If you enable this policy setting the encryption type that BitLocker will use to encrypt drives is defined by this policy and the encryption type option won't be presented in the BitLocker setup wizard. -- If you disable or do not configure this policy setting, the BitLocker setup wizard will ask the user to select the encryption type before turning on BitLocker. +- If you disable or don't configure this policy setting, the BitLocker setup wizard will ask the user to select the encryption type before turning on BitLocker. @@ -978,7 +978,7 @@ Possible values: -When enabled, allows you to exclude removable drives and devices connected over USB interface from [BitLocker Device Encryption](/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10#bitlocker-device-encryption). Excluded devices cannot be encrypted, even manually. Additionally, if "Deny write access to removable drives not protected by BitLocker" is configured, user will not be prompted for encryption and drive will be mounted in read/write mode. Provide a comma separated list of excluded removable drives\devices, using the Hardware ID of the disk device. Example USBSTOR\SEAGATE_ST39102LW_______0004. +When enabled, allows you to exclude removable drives and devices connected over USB interface from [BitLocker Device Encryption](/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10#bitlocker-device-encryption). Excluded devices can't be encrypted, even manually. Additionally, if "Deny write access to removable drives not protected by BitLocker" is configured, user won't be prompted for encryption and drive will be mounted in read/write mode. Provide a comma separated list of excluded removable drives\devices, using the Hardware ID of the disk device. Example USBSTOR\SEAGATE_ST39102LW_______0004. @@ -1020,11 +1020,11 @@ When enabled, allows you to exclude removable drives and devices connected over This policy setting configures whether BitLocker protection is required for a computer to be able to write data to a removable data drive. -- If you enable this policy setting, all removable data drives that are not BitLocker-protected will be mounted as read-only. If the drive is protected by BitLocker, it will be mounted with read and write access. +- If you enable this policy setting, all removable data drives that aren't BitLocker-protected will be mounted as read-only. If the drive is protected by BitLocker, it will be mounted with read and write access. If the "Deny write access to devices configured in another organization" option is selected, only drives with identification fields matching the computer's identification fields will be given write access. When a removable data drive is accessed it will be checked for valid identification field and allowed identification fields. These fields are defined by the "Provide the unique identifiers for your organization" policy setting. -- If you disable or do not configure this policy setting, all removable data drives on the computer will be mounted with read and write access. +- If you disable or don't configure this policy setting, all removable data drives on the computer will be mounted with read and write access. > [!NOTE] > This policy setting can be overridden by the policy settings under User Configuration\Administrative Templates\System\Removable Storage Access. If the "Removable Disks: Deny write access" policy setting is enabled this policy setting will be ignored. @@ -1119,7 +1119,7 @@ Allows the Admin to require encryption to be turned on using BitLocker\Device En Sample value for this node to enable this policy: 1 -Disabling the policy will not turn off the encryption on the system drive. But will stop prompting the user to turn it on. +Disabling the policy won't turn off the encryption on the system drive. But will stop prompting the user to turn it on. @@ -1154,7 +1154,7 @@ Encryptable fixed data volumes are treated similarly to OS volumes. However, fix | Value | Description | |:--|:--| -| 0 (Default) | Disable. If the policy setting is not set or is set to 0, the device's enforcement status is not checked. The policy does not enforce encryption and it does not decrypt encrypted volumes. | +| 0 (Default) | Disable. If the policy setting isn't set or is set to 0, the device's enforcement status isn't checked. The policy doesn't enforce encryption and it doesn't decrypt encrypted volumes. | | 1 | Enable. The device's enforcement status is checked. Setting this policy to 1 triggers encryption of all drives (silently or non-silently based on AllowWarningForOtherDiskEncryption policy). | @@ -1212,7 +1212,7 @@ This policy is only valid for mobile SKU. Sample value for this node to enable this policy: 1 -Disabling the policy will not turn off the encryption on the storage card. But will stop prompting the user to turn it on. +Disabling the policy won't turn off the encryption on the storage card. But will stop prompting the user to turn it on. @@ -1234,7 +1234,7 @@ Disabling the policy will not turn off the encryption on the storage card. But w | Value | Description | |:--|:--| -| 0 (Default) | Storage cards do not need to be encrypted. | +| 0 (Default) | Storage cards don't need to be encrypted. | | 1 | Require storage cards to be encrypted. | @@ -1550,13 +1550,13 @@ NotStarted(2), Pending (1), Pass (0), Other error codes in case of failure. -This policy setting allows you to configure whether or not standard users are allowed to change BitLocker volume PINs, provided they are able to provide the existing PIN first. +This policy setting allows you to configure whether or not standard users are allowed to change BitLocker volume PINs, provided they're able to provide the existing PIN first. This policy setting is applied when you turn on BitLocker. -- If you enable this policy setting, standard users will not be allowed to change BitLocker PINs or passwords. +- If you enable this policy setting, standard users won't be allowed to change BitLocker PINs or passwords. -- If you disable or do not configure this policy setting, standard users will be permitted to change BitLocker PINs and passwords. +- If you disable or don't configure this policy setting, standard users will be permitted to change BitLocker PINs and passwords. @@ -1621,9 +1621,9 @@ The Windows touch keyboard (such as that used by tablets) isn't available in the - If you enable this policy setting, devices must have an alternative means of pre-boot input (such as an attached USB keyboard). -- If this policy is not enabled, the Windows Recovery Environment must be enabled on tablets to support the entry of the BitLocker recovery password. When the Windows Recovery Environment is not enabled and this policy is not enabled, you cannot turn on BitLocker on a device that uses the Windows touch keyboard. +- If this policy isn't enabled, the Windows Recovery Environment must be enabled on tablets to support the entry of the BitLocker recovery password. When the Windows Recovery Environment isn't enabled and this policy isn't enabled, you can't turn on BitLocker on a device that uses the Windows touch keyboard. -Note that if you do not enable this policy setting, options in the "Require additional authentication at startup" policy might not be available on such devices. These options include: +Note that if you don't enable this policy setting, options in the "Require additional authentication at startup" policy might not be available on such devices. These options include: - Configure TPM startup PIN: Required/Allowed - Configure TPM startup key and PIN: Required/Allowed @@ -1687,7 +1687,7 @@ This policy setting allows users on devices that are compliant with InstantGo or - If you enable this policy setting, users on InstantGo and HSTI compliant devices will have the choice to turn on BitLocker without pre-boot authentication. -- If this policy is not enabled, the options of "Require additional authentication at startup" policy apply. +- If this policy isn't enabled, the options of "Require additional authentication at startup" policy apply. @@ -1745,9 +1745,9 @@ Sample value for this node to enable this policy is: `` This policy setting allows you to configure the encryption type used by BitLocker Drive Encryption. This policy setting is applied when you turn on BitLocker. Changing the encryption type has no effect if the drive is already encrypted or if encryption is in progress. Choose full encryption to require that the entire drive be encrypted when BitLocker is turned on. Choose used space only encryption to require that only the portion of the drive used to store data is encrypted when BitLocker is turned on. -- If you enable this policy setting the encryption type that BitLocker will use to encrypt drives is defined by this policy and the encryption type option will not be presented in the BitLocker setup wizard. +- If you enable this policy setting the encryption type that BitLocker will use to encrypt drives is defined by this policy and the encryption type option won't be presented in the BitLocker setup wizard. -- If you disable or do not configure this policy setting, the BitLocker setup wizard will ask the user to select the encryption type before turning on BitLocker. +- If you disable or don't configure this policy setting, the BitLocker setup wizard will ask the user to select the encryption type before turning on BitLocker. @@ -1826,9 +1826,9 @@ Enhanced startup PINs permit the use of characters including uppercase and lower - If you enable this policy setting, all new BitLocker startup PINs set will be enhanced PINs. > [!NOTE] -> Not all computers may support enhanced PINs in the pre-boot environment. It is strongly recommended that users perform a system check during BitLocker setup. +> Not all computers may support enhanced PINs in the pre-boot environment. It's strongly recommended that users perform a system check during BitLocker setup. -- If you disable or do not configure this policy setting, enhanced PINs will not be used. +- If you disable or don't configure this policy setting, enhanced PINs won't be used. @@ -1888,7 +1888,7 @@ This policy setting allows you to configure a minimum length for a Trusted Platf - If you enable this policy setting, you can require a minimum number of digits to be used when setting the startup PIN. -- If you disable or do not configure this policy setting, users can configure a startup PIN of any length between 6 and 20 digits. +- If you disable or don't configure this policy setting, users can configure a startup PIN of any length between 6 and 20 digits. > [!NOTE] > If minimum PIN length is set below 6 digits, Windows will attempt to update the TPM 2.0 lockout period to be greater than the default when a PIN is changed. If successful, Windows will only reset the TPM lockout period back to default if the TPM is reset. @@ -1980,7 +1980,7 @@ If you select the "Use custom recovery message" option, the message you type in If you select the "Use custom recovery URL" option, the URL you type in the "Custom recovery URL option" text box will replace the default URL in the default recovery message, which will be displayed in the pre-boot key recovery screen. > [!NOTE] -> Not all characters and languages are supported in pre-boot. It is strongly recommended that you test that the characters you use for the custom message or URL appear correctly on the pre-boot recovery screen. +> Not all characters and languages are supported in pre-boot. It's strongly recommended that you test that the characters you use for the custom message or URL appear correctly on the pre-boot recovery screen. @@ -2086,7 +2086,7 @@ The "Allow certificate-based data recovery agent" check box is used to specify w In "Configure user storage of BitLocker recovery information" select whether users are allowed, required, or not allowed to generate a 48-digit recovery password or a 256-bit recovery key. -Select "Omit recovery options from the BitLocker setup wizard" to prevent users from specifying recovery options when they turn on BitLocker on a drive. This means that you will not be able to specify which recovery option to use when you turn on BitLocker, instead BitLocker recovery options for the drive are determined by the policy setting. +Select "Omit recovery options from the BitLocker setup wizard" to prevent users from specifying recovery options when they turn on BitLocker on a drive. This means that you won't be able to specify which recovery option to use when you turn on BitLocker, instead BitLocker recovery options for the drive are determined by the policy setting. In "Save BitLocker recovery information to Active Directory Domain Services", choose which BitLocker recovery information to store in AD DS for operating system drives. If you select "Backup recovery password and key package", both the BitLocker recovery password and key package are stored in AD DS. Storing the key package supports recovering data from a drive that has been physically corrupted. If you select "Backup recovery password only," only the recovery password is stored in AD DS. @@ -2097,7 +2097,7 @@ Select the "Do not enable BitLocker until recovery information is stored in AD D - If you enable this policy setting, you can control the methods available to users to recover data from BitLocker-protected operating system drives. -- If this policy setting is disabled or not configured, the default recovery options are supported for BitLocker recovery. By default a DRA is allowed, the recovery options can be specified by the user including the recovery password and recovery key, and recovery information is not backed up to AD DS. +- If this policy setting is disabled or not configured, the default recovery options are supported for BitLocker recovery. By default a DRA is allowed, the recovery options can be specified by the user including the recovery password and recovery key, and recovery information isn't backed up to AD DS. @@ -2217,7 +2217,7 @@ On a computer with a compatible TPM, four types of authentication methods can be - If you enable this policy setting, users can configure advanced startup options in the BitLocker setup wizard. -- If you disable or do not configure this policy setting, users can configure only basic options on computers with a TPM. +- If you disable or don't configure this policy setting, users can configure only basic options on computers with a TPM. > [!NOTE] > If you want to require the use of a startup PIN and a USB flash drive, you must configure BitLocker settings using the command-line tool [manage-bde](/windows-server/administration/windows-commands/manage-bde) instead of the BitLocker Drive Encryption setup wizard. diff --git a/windows/client-management/mdm/certificatestore-csp.md b/windows/client-management/mdm/certificatestore-csp.md index 34c73c0b7f..bc6a90e378 100644 --- a/windows/client-management/mdm/certificatestore-csp.md +++ b/windows/client-management/mdm/certificatestore-csp.md @@ -835,7 +835,7 @@ This store holds the SCEP portion of the MY store and handle operations related -The UniqueID for the SCEP enrollment request. Each client certificate should have different unique ID. +The UniqueID for the SCEP enrollment request. Each client certificate should've different unique ID. @@ -1766,7 +1766,7 @@ The SHA1 hash for the certificate. The 20-byte SHA1 hash of the certificate is s -The base64 Encoded X.509 certificate. Note that though during MDM enrollment, enrollment server could use WAP XML format to add public part of MDM client cert via EncodedCertificate node, properly enroll a client certificate including private needs a cert enroll protocol handle it or user installs it manually. In WP, the server cannot purely rely on CertificateStore CSP to install a client certificate including private key. +The base64 Encoded X.509 certificate. Note that though during MDM enrollment, enrollment server could use WAP XML format to add public part of MDM client cert via EncodedCertificate node, properly enroll a client certificate including private needs a cert enroll protocol handle it or user installs it manually. In WP, the server can't purely rely on CertificateStore CSP to install a client certificate including private key. @@ -2000,7 +2000,7 @@ The expiration date of the certificate. This node is implicitly created only whe -The parent node that hosts client certificate that is enrolled via WSTEP, e.g. the certificate that is enrolled during MDM enrollment. +The parent node that hosts client certificate that's enrolled via WSTEP, e.g. the certificate that's enrolled during MDM enrollment. diff --git a/windows/client-management/mdm/clientcertificateinstall-csp.md b/windows/client-management/mdm/clientcertificateinstall-csp.md index 4f5e1ec3f9..53f3bc2a65 100644 --- a/windows/client-management/mdm/clientcertificateinstall-csp.md +++ b/windows/client-management/mdm/clientcertificateinstall-csp.md @@ -205,7 +205,7 @@ Calling Delete on the this node, should delete the certificates and the keys tha Optional. -Specifies the NGC container name (if NGC KSP is chosen for above node). If this node is not specified when NGC KSP is chosen, enrollment will fail. +Specifies the NGC container name (if NGC KSP is chosen for above node). If this node isn't specified when NGC KSP is chosen, enrollment will fail. @@ -297,7 +297,7 @@ Required for PFX certificate installation. Indicates the KeyStorage provider to Required. [CRYPT_DATA_BLOB](/previous-versions/windows/desktop/legacy/aa381414(v=vs.85)) structure that contains a PFX packet with the exported and encrypted certificates and keys. Add on this node will trigger the addition to the PFX certificate. This requires that all the other nodes under UniqueID that are parameters for PFX installation (Container Name, KeyLocation, CertPassword, fKeyExportable) are present before this is called. This will also set the Status node to the current Status of the operation. If Add is called on this node and a blob already exists, it will fail. If Replace is called on this node, the certificates will be overwritten. -If Add is called on this node for a new PFX, the certificate will be added. If Replace is called on this node when it does not exist, this will fail. +If Add is called on this node for a new PFX, the certificate will be added. If Replace is called on this node when it doesn't exist, this will fail. In other words, using Replace or Add will result in the effect of either overwriting the old certificate or adding a new certificate @@ -419,7 +419,7 @@ When a value of "2" is contained iin PFXCertPasswordEncryptionType, specify the Optional. Used to specify if the PFX certificate password is encrypted with a certificate. If the value is -0 - Password is not encrypted +0 - Password isn't encrypted 1- Password is encrypted using the MDM certificate by the MDM server 2 - Password is encrypted by a Custom Certificate by the MDM server. When this value is used here, also specify the custom store name in the PFXCertPasswordEncryptionStore node. @@ -443,7 +443,7 @@ If the value is | Value | Description | |:--|:--| -| 0 (Default) | Password is not encrypted. | +| 0 (Default) | Password isn't encrypted. | | 1 | Password is encrypted with the MDM certificate. | | 2 | Password is encrypted with custom certificate. | @@ -684,7 +684,7 @@ Calling Delete on the this node, should delete the corresponding SCEP certificat -Optional. Specify the current cert's thumbprint if certificate enrollment succeeds. It is a 20-byte value of the SHA1 certificate hash specified as a hexadecimal string value. +Optional. Specify the current cert's thumbprint if certificate enrollment succeeds. It's a 20-byte value of the SHA1 certificate hash specified as a hexadecimal string value. @@ -764,7 +764,7 @@ Optional. The integer value that indicates the HRESULT of the last enrollment er -Required for SCEP certificate enrollment. Parent node to group SCEP cert install related request. NOTE: though the children nodes under Install support Replace commands, once the Exec command is sent to the device, the device will take the values which are set when the Exec command is accepted. The server should not expect the node value change after Exec command is accepted will impact the current undergoing enrollment. The server should check the Status node value and make sure the device is not at unknown stage before changing children node values. +Required for SCEP certificate enrollment. Parent node to group SCEP cert install related request. NOTE: though the children nodes under Install support Replace commands, once the Exec command is sent to the device, the device will take the values which are set when the Exec command is accepted. The server shouldn't expect the node value change after Exec command is accepted will impact the current undergoing enrollment. The server should check the Status node value and make sure the device isn't at unknown stage before changing children node values. @@ -842,7 +842,7 @@ Optional. Specify the AAD Key Identifier List as a semicolon separated values. O -Required. Specify root CA thumbprint. It is a 20-byte value of the SHA1 certificate hash specified as a hexadecimal string value. When client authenticates SCEP server, it checks CA cert from SCEP server whether match with this cert. If no match is found, authentication will fail. +Required. Specify root CA thumbprint. It's a 20-byte value of the SHA1 certificate hash specified as a hexadecimal string value. When client authenticates SCEP server, it checks CA cert from SCEP server whether match with this cert. If no match is found, authentication will fail. @@ -921,7 +921,7 @@ Required for SCEP certificate enrollment. B64 encoded SCEP enrollment challenge. Optional. -Specifies the NGC container name (if NGC KSP is chosen for above node). If this node is not specified when NGC KSP is chosen, enrollment will fail. +Specifies the NGC container name (if NGC KSP is chosen for above node). If this node isn't specified when NGC KSP is chosen, enrollment will fail. @@ -1038,7 +1038,7 @@ Required. Specify extended key usages. Subjected to SCEP server configuration. T -Required. Trigger the device to start the cert enrollment. The device will not notify MDM server after cert enrollment is done. The MDM server could later query the device to find out whether new cert is added. +Required. Trigger the device to start the cert enrollment. The device won't notify MDM server after cert enrollment is done. The MDM server could later query the device to find out whether new cert is added. @@ -1170,7 +1170,7 @@ Valid value: 1024, 2048, 4096. For NGC, only 2048 is the supported keylength. -Optional. Specify where to keep the private key. Note that even it is protected by TPM, it is not guarded with TPM PIN. +Optional. Specify where to keep the private key. Note that even it's protected by TPM, it isn't guarded with TPM PIN. SCEP enrolled cert doesn't support TPM PIN protection. @@ -1261,7 +1261,7 @@ Required for enrollment. Specify the key usage bits (0x80, 0x20, 0xA0, etc.) for -Optional. Special to SCEP. Specify device retry times when the SCEP sever sends pending status. Format is int. Default value is 3. Max value: the value cannot be larger than 30. If it is larger than 30, the device will use 30. +Optional. Special to SCEP. Specify device retry times when the SCEP sever sends pending status. Format is int. Default value is 3. Max value: the value can't be larger than 30. If it's larger than 30, the device will use 30. The min value is 0 which means no retry. @@ -1505,7 +1505,7 @@ Optional. OID of certificate template name. Note that this name is typically ign Optional. Specify the units for valid period. Valid values are: Days(Default), Months, Years. -MDM server expected certificate validation period (ValidPeriodUnits + ValidPeriod) the SCEP server as part of certificate enrollment request. It is the server's decision on how to use this valid period to create the certificate. +MDM server expected certificate validation period (ValidPeriodUnits + ValidPeriod) the SCEP server as part of certificate enrollment request. It's the server's decision on how to use this valid period to create the certificate. @@ -1558,7 +1558,7 @@ MDM server expected certificate validation period (ValidPeriodUnits + ValidPerio Optional. Specify desired number of units used in validity period. Subjected to SCEP server configuration. Default is 0. The units are defined in ValidPeriod node. Note the valid period specified by MDM will overwrite the valid period specified in cert template. For example, if ValidPeriod is days and ValidPeriodUnits is 30, it means the total valid duration is 30 days. > [!NOTE] -> The device only sends the MDM server expected certificate validation period (ValidPeriodUnits + ValidPeriod) the SCEP server as part of certificate enrollment request. It is the server's decision on how to use this valid period to create the certificate. +> The device only sends the MDM server expected certificate validation period (ValidPeriodUnits + ValidPeriod) the SCEP server as part of certificate enrollment request. It's the server's decision on how to use this valid period to create the certificate. @@ -1764,7 +1764,7 @@ Calling Delete on the this node, should delete the certificates and the keys tha Optional. -Specifies the NGC container name (if NGC KSP is chosen for above node). If this node is not specified when NGC KSP is chosen, enrollment will fail. +Specifies the NGC container name (if NGC KSP is chosen for above node). If this node isn't specified when NGC KSP is chosen, enrollment will fail. @@ -1856,7 +1856,7 @@ Required for PFX certificate installation. Indicates the KeyStorage provider to Required. [CRYPT_DATA_BLOB](/previous-versions/windows/desktop/legacy/aa381414(v=vs.85)) structure that contains a PFX packet with the exported and encrypted certificates and keys. Add on this node will trigger the addition to the PFX certificate. This requires that all the other nodes under UniqueID that are parameters for PFX installation (Container Name, KeyLocation, CertPassword, fKeyExportable) are present before this is called. This will also set the Status node to the current Status of the operation. If Add is called on this node and a blob already exists, it will fail. If Replace is called on this node, the certificates will be overwritten. -If Add is called on this node for a new PFX, the certificate will be added. If Replace is called on this node when it does not exist, this will fail. +If Add is called on this node for a new PFX, the certificate will be added. If Replace is called on this node when it doesn't exist, this will fail. In other words, using Replace or Add will result in the effect of either overwriting the old certificate or adding a new certificate @@ -1978,7 +1978,7 @@ When a value of "2" is contained iin PFXCertPasswordEncryptionType, specify the Optional. Used to specify if the PFX certificate password is encrypted with a certificate. If the value is -0 - Password is not encrypted +0 - Password isn't encrypted 1- Password is encrypted using the MDM certificate by the MDM server 2 - Password is encrypted by a Custom Certificate by the MDM server. When this value is used here, also specify the custom store name in the PFXCertPasswordEncryptionStore node. @@ -2002,7 +2002,7 @@ If the value is | Value | Description | |:--|:--| -| 0 (Default) | Password is not encrypted. | +| 0 (Default) | Password isn't encrypted. | | 1 | Password is encrypted with the MDM certificate. | | 2 | Password is encrypted with custom certificate. | @@ -2241,7 +2241,7 @@ Calling Delete on the this node, should delete the corresponding SCEP certificat -Optional. Specify the current cert's thumbprint if certificate enrollment succeeds. It is a 20-byte value of the SHA1 certificate hash specified as a hexadecimal string value. +Optional. Specify the current cert's thumbprint if certificate enrollment succeeds. It's a 20-byte value of the SHA1 certificate hash specified as a hexadecimal string value. @@ -2321,7 +2321,7 @@ Optional. The integer value that indicates the HRESULT of the last enrollment er -Required for SCEP certificate enrollment. Parent node to group SCEP cert install related request. NOTE: though the children nodes under Install support Replace commands, once the Exec command is sent to the device, the device will take the values which are set when the Exec command is accepted. The server should not expect the node value change after Exec command is accepted will impact the current undergoing enrollment. The server should check the Status node value and make sure the device is not at unknown stage before changing children node values. +Required for SCEP certificate enrollment. Parent node to group SCEP cert install related request. NOTE: though the children nodes under Install support Replace commands, once the Exec command is sent to the device, the device will take the values which are set when the Exec command is accepted. The server shouldn't expect the node value change after Exec command is accepted will impact the current undergoing enrollment. The server should check the Status node value and make sure the device isn't at unknown stage before changing children node values. @@ -2399,7 +2399,7 @@ Optional. Specify the AAD Key Identifier List as a semicolon separated values. O -Required. Specify root CA thumbprint. It is a 20-byte value of the SHA1 certificate hash specified as a hexadecimal string value. When client authenticates SCEP server, it checks CA cert from SCEP server whether match with this cert. If no match is found, authentication will fail. +Required. Specify root CA thumbprint. It's a 20-byte value of the SHA1 certificate hash specified as a hexadecimal string value. When client authenticates SCEP server, it checks CA cert from SCEP server whether match with this cert. If no match is found, authentication will fail. @@ -2478,7 +2478,7 @@ Required for SCEP certificate enrollment. B64 encoded SCEP enrollment challenge. Optional. -Specifies the NGC container name (if NGC KSP is chosen for above node). If this node is not specified when NGC KSP is chosen, enrollment will fail. +Specifies the NGC container name (if NGC KSP is chosen for above node). If this node isn't specified when NGC KSP is chosen, enrollment will fail. @@ -2595,7 +2595,7 @@ Required. Specify extended key usages. Subjected to SCEP server configuration. T -Required. Trigger the device to start the cert enrollment. The device will not notify MDM server after cert enrollment is done. The MDM server could later query the device to find out whether new cert is added. +Required. Trigger the device to start the cert enrollment. The device won't notify MDM server after cert enrollment is done. The MDM server could later query the device to find out whether new cert is added. @@ -2727,7 +2727,7 @@ Valid value: 1024, 2048, 4096. For NGC, only 2048 is the supported keylength. -Optional. Specify where to keep the private key. Note that even it is protected by TPM, it is not guarded with TPM PIN. +Optional. Specify where to keep the private key. Note that even it's protected by TPM, it isn't guarded with TPM PIN. SCEP enrolled cert doesn't support TPM PIN protection. @@ -2818,7 +2818,7 @@ Required for enrollment. Specify the key usage bits (0x80, 0x20, 0xA0, etc.) for -Optional. Special to SCEP. Specify device retry times when the SCEP sever sends pending status. Format is int. Default value is 3. Max value: the value cannot be larger than 30. If it is larger than 30, the device will use 30. +Optional. Special to SCEP. Specify device retry times when the SCEP sever sends pending status. Format is int. Default value is 3. Max value: the value can't be larger than 30. If it's larger than 30, the device will use 30. The min value is 0 which means no retry. @@ -3062,7 +3062,7 @@ Optional. OID of certificate template name. Note that this name is typically ign Optional. Specify the units for valid period. Valid values are: Days(Default), Months, Years. -MDM server expected certificate validation period (ValidPeriodUnits + ValidPeriod) the SCEP server as part of certificate enrollment request. It is the server's decision on how to use this valid period to create the certificate. +MDM server expected certificate validation period (ValidPeriodUnits + ValidPeriod) the SCEP server as part of certificate enrollment request. It's the server's decision on how to use this valid period to create the certificate. @@ -3115,7 +3115,7 @@ MDM server expected certificate validation period (ValidPeriodUnits + ValidPerio Optional. Specify desired number of units used in validity period. Subjected to SCEP server configuration. Default is 0. The units are defined in ValidPeriod node. Note the valid period specified by MDM will overwrite the valid period specified in cert template. For example, if ValidPeriod is days and ValidPeriodUnits is 30, it means the total valid duration is 30 days. > [!NOTE] -> The device only sends the MDM server expected certificate validation period (ValidPeriodUnits + ValidPeriod) the SCEP server as part of certificate enrollment request. It is the server's decision on how to use this valid period to create the certificate. +> The device only sends the MDM server expected certificate validation period (ValidPeriodUnits + ValidPeriod) the SCEP server as part of certificate enrollment request. It's the server's decision on how to use this valid period to create the certificate. diff --git a/windows/client-management/mdm/defender-csp.md b/windows/client-management/mdm/defender-csp.md index 6289df39cf..0496ae8985 100644 --- a/windows/client-management/mdm/defender-csp.md +++ b/windows/client-management/mdm/defender-csp.md @@ -839,7 +839,7 @@ Control Device Control feature. -Indicates whether the CPU will be throttled for scheduled scans while the device is idle. This feature is enabled by default and will not throttle the CPU for scheduled scans performed when the device is otherwise idle, regardless of what ScanAvgCPULoadFactor is set to. For all other scheduled scans this flag will have no impact and normal throttling will occur. +Indicates whether the CPU will be throttled for scheduled scans while the device is idle. This feature is enabled by default and won't throttle the CPU for scheduled scans performed when the device is otherwise idle, regardless of what ScanAvgCPULoadFactor is set to. For all other scheduled scans this flag will have no impact and normal throttling will occur. @@ -1652,7 +1652,7 @@ This policy setting controls whether or not exclusions are visible to local admi | Value | Description | |:--|:--| | 1 | If you enable this setting, local admins will no longer be able to see the exclusion list in Windows Security App or via PowerShell. | -| 0 (Default) | If you disable or do not configure this setting, local admins will be able to see exclusions in the Windows Security App and via PowerShell. | +| 0 (Default) | If you disable or don't configure this setting, local admins will be able to see exclusions in the Windows Security App and via PowerShell. | @@ -1701,7 +1701,7 @@ This policy setting controls whether or not exclusions are visible to local user | Value | Description | |:--|:--| | 1 | If you enable this setting, local users will no longer be able to see the exclusion list in Windows Security App or via PowerShell. | -| 0 (Default) | If you disable or do not configure this setting, local users will be able to see exclusions in the Windows Security App and via PowerShell. | +| 0 (Default) | If you disable or don't configure this setting, local users will be able to see exclusions in the Windows Security App and via PowerShell. | @@ -1749,7 +1749,7 @@ This policy setting configures the Intel TDT integration level for Intel TDT-cap | Value | Description | |:--|:--| -| 0 (Default) | If you do not configure this setting, the default value will be applied. The default value is controlled by Microsoft security intelligence updates. Microsoft will enable Intel TDT if there is a known threat. | +| 0 (Default) | If you don't configure this setting, the default value will be applied. The default value is controlled by Microsoft security intelligence updates. Microsoft will enable Intel TDT if there is a known threat. | | 1 | If you configure this setting to enabled, Intel TDT integration will turn on. | | 2 | If you configure this setting to disabled, Intel TDT integration will turn off. | @@ -1849,7 +1849,7 @@ This setting allows you to configure whether real-time protection and Security I | Value | Description | |:--|:--| | 1 | If you enable this setting, real-time protection and Security Intelligence Updates are enabled during OOBE. | -| 0 (Default) | If you either disable or do not configure this setting, real-time protection and Security Intelligence Updates during OOBE is not enabled. | +| 0 (Default) | If you either disable or don't configure this setting, real-time protection and Security Intelligence Updates during OOBE isn't enabled. | @@ -2117,7 +2117,7 @@ This setting allows you to configure the scheduler randomization in hours. The r -Defines what are the devices primary ids that should be secured by Defender Device Control. The primary id values should be pipe (|) separated. Example: RemovableMediaDevices|CdRomDevices. If this configuration is not set the default value will be applied, meaning all of the supported devices will be secured. +Defines what are the devices primary ids that should be secured by Defender Device Control. The primary id values should be pipe (|) separated. Example: RemovableMediaDevices|CdRomDevices. If this configuration isn't set the default value will be applied, meaning all of the supported devices will be secured. @@ -3057,7 +3057,7 @@ Version number of the current Windows Defender engine on the device. -Indicates whether a Windows Defender full scan is overdue for the device. A Full scan is overdue when a scheduled Full scan did not complete successfully for 2 weeks and catchup Full scans are disabled (default). +Indicates whether a Windows Defender full scan is overdue for the device. A Full scan is overdue when a scheduled Full scan didn't complete successfully for 2 weeks and catchup Full scans are disabled (default). @@ -3376,7 +3376,7 @@ Provide the current state of the product. This is a bitmask flag value that can -Indicates whether a Windows Defender quick scan is overdue for the device. A Quick scan is overdue when a scheduled Quick scan did not complete successfully for 2 weeks and catchup Quick scans are disabled (default). +Indicates whether a Windows Defender quick scan is overdue for the device. A Quick scan is overdue when a scheduled Quick scan didn't complete successfully for 2 weeks and catchup Quick scans are disabled (default). diff --git a/windows/client-management/mdm/devdetail-csp.md b/windows/client-management/mdm/devdetail-csp.md index 458d71677a..76ba715582 100644 --- a/windows/client-management/mdm/devdetail-csp.md +++ b/windows/client-management/mdm/devdetail-csp.md @@ -281,7 +281,7 @@ Returns the name of the mobile operator if it exists; otherwise it returns 404. -Contains the user-specified device name. Support for Replace operation for Windows 10 Mobile was added in Windows 10, version 1511. Replace operation is not supported in the desktop or IoT Core. When you change the device name using this node, it triggers a dialog on the device asking the user to reboot. The new device name does not take effect until the device is restarted. If the user cancels the dialog, it will show again until a reboot occurs. +Contains the user-specified device name. Support for Replace operation for Windows 10 Mobile was added in Windows 10, version 1511. Replace operation isn't supported in the desktop or IoT Core. When you change the device name using this node, it triggers a dialog on the device asking the user to reboot. The new device name doesn't take effect until the device is restarted. If the user cancels the dialog, it will show again until a reboot occurs. @@ -445,7 +445,7 @@ Returns the client local time in ISO 8601 format. Example: 2003-06-16. T18:37:44 -Returns the mobile device ID associated with the cellular network. Returns 404 for devices that do not have a cellular network support. The IMSI value is returned for GSM and UMTS networks. CDMA and worldwide phones will return a 404 Not Found status code error if queried for this element. +Returns the mobile device ID associated with the cellular network. Returns 404 for devices that don't have a cellular network support. The IMSI value is returned for GSM and UMTS networks. CDMA and worldwide phones will return a 404 Not Found status code error if queried for this element. diff --git a/windows/client-management/mdm/devicepreparation-csp.md b/windows/client-management/mdm/devicepreparation-csp.md index fce4abf9e4..540f8617fd 100644 --- a/windows/client-management/mdm/devicepreparation-csp.md +++ b/windows/client-management/mdm/devicepreparation-csp.md @@ -133,7 +133,7 @@ This node stores the class ID for the Bootstrapper Agent WinRT object. -This node holds opaque data that will be passed to the Bootstrapper Agent as a parameter when it is invoked to execute. +This node holds opaque data that will be passed to the Bootstrapper Agent as a parameter when it's invoked to execute. @@ -351,7 +351,7 @@ This node determines whether to enable or show the Device Preparation page. | Value | Description | |:--|:--| -| false (Default) | The page is not enabled. | +| false (Default) | The page isn't enabled. | | true | The page is enabled. | diff --git a/windows/client-management/mdm/devicestatus-csp.md b/windows/client-management/mdm/devicestatus-csp.md index 2b438f74a0..937d574363 100644 --- a/windows/client-management/mdm/devicestatus-csp.md +++ b/windows/client-management/mdm/devicestatus-csp.md @@ -132,7 +132,7 @@ Node for the antispyware query. -Integer that specifies the status of the antispyware signature. Valid values: 0 - The security software reports that it is not the most recent version. 1 - The security software reports that it is the most recent version. 2 - Not applicable. This is returned for devices like the phone that do not have an antivirus (where the API doesn't exist.) If more than one antispyware provider is active, this node returns: 1 - If every active antispyware provider has a valid signature status. 0 - If any of the active antispyware providers has an invalid signature status. +Integer that specifies the status of the antispyware signature. Valid values: 0 - The security software reports that it isn't the most recent version. 1 - The security software reports that it's the most recent version. 2 - Not applicable. This is returned for devices like the phone that don't have an antivirus (where the API doesn't exist.) If more than one antispyware provider is active, this node returns: 1 - If every active antispyware provider has a valid signature status. 0 - If any of the active antispyware providers has an invalid signature status. @@ -173,7 +173,7 @@ This node also returns 0 when no anti-spyware provider is active. -Integer that specifies the status of the antispyware. Valid values: 0 - The status of the security provider category is good and does not need user attention. 1 - The status of the security provider category is not monitored by Windows Security Center (WSC). 2 - The status of the security provider category is poor and the computer may be at risk. 3 - The security provider category is in snooze state. Snooze indicates that WSC is not actively protecting the computer. +Integer that specifies the status of the antispyware. Valid values: 0 - The status of the security provider category is good and doesn't need user attention. 1 - The status of the security provider category isn't monitored by Windows Security Center (WSC). 2 - The status of the security provider category is poor and the computer may be at risk. 3 - The security provider category is in snooze state. Snooze indicates that WSC isn't actively protecting the computer. @@ -252,7 +252,7 @@ Node for the antivirus query. -Integer that specifies the status of the antivirus signature. Valid values: 0 - The security software reports that it is not the most recent version. 1 (default) - The security software reports that it is the most recent version. 2 - Not applicable. This is returned for devices like the phone that do not have an antivirus (where the API doesn't exist.) If more than one antivirus provider is active, this node returns: 1 - If every active antivirus provider has a valid signature status. 0 - If any of the active antivirus providers has an invalid signature status. +Integer that specifies the status of the antivirus signature. Valid values: 0 - The security software reports that it isn't the most recent version. 1 (default) - The security software reports that it's the most recent version. 2 - Not applicable. This is returned for devices like the phone that don't have an antivirus (where the API doesn't exist.) If more than one antivirus provider is active, this node returns: 1 - If every active antivirus provider has a valid signature status. 0 - If any of the active antivirus providers has an invalid signature status. @@ -293,7 +293,7 @@ This node also returns 0 when no antivirus provider is active. -Integer that specifies the status of the antivirus. Valid values: 0 - Antivirus is on and monitoring, 1 - Antivirus is disabled, 2 - Antivirus is not monitoring the device/PC or some options have been turned off, 3 (default) - Antivirus is temporarily not completely monitoring the device/PC, 4 - Antivirus not applicable for this device. This is returned for devices like the phone that do not have an antivirus (where the API doesn't exist.) +Integer that specifies the status of the antivirus. Valid values: 0 - Antivirus is on and monitoring, 1 - Antivirus is disabled, 2 - Antivirus isn't monitoring the device/PC or some options have been turned off, 3 (default) - Antivirus is temporarily not completely monitoring the device/PC, 4 - Antivirus not applicable for this device. This is returned for devices like the phone that don't have an antivirus (where the API doesn't exist.) @@ -372,7 +372,7 @@ Node for the battery query. -Integer that specifies the estimated battery charge remaining. This is the value returned in BatteryLifeTime in SYSTEM_POWER_STATUS structure. The value is the number of seconds of battery life remaining when the device is not connected to an AC power source. When it is connected to a power source, the value is -1. When the estimation is unknown, the value is -1. +Integer that specifies the estimated battery charge remaining. This is the value returned in BatteryLifeTime in SYSTEM_POWER_STATUS structure. The value is the number of seconds of battery life remaining when the device isn't connected to an AC power source. When it's connected to a power source, the value is -1. When the estimation is unknown, the value is -1. @@ -412,7 +412,7 @@ Integer that specifies the estimated battery charge remaining. This is the value -Integer that specifies the estimated runtime of the battery. This is the value returned in BatteryLifeTime in SYSTEM_POWER_STATUS structure. The value is the number of seconds of battery life remaining when the device is not connected to an AC power source. When it is connected to a power source, the value is -1. When the estimation is unknown, the value is -1. +Integer that specifies the estimated runtime of the battery. This is the value returned in BatteryLifeTime in SYSTEM_POWER_STATUS structure. The value is the number of seconds of battery life remaining when the device isn't connected to an AC power source. When it's connected to a power source, the value is -1. When the estimation is unknown, the value is -1. @@ -1119,7 +1119,7 @@ System Guard status. 0 - Running, 1 - Reboot required, 2 - Not configured, 3 - S -Virtualization-based security hardware requirement status. The value is a 256 value bitmask. 0x0: System meets hardware configuration requirements, 0x1: SecureBoot required, 0x2: DMA Protection required, 0x4: HyperV not supported for Guest VM, 0x8: HyperV feature is not available. +Virtualization-based security hardware requirement status. The value is a 256 value bitmask. 0x0: System meets hardware configuration requirements, 0x1: SecureBoot required, 0x2: DMA Protection required, 0x4: HyperV not supported for Guest VM, 0x8: HyperV feature isn't available. @@ -1353,7 +1353,7 @@ Node for the firewall query. -Integer that specifies the status of the firewall. Valid values: 0 - Firewall is on and monitoring, 1 - Firewall has been disabled, 2 - Firewall is not monitoring all networks or some rules have been turned off, 3 (default) - Firewall is temporarily not monitoring all networks, 4 - Not applicable. This is returned for devices like the phone that do not have an antivirus (where the API doesn't exist.) +Integer that specifies the status of the firewall. Valid values: 0 - Firewall is on and monitoring, 1 - Firewall has been disabled, 2 - Firewall isn't monitoring all networks or some rules have been turned off, 3 (default) - Firewall is temporarily not monitoring all networks, 4 - Not applicable. This is returned for devices like the phone that don't have an antivirus (where the API doesn't exist.) diff --git a/windows/client-management/mdm/diagnosticlog-csp.md b/windows/client-management/mdm/diagnosticlog-csp.md index d48459cfcc..91047e273f 100644 --- a/windows/client-management/mdm/diagnosticlog-csp.md +++ b/windows/client-management/mdm/diagnosticlog-csp.md @@ -901,7 +901,7 @@ To gather diagnostics using this CSP: -Each dynamic node represents a registered 'Collector' node. CSP will maintain an ETW trace session for this collector with its name used as a unique identifier. In a collector, a valid ETW provider can be registered and unregistered. The collector's associated trace session will enable the registered providers in it if the provider's state is 'Enabled'. Each provider's state, trace level and keywords can be controlled separately. The name of this node must not be a valid Windows event channel name. It can be a etw provider guid as long as it is not equal to an already registered 'Provider' node name. +Each dynamic node represents a registered 'Collector' node. CSP will maintain an ETW trace session for this collector with its name used as a unique identifier. In a collector, a valid ETW provider can be registered and unregistered. The collector's associated trace session will enable the registered providers in it if the provider's state is 'Enabled'. Each provider's state, trace level and keywords can be controlled separately. The name of this node mustn't be a valid Windows event channel name. It can be a etw provider guid as long as it isn't equal to an already registered 'Provider' node name. @@ -2264,9 +2264,9 @@ If you disable or don't configure this policy setting, the locally configured va | Value | Description | |:--|:--| -| Truncate | When the log file reaches its maximum file size, new events are not written to the log and are lost. | +| Truncate | When the log file reaches its maximum file size, new events aren't written to the log and are lost. | | Overwrite | When the log file reaches its maximum file size, new events overwrite old events. | -| Archive | When the log file reaches its maximum size, the log file is saved to the location specified by the "Archive Location" policy setting. If archive location value is not set, the new file is saved in the same directory as current log file. | +| Archive | When the log file reaches its maximum size, the log file is saved to the location specified by the "Archive Location" policy setting. If archive location value isn't set, the new file is saved in the same directory as current log file. | diff --git a/windows/client-management/mdm/dmacc-csp.md b/windows/client-management/mdm/dmacc-csp.md index 6791909bda..ecfe0c99d9 100644 --- a/windows/client-management/mdm/dmacc-csp.md +++ b/windows/client-management/mdm/dmacc-csp.md @@ -125,7 +125,7 @@ node is generated from the 256-bit version of SHA-2 hash of the w7 PROVIDER-ID p -Specifies the application authentication preference. Supported values: BASIC, DIGEST. If this value is empty, the client attempts to use the authentication mechanism negotiated in the previous session if one exists. If the value is empty, no previous session exists, and MD5 credentials exist, clients try MD5 authorization first. If the criteria are not met then the client tries BASIC authorization first. +Specifies the application authentication preference. Supported values: BASIC, DIGEST. If this value is empty, the client attempts to use the authentication mechanism negotiated in the previous session if one exists. If the value is empty, no previous session exists, and MD5 credentials exist, clients try MD5 authorization first. If the criteria aren't met then the client tries BASIC authorization first. @@ -537,7 +537,7 @@ Defines one set of authentication settings. When mapping the [w7 APPLICATION](w7 -Specifies the next nonce used for authentication. "Nonce" refers to a number used once. It is often a random or pseudo-random number issued in an authentication protocol to ensure that old communications cannot be reused in repeat attacks. +Specifies the next nonce used for authentication. "Nonce" refers to a number used once. It's often a random or pseudo-random number issued in an authentication protocol to ensure that old communications can't be reused in repeat attacks. @@ -1336,7 +1336,7 @@ The acceptable access roles for this node can't be more than the roles assigned -The SSLCLIENTCERTSEARCHCRITERIA parameter is used to specify the client certificate search criteria. This parameter supports search by subject attribute and certificate stores. If any other criteria are provided, it is ignored. The string is a concatenation of name/value pairs, each member of the pair delimited by the "&" character. The name and values are delimited by the "=" character. If there are multiple values, each value is delimited by the Unicode character "U+F000". If the name or value contains characters not in the UNRESERVED set (as specified in RFC2396), then those characters are URI-escaped per the RFC. The supported names are Subject and Stores; wildcard certificate search is not supported. Stores specifies which certificate stores the DM client will search to find the SSL client certificate. The valid store value is My%5CUser. The store name is not case sensitive. Subject specifies the certificate to search for. For example, to specify that you want a certificate with a particular Subject attribute ("CN=Tester,O=Microsoft"), use the following: +The SSLCLIENTCERTSEARCHCRITERIA parameter is used to specify the client certificate search criteria. This parameter supports search by subject attribute and certificate stores. If any other criteria are provided, it's ignored. The string is a concatenation of name/value pairs, each member of the pair delimited by the "&" character. The name and values are delimited by the "=" character. If there are multiple values, each value is delimited by the Unicode character "U+F000". If the name or value contains characters not in the UNRESERVED set (as specified in RFC2396), then those characters are URI-escaped per the RFC. The supported names are Subject and Stores; wildcard certificate search isn't supported. Stores specifies which certificate stores the DM client will search to find the SSL client certificate. The valid store value is My%5CUser. The store name isn't case sensitive. Subject specifies the certificate to search for. For example, to specify that you want a certificate with a particular Subject attribute ("CN=Tester,O=Microsoft"), use the following: @@ -1404,7 +1404,7 @@ the UUID of the device. | Value | Description | |:--|:--| | 0 (Default) | An application-specific GUID is returned for the ./DevInfo/DevID rather than the hardware device ID. | -| 1 | The hardware device ID will be provided for the ./DevInfo/DevID element and the Source LocURI for the OMA DM package that is sent to the server. | +| 1 | The hardware device ID will be provided for the ./DevInfo/DevID element and the Source LocURI for the OMA DM package that's sent to the server. | @@ -1456,7 +1456,7 @@ true: Nonce resynchronization is enabled. | Value | Description | |:--|:--| -| 0 (Default) | The client does not try to authenticate the notification with the backup server nonce if authentication to the stored nonce fails. | +| 0 (Default) | The client doesn't try to authenticate the notification with the backup server nonce if authentication to the stored nonce fails. | | 1 | The client initiates a DM session if the backup server nonce is received after authentication failed. | diff --git a/windows/client-management/mdm/dmclient-csp.md b/windows/client-management/mdm/dmclient-csp.md index a5dbfdc64f..6bf14c7333 100644 --- a/windows/client-management/mdm/dmclient-csp.md +++ b/windows/client-management/mdm/dmclient-csp.md @@ -351,7 +351,7 @@ For more information about Azure AD enrollment, see [Azure Active Directory inte -For Azure AD backed enrollments, this will cause the client to send a Device Token if the User Token cannot be obtained. +For Azure AD backed enrollments, this will cause the client to send a Device Token if the User Token can't be obtained. @@ -372,8 +372,8 @@ For Azure AD backed enrollments, this will cause the client to send a Device Tok | Value | Description | |:--|:--| -| false | Do not send Device Token if User Token cannot be obtained. | -| true | Send Device Token if User Token cannot be obtained. | +| false | Don't send Device Token if User Token can't be obtained. | +| true | Send Device Token if User Token can't be obtained. | @@ -438,7 +438,7 @@ The time in OMA DM standard time format. This node is designed to reduce the ris -Configures the identifier used to uniquely associate this diagnostic data of this device as belonging to a given organization. If your organization is participating in a program that requires this device to be identified as belonging to your organization then use this setting to provide that identification. The value for this setting will be provided by Microsoft as part of the onboarding process for the program. If you disable or do not configure this policy setting, then Microsoft will not be able to use this identifier to associate this machine and its diagnostic data with your organization. +Configures the identifier used to uniquely associate this diagnostic data of this device as belonging to a given organization. If your organization is participating in a program that requires this device to be identified as belonging to your organization then use this setting to provide that identification. The value for this setting will be provided by Microsoft as part of the onboarding process for the program. If you disable or don't configure this policy setting, then Microsoft won't be able to use this identifier to associate this machine and its diagnostic data with your organization. @@ -607,7 +607,7 @@ The node returns the boolean value whether the device is a SecureCore PC. -This node, when it is set, tells the client to set how many minutes the device should be temporarily unlocked from SecureCore settings protection. The default value is 480. +This node, when it's set, tells the client to set how many minutes the device should be temporarily unlocked from SecureCore settings protection. The default value is 480. @@ -895,7 +895,7 @@ Specifies the body text of the all done page that appears at the end of the MDM -Specifies the URL that is shown at the end of the MDM enrollment flow. +Specifies the URL that's shown at the end of the MDM enrollment flow. @@ -934,7 +934,7 @@ Specifies the URL that is shown at the end of the MDM enrollment flow. -Specifies the display text for the URL that is shown at the end of the MDM enrollment flow. +Specifies the display text for the URL that's shown at the end of the MDM enrollment flow. @@ -1012,7 +1012,7 @@ Specifies the title of the all done page that appears at the end of the MDM enro -A boolean value that specifies whether the DM client should send out a request pending alert in case the device response to a DM request is too slow. When the server sends a configuration request, sometimes it takes the client longer than the HTTP timeout to get all information together and then the session ends unexpectedly due to timeout. By default, the MDM client does not send an alert that a DM request is pending. To work around the timeout, you can use this setting to keep the session alive by sending a heartbeat message back to the server. This is achieved by sending a SyncML message with a specific device alert element in the body until the client is able to respond back to the server with the requested information. +A boolean value that specifies whether the DM client should send out a request pending alert in case the device response to a DM request is too slow. When the server sends a configuration request, sometimes it takes the client longer than the HTTP timeout to get all information together and then the session ends unexpectedly due to timeout. By default, the MDM client doesn't send an alert that a DM request is pending. To work around the timeout, you can use this setting to keep the session alive by sending a heartbeat message back to the server. This is achieved by sending a SyncML message with a specific device alert element in the body until the client is able to respond back to the server with the requested information. @@ -1260,7 +1260,7 @@ This node specifies how the client will perform the app layer signing and encryp -This node, when it is set, tells the client to use the certificate even when the client cannot check the certificate's revocation status because the device is offline. The default value is set. +This node, when it's set, tells the client to use the certificate even when the client can't check the certificate's revocation status because the device is offline. The default value is set. @@ -1428,7 +1428,7 @@ Character string that contains the unique enterprise device ID. The value is set -Character string that contains the unique Exchange device ID used by the Outlook account of the user the session is running against. This is useful for the enterprise management server to correlate and merge records for a device that is managed by exchange and natively managed by a dedicated management server. +Character string that contains the unique Exchange device ID used by the Outlook account of the user the session is running against. This is useful for the enterprise management server to correlate and merge records for a device that's managed by exchange and natively managed by a dedicated management server. @@ -1541,7 +1541,7 @@ This node decides whether or not the MDM progress page displays the Collect Logs | Value | Description | |:--|:--| -| false (Default) | Do not show the Collect Logs button on the progress page. | +| false (Default) | Don't show the Collect Logs button on the progress page. | | true | Show the Collect Logs button on the progress page. | @@ -1658,7 +1658,7 @@ This node allows the MDM to set custom error text, detailing what the user needs -This node contains a list of LocURIs that refer to App Packages the ISV expects to provision via EnterpriseModernAppManagement CSP, delimited by the character L"\xF000". The LocURI will be followed by a semicolon and a number, representing the amount of apps included in the App Package. We will not verify that number. E. G. ./Vendor/MSFT/EnterpriseModernAppManagement/AppManagement/AppStore/PackageFamilyName/PackageFullName/Name;4"\xF000" ./Vendor/MSFT/EnterpriseModernAppManagement/AppManagement/AppStore/PackageFamilyName/PackageFullName2/Name;2 Which will represent that App Package PackageFullName contains 4 apps, whereas PackageFullName2 contains 2 apps. +This node contains a list of LocURIs that refer to App Packages the ISV expects to provision via EnterpriseModernAppManagement CSP, delimited by the character L"\xF000". The LocURI will be followed by a semicolon and a number, representing the number of apps included in the App Package. We won't verify that number. E. G. ./Vendor/MSFT/EnterpriseModernAppManagement/AppManagement/AppStore/PackageFamilyName/PackageFullName/Name;4"\xF000" ./Vendor/MSFT/EnterpriseModernAppManagement/AppManagement/AppStore/PackageFamilyName/PackageFullName2/Name;2 Which will represent that App Package PackageFullName contains 4 apps, whereas PackageFullName2 contains 2 apps. @@ -1698,7 +1698,7 @@ This node contains a list of LocURIs that refer to App Packages the ISV expects -This node contains a list of LocURIs that refer to App Packages the ISV expects to provision via EnterpriseDesktopAppManagement CSP, delimited by the character L"\xF000". The LocURI will be followed by a semicolon and a number, representing the amount of apps included in the App Package. We will not verify that number. E. G. ./User/Vendor/MSFT/EnterpriseDesktopAppManagement/MSI/ProductID1/Status;4"\xF000" ./User/Vendor/MSFT/EnterpriseDesktopAppManagement/MSI/ProductID2/Status;2 Which will represent that App Package ProductID1 contains 4 apps, whereas ProductID2 contains 2 apps. +This node contains a list of LocURIs that refer to App Packages the ISV expects to provision via EnterpriseDesktopAppManagement CSP, delimited by the character L"\xF000". The LocURI will be followed by a semicolon and a number, representing the number of apps included in the App Package. We won't verify that number. E. G. ./User/Vendor/MSFT/EnterpriseDesktopAppManagement/MSI/ProductID1/Status;4"\xF000" ./User/Vendor/MSFT/EnterpriseDesktopAppManagement/MSI/ProductID2/Status;2 Which will represent that App Package ProductID1 contains 4 apps, whereas ProductID2 contains 2 apps. @@ -1898,7 +1898,7 @@ This node contains a list of LocURIs that refer to SCEP certs the ISV expects to -This node, when doing a get, tells the server if the "First Syncs" are done and the device is fully provisioned. When doing a Set, this triggers the UX to override whatever state it is in and tell the user that the device is provisioned. It cannot be set from True to False (it will not change its mind on whether or not the sync is done), and it cannot be set from True to True (to prevent notifications from firing multiple times). This node only applies to the user MDM status page (on a per user basis). +This node, when doing a get, tells the server if the "First Syncs" are done and the device is fully provisioned. When doing a Set, this triggers the UX to override whatever state it's in and tell the user that the device is provisioned. It can't be set from True to False (it won't change its mind on whether or not the sync is done), and it can't be set from True to True (to prevent notifications from firing multiple times). This node only applies to the user MDM status page (on a per user basis). @@ -1919,7 +1919,7 @@ This node, when doing a get, tells the server if the "First Syncs" are done and | Value | Description | |:--|:--| -| false | The device is not finished provisioning. | +| false | The device isn't finished provisioning. | | true | The device has finished provisioning. | @@ -1946,7 +1946,7 @@ This node, when doing a get, tells the server if the "First Syncs" are done and -This node is set by the server to inform the UX that the server has finished provisioning the device. This was added so that the server can "change its mind" about what it needs to provision on the device. When this node is set, many other DM Client nodes will no longer be able to be changed. If this node is not True, the UX will consider the provisioning a failure. Once set to true, it would reject attempts to change it back to false with CFGMGR_E_COMMANDNOTALLOWED. This node applies to the per user expected policies and resources lists. +This node is set by the server to inform the UX that the server has finished provisioning the device. This was added so that the server can "change its mind" about what it needs to provision on the device. When this node is set, many other DM Client nodes will no longer be able to be changed. If this node isn't True, the UX will consider the provisioning a failure. Once set to true, it would reject attempts to change it back to false with CFGMGR_E_COMMANDNOTALLOWED. This node applies to the per user expected policies and resources lists. @@ -1967,7 +1967,7 @@ This node is set by the server to inform the UX that the server has finished pro | Value | Description | |:--|:--| -| false | Server has not finished provisioning. | +| false | Server hasn't finished provisioning. | | true | Server has finished provisioning. | @@ -2016,7 +2016,7 @@ Device only. This node decides whether or not the MDM device progress page skips | Value | Description | |:--|:--| -| false | Do not skip the device progress page after Azure AD joined or Hybrid Azure AD joined in OOBE. | +| false | Don't skip the device progress page after Azure AD joined or Hybrid Azure AD joined in OOBE. | | true (Default) | Skip the device progress page after Azure AD joined or Hybrid Azure AD joined in OOBE. | @@ -2065,7 +2065,7 @@ Device only. This node decides whether or not the MDM user progress page skips a | Value | Description | |:--|:--| -| false | Do not skip the MGM user progress page after Azure AD joined or Hybrid Azure AD joined in OOBE. | +| false | Don't skip the MGM user progress page after Azure AD joined or Hybrid Azure AD joined in OOBE. | | true (Default) | Skip the MGM user progress page after Azure AD joined or Hybrid Azure AD joined in OOBE. | @@ -2133,7 +2133,7 @@ This node determines how long we will poll until we surface an error message to -Integer node determining if a Device was Successfully provisioned. 0 is failure, 1 is success, 2 is in progress. Once the value is changed to 0 or 1, the value cannot be changed again. The client will change the value of success or failure and update the node. The server can, however, force a failure or success message to appear on the device by setting this value and then setting the IsSyncDone node to true. This node only applies to the user MDM status page (on a per user basis). +Integer node determining if a Device was Successfully provisioned. 0 is failure, 1 is success, 2 is in progress. Once the value is changed to 0 or 1, the value can't be changed again. The client will change the value of success or failure and update the node. The server can, however, force a failure or success message to appear on the device by setting this value and then setting the IsSyncDone node to true. This node only applies to the user MDM status page (on a per user basis). @@ -2203,7 +2203,7 @@ Force device to send device AAD token during check-in as a separate header. | Value | Description | |:--|:--| -| 0 | ForceAadTokenNotDefined: the value is not defined(default). | +| 0 | ForceAadTokenNotDefined: the value isn't defined(default). | | 1 | AlwaysSendAadDeviceTokenCheckIn: always send AAD device token during check-in as a separate header section(not as Bearer token). | | 2 | Reserved for future. AlwaysSendAadUserTokenCheckin: always send AAD user token during check-in as a separate header section(not as Bearer token). | | 4 | SendAadDeviceTokenForAuth: to replace AADSendDeviceToken, send AAD Device token for auth as Bearer token. | @@ -2650,7 +2650,7 @@ This is an execution node and will trigger a silent MMP-C unenroll, there is no -The list of management server URLs in the format `` `` ``, and so on. If there is only one, the angle brackets (<>) are not required. The < and > should be escaped. If ManagementServerAddressList node is set, the device will only use the server URL configured in this node and ignore the ManagementServiceAddress value. When the server is not responding after a specified number of retries, the device tries to use the next server URL in the list until it gets a successful connection. After the server list is updated, the client uses the updated list at the next session starting with the first on in the list. +The list of management server URLs in the format `` `` ``, and so on. If there is only one, the angle brackets (<>) aren't required. The `< and >` should be escaped. If ManagementServerAddressList node is set, the device will only use the server URL configured in this node and ignore the ManagementServiceAddress value. When the server isn't responding after a specified number of retries, the device tries to use the next server URL in the list until it gets a successful connection. After the server list is updated, the client uses the updated list at the next session starting with the first on in the list. @@ -2743,7 +2743,7 @@ Specify the Discovery server URL of the MDM server to upgrade to for a MAM enrol -The character string that contains the device management server address. It can be updated during an OMA DM session by the management server to allow the server to load balance to another server in situations where too many devices are connected to the server. The DMClient CSP will save the address to the same location as the w7 and DMS CSPs to ensure the management client has a single place to retrieve the current server address. The initial value for this node is the same server address value as bootstrapped via the [w7 APPLICATION](w7-application-csp.md) configuration service provider. Starting in Windows 10, version 1511, this node supports multiple server addresses in the format `` `` ``. If there is only a single URL, then the <> are not required. This is supported for both desktop and mobile devices. During a DM session, the device will use the first address on the list and then keep going down the list until a successful connection is achieved. The DM client should cache the successfully connected server URL for the next session. +The character string that contains the device management server address. It can be updated during an OMA DM session by the management server to allow the server to load balance to another server in situations where too many devices are connected to the server. The DMClient CSP will save the address to the same location as the w7 and DMS CSPs to ensure the management client has a single place to retrieve the current server address. The initial value for this node is the same server address value as bootstrapped via the [w7 APPLICATION](w7-application-csp.md) configuration service provider. Starting in Windows 10, version 1511, this node supports multiple server addresses in the format `` `` ``. If there is only a single URL, then the <> aren't required. This is supported for both desktop and mobile devices. During a DM session, the device will use the first address on the list and then keep going down the list until a successful connection is achieved. The DM client should cache the successfully connected server URL for the next session. @@ -2864,7 +2864,7 @@ Used by the client to indicate the latest DM session version that it supports. -The waiting time (in minutes) for the initial set of retries as specified by the number of retries in NumberOfScheduledRetriesForUserSession. If IntervalForScheduledRetriesForUserSession is not set, then the default value is used. Default value is 1440. If the value is 0, this schedule is disabled. +The waiting time (in minutes) for the initial set of retries as specified by the number of retries in NumberOfScheduledRetriesForUserSession. If IntervalForScheduledRetriesForUserSession isn't set, then the default value is used. Default value is 1440. If the value is 0, this schedule is disabled. @@ -2987,7 +2987,7 @@ Optional. Maximum number of concurrent user sync sessions in background. Default -The number of times the DM client should retry connecting to the server when the client is initially configured/enrolled to communicate with the server. Default value is 0. If the value is 0 and IntervalForScheduledRetriesForUserSession is not 0, then the schedule will be set to repeat for an infinite number of times. +The number of times the DM client should retry connecting to the server when the client is initially configured/enrolled to communicate with the server. Default value is 0. If the value is 0 and IntervalForScheduledRetriesForUserSession isn't 0, then the schedule will be set to repeat for an infinite number of times. @@ -3106,7 +3106,7 @@ Polling schedules must utilize the DMClient CSP. The Registry paths previously a -Boolean value that allows the IT admin to require the device to start a management session on first user login for all NT users. A session is only kicked off the first time a user logs in to the system; subsequent logins will not trigger an MDM session. Login is not the same as device unlock. Default value is false, where polling is disabled on first login. Supported values are true or false. +Boolean value that allows the IT admin to require the device to start a management session on first user login for all NT users. A session is only kicked off the first time a user logs in to the system; subsequent logins won't trigger an MDM session. Login isn't the same as device unlock. Default value is false, where polling is disabled on first login. Supported values are true or false. @@ -3155,7 +3155,7 @@ Boolean value that allows the IT admin to require the device to start a manageme -The waiting time (in minutes) for the initial set of retries as specified by the number of retries in /``/Poll/NumberOfFirstRetries. If IntervalForFirstSetOfRetries is not set, then the default value is used. The default value is 15. If the value is set to 0, this schedule is disabled. +The waiting time (in minutes) for the initial set of retries as specified by the number of retries in /``/Poll/NumberOfFirstRetries. If IntervalForFirstSetOfRetries isn't set, then the default value is used. The default value is 15. If the value is set to 0, this schedule is disabled. @@ -3272,7 +3272,7 @@ The waiting time (in minutes) for the second set of retries as specified by the -The number of times the DM client should retry to connect to the server when the client is initially configured or enrolled to communicate with the server. If the value is set to 0 and the IntervalForFirstSetOfRetries value is not 0, then the schedule will be set to repeat an infinite number of times and second set and this set of schedule will not set in this case. The default value is 10. The first set of retries is intended to give the management server some buffered time to be ready to send policies and settings configuration to the device. The total time for first set of retries should not be more than a few hours. The server should not set NumberOfFirstRetries to be 0. RemainingScheduledRetries is used for the long run device polling schedule. +The number of times the DM client should retry to connect to the server when the client is initially configured or enrolled to communicate with the server. If the value is set to 0 and the IntervalForFirstSetOfRetries value isn't 0, then the schedule will be set to repeat an infinite number of times and second set and this set of schedule won't set in this case. The default value is 10. The first set of retries is intended to give the management server some buffered time to be ready to send policies and settings configuration to the device. The total time for first set of retries shouldn't be more than a few hours. The server shouldn't set NumberOfFirstRetries to be 0. RemainingScheduledRetries is used for the long run device polling schedule. @@ -3311,7 +3311,7 @@ The number of times the DM client should retry to connect to the server when the -The number of times the DM client should retry connecting to the server when the client is initially configured/enrolled to communicate with the server. Default value is 0. If the value is set to 0 and IntervalForRemainingScheduledRetries AND the first and second set of retries are not set as infinite retries, then the schedule will be set to repeat for an infinite number of times. However, if either or both of the first and second set of retries are set as infinite, then this schedule will be disabled. The RemainingScheduledRetries is used for the long run device polling schedule. IntervalForRemainingScheduledRetries should not be set smaller than 1440 minutes (24 hours) in Windows Phone 8.1 device. Windows Phone 8.1 supports MDM server push. +The number of times the DM client should retry connecting to the server when the client is initially configured/enrolled to communicate with the server. Default value is 0. If the value is set to 0 and IntervalForRemainingScheduledRetries AND the first and second set of retries aren't set as infinite retries, then the schedule will be set to repeat for an infinite number of times. However, if either or both of the first and second set of retries are set as infinite, then this schedule will be disabled. The RemainingScheduledRetries is used for the long run device polling schedule. IntervalForRemainingScheduledRetries shouldn't be set smaller than 1440 minutes (24 hours) in Windows Phone 8.1 device. Windows Phone 8.1 supports MDM server push. @@ -3350,7 +3350,7 @@ The number of times the DM client should retry connecting to the server when the -The number of times the DM client should retry a second round of connecting to the server when the client is initially configured/enrolled to communicate with the server. Default value is 0. If the value is set to 0 and IntervalForSecondSetOfRetries is not set to 0 AND the first set of retries is not set as infinite retries, then the schedule repeats an infinite number of times. However, if the first set of retries is set at infinite, then this schedule is disabled. The second set of retries is also optional and temporarily retries that the total duration should be last for more than a day. And the IntervalForSecondSetOfRetries should be longer than IntervalForFirstSetOfRetries. RemainingScheduledRetries is used for the long run device polling schedule. +The number of times the DM client should retry a second round of connecting to the server when the client is initially configured/enrolled to communicate with the server. Default value is 0. If the value is set to 0 and IntervalForSecondSetOfRetries isn't set to 0 AND the first set of retries isn't set as infinite retries, then the schedule repeats an infinite number of times. However, if the first set of retries is set at infinite, then this schedule is disabled. The second set of retries is also optional and temporarily retries that the total duration should be last for more than a day. And the IntervalForSecondSetOfRetries should be longer than IntervalForFirstSetOfRetries. RemainingScheduledRetries is used for the long run device polling schedule. @@ -3389,7 +3389,7 @@ The number of times the DM client should retry a second round of connecting to t -Boolean value that allows the IT admin to require the device to start a management session on any user login, regardless of if the user has preciously logged in. Login is not the same as device unlock. Default value is false, where polling is disabled on first login. Supported values are true or false. +Boolean value that allows the IT admin to require the device to start a management session on any user login, regardless of if the user has preciously logged in. Login isn't the same as device unlock. Default value is false, where polling is disabled on first login. Supported values are true or false. @@ -3438,7 +3438,7 @@ Boolean value that allows the IT admin to require the device to start a manageme -The PublisherDeviceID is a device-unique ID created based on the enterprise Publisher ID. Publisher ID is created based on the enterprise application token and enterprise ID via ./Vendor/MSFT/EnterpriseAppManagement/``/EnrollmentToken. It is to ensure that for one enterprise, each device has a unique ID associated with it. For the same device, if it has multiple enterprises' applications, each enterprise is identified differently. +The PublisherDeviceID is a device-unique ID created based on the enterprise Publisher ID. Publisher ID is created based on the enterprise application token and enterprise ID via ./Vendor/MSFT/EnterpriseAppManagement/``/EnrollmentToken. It's to ensure that for one enterprise, each device has a unique ID associated with it. For the same device, if it has multiple enterprises' applications, each enterprise is identified differently. @@ -3555,7 +3555,7 @@ A string that contains the channel that the WNS client has negotiated for the OM -A string provided by the Windows 10 ecosystem for an MDM solution. Used to register a device for Push Notifications. The server must use the same PFN as the devices it is managing. +A string provided by the Windows 10 ecosystem for an MDM solution. Used to register a device for Push Notifications. The server must use the same PFN as the devices it's managing. @@ -3695,7 +3695,7 @@ This node determines whether or not the client will automatically initiate a MDM | Value | Description | |:--|:--| | 1 | MDM Recovery is allowed. | -| 0 (Default) | MDM Recovery is not allowed. | +| 0 (Default) | MDM Recovery isn't allowed. | @@ -3744,7 +3744,7 @@ This node initiates a recovery action. The server can specify prerequisites befo | Value | Description | |:--|:--| | 0 (Default) | Initiate MDM Recovery. | -| 1 | Initiate Recovery if Keys are not already protected by the TPM, there is a TPM to put the keys into, AAD keys are protected by TPM, and the TPM is ready for attestation. | +| 1 | Initiate Recovery if Keys aren't already protected by the TPM, there is a TPM to put the keys into, AAD keys are protected by TPM, and the TPM is ready for attestation. | @@ -3770,7 +3770,7 @@ This node initiates a recovery action. The server can specify prerequisites befo -This node tracks the status of a Recovery request from the InitiateRecovery node. 0 - No Recovery request has been processed. 1 - Recovery is in Process. 2 - Recovery has finished successfully. 3 - Recovery has failed to start because TPM is not available. 4 - Recovery has failed to start because AAD keys are not protected by the TPM. 5 - Recovery has failed to start because the MDM keys are already protected by the TPM. 6 - Recovery has failed to start because the TPM is not ready for attestation. 7 - Recovery has failed because the client cannot authenticate to the server. 8 - Recovery has failed because the server has rejected the client's request. +This node tracks the status of a Recovery request from the InitiateRecovery node. 0 - No Recovery request has been processed. 1 - Recovery is in Process. 2 - Recovery has finished successfully. 3 - Recovery has failed to start because TPM isn't available. 4 - Recovery has failed to start because AAD keys aren't protected by the TPM. 5 - Recovery has failed to start because the MDM keys are already protected by the TPM. 6 - Recovery has failed to start because the TPM isn't ready for attestation. 7 - Recovery has failed because the client can't authenticate to the server. 8 - Recovery has failed because the server has rejected the client's request. @@ -3832,7 +3832,7 @@ Primarily used for SSL bridging mode where firewalls and proxies are deployed an | Value | Description | |:--|:--| -| false (Default) | The device management client does not include authentication information in the management session HTTP header. | +| false (Default) | The device management client doesn't include authentication information in the management session HTTP header. | | true | The client authentication information is provided in the management session HTTP header. | @@ -4079,7 +4079,7 @@ The node accepts unenrollment requests by way of the OMA DM Exec command and cal -For provisioning packages only. Specifies the list of servers (semicolon delimited). The first server in the semicolon-delimited list is the server that will be used to instantiate MDM sessions. The list can be a permutation or a subset of the existing server list. You cannot add new servers to the list using this node. +For provisioning packages only. Specifies the list of servers (semicolon delimited). The first server in the semicolon-delimited list is the server that will be used to instantiate MDM sessions. The list can be a permutation or a subset of the existing server list. You can't add new servers to the list using this node. @@ -4258,7 +4258,7 @@ This node decides whether or not the MDM progress page displays the Collect Logs | Value | Description | |:--|:--| -| false (Default) | Do not show the Collect Logs button on the progress page. | +| false (Default) | Don't show the Collect Logs button on the progress page. | | true | Show the Collect Logs button on the progress page. | @@ -4324,7 +4324,7 @@ This node allows the MDM to set custom error text, detailing what the user needs -This node contains a list of LocURIs that refer to App Packages the ISV expects to provision via EnterpriseModernAppManagement CSP, delimited by the character L"\xF000". The LocURI will be followed by a semicolon and a number, representing the amount of apps included in the App Package. We will not verify that number. E. G. ./Vendor/MSFT/EnterpriseModernAppManagement/AppManagement/AppStore/PackageFamilyName/PackageFullName/Name;4"\xF000" ./Vendor/MSFT/EnterpriseModernAppManagement/AppManagement/AppStore/PackageFamilyName/PackageFullName2/Name;2 Which will represent that App Package PackageFullName contains 4 apps, whereas PackageFullName2 contains 2 apps. This is per user. +This node contains a list of LocURIs that refer to App Packages the ISV expects to provision via EnterpriseModernAppManagement CSP, delimited by the character L"\xF000". The LocURI will be followed by a semicolon and a number, representing the number of apps included in the App Package. We won't verify that number. E. G. ./Vendor/MSFT/EnterpriseModernAppManagement/AppManagement/AppStore/PackageFamilyName/PackageFullName/Name;4"\xF000" ./Vendor/MSFT/EnterpriseModernAppManagement/AppManagement/AppStore/PackageFamilyName/PackageFullName2/Name;2 Which will represent that App Package PackageFullName contains 4 apps, whereas PackageFullName2 contains 2 apps. This is per user. @@ -4364,7 +4364,7 @@ This node contains a list of LocURIs that refer to App Packages the ISV expects -This node contains a list of LocURIs that refer to App Packages the ISV expects to provision via EnterpriseDesktopAppManagement CSP, delimited by the character L"\xF000". The LocURI will be followed by a semicolon and a number, representing the amount of apps included in the App Package. We will not verify that number. E. G. ./User/Vendor/MSFT/EnterpriseDesktopAppManagement/MSI/ProductID1/Status;4"\xF000" ./User/Vendor/MSFT/EnterpriseDesktopAppManagement/MSI/ProductID2/Status;2 Which will represent that App Package ProductID1 contains 4 apps, whereas ProductID2 contains 2 apps. This is per user. +This node contains a list of LocURIs that refer to App Packages the ISV expects to provision via EnterpriseDesktopAppManagement CSP, delimited by the character L"\xF000". The LocURI will be followed by a semicolon and a number, representing the number of apps included in the App Package. We won't verify that number. E. G. ./User/Vendor/MSFT/EnterpriseDesktopAppManagement/MSI/ProductID1/Status;4"\xF000" ./User/Vendor/MSFT/EnterpriseDesktopAppManagement/MSI/ProductID2/Status;2 Which will represent that App Package ProductID1 contains 4 apps, whereas ProductID2 contains 2 apps. This is per user. @@ -4564,7 +4564,7 @@ This node contains a list of LocURIs that refer to SCEP certs the ISV expects to -This node, when doing a get, tells the server if the "First Syncs" are done and the device is fully provisioned. When doing a Set, this triggers the UX to override whatever state it is in and tell the user that the device is provisioned. It cannot be set from True to False (it will not change its mind on whether or not the sync is done), and it cannot be set from True to True (to prevent notifications from firing multiple times). This node only applies to the user MDM status page (on a per user basis). +This node, when doing a get, tells the server if the "First Syncs" are done and the device is fully provisioned. When doing a Set, this triggers the UX to override whatever state it's in and tell the user that the device is provisioned. It can't be set from True to False (it won't change its mind on whether or not the sync is done), and it can't be set from True to True (to prevent notifications from firing multiple times). This node only applies to the user MDM status page (on a per user basis). @@ -4585,7 +4585,7 @@ This node, when doing a get, tells the server if the "First Syncs" are done and | Value | Description | |:--|:--| -| false | The user is not finished provisioning. | +| false | The user isn't finished provisioning. | | true | The user has finished provisioning. | @@ -4612,7 +4612,7 @@ This node, when doing a get, tells the server if the "First Syncs" are done and -This node is set by the server to inform the UX that the server has finished provisioning the device. This was added so that the server can "change its mind" about what it needs to provision on the device. When this node is set, many other DM Client nodes will no longer be able to be changed. If this node is not True, the UX will consider the provisioning a failure. Once set to true, it would reject attempts to change it back to false with CFGMGR_E_COMMANDNOTALLOWED. This node applies to the per user expected policies and resources lists. +This node is set by the server to inform the UX that the server has finished provisioning the device. This was added so that the server can "change its mind" about what it needs to provision on the device. When this node is set, many other DM Client nodes will no longer be able to be changed. If this node isn't True, the UX will consider the provisioning a failure. Once set to true, it would reject attempts to change it back to false with CFGMGR_E_COMMANDNOTALLOWED. This node applies to the per user expected policies and resources lists. @@ -4633,7 +4633,7 @@ This node is set by the server to inform the UX that the server has finished pro | Value | Description | |:--|:--| -| false | Server has not finished provisioning. | +| false | Server hasn't finished provisioning. | | true | Server has finished provisioning. | @@ -4660,7 +4660,7 @@ This node is set by the server to inform the UX that the server has finished pro -Integer node determining if a Device was Successfully provisioned. 0 is failure, 1 is success, 2 is in progress. Once the value is changed to 0 or 1, the value cannot be changed again. The client will change the value of success or failure and update the node. The server can, however, force a failure or success message to appear on the device by setting this value and then setting the IsSyncDone node to true. This node only applies to the user MDM status page (on a per user basis). +Integer node determining if a Device was Successfully provisioned. 0 is failure, 1 is success, 2 is in progress. Once the value is changed to 0 or 1, the value can't be changed again. The client will change the value of success or failure and update the node. The server can, however, force a failure or success message to appear on the device by setting this value and then setting the IsSyncDone node to true. This node only applies to the user MDM status page (on a per user basis). diff --git a/windows/client-management/mdm/email2-csp.md b/windows/client-management/mdm/email2-csp.md index 3bae4eda3c..85def42a46 100644 --- a/windows/client-management/mdm/email2-csp.md +++ b/windows/client-management/mdm/email2-csp.md @@ -261,7 +261,7 @@ Character string that specifies whether the outgoing server requires authenticat 0 for FALSE(default). > [!NOTE] -> If this is not specified then SMTP authentication will not be done. Also, this is different from the SMTPALTENABLED. That is to specify different set of credentials for SMTP. +> If this isn't specified then SMTP authentication won't be done. Also, this is different from the SMTPALTENABLED. That is to specify different set of credentials for SMTP. @@ -282,7 +282,7 @@ Character string that specifies whether the outgoing server requires authenticat | Value | Description | |:--|:--| -| 0 | Server authentication is not required. | +| 0 | Server authentication isn't required. | | 1 | Server authentication is required. | @@ -348,7 +348,7 @@ Character string that specifies the user's password. The same password is used f -Server for calendar sync if it is different from the email server. +Server for calendar sync if it's different from the email server. @@ -504,7 +504,7 @@ If this flag is set, the account only uses the cellular network and not Wi-Fi. -Server for contact sync if it is different from the email server. +Server for contact sync if it's different from the email server. @@ -750,7 +750,7 @@ Character string that specifies how many days' worth of email should be download -Specifies the maximum size for a message attachment. Attachments beyond this size will not be downloaded but it will remain on the server. The message itself will be downloaded. This value can be set only for IMAP4 accounts. The limit is specified in KB. +Specifies the maximum size for a message attachment. Attachments beyond this size won't be downloaded but it will remain on the server. The message itself will be downloaded. This value can be set only for IMAP4 accounts. The limit's specified in KB. @@ -771,7 +771,7 @@ Specifies the maximum size for a message attachment. Attachments beyond this siz | Value | Description | |:--|:--| -| -1 | No limit is enforced. | +| -1 | No limit's enforced. | | 0 | No attachment is downloaded. | | 25 | 25 KB. | | 50 | 50 KB. | @@ -1414,7 +1414,7 @@ Character string that specifies if the incoming email server requires SSL. | Value | Description | |:--|:--| -| 0 | SSL is not required. | +| 0 | SSL isn't required. | | 1 | SSL is required. | @@ -1462,7 +1462,7 @@ Character string that specifies if the outgoing email server requires SSL. | Value | Description | |:--|:--| -| 0 | SSL is not required. | +| 0 | SSL isn't required. | | 1 | SSL is required. | diff --git a/windows/client-management/mdm/enterprisedesktopappmanagement-csp.md b/windows/client-management/mdm/enterprisedesktopappmanagement-csp.md index 49e9c5e78f..b3c89c489f 100644 --- a/windows/client-management/mdm/enterprisedesktopappmanagement-csp.md +++ b/windows/client-management/mdm/enterprisedesktopappmanagement-csp.md @@ -153,7 +153,7 @@ The MSI product code for the application. -Executes the download and installation of the application. In Windows 10, version 1703 service release, a new tag `` was added to the `` section of the XML. The default value is 0 (do not send token). This tag is optional and needs to be set to 1 in case the server wants the download URL to get the AADUserToken. +Executes the download and installation of the application. In Windows 10, version 1703 service release, a new tag `` was added to the `` section of the XML. The default value is 0 (don't send token). This tag is optional and needs to be set to 1 in case the server wants the download URL to get the AADUserToken. @@ -676,7 +676,7 @@ The MSI product code for the application. -Executes the download and installation of the application. In Windows 10, version 1703 service release, a new tag `` was added to the `` section of the XML. The default value is 0 (do not send token). This tag is optional and needs to be set to 1 in case the server wants the download URL to get the AADUserToken. +Executes the download and installation of the application. In Windows 10, version 1703 service release, a new tag `` was added to the `` section of the XML. The default value is 0 (don't send token). This tag is optional and needs to be set to 1 in case the server wants the download URL to get the AADUserToken. diff --git a/windows/client-management/mdm/enterprisemodernappmanagement-csp.md b/windows/client-management/mdm/enterprisemodernappmanagement-csp.md index 255c2497a4..c1f8d41e72 100644 --- a/windows/client-management/mdm/enterprisemodernappmanagement-csp.md +++ b/windows/client-management/mdm/enterprisemodernappmanagement-csp.md @@ -507,7 +507,7 @@ Description of last error relating to the app installation. -An integer the indicates the progress of the app installation. For https locations, this indicates the download progress. ProgressStatus is not available for provisioning and it is only for user-based installations. In provisioning, the value is always 0 (zero). +An integer that indicates the progress of the app installation. For https locations, this indicates the download progress. ProgressStatus isn't available for provisioning and it's only for user-based installations. In provisioning, the value is always 0 (zero). @@ -548,7 +548,7 @@ An integer the indicates the progress of the app installation. For https locatio -Status of app installation. The following values are returned: NOT_INSTALLED (0) - The node was added, but the execution has not completed. INSTALLING (1) - Execution has started, but the deployment has not completed. If the deployment completes regardless of success, this value is updated. FAILED (2) - Installation failed. The details of the error can be found under LastError and LastErrorDescription. INSTALLED (3) - Once an install is successful this node is cleaned up, however in the event the clean up action has not completed, this state may briefly appear. +Status of app installation. The following values are returned: NOT_INSTALLED (0) - The node was added, but the execution hasn't completed. INSTALLING (1) - Execution has started, but the deployment hasn't completed. If the deployment completes regardless of success, this value is updated. FAILED (2) - Installation failed. The details of the error can be found under LastError and LastErrorDescription. INSTALLED (3) - Once an install is successful this node is cleaned up, however in the event the clean up action hasn't completed, this state may briefly appear. @@ -828,7 +828,7 @@ This is a required node. -Category of license that is used to classify various license sources. Valid value: Unknown - unknown license category. Retail - license sold through retail channels, typically from the Microsoft Store. Enterprise - license sold through the enterprise sales channel, typically from the Store for Business. OEM - license issued to an OEM. Developer - developer license, typically installed during the app development or side-loading scenarios. +Category of license that's used to classify various license sources. Valid value: Unknown - unknown license category. Retail - license sold through retail channels, typically from the Microsoft Store. Enterprise - license sold through the enterprise sales channel, typically from the Store for Business. OEM - license issued to an OEM. Developer - developer license, typically installed during the app development or side-loading scenarios. @@ -1584,7 +1584,7 @@ Name of the app. Value type is string. -Provides information about the status of the package. Value type is int. Valid values are: OK (0) - The package is usable. LicenseIssue (1) - The license of the package is not valid. Modified (2) - The package payload was modified by an unknown source. Tampered (4) - The package payload was tampered intentionally. Disabled (8) - The package is not available for use. It can still be serviced. +Provides information about the status of the package. Value type is int. Valid values are: OK (0) - The package is usable. LicenseIssue (1) - The license of the package isn't valid. Modified (2) - The package payload was modified by an unknown source. Tampered (4) - The package payload was tampered intentionally. Disabled (8) - The package isn't available for use. It can still be serviced. @@ -1881,7 +1881,7 @@ This is a required node. -Specify whether on a AMD64 device, across an app update, the architecture of the installed app must not change. For example if you have the x86 flavor of a Windows app installed, with this setting enabled, across an update, the x86 flavor will be installed even when x64 flavor is available. +Specify whether on a AMD64 device, across an app update, the architecture of the installed app mustn't change. For example if you have the x86 flavor of a Windows app installed, with this setting enabled, across an update, the x86 flavor will be installed even when x64 flavor is available. @@ -1959,7 +1959,7 @@ NonRemovable requires admin permission. This setting can only be defined per dev | Value | Description | |:--|:--| -| 0 | App is not in the nonremovable app policy list. | +| 0 | App isn't in the nonremovable app policy list. | | 1 | App is included in the nonremovable app policy list. | @@ -2090,7 +2090,7 @@ Interior node for the managing updates through the Microsoft Store. These settin -Identifier for the app or set of apps. If there is only one app, it is the PackageFamilyName. If it is for a set of apps, it is the PackageFamilyName of the main app. +Identifier for the app or set of apps. If there is only one app, it's the PackageFamilyName. If it's for a set of apps, it's the PackageFamilyName of the main app. @@ -2826,7 +2826,7 @@ Name of the app. Value type is string. -Provides information about the status of the package. Value type is int. Valid values are: OK (0) - The package is usable. LicenseIssue (1) - The license of the package is not valid. Modified (2) - The package payload was modified by an unknown source. Tampered (4) - The package payload was tampered intentionally. Disabled (8) - The package is not available for use. It can still be serviced. +Provides information about the status of the package. Value type is int. Valid values are: OK (0) - The package is usable. LicenseIssue (1) - The license of the package isn't valid. Modified (2) - The package payload was modified by an unknown source. Tampered (4) - The package payload was tampered intentionally. Disabled (8) - The package isn't available for use. It can still be serviced. @@ -3123,7 +3123,7 @@ This is a required node. -Specify whether on a AMD64 device, across an app update, the architecture of the installed app must not change. For example if you have the x86 flavor of a Windows app installed, with this setting enabled, across an update, the x86 flavor will be installed even when x64 flavor is available. +Specify whether on a AMD64 device, across an app update, the architecture of the installed app mustn't change. For example if you have the x86 flavor of a Windows app installed, with this setting enabled, across an update, the x86 flavor will be installed even when x64 flavor is available. @@ -3201,7 +3201,7 @@ NonRemovable requires admin permission. This setting can only be defined per dev | Value | Description | |:--|:--| -| 0 | App is not in the nonremovable app policy list. | +| 0 | App isn't in the nonremovable app policy list. | | 1 | App is included in the nonremovable app policy list. | @@ -3330,7 +3330,7 @@ Interior node for the managing updates through the Microsoft Store. These settin -Identifier for the app or set of apps. If there is only one app, it is the PackageFamilyName. If it is for a set of apps, it is the PackageFamilyName of the main app. +Identifier for the app or set of apps. If there is only one app, it's the PackageFamilyName. If it's for a set of apps, it's the PackageFamilyName of the main app. @@ -4045,7 +4045,7 @@ Name of the app. Value type is string. -Provides information about the status of the package. Value type is int. Valid values are: OK (0) - The package is usable. LicenseIssue (1) - The license of the package is not valid. Modified (2) - The package payload was modified by an unknown source. Tampered (4) - The package payload was tampered intentionally. Disabled (8) - The package is not available for use. It can still be serviced. +Provides information about the status of the package. Value type is int. Valid values are: OK (0) - The package is usable. LicenseIssue (1) - The license of the package isn't valid. Modified (2) - The package payload was modified by an unknown source. Tampered (4) - The package payload was tampered intentionally. Disabled (8) - The package isn't available for use. It can still be serviced. @@ -4874,7 +4874,7 @@ This is a required node. -Specify whether on a AMD64 device, across an app update, the architecture of the installed app must not change. For example if you have the x86 flavor of a Windows app installed, with this setting enabled, across an update, the x86 flavor will be installed even when x64 flavor is available. +Specify whether on a AMD64 device, across an app update, the architecture of the installed app mustn't change. For example if you have the x86 flavor of a Windows app installed, with this setting enabled, across an update, the x86 flavor will be installed even when x64 flavor is available. @@ -4952,7 +4952,7 @@ NonRemovable requires admin permission. This setting can only be defined per dev | Value | Description | |:--|:--| -| 0 | App is not in the nonremovable app policy list. | +| 0 | App isn't in the nonremovable app policy list. | | 1 | App is included in the nonremovable app policy list. | @@ -5081,7 +5081,7 @@ Interior node for the managing updates through the Microsoft Store. These settin -Identifier for the app or set of apps. If there is only one app, it is the PackageFamilyName. If it is for a set of apps, it is the PackageFamilyName of the main app. +Identifier for the app or set of apps. If there is only one app, it's the PackageFamilyName. If it's for a set of apps, it's the PackageFamilyName of the main app. @@ -5590,7 +5590,7 @@ Description of last error relating to the app installation. -An integer the indicates the progress of the app installation. For https locations, this indicates the download progress. ProgressStatus is not available for provisioning and it is only for user-based installations. In provisioning, the value is always 0 (zero). +An integer that indicates the progress of the app installation. For https locations, this indicates the download progress. ProgressStatus isn't available for provisioning and it's only for user-based installations. In provisioning, the value is always 0 (zero). @@ -5631,7 +5631,7 @@ An integer the indicates the progress of the app installation. For https locatio -Status of app installation. The following values are returned: NOT_INSTALLED (0) - The node was added, but the execution has not completed. INSTALLING (1) - Execution has started, but the deployment has not completed. If the deployment completes regardless of success, this value is updated. FAILED (2) - Installation failed. The details of the error can be found under LastError and LastErrorDescription. INSTALLED (3) - Once an install is successful this node is cleaned up, however in the event the clean up action has not completed, this state may briefly appear. +Status of app installation. The following values are returned: NOT_INSTALLED (0) - The node was added, but the execution hasn't completed. INSTALLING (1) - Execution has started, but the deployment hasn't completed. If the deployment completes regardless of success, this value is updated. FAILED (2) - Installation failed. The details of the error can be found under LastError and LastErrorDescription. INSTALLED (3) - Once an install is successful this node is cleaned up, however in the event the clean up action hasn't completed, this state may briefly appear. @@ -5910,7 +5910,7 @@ This is a required node. -Category of license that is used to classify various license sources. Valid value: Unknown - unknown license category. Retail - license sold through retail channels, typically from the Microsoft Store. Enterprise - license sold through the enterprise sales channel, typically from the Store for Business. OEM - license issued to an OEM. Developer - developer license, typically installed during the app development or side-loading scenarios. +Category of license that's used to classify various license sources. Valid value: Unknown - unknown license category. Retail - license sold through retail channels, typically from the Microsoft Store. Enterprise - license sold through the enterprise sales channel, typically from the Store for Business. OEM - license issued to an OEM. Developer - developer license, typically installed during the app development or side-loading scenarios. @@ -6663,7 +6663,7 @@ Name of the app. Value type is string. -Provides information about the status of the package. Value type is int. Valid values are: OK (0) - The package is usable. LicenseIssue (1) - The license of the package is not valid. Modified (2) - The package payload was modified by an unknown source. Tampered (4) - The package payload was tampered intentionally. Disabled (8) - The package is not available for use. It can still be serviced. +Provides information about the status of the package. Value type is int. Valid values are: OK (0) - The package is usable. LicenseIssue (1) - The license of the package isn't valid. Modified (2) - The package payload was modified by an unknown source. Tampered (4) - The package payload was tampered intentionally. Disabled (8) - The package isn't available for use. It can still be serviced. @@ -7075,7 +7075,7 @@ This is a required node. -Specify whether on a AMD64 device, across an app update, the architecture of the installed app must not change. For example if you have the x86 flavor of a Windows app installed, with this setting enabled, across an update, the x86 flavor will be installed even when x64 flavor is available. +Specify whether on a AMD64 device, across an app update, the architecture of the installed app mustn't change. For example if you have the x86 flavor of a Windows app installed, with this setting enabled, across an update, the x86 flavor will be installed even when x64 flavor is available. @@ -7172,7 +7172,7 @@ Interior node for the managing updates through the Microsoft Store. These settin -Identifier for the app or set of apps. If there is only one app, it is the PackageFamilyName. If it is for a set of apps, it is the PackageFamilyName of the main app. +Identifier for the app or set of apps. If there is only one app, it's the PackageFamilyName. If it's for a set of apps, it's the PackageFamilyName of the main app. @@ -7906,7 +7906,7 @@ Name of the app. Value type is string. -Provides information about the status of the package. Value type is int. Valid values are: OK (0) - The package is usable. LicenseIssue (1) - The license of the package is not valid. Modified (2) - The package payload was modified by an unknown source. Tampered (4) - The package payload was tampered intentionally. Disabled (8) - The package is not available for use. It can still be serviced. +Provides information about the status of the package. Value type is int. Valid values are: OK (0) - The package is usable. LicenseIssue (1) - The license of the package isn't valid. Modified (2) - The package payload was modified by an unknown source. Tampered (4) - The package payload was tampered intentionally. Disabled (8) - The package isn't available for use. It can still be serviced. @@ -8315,7 +8315,7 @@ This is a required node. -Specify whether on a AMD64 device, across an app update, the architecture of the installed app must not change. For example if you have the x86 flavor of a Windows app installed, with this setting enabled, across an update, the x86 flavor will be installed even when x64 flavor is available. +Specify whether on a AMD64 device, across an app update, the architecture of the installed app mustn't change. For example if you have the x86 flavor of a Windows app installed, with this setting enabled, across an update, the x86 flavor will be installed even when x64 flavor is available. @@ -8410,7 +8410,7 @@ Interior node for the managing updates through the Microsoft Store. These settin -Identifier for the app or set of apps. If there is only one app, it is the PackageFamilyName. If it is for a set of apps, it is the PackageFamilyName of the main app. +Identifier for the app or set of apps. If there is only one app, it's the PackageFamilyName. If it's for a set of apps, it's the PackageFamilyName of the main app. @@ -9208,7 +9208,7 @@ Name of the app. Value type is string. -Provides information about the status of the package. Value type is int. Valid values are: OK (0) - The package is usable. LicenseIssue (1) - The license of the package is not valid. Modified (2) - The package payload was modified by an unknown source. Tampered (4) - The package payload was tampered intentionally. Disabled (8) - The package is not available for use. It can still be serviced. +Provides information about the status of the package. Value type is int. Valid values are: OK (0) - The package is usable. LicenseIssue (1) - The license of the package isn't valid. Modified (2) - The package payload was modified by an unknown source. Tampered (4) - The package payload was tampered intentionally. Disabled (8) - The package isn't available for use. It can still be serviced. @@ -9619,7 +9619,7 @@ This is a required node. -Specify whether on a AMD64 device, across an app update, the architecture of the installed app must not change. For example if you have the x86 flavor of a Windows app installed, with this setting enabled, across an update, the x86 flavor will be installed even when x64 flavor is available. +Specify whether on a AMD64 device, across an app update, the architecture of the installed app mustn't change. For example if you have the x86 flavor of a Windows app installed, with this setting enabled, across an update, the x86 flavor will be installed even when x64 flavor is available. @@ -9714,7 +9714,7 @@ Interior node for the managing updates through the Microsoft Store. These settin -Identifier for the app or set of apps. If there is only one app, it is the PackageFamilyName. If it is for a set of apps, it is the PackageFamilyName of the main app. +Identifier for the app or set of apps. If there is only one app, it's the PackageFamilyName. If it's for a set of apps, it's the PackageFamilyName of the main app. diff --git a/windows/client-management/mdm/euiccs-csp.md b/windows/client-management/mdm/euiccs-csp.md index 40e27332fe..f8230b10e8 100644 --- a/windows/client-management/mdm/euiccs-csp.md +++ b/windows/client-management/mdm/euiccs-csp.md @@ -108,7 +108,7 @@ Represents information associated with an eUICC. There is one subtree for each k -Actions that can be performed on the eUICC as a whole (when it is active). +Actions that can be performed on the eUICC as a whole (when it's active). @@ -609,7 +609,7 @@ Determines whether the local user interface of the LUI is available (true if ava -Indicates whether the download of a profile with PPR1 is allowed. If the eUICC has already a profile (regardless of its origin and policy rules associated with it), then the download of a profile with PPR1 is not allowed. +Indicates whether the download of a profile with PPR1 is allowed. If the eUICC has already a profile (regardless of its origin and policy rules associated with it), then the download of a profile with PPR1 isn't allowed. @@ -894,7 +894,7 @@ Matching ID (activation code token) for profile download. Must be set by the MDM -This profile policy rule indicates whether disabling of this profile is not allowed (true if not allowed, false otherwise). +This profile policy rule indicates whether disabling of this profile isn't allowed (true if not allowed, false otherwise). @@ -933,7 +933,7 @@ This profile policy rule indicates whether disabling of this profile is not allo -This profile policy rule indicates whether deletion of this profile is not allowed (true if not allowed, false otherwise). +This profile policy rule indicates whether deletion of this profile isn't allowed (true if not allowed, false otherwise). diff --git a/windows/client-management/mdm/firewall-csp.md b/windows/client-management/mdm/firewall-csp.md index e4a1048323..308aa06a7c 100644 --- a/windows/client-management/mdm/firewall-csp.md +++ b/windows/client-management/mdm/firewall-csp.md @@ -362,7 +362,7 @@ This value is used as an on/off switch. If this value is false, firewall rules f -This value is used as an on/off switch. If this value is false, authorized application firewall rules in the local store are ignored and not enforced. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, the local store value is used. +This value is used as an on/off switch. If this value is false, authorized application firewall rules in the local store are ignored and not enforced. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it's configured; otherwise, the local store value is used. @@ -412,7 +412,7 @@ This value is used as an on/off switch. If this value is false, authorized appli -This value is the action that the firewall does by default (and evaluates at the very end) on inbound connections. The allow action is represented by 0x00000000; 0x00000001 represents a block action. Default value is 1 [Block]. The merge law for this option is to let the value of the GroupPolicyRSoPStore.win if it is configured; otherwise, the local store value is used. +This value is the action that the firewall does by default (and evaluates at the very end) on inbound connections. The allow action is represented by 0x00000000; 0x00000001 represents a block action. Default value is 1 [Block]. The merge law for this option is to let the value of the GroupPolicyRSoPStore.win if it's configured; otherwise, the local store value is used. @@ -462,7 +462,7 @@ This value is the action that the firewall does by default (and evaluates at the -This value is the action that the firewall does by default (and evaluates at the very end) on outbound connections. The allow action is represented by 0x00000000; 0x00000001 represents a block action. Default value is 0 [Allow]. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, the local store value is used. +This value is the action that the firewall does by default (and evaluates at the very end) on outbound connections. The allow action is represented by 0x00000000; 0x00000001 represents a block action. Default value is 0 [Allow]. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it's configured; otherwise, the local store value is used. @@ -535,7 +535,7 @@ This value is the action that the firewall does by default (and evaluates at the -This value is an on/off switch. If this value is false, the firewall MAY display a notification to the user when an application is blocked from listening on a port. If this value is on, the firewall MUST NOT display such a notification. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, the local store value is used. +This value is an on/off switch. If this value is false, the firewall MAY display a notification to the user when an application is blocked from listening on a port. If this value is on, the firewall MUST NOT display such a notification. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it's configured; otherwise, the local store value is used. @@ -585,7 +585,7 @@ This value is an on/off switch. If this value is false, the firewall MAY display -This value is an on/off switch. When this option is false, the server operates in stealth mode. The firewall rules used to enforce stealth mode are implementation-specific. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, the local store value is used. +This value is an on/off switch. When this option is false, the server operates in stealth mode. The firewall rules used to enforce stealth mode are implementation-specific. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it's configured; otherwise, the local store value is used. @@ -635,7 +635,7 @@ This value is an on/off switch. When this option is false, the server operates i -This value is an on/off switch. This option is ignored if DisableStealthMode is on. Otherwise, when this option is true, the firewall's stealth mode rules MUST NOT prevent the host computer from responding to unsolicited network traffic if that traffic is secured by IPsec. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, the local store value is used. For schema versions 0x0200, 0x0201, and 0x020A, this value is invalid and MUST NOT be used. +This value is an on/off switch. This option is ignored if DisableStealthMode is on. Otherwise, when this option is true, the firewall's stealth mode rules MUST NOT prevent the host computer from responding to unsolicited network traffic if that traffic is secured by IPsec. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it's configured; otherwise, the local store value is used. For schema versions 0x0200, 0x0201, and 0x020A, this value is invalid and MUST NOT be used. @@ -685,7 +685,7 @@ This value is an on/off switch. This option is ignored if DisableStealthMode is -This value is used as an on/off switch. If it is true, unicast responses to multicast broadcast traffic is blocked. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, the local store value is used. +This value is used as an on/off switch. If it's true, unicast responses to multicast broadcast traffic is blocked. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it's configured; otherwise, the local store value is used. @@ -735,7 +735,7 @@ This value is used as an on/off switch. If it is true, unicast responses to mult -This value is an on/off switch for the firewall and advanced security enforcement. If this value is false, the server MUST NOT block any network traffic, regardless of other policy settings. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, the local store value is used. +This value is an on/off switch for the firewall and advanced security enforcement. If this value is false, the server MUST NOT block any network traffic, regardless of other policy settings. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it's configured; otherwise, the local store value is used. @@ -834,7 +834,7 @@ This value is used as an on/off switch. If this value is on, the firewall logs a -This value is used as an on/off switch. The server MAY use this value in an implementation-specific way to control logging of events if a rule is not enforced for any reason. The merge law for this option is to let "on" values win. +This value is used as an on/off switch. The server MAY use this value in an implementation-specific way to control logging of events if a rule isn't enforced for any reason. The merge law for this option is to let "on" values win. @@ -934,7 +934,7 @@ This value is used as an on/off switch. If this value is on, the firewall logs a -This value is used as an on/off switch. If this value is false, global port firewall rules in the local store are ignored and not enforced. The setting only has meaning if it is set or enumerated in the Group Policy store or if it is enumerated from the GroupPolicyRSoPStore. The merge law for this option is to let the value GroupPolicyRSoPStore win if it is configured; otherwise, the local store value is used. +This value is used as an on/off switch. If this value is false, global port firewall rules in the local store are ignored and not enforced. The setting only has meaning if it's set or enumerated in the Group Policy store or if it's enumerated from the GroupPolicyRSoPStore. The merge law for this option is to let the value GroupPolicyRSoPStore win if it's configured; otherwise, the local store value is used. @@ -984,7 +984,7 @@ This value is used as an on/off switch. If this value is false, global port fire -This value is a string that represents a file path to the log where the firewall logs dropped packets and successful connections. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured, otherwise the MdmStore value wins if it is configured, otherwise the local store value is used. +This value is a string that represents a file path to the log where the firewall logs dropped packets and successful connections. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it's configured, otherwise the MdmStore value wins if it's configured, otherwise the local store value is used. @@ -1025,7 +1025,7 @@ This value is a string that represents a file path to the log where the firewall -This value specifies the size, in kilobytes, of the log file where dropped packets and successful connections are logged. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured, otherwise the MdmStore value wins if it is configured, otherwise the local store value is used. +This value specifies the size, in kilobytes, of the log file where dropped packets and successful connections are logged. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it's configured, otherwise the MdmStore value wins if it's configured, otherwise the local store value is used. @@ -1155,7 +1155,7 @@ This value is used as an on/off switch. If this value is on and EnableFirewall i -A list of dynamic keyword addresses for use within firewall rules. Dynamic keyword addresses can either be a simple alias object or fully-qualified domain names which will be auto-resolved in the presence of the Microsoft Defender Advanced Threat Protection Service. +A list of dynamic keyword addresses for use within firewall rules. Dynamic keyword addresses can either be a simple alias object or fully qualified domain names which will be auto-resolved in the presence of the Microsoft Defender Advanced Threat Protection Service. @@ -1236,7 +1236,7 @@ A unique GUID string identifier for this dynamic keyword address. -Consists of one or more comma-delimited tokens specifying the addresses covered by this keyword. This value should not be set if AutoResolve is true. +Consists of one or more comma-delimited tokens specifying the addresses covered by this keyword. This value shouldn't be set if AutoResolve is true. Valid tokens include: A subnet can be specified using either the subnet mask or network prefix notation. If neither a subnet mask not a network prefix is specified, the subnet mask defaults to 255.255.255.255. A valid IPv6 address. @@ -1409,7 +1409,7 @@ A list of rules controlling traffic through the Windows Firewall. Each Rule ID i -Unique alpha numeric identifier for the rule. The rule name must not include a forward slash (/). +Unique alpha numeric identifier for the rule. The rule name mustn't include a forward slash (/). @@ -2198,7 +2198,7 @@ Specifies the friendly name of the firewall rule. -Specifies one WDAC tag. This is a string that can contain any alphanumeric character and any of the characters ":", "/", ".", and "_". A PolicyAppId and ServiceName cannot be specified in the same rule. +Specifies one WDAC tag. This is a string that can contain any alphanumeric character and any of the characters ":", "/", ".", and "_". A PolicyAppId and ServiceName can't be specified in the same rule. @@ -2260,10 +2260,10 @@ Specifies the profiles to which the rule belongs: Domain, Private, Public. See [ | Flag | Description | |:--|:--| | 0x1 | FW_PROFILE_TYPE_DOMAIN: This value represents the profile for networks that are connected to domains. | -| 0x2 | FW_PROFILE_TYPE_STANDARD: This value represents the standard profile for networks. These networks are classified as private by the administrators in the server host. The classification happens the first time the host connects to the network. Usually these networks are behind Network Address Translation (NAT) devices, routers, and other edge devices, and they are in a private location, such as a home or an office. AND FW_PROFILE_TYPE_PRIVATE: This value represents the profile for private networks, which is represented by the same value as that used for FW_PROFILE_TYPE_STANDARD. | -| 0x4 | FW_PROFILE_TYPE_PUBLIC: This value represents the profile for public networks. These networks are classified as public by the administrators in the server host. The classification happens the first time the host connects to the network. Usually these networks are those at airports, coffee shops, and other public places where the peers in the network or the network administrator are not trusted. | +| 0x2 | FW_PROFILE_TYPE_STANDARD: This value represents the standard profile for networks. These networks are classified as private by the administrators in the server host. The classification happens the first time the host connects to the network. Usually these networks are behind Network Address Translation (NAT) devices, routers, and other edge devices, and they're in a private location, such as a home or an office. AND FW_PROFILE_TYPE_PRIVATE: This value represents the profile for private networks, which is represented by the same value as that used for FW_PROFILE_TYPE_STANDARD. | +| 0x4 | FW_PROFILE_TYPE_PUBLIC: This value represents the profile for public networks. These networks are classified as public by the administrators in the server host. The classification happens the first time the host connects to the network. Usually these networks are those at airports, coffee shops, and other public places where the peers in the network or the network administrator aren't trusted. | | 0x7FFFFFFF | FW_PROFILE_TYPE_ALL: This value represents all these network sets and any future network sets. | -| 0x80000000 | FW_PROFILE_TYPE_CURRENT: This value represents the current profiles to which the firewall and advanced security components determine the host is connected at the moment of the call. This value can be specified only in method calls, and it cannot be combined with other flags. | +| 0x80000000 | FW_PROFILE_TYPE_CURRENT: This value represents the current profiles to which the firewall and advanced security components determine the host is connected at the moment of the call. This value can be specified only in method calls, and it can't be combined with other flags. | @@ -2379,7 +2379,7 @@ Consists of one or more comma-delimited tokens specifying the remote addresses c "RemoteCorpNetwork" "Internet" "PlayToRenderers" -"LocalSubnet" indicates any local address on the local subnet. This token is not case-sensitive. +"LocalSubnet" indicates any local address on the local subnet. This token isn't case-sensitive. A subnet can be specified using either the subnet mask or network prefix notation. If neither a subnet mask not a network prefix is specified, the subnet mask defaults to 255.255.255.255. A valid IPv6 address. An IPv4 address range in the format of "start address - end address" with no spaces included. @@ -2541,7 +2541,7 @@ Provides information about the specific version of the rule in deployment for mo -This value contains the binary version of the structures and data types that are supported by the server. This value is not merged. In addition, this value is always a fixed value for a specific firewall and advanced security component's software build. This value identifies a policy configuration option that is supported only on servers that have a schema version of 0x0201. +This value contains the binary version of the structures and data types that are supported by the server. This value isn't merged. In addition, this value is always a fixed value for a specific firewall and advanced security component's software build. This value identifies a policy configuration option that's supported only on servers that have a schema version of 0x0201. @@ -2580,7 +2580,7 @@ This value contains the binary version of the structures and data types that are -This value specifies how certificate revocation list (CRL) verification is enforced. The value MUST be 0, 1, or 2. A value of 0 disables CRL checking. A value of 1 specifies that CRL checking is attempted and that certificate validation fails only if the certificate is revoked. Other failures that are encountered during CRL checking (such as the revocation URL being unreachable) do not cause certificate validation to fail. A value of 2 means that checking is required and that certificate validation fails if any error is encountered during CRL processing. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, use the local store value. +This value specifies how certificate revocation list (CRL) verification is enforced. The value MUST be 0, 1, or 2. A value of 0 disables CRL checking. A value of 1 specifies that CRL checking is attempted and that certificate validation fails only if the certificate is revoked. Other failures that are encountered during CRL checking (such as the revocation URL being unreachable) don't cause certificate validation to fail. A value of 2 means that checking is required and that certificate validation fails if any error is encountered during CRL processing. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it's configured; otherwise, use the local store value. @@ -2602,7 +2602,7 @@ This value specifies how certificate revocation list (CRL) verification is enfor | Value | Description | |:--|:--| | 0 | Disables CRL checking. | -| 1 | Specifies that CRL checking is attempted and that certificate validation fails only if the certificate is revoked. Other failures that are encountered during CRL checking (such as the revocation URL being unreachable) do not cause certificate validation to fail. | +| 1 | Specifies that CRL checking is attempted and that certificate validation fails only if the certificate is revoked. Other failures that are encountered during CRL checking (such as the revocation URL being unreachable) don't cause certificate validation to fail. | | 2 | Means that checking is required and that certificate validation fails if any error is encountered during CRL processing. | @@ -2629,7 +2629,7 @@ This value specifies how certificate revocation list (CRL) verification is enfor -Value that contains a bitmask of the current enforced profiles that are maintained by the server firewall host. See [FW_PROFILE_TYPE](/openspecs/windows_protocols/ms-fasp/7704e238-174d-4a5e-b809-5f3787dd8acc) for the bitmasks that are used to identify profile types. This value is available only in the dynamic store; therefore, it is not merged and has no merge law. +Value that contains a bitmask of the current enforced profiles that are maintained by the server firewall host. See [FW_PROFILE_TYPE](/openspecs/windows_protocols/ms-fasp/7704e238-174d-4a5e-b809-5f3787dd8acc) for the bitmasks that are used to identify profile types. This value is available only in the dynamic store; therefore, it isn't merged and has no merge law. @@ -2717,7 +2717,7 @@ This value is an on/off switch. If off, the firewall performs stateful File Tran -This value specifies how scaling for the software on the receive side is enabled for both the encrypted receive and clear text forward path for the IPsec tunnel gateway scenario. Use of this option also ensures that the packet order is preserved. The data type for this option value is a integer and is a combination of flags. A value of 0x00 indicates that all queuing is to be disabled. A value of 0x01 specifies that inbound encrypted packets are to be queued. A value of 0x02 specifies that packets are to be queued after decryption is performed for forwarding. +This value specifies how scaling for the software on the receive side is enabled for both the encrypted receive and clear text forward path for the IPsec tunnel gateway scenario. Use of this option also ensures that the packet order is preserved. The data type for this option value is an integer and is a combination of flags. A value of 0x00 indicates that all queuing is to be disabled. A value of 0x01 specifies that inbound encrypted packets are to be queued. A value of 0x02 specifies that packets are to be queued after decryption is performed for forwarding. @@ -2767,7 +2767,7 @@ This value specifies how scaling for the software on the receive side is enabled -This value configures IPsec exceptions and MUST be a combination of the valid flags that are defined in [IPSEC_EXEMPT_VALUES](/openspecs/windows_protocols/ms-fasp/7daabd9f-74c3-4295-add6-e2402b01b191); therefore, the maximum value MUST always be IPSEC_EXEMPT_MAX-1 for servers supporting a schema version of 0x0201 and IPSEC_EXEMPT_MAX_V2_0-1 for servers supporting a schema version of 0x0200. If the maximum value is exceeded when the method RRPC_FWSetGlobalConfig (Opnum 4) is called, the method returns ERROR_INVALID_PARAMETER. This error code is returned if no other preceding error is discovered. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, use the local store value. +This value configures IPsec exceptions and MUST be a combination of the valid flags that are defined in [IPSEC_EXEMPT_VALUES](/openspecs/windows_protocols/ms-fasp/7daabd9f-74c3-4295-add6-e2402b01b191); therefore, the maximum value MUST always be IPSEC_EXEMPT_MAX-1 for servers supporting a schema version of 0x0201 and IPSEC_EXEMPT_MAX_V2_0-1 for servers supporting a schema version of 0x0200. If the maximum value is exceeded when the method RRPC_FWSetGlobalConfig (Opnum 4) is called, the method returns ERROR_INVALID_PARAMETER. This error code is returned if no other preceding error is discovered. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it's configured; otherwise, use the local store value. @@ -2819,7 +2819,7 @@ This value configures IPsec exceptions and MUST be a combination of the valid fl -This value is used as an on/off switch. When this option is false, keying modules MUST ignore the entire authentication set if they do not support all of the authentication suites specified in the set. When this option is true, keying modules MUST ignore only the authentication suites that they don't support. For schema versions 0x0200, 0x0201, and 0x020A, this value is invalid and MUST NOT be used. +This value is used as an on/off switch. When this option is false, keying modules MUST ignore the entire authentication set if they don't support all of the authentication suites specified in the set. When this option is true, keying modules MUST ignore only the authentication suites that they don't support. For schema versions 0x0200, 0x0201, and 0x020A, this value is invalid and MUST NOT be used. @@ -2867,7 +2867,7 @@ This value is used as an on/off switch. When this option is false, keying module -This value contains the policy version of the policy store being managed. This value is not merged and therefore, has no merge law. +This value contains the policy version of the policy store being managed. This value isn't merged and therefore, has no merge law. @@ -2906,7 +2906,7 @@ This value contains the policy version of the policy store being managed. This v -Value that contains the maximum policy version that the server host can accept. The version number is two octets in size. The lowest-order octet is the minor version; the second-to-lowest octet is the major version. This value is not merged and is always a fixed value for a particular firewall and advanced security components software build. +Value that contains the maximum policy version that the server host can accept. The version number is two octets in size. The lowest-order octet is the minor version; the second-to-lowest octet is the major version. This value isn't merged and is always a fixed value for a particular firewall and advanced security components software build. @@ -2945,7 +2945,7 @@ Value that contains the maximum policy version that the server host can accept. -Specifies the preshared key encoding that is used. MUST be a valid value from the [PRESHARED_KEY_ENCODING_VALUES](/openspecs/windows_protocols/ms-fasp/b9d24a5e-7755-4c60-adeb-e0c7a718f909) enumeration. Default is 1 [UTF-8]. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, use the local store value. +Specifies the preshared key encoding that's used. MUST be a valid value from the [PRESHARED_KEY_ENCODING_VALUES](/openspecs/windows_protocols/ms-fasp/b9d24a5e-7755-4c60-adeb-e0c7a718f909) enumeration. Default is 1 [UTF-8]. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it's configured; otherwise, use the local store value. @@ -2967,7 +2967,7 @@ Specifies the preshared key encoding that is used. MUST be a valid value from th | Value | Description | |:--|:--| -| 0 | FW_GLOBAL_CONFIG_PRESHARED_KEY_ENCODING_NONE: Preshared key is not encoded. Instead, it is kept in its wide-character format. This symbolic constant has a value of 0. | +| 0 | FW_GLOBAL_CONFIG_PRESHARED_KEY_ENCODING_NONE: Preshared key isn't encoded. Instead, it's kept in its wide-character format. This symbolic constant has a value of 0. | | 1 (Default) | FW_GLOBAL_CONFIG_PRESHARED_KEY_ENCODING_UTF_8: Encode the preshared key using UTF-8. This symbolic constant has a value of 1. | @@ -2994,7 +2994,7 @@ Specifies the preshared key encoding that is used. MUST be a valid value from th -This value configures the security association idle time, in seconds. Security associations are deleted after network traffic is not seen for this specified period of time. The value MUST be in the range of 300 to 3,600 inclusive. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, use the local store value. +This value configures the security association idle time, in seconds. Security associations are deleted after network traffic isn't seen for this specified period of time. The value MUST be in the range of 300 to 3,600 inclusive. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it's configured; otherwise, use the local store value. @@ -3074,7 +3074,7 @@ A list of rules controlling traffic through the Windows Firewall for Hyper-V con -Unique alpha numeric identifier for the rule. The rule name must not include a forward slash (/). +Unique alpha numeric identifier for the rule. The rule name mustn't include a forward slash (/). @@ -3396,7 +3396,7 @@ Specifies the friendly name of the Hyper-V Firewall rule. -This value represents the order of rule enforcement. A lower priority rule is evaluated first. If not specified, block rules are evaluated before allow rules. If priority is configured, it is highly recommended to configure the value for ALL rules to ensure expected evaluation of rules. +This value represents the order of rule enforcement. A lower priority rule is evaluated first. If not specified, block rules are evaluated before allow rules. If priority is configured, it's highly recommended to configure the value for ALL rules to ensure expected evaluation of rules. @@ -3458,8 +3458,8 @@ Specifies the profiles to which the rule belongs: Domain, Private, Public. See [ | Flag | Description | |:--|:--| | 0x1 | FW_PROFILE_TYPE_DOMAIN: This value represents the profile for networks that are connected to domains. | -| 0x2 | FW_PROFILE_TYPE_STANDARD: This value represents the standard profile for networks. These networks are classified as private by the administrators in the server host. The classification happens the first time the host connects to the network. Usually these networks are behind Network Address Translation (NAT) devices, routers, and other edge devices, and they are in a private location, such as a home or an office. AND FW_PROFILE_TYPE_PRIVATE: This value represents the profile for private networks, which is represented by the same value as that used for FW_PROFILE_TYPE_STANDARD. | -| 0x4 | FW_PROFILE_TYPE_PUBLIC: This value represents the profile for public networks. These networks are classified as public by the administrators in the server host. The classification happens the first time the host connects to the network. Usually these networks are those at airports, coffee shops, and other public places where the peers in the network or the network administrator are not trusted. | +| 0x2 | FW_PROFILE_TYPE_STANDARD: This value represents the standard profile for networks. These networks are classified as private by the administrators in the server host. The classification happens the first time the host connects to the network. Usually these networks are behind Network Address Translation (NAT) devices, routers, and other edge devices, and they're in a private location, such as a home or an office. AND FW_PROFILE_TYPE_PRIVATE: This value represents the profile for private networks, which is represented by the same value as that used for FW_PROFILE_TYPE_STANDARD. | +| 0x4 | FW_PROFILE_TYPE_PUBLIC: This value represents the profile for public networks. These networks are classified as public by the administrators in the server host. The classification happens the first time the host connects to the network. Usually these networks are those at airports, coffee shops, and other public places where the peers in the network or the network administrator aren't trusted. | | 0x7FFFFFFF | FW_PROFILE_TYPE_ALL: This value represents all these network sets and any future network sets. | @@ -3820,7 +3820,7 @@ This value is used as an on/off switch. If this value is true, applicable host f -This value is the action that the Hyper-V Firewall does by default (and evaluates at the very end) on inbound connections. The allow action is represented by 0x00000000; 0x00000001 represents a block action. Default value is 1 [Block]. This value controls the settings for all profiles. It is recommended to instead use the profile setting value under the profile subtree. +This value is the action that the Hyper-V Firewall does by default (and evaluates at the very end) on inbound connections. The allow action is represented by 0x00000000; 0x00000001 represents a block action. Default value is 1 [Block]. This value controls the settings for all profiles. It's recommended to instead use the profile setting value under the profile subtree. @@ -3870,7 +3870,7 @@ This value is the action that the Hyper-V Firewall does by default (and evaluate -This value is the action that the Hyper-V Firewall does by default (and evaluates at the very end) on outbound connections. The allow action is represented by 0x00000000; 0x00000001 represents a block action. Default value is 0 [Allow]. This value controls the settings for all profiles. It is recommended to instead use the profile setting value under the profile subtree. +This value is the action that the Hyper-V Firewall does by default (and evaluates at the very end) on outbound connections. The allow action is represented by 0x00000000; 0x00000001 represents a block action. Default value is 0 [Allow]. This value controls the settings for all profiles. It's recommended to instead use the profile setting value under the profile subtree. @@ -4157,7 +4157,7 @@ This value is an on/off switch for the Hyper-V Firewall enforcement. -This value is an on/off switch for the Hyper-V Firewall. This value controls the settings for all profiles. It is recommended to instead use the profile setting value under the profile subtree. +This value is an on/off switch for the Hyper-V Firewall. This value controls the settings for all profiles. It's recommended to instead use the profile setting value under the profile subtree. @@ -4867,7 +4867,7 @@ This value is used as an on/off switch. If this value is false, firewall rules f -This value is used as an on/off switch. If this value is false, authorized application firewall rules in the local store are ignored and not enforced. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, the local store value is used. +This value is used as an on/off switch. If this value is false, authorized application firewall rules in the local store are ignored and not enforced. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it's configured; otherwise, the local store value is used. @@ -4917,7 +4917,7 @@ This value is used as an on/off switch. If this value is false, authorized appli -This value is the action that the firewall does by default (and evaluates at the very end) on inbound connections. The allow action is represented by 0x00000000; 0x00000001 represents a block action. Default value is 1 [Block]. The merge law for this option is to let the value of the GroupPolicyRSoPStore.win if it is configured; otherwise, the local store value is used. +This value is the action that the firewall does by default (and evaluates at the very end) on inbound connections. The allow action is represented by 0x00000000; 0x00000001 represents a block action. Default value is 1 [Block]. The merge law for this option is to let the value of the GroupPolicyRSoPStore.win if it's configured; otherwise, the local store value is used. @@ -4967,7 +4967,7 @@ This value is the action that the firewall does by default (and evaluates at the -This value is the action that the firewall does by default (and evaluates at the very end) on outbound connections. The allow action is represented by 0x00000000; 0x00000001 represents a block action. Default value is 0 [Allow]. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, the local store value is used. +This value is the action that the firewall does by default (and evaluates at the very end) on outbound connections. The allow action is represented by 0x00000000; 0x00000001 represents a block action. Default value is 0 [Allow]. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it's configured; otherwise, the local store value is used. @@ -5040,7 +5040,7 @@ This value is the action that the firewall does by default (and evaluates at the -This value is an on/off switch. If this value is false, the firewall MAY display a notification to the user when an application is blocked from listening on a port. If this value is on, the firewall MUST NOT display such a notification. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, the local store value is used. +This value is an on/off switch. If this value is false, the firewall MAY display a notification to the user when an application is blocked from listening on a port. If this value is on, the firewall MUST NOT display such a notification. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it's configured; otherwise, the local store value is used. @@ -5090,7 +5090,7 @@ This value is an on/off switch. If this value is false, the firewall MAY display -This value is an on/off switch. When this option is false, the server operates in stealth mode. The firewall rules used to enforce stealth mode are implementation-specific. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, the local store value is used. +This value is an on/off switch. When this option is false, the server operates in stealth mode. The firewall rules used to enforce stealth mode are implementation-specific. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it's configured; otherwise, the local store value is used. @@ -5140,7 +5140,7 @@ This value is an on/off switch. When this option is false, the server operates i -This value is an on/off switch. This option is ignored if DisableStealthMode is on. Otherwise, when this option is true, the firewall's stealth mode rules MUST NOT prevent the host computer from responding to unsolicited network traffic if that traffic is secured by IPsec. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, the local store value is used. For schema versions 0x0200, 0x0201, and 0x020A, this value is invalid and MUST NOT be used. +This value is an on/off switch. This option is ignored if DisableStealthMode is on. Otherwise, when this option is true, the firewall's stealth mode rules MUST NOT prevent the host computer from responding to unsolicited network traffic if that traffic is secured by IPsec. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it's configured; otherwise, the local store value is used. For schema versions 0x0200, 0x0201, and 0x020A, this value is invalid and MUST NOT be used. @@ -5190,7 +5190,7 @@ This value is an on/off switch. This option is ignored if DisableStealthMode is -This value is used as an on/off switch. If it is true, unicast responses to multicast broadcast traffic is blocked. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, the local store value is used. +This value is used as an on/off switch. If it's true, unicast responses to multicast broadcast traffic is blocked. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it's configured; otherwise, the local store value is used. @@ -5240,7 +5240,7 @@ This value is used as an on/off switch. If it is true, unicast responses to mult -This value is an on/off switch for the firewall and advanced security enforcement. If this value is false, the server MUST NOT block any network traffic, regardless of other policy settings. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, the local store value is used. +This value is an on/off switch for the firewall and advanced security enforcement. If this value is false, the server MUST NOT block any network traffic, regardless of other policy settings. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it's configured; otherwise, the local store value is used. @@ -5339,7 +5339,7 @@ This value is used as an on/off switch. If this value is on, the firewall logs a -This value is used as an on/off switch. The server MAY use this value in an implementation-specific way to control logging of events if a rule is not enforced for any reason. The merge law for this option is to let "on" values win. +This value is used as an on/off switch. The server MAY use this value in an implementation-specific way to control logging of events if a rule isn't enforced for any reason. The merge law for this option is to let "on" values win. @@ -5439,7 +5439,7 @@ This value is used as an on/off switch. If this value is on, the firewall logs a -This value is used as an on/off switch. If this value is false, global port firewall rules in the local store are ignored and not enforced. The setting only has meaning if it is set or enumerated in the Group Policy store or if it is enumerated from the GroupPolicyRSoPStore. The merge law for this option is to let the value GroupPolicyRSoPStore win if it is configured; otherwise, the local store value is used. +This value is used as an on/off switch. If this value is false, global port firewall rules in the local store are ignored and not enforced. The setting only has meaning if it's set or enumerated in the Group Policy store or if it's enumerated from the GroupPolicyRSoPStore. The merge law for this option is to let the value GroupPolicyRSoPStore win if it's configured; otherwise, the local store value is used. @@ -5489,7 +5489,7 @@ This value is used as an on/off switch. If this value is false, global port fire -This value is a string that represents a file path to the log where the firewall logs dropped packets and successful connections. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured, otherwise the MdmStore value wins if it is configured, otherwise the local store value is used. +This value is a string that represents a file path to the log where the firewall logs dropped packets and successful connections. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it's configured, otherwise the MdmStore value wins if it's configured, otherwise the local store value is used. @@ -5530,7 +5530,7 @@ This value is a string that represents a file path to the log where the firewall -This value specifies the size, in kilobytes, of the log file where dropped packets and successful connections are logged. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured, otherwise the MdmStore value wins if it is configured, otherwise the local store value is used. +This value specifies the size, in kilobytes, of the log file where dropped packets and successful connections are logged. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it's configured, otherwise the MdmStore value wins if it's configured, otherwise the local store value is used. @@ -5760,7 +5760,7 @@ This value is used as an on/off switch. If this value is false, firewall rules f -This value is used as an on/off switch. If this value is false, authorized application firewall rules in the local store are ignored and not enforced. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, the local store value is used. +This value is used as an on/off switch. If this value is false, authorized application firewall rules in the local store are ignored and not enforced. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it's configured; otherwise, the local store value is used. @@ -5810,7 +5810,7 @@ This value is used as an on/off switch. If this value is false, authorized appli -This value is the action that the firewall does by default (and evaluates at the very end) on inbound connections. The allow action is represented by 0x00000000; 0x00000001 represents a block action. Default value is 1 [Block]. The merge law for this option is to let the value of the GroupPolicyRSoPStore.win if it is configured; otherwise, the local store value is used. +This value is the action that the firewall does by default (and evaluates at the very end) on inbound connections. The allow action is represented by 0x00000000; 0x00000001 represents a block action. Default value is 1 [Block]. The merge law for this option is to let the value of the GroupPolicyRSoPStore.win if it's configured; otherwise, the local store value is used. @@ -5860,7 +5860,7 @@ This value is the action that the firewall does by default (and evaluates at the -This value is the action that the firewall does by default (and evaluates at the very end) on outbound connections. The allow action is represented by 0x00000000; 0x00000001 represents a block action. Default value is 0 [Allow]. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, the local store value is used. +This value is the action that the firewall does by default (and evaluates at the very end) on outbound connections. The allow action is represented by 0x00000000; 0x00000001 represents a block action. Default value is 0 [Allow]. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it's configured; otherwise, the local store value is used. @@ -5933,7 +5933,7 @@ This value is the action that the firewall does by default (and evaluates at the -This value is an on/off switch. If this value is false, the firewall MAY display a notification to the user when an application is blocked from listening on a port. If this value is on, the firewall MUST NOT display such a notification. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, the local store value is used. +This value is an on/off switch. If this value is false, the firewall MAY display a notification to the user when an application is blocked from listening on a port. If this value is on, the firewall MUST NOT display such a notification. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it's configured; otherwise, the local store value is used. @@ -5983,7 +5983,7 @@ This value is an on/off switch. If this value is false, the firewall MAY display -This value is an on/off switch. When this option is false, the server operates in stealth mode. The firewall rules used to enforce stealth mode are implementation-specific. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, the local store value is used. +This value is an on/off switch. When this option is false, the server operates in stealth mode. The firewall rules used to enforce stealth mode are implementation-specific. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it's configured; otherwise, the local store value is used. @@ -6033,7 +6033,7 @@ This value is an on/off switch. When this option is false, the server operates i -This value is an on/off switch. This option is ignored if DisableStealthMode is on. Otherwise, when this option is true, the firewall's stealth mode rules MUST NOT prevent the host computer from responding to unsolicited network traffic if that traffic is secured by IPsec. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, the local store value is used. For schema versions 0x0200, 0x0201, and 0x020A, this value is invalid and MUST NOT be used. +This value is an on/off switch. This option is ignored if DisableStealthMode is on. Otherwise, when this option is true, the firewall's stealth mode rules MUST NOT prevent the host computer from responding to unsolicited network traffic if that traffic is secured by IPsec. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it's configured; otherwise, the local store value is used. For schema versions 0x0200, 0x0201, and 0x020A, this value is invalid and MUST NOT be used. @@ -6083,7 +6083,7 @@ This value is an on/off switch. This option is ignored if DisableStealthMode is -This value is used as an on/off switch. If it is true, unicast responses to multicast broadcast traffic is blocked. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, the local store value is used. +This value is used as an on/off switch. If it's true, unicast responses to multicast broadcast traffic is blocked. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it's configured; otherwise, the local store value is used. @@ -6133,7 +6133,7 @@ This value is used as an on/off switch. If it is true, unicast responses to mult -This value is an on/off switch for the firewall and advanced security enforcement. If this value is false, the server MUST NOT block any network traffic, regardless of other policy settings. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, the local store value is used. +This value is an on/off switch for the firewall and advanced security enforcement. If this value is false, the server MUST NOT block any network traffic, regardless of other policy settings. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it's configured; otherwise, the local store value is used. @@ -6232,7 +6232,7 @@ This value is used as an on/off switch. If this value is on, the firewall logs a -This value is used as an on/off switch. The server MAY use this value in an implementation-specific way to control logging of events if a rule is not enforced for any reason. The merge law for this option is to let "on" values win. +This value is used as an on/off switch. The server MAY use this value in an implementation-specific way to control logging of events if a rule isn't enforced for any reason. The merge law for this option is to let "on" values win. @@ -6332,7 +6332,7 @@ This value is used as an on/off switch. If this value is on, the firewall logs a -This value is used as an on/off switch. If this value is false, global port firewall rules in the local store are ignored and not enforced. The setting only has meaning if it is set or enumerated in the Group Policy store or if it is enumerated from the GroupPolicyRSoPStore. The merge law for this option is to let the value GroupPolicyRSoPStore win if it is configured; otherwise, the local store value is used. +This value is used as an on/off switch. If this value is false, global port firewall rules in the local store are ignored and not enforced. The setting only has meaning if it's set or enumerated in the Group Policy store or if it's enumerated from the GroupPolicyRSoPStore. The merge law for this option is to let the value GroupPolicyRSoPStore win if it's configured; otherwise, the local store value is used. @@ -6382,7 +6382,7 @@ This value is used as an on/off switch. If this value is false, global port fire -This value is a string that represents a file path to the log where the firewall logs dropped packets and successful connections. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured, otherwise the MdmStore value wins if it is configured, otherwise the local store value is used. +This value is a string that represents a file path to the log where the firewall logs dropped packets and successful connections. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it's configured, otherwise the MdmStore value wins if it's configured, otherwise the local store value is used. @@ -6423,7 +6423,7 @@ This value is a string that represents a file path to the log where the firewall -This value specifies the size, in kilobytes, of the log file where dropped packets and successful connections are logged. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured, otherwise the MdmStore value wins if it is configured, otherwise the local store value is used. +This value specifies the size, in kilobytes, of the log file where dropped packets and successful connections are logged. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it's configured, otherwise the MdmStore value wins if it's configured, otherwise the local store value is used. diff --git a/windows/client-management/mdm/healthattestation-csp.md b/windows/client-management/mdm/healthattestation-csp.md index 5448dcc273..ff69e90877 100644 --- a/windows/client-management/mdm/healthattestation-csp.md +++ b/windows/client-management/mdm/healthattestation-csp.md @@ -251,7 +251,7 @@ Provides the current protocol version that the client is using to communicate wi -Instructs the client to initiate a new request to DHA-Service, and get a new DHA-EncBlob (a summary of the boot state that is issued by DHA-Service). This option should only be used if the MDM server enforces a certificate freshness policy, which needs to force a device to get a fresh encrypted blob from DHA-Service. +Instructs the client to initiate a new request to DHA-Service, and get a new DHA-EncBlob (a summary of the boot state that's issued by DHA-Service). This option should only be used if the MDM server enforces a certificate freshness policy, which needs to force a device to get a fresh encrypted blob from DHA-Service. @@ -437,7 +437,7 @@ If there's more than one correlation ID, they're separated by ";" in the string. -Identifies the fully qualified domain name (FQDN) of the DHA-Service that is assigned to perform attestation. If an FQDN is not assigned, DHA-Cloud (Microsoft owned and operated cloud service) will be used as the default attestation service. +Identifies the fully qualified domain name (FQDN) of the DHA-Service that's assigned to perform attestation. If an FQDN isn't assigned, DHA-Cloud (Microsoft owned and operated cloud service) will be used as the default attestation service. @@ -516,7 +516,7 @@ Returns the maximum protocol version that this client can support. -Enables MDMs to protect the device health attestation communications from man-in-the-middle type (MITM) attacks with a crypt-protected random value that is generated by the MDM Server. The nonce is in hex format, with a minimum size of 8 bytes, and a maximum size of 32 bytes. +Enables MDMs to protect the device health attestation communications from man-in-the-middle type (MITM) attacks with a crypt-protected random value that's generated by the MDM Server. The nonce is in hex format, with a minimum size of 8 bytes, and a maximum size of 32 bytes. diff --git a/windows/client-management/mdm/laps-csp.md b/windows/client-management/mdm/laps-csp.md index a7e7eb1dd9..dad05ffbd7 100644 --- a/windows/client-management/mdm/laps-csp.md +++ b/windows/client-management/mdm/laps-csp.md @@ -285,7 +285,7 @@ If not specified, the default built-in local administrator account will be locat If specified, the specified account's password will be managed. -Note if a custom managed local administrator account name is specified in this setting, that account must be created via other means. Specifying a name in this setting will not cause the account to be created. +Note if a custom managed local administrator account name is specified in this setting, that account must be created via other means. Specifying a name in this setting won't cause the account to be created. @@ -332,7 +332,7 @@ This setting is only honored when the Active Directory domain is at Windows Serv - If this setting is enabled, and the Active Directory domain meets the DFL prerequisite, the password will be encrypted before being stored in Active Directory. -- If this setting is disabled, or the Active Directory domain does not meet the DFL prerequisite, the password will be stored as clear-text in Active Directory. +- If this setting is disabled, or the Active Directory domain doesn't meet the DFL prerequisite, the password will be stored as clear-text in Active Directory. If not specified, this setting defaults to True. @@ -446,7 +446,7 @@ Use this setting to configure which directory the local admin account password i The allowable settings are: -0=Disabled (password will not be backed up) +0=Disabled (password won't be backed up) 1=Backup the password to Azure AD only 2=Backup the password to Active Directory only @@ -472,7 +472,7 @@ If not specified, this setting will default to 0. | Value | Description | |:--|:--| -| 0 (Default) | Disabled (password will not be backed up). | +| 0 (Default) | Disabled (password won't be backed up). | | 1 | Backup the password to Azure AD only. | | 2 | Backup the password to Active Directory only. | @@ -640,7 +640,7 @@ If not specified, this setting defaults to True. | Value | Description | |:--|:--| | false | Allow configured password expiration timestamp to exceed maximum password age. | -| true (Default) | Do not allow configured password expiration timestamp to exceed maximum password age. | +| true (Default) | Don't allow configured password expiration timestamp to exceed maximum password age. | diff --git a/windows/client-management/mdm/networkproxy-csp.md b/windows/client-management/mdm/networkproxy-csp.md index 120a1757e9..c545e91306 100644 --- a/windows/client-management/mdm/networkproxy-csp.md +++ b/windows/client-management/mdm/networkproxy-csp.md @@ -107,7 +107,7 @@ Automatically detect settings. If enabled, the system tries to find the path to -Node for configuring a static proxy for Ethernet and Wi-Fi connections. The same proxy server is used for all protocols - including HTTP, HTTPS, FTP, and SOCKS. These settings do not apply to VPN connections. +Node for configuring a static proxy for Ethernet and Wi-Fi connections. The same proxy server is used for all protocols - including HTTP, HTTPS, FTP, and SOCKS. These settings don't apply to VPN connections. @@ -146,7 +146,7 @@ Node for configuring a static proxy for Ethernet and Wi-Fi connections. The same -Addresses that should not use the proxy server. The system will not use the proxy server for addresses beginning with what is specified in this node. Use semicolons (;) to separate entries. +Addresses that shouldn't use the proxy server. The system won't use the proxy server for addresses beginning with what's specified in this node. Use semicolons (;) to separate entries. @@ -248,7 +248,7 @@ Specifies whether the proxy server should be used for local (intranet) addresses | Value | Description | |:--|:--| | 0 (Default) | Use proxy server for local addresses. | -| 1 | Do not use proxy server for local addresses. | +| 1 | Don't use proxy server for local addresses. | diff --git a/windows/client-management/mdm/nodecache-csp.md b/windows/client-management/mdm/nodecache-csp.md index 4d33ae9f76..0d63aaf864 100644 --- a/windows/client-management/mdm/nodecache-csp.md +++ b/windows/client-management/mdm/nodecache-csp.md @@ -152,7 +152,7 @@ Character string representing the cache version set by the server. -List of nodes whose values do not match their expected values as specified in /NodeID/ExpectedValue. +List of nodes whose values don't match their expected values as specified in /NodeID/ExpectedValue. @@ -191,7 +191,7 @@ List of nodes whose values do not match their expected values as specified in /N -XML containing nodes whose values do not match their expected values as specified in /NodeID/ExpectedValue. +XML containing nodes whose values don't match their expected values as specified in /NodeID/ExpectedValue. @@ -269,7 +269,7 @@ Root node for cached nodes. -Information about each cached node is stored under NodeID as specified by the server. This value must not contain a comma. +Information about each cached node is stored under NodeID as specified by the server. This value mustn't contain a comma. @@ -524,7 +524,7 @@ Character string representing the cache version set by the server. -List of nodes whose values do not match their expected values as specified in /NodeID/ExpectedValue. +List of nodes whose values don't match their expected values as specified in /NodeID/ExpectedValue. @@ -563,7 +563,7 @@ List of nodes whose values do not match their expected values as specified in /N -XML containing nodes whose values do not match their expected values as specified in /NodeID/ExpectedValue. +XML containing nodes whose values don't match their expected values as specified in /NodeID/ExpectedValue. @@ -641,7 +641,7 @@ Root node for cached nodes. -Information about each cached node is stored under NodeID as specified by the server. This value must not contain a comma. +Information about each cached node is stored under NodeID as specified by the server. This value mustn't contain a comma. diff --git a/windows/client-management/mdm/passportforwork-csp.md b/windows/client-management/mdm/passportforwork-csp.md index b9eec47e30..a56f1e976a 100644 --- a/windows/client-management/mdm/passportforwork-csp.md +++ b/windows/client-management/mdm/passportforwork-csp.md @@ -100,7 +100,7 @@ The following list shows the PassportForWork configuration service provider node -This policy specifies the Tenant ID in the format of a Globally Unique Identifier (GUID) without curly braces ( { , } ), which will be used as part of Windows Hello for Business provisioning and management. +This policy specifies the Tenant ID in the format of a Globally Unique Identifier (GUID) without curly braces `{ }`, which will be used as part of Windows Hello for Business provisioning and management. @@ -180,7 +180,7 @@ Root node for policies. -Do not start Windows Hello provisioning after sign-in. +Don't start Windows Hello provisioning after sign-in. @@ -233,7 +233,7 @@ If the user forgets their PIN, it can be changed to a new PIN using the Windows - If you enable this policy setting, the PIN recovery secret will be stored on the device and the user will be able to change to a new PIN in case their PIN is forgotten. -- If you disable or do not configure this policy setting, the PIN recovery secret will not be created or stored. If the user's PIN is forgotten, the only way to get a new PIN is by deleting the existing PIN and creating a new one, which will require the user to re-register with any services the old PIN provided access to. +- If you disable or don't configure this policy setting, the PIN recovery secret won't be created or stored. If the user's PIN is forgotten, the only way to get a new PIN is by deleting the existing PIN and creating a new one, which will require the user to re-register with any services the old PIN provided access to. @@ -327,7 +327,7 @@ Some Trusted Platform Modules (TPMs) are only compliant with the older 1.2 revis - If you enable this policy setting, TPM revision 1.2 modules will be disallowed from being used with Windows Hello for Business. -- If you disable or do not configure this policy setting, TPM revision 1.2 modules will be allowed to be used with Windows Hello for Business. +- If you disable or don't configure this policy setting, TPM revision 1.2 modules will be allowed to be used with Windows Hello for Business. @@ -421,7 +421,7 @@ A value of 1 corresponds to "Required." If you configure this policy setting to A value of 2 corresponds to "Disallow." If you configure this policy setting to 2, Windows Hello for Business prevents users from using digits in their PIN. -If you do not configure this policy setting, Windows Hello for Business requires users to use digits in their PIN. +If you don't configure this policy setting, Windows Hello for Business requires users to use digits in their PIN. @@ -471,7 +471,7 @@ If you do not configure this policy setting, Windows Hello for Business requires -This policy specifies when the PIN expires (in days). Valid values are 0 to 730 inclusive. If this policy is set to 0, then PINs do not expire. +This policy specifies when the PIN expires (in days). Valid values are 0 to 730 inclusive. If this policy is set to 0, then PINs don't expire. @@ -512,7 +512,7 @@ This policy specifies when the PIN expires (in days). Valid values are 0 to 730 -This policy specifies the number of past PINs that can be stored in the history that can't be used. Valid values are 0 to 50 inclusive. If this policy is set to 0, then storage of previous PINs is not required. PIN history is not preserved through PIN reset. +This policy specifies the number of past PINs that can be stored in the history that can't be used. Valid values are 0 to 50 inclusive. If this policy is set to 0, then storage of previous PINs isn't required. PIN history isn't preserved through PIN reset. @@ -559,7 +559,7 @@ A value of 1 corresponds to "Required." If you configure this policy setting to A value of 2 corresponds to "Disallow." If you configure this policy setting to 2, Windows Hello for Business prevents users from using lowercase letters in their PIN. -If you do not configure this policy setting, Windows Hello for Business does not allow users to use lowercase letters in their PIN. +If you don't configure this policy setting, Windows Hello for Business doesn't allow users to use lowercase letters in their PIN. @@ -613,10 +613,10 @@ Maximum PIN length configures the maximum number of characters allowed for the P - If you configure this policy setting, the PIN length must be less than or equal to this number. -- If you do not configure this policy setting, the PIN length must be less than or equal to 127. +- If you don't configure this policy setting, the PIN length must be less than or equal to 127. > [!NOTE] -> If the above specified conditions for the maximum PIN length are not met, default values will be used for both the maximum and minimum PIN lengths. +> If the above specified conditions for the maximum PIN length aren't met, default values will be used for both the maximum and minimum PIN lengths. @@ -661,10 +661,10 @@ Minimum PIN length configures the minimum number of characters required for the - If you configure this policy setting, the PIN length must be greater than or equal to this number. -- If you do not configure this policy setting, the PIN length must be greater than or equal to 4. +- If you don't configure this policy setting, the PIN length must be greater than or equal to 4. > [!NOTE] -> If the above specified conditions for the minimum PIN length are not met, default values will be used for both the maximum and minimum PIN lengths. +> If the above specified conditions for the minimum PIN length aren't met, default values will be used for both the maximum and minimum PIN lengths. @@ -711,7 +711,7 @@ A value of 1 corresponds to "Required." If you configure this policy setting to A value of 2 corresponds to "Disallow." If you configure this policy setting to 2, Windows Hello for Business prevents users from using special characters in their PIN. -If you do not configure this policy setting, Windows Hello for Business does not allow users to use special characters in their PIN. +If you don't configure this policy setting, Windows Hello for Business doesn't allow users to use special characters in their PIN. @@ -767,7 +767,7 @@ A value of 1 corresponds to "Required." If you configure this policy setting to A value of 2 corresponds to "Disallow." If you configure this policy setting to 2, Windows Hello for Business prevents users from using uppercase letters in their PIN. -If you do not configure this policy setting, Windows Hello for Business does not allow users to use uppercase letters in their PIN. +If you don't configure this policy setting, Windows Hello for Business doesn't allow users to use uppercase letters in their PIN. @@ -861,7 +861,7 @@ Boolean that specifies if phone sign-in can be used with a device. Phone sign-in Default value is false. - If you enable this setting, a desktop device will allow a registered, companion device to be used as an authentication factor. -- If you disable this setting, a companion device cannot be used in desktop authentication scenarios. +- If you disable this setting, a companion device can't be used in desktop authentication scenarios. @@ -912,11 +912,11 @@ Default value is false. -A Trusted Platform Module (TPM) provides additional security benefits over software because data stored within it cannot be used on other devices. +A Trusted Platform Module (TPM) provides additional security benefits over software because data stored within it can't be used on other devices. - If you enable this policy setting, only devices with a usable TPM provision Windows Hello for Business. -- If you disable or do not configure this policy setting, the TPM is still preferred, but all devices provision Windows Hello for Business using software if the TPM is non-functional or unavailable. +- If you disable or don't configure this policy setting, the TPM is still preferred, but all devices provision Windows Hello for Business using software if the TPM is non-functional or unavailable. @@ -969,7 +969,7 @@ Windows Hello for Business can use certificates to authenticate to on-premise re - If you enable this policy setting, Windows Hello for Business will wait until the device has received a certificate payload from the mobile device management server before provisioning a PIN. -- If you disable or do not configure this policy setting, the PIN will be provisioned when the user logs in, without waiting for a certificate payload. +- If you disable or don't configure this policy setting, the PIN will be provisioned when the user logs in, without waiting for a certificate payload. @@ -1022,7 +1022,7 @@ Boolean value that enables Windows Hello for Business to use Azure AD Kerberos t - If you enable this policy setting, Windows Hello for Business will use an Azure AD Kerberos ticket to authenticate to on-premises resources. The Azure AD Kerberos ticket is returned to the client after a successful authentication to Azure AD if Azure AD Kerberos is enabled for the tenant and domain. -- If you disable or do not configure this policy setting, Windows Hello for Business will use a key or certificate to authenticate to on-premises resources. +- If you disable or don't configure this policy setting, Windows Hello for Business will use a key or certificate to authenticate to on-premises resources. @@ -1074,7 +1074,7 @@ Boolean value that enables Windows Hello for Business to use Azure AD Kerberos t - If you enable this policy setting, applications use Windows Hello for Business certificates as smart card certificates. Biometric factors are unavailable when a user is asked to authorize the use of the certificate's private key. This policy setting is designed to allow compatibility with applications that rely exclusively on smart card certificates. -- If you disable or do not configure this policy setting, applications do not use Windows Hello for Business certificates as smart card certificates, and biometric factors are available when a user is asked to authorize the use of the certificate's private key. +- If you disable or don't configure this policy setting, applications don't use Windows Hello for Business certificates as smart card certificates, and biometric factors are available when a user is asked to authorize the use of the certificate's private key. Windows requires a user to lock and unlock their session after changing this setting if the user is currently signed in. @@ -1127,9 +1127,9 @@ Windows requires a user to lock and unlock their session after changing this set Windows Hello for Business is an alternative method for signing into Windows using your Active Directory or Azure Active Directory account that can replace passwords, Smart Cards, and Virtual Smart Cards. -- If you enable or do not configure this policy setting, the device provisions Windows Hello for Business for all users. +- If you enable or don't configure this policy setting, the device provisions Windows Hello for Business for all users. -- If you disable this policy setting, the device does not provision Windows Hello for Business for any user. +- If you disable this policy setting, the device doesn't provision Windows Hello for Business for any user. @@ -1217,7 +1217,7 @@ Root node for biometrics policies. -Enhanced Sign-in Security (ESS) isolates both biometric template data and matching operations to trusted hardware or specified memory regions, meaning the rest of the operating system cannot access or tamper with them. Because the channel of communication between the sensors and the algorithm is also secured, it is impossible for malware to inject or replay data in order to simulate a user signing in or to lock a user out of their machine. +Enhanced Sign-in Security (ESS) isolates both biometric template data and matching operations to trusted hardware or specified memory regions, meaning the rest of the operating system can't access or tamper with them. Because the channel of communication between the sensors and the algorithm is also secured, it's impossible for malware to inject or replay data in order to simulate a user signing in or to lock a user out of their machine. @@ -1277,11 +1277,11 @@ Enhanced Sign-in Security (ESS) isolates both biometric template data and matchi This setting determines whether enhanced anti-spoofing is required for Windows Hello face authentication. -- If you enable this setting, Windows requires all users on managed devices to use enhanced anti-spoofing for Windows Hello face authentication. This disables Windows Hello face authentication on devices that do not support enhanced anti-spoofing. +- If you enable this setting, Windows requires all users on managed devices to use enhanced anti-spoofing for Windows Hello face authentication. This disables Windows Hello face authentication on devices that don't support enhanced anti-spoofing. -- If you disable or do not configure this setting, Windows doesn't require enhanced anti-spoofing for Windows Hello face authentication. +- If you disable or don't configure this setting, Windows doesn't require enhanced anti-spoofing for Windows Hello face authentication. -Note that enhanced anti-spoofing for Windows Hello face authentication is not required on unmanaged devices. +Note that enhanced anti-spoofing for Windows Hello face authentication isn't required on unmanaged devices. @@ -1334,7 +1334,7 @@ Note that enhanced anti-spoofing for Windows Hello face authentication is not re Windows Hello for Business enables users to use biometric gestures, such as face and fingerprints, as an alternative to the PIN gesture. However, users must still configure a PIN to use in case of failures. -- If you enable or do not configure this policy setting, Windows Hello for Business allows the use of biometric gestures. +- If you enable or don't configure this policy setting, Windows Hello for Business allows the use of biometric gestures. - If you disable this policy setting, Windows Hello for Business prevents the use of biometric gestures. @@ -1714,7 +1714,7 @@ Security Key. -Use security key for signin. 0 is disabled. 1 is enable. If you do not configure this policy setting, the default is disabled. +Use security key for signin. 0 is disabled. 1 is enable. If you don't configure this policy setting, the default is disabled. @@ -1771,7 +1771,7 @@ THIS NODE IS DEPRECATED AND WILL BE REMOVED IN A FUTURE VERSION. PLEASE USE Biom Windows Hello for Business enables users to use biometric gestures, such as face and fingerprints, as an alternative to the PIN gesture. However, users must still configure a PIN to use in case of failures. -- If you enable or do not configure this policy setting, Windows Hello for Business allows the use of biometric gestures. +- If you enable or don't configure this policy setting, Windows Hello for Business allows the use of biometric gestures. - If you disable this policy setting, Windows Hello for Business prevents the use of biometric gestures. @@ -1825,7 +1825,7 @@ Windows Hello for Business enables users to use biometric gestures, such as face -This policy specifies the Tenant ID in the format of a Globally Unique Identifier (GUID) without curly braces ( { , } ), which will be used as part of Windows Hello for Business provisioning and management. +This policy specifies the Tenant ID in the format of a Globally Unique Identifier (GUID) without curly braces `{ }`, which will be used as part of Windows Hello for Business provisioning and management. @@ -1909,7 +1909,7 @@ If the user forgets their PIN, it can be changed to a new PIN using the Windows - If you enable this policy setting, the PIN recovery secret will be stored on the device and the user will be able to change to a new PIN in case their PIN is forgotten. -- If you disable or do not configure this policy setting, the PIN recovery secret will not be created or stored. If the user's PIN is forgotten, the only way to get a new PIN is by deleting the existing PIN and creating a new one, which will require the user to re-register with any services the old PIN provided access to. +- If you disable or don't configure this policy setting, the PIN recovery secret won't be created or stored. If the user's PIN is forgotten, the only way to get a new PIN is by deleting the existing PIN and creating a new one, which will require the user to re-register with any services the old PIN provided access to. @@ -2003,7 +2003,7 @@ A value of 1 corresponds to "Required." If you configure this policy setting to A value of 2 corresponds to "Disallow." If you configure this policy setting to 2, Windows Hello for Business prevents users from using digits in their PIN. -If you do not configure this policy setting, Windows Hello for Business requires users to use digits in their PIN. +If you don't configure this policy setting, Windows Hello for Business requires users to use digits in their PIN. @@ -2053,7 +2053,7 @@ If you do not configure this policy setting, Windows Hello for Business requires -This policy specifies when the PIN expires (in days). Valid values are 0 to 730 inclusive. If this policy is set to 0, then PINs do not expire. +This policy specifies when the PIN expires (in days). Valid values are 0 to 730 inclusive. If this policy is set to 0, then PINs don't expire. @@ -2094,7 +2094,7 @@ This policy specifies when the PIN expires (in days). Valid values are 0 to 730 -This policy specifies the number of past PINs that can be stored in the history that can't be used. Valid values are 0 to 50 inclusive. If this policy is set to 0, then storage of previous PINs is not required. PIN history is not preserved through PIN reset. +This policy specifies the number of past PINs that can be stored in the history that can't be used. Valid values are 0 to 50 inclusive. If this policy is set to 0, then storage of previous PINs isn't required. PIN history isn't preserved through PIN reset. @@ -2141,7 +2141,7 @@ A value of 1 corresponds to "Required." If you configure this policy setting to A value of 2 corresponds to "Disallow." If you configure this policy setting to 2, Windows Hello for Business prevents users from using lowercase letters in their PIN. -If you do not configure this policy setting, Windows Hello for Business does not allow users to use lowercase letters in their PIN. +If you don't configure this policy setting, Windows Hello for Business doesn't allow users to use lowercase letters in their PIN. @@ -2195,10 +2195,10 @@ Maximum PIN length configures the maximum number of characters allowed for the P - If you configure this policy setting, the PIN length must be less than or equal to this number. -- If you do not configure this policy setting, the PIN length must be less than or equal to 127. +- If you don't configure this policy setting, the PIN length must be less than or equal to 127. > [!NOTE] -> If the above specified conditions for the maximum PIN length are not met, default values will be used for both the maximum and minimum PIN lengths. +> If the above specified conditions for the maximum PIN length aren't met, default values will be used for both the maximum and minimum PIN lengths. @@ -2243,10 +2243,10 @@ Minimum PIN length configures the minimum number of characters required for the - If you configure this policy setting, the PIN length must be greater than or equal to this number. -- If you do not configure this policy setting, the PIN length must be greater than or equal to 4. +- If you don't configure this policy setting, the PIN length must be greater than or equal to 4. > [!NOTE] -> If the above specified conditions for the minimum PIN length are not met, default values will be used for both the maximum and minimum PIN lengths. +> If the above specified conditions for the minimum PIN length aren't met, default values will be used for both the maximum and minimum PIN lengths. @@ -2293,7 +2293,7 @@ A value of 1 corresponds to "Required." If you configure this policy setting to A value of 2 corresponds to "Disallow." If you configure this policy setting to 2, Windows Hello for Business prevents users from using special characters in their PIN. -If you do not configure this policy setting, Windows Hello for Business does not allow users to use special characters in their PIN. +If you don't configure this policy setting, Windows Hello for Business doesn't allow users to use special characters in their PIN. @@ -2349,7 +2349,7 @@ A value of 1 corresponds to "Required." If you configure this policy setting to A value of 2 corresponds to "Disallow." If you configure this policy setting to 2, Windows Hello for Business prevents users from using uppercase letters in their PIN. -If you do not configure this policy setting, Windows Hello for Business does not allow users to use uppercase letters in their PIN. +If you don't configure this policy setting, Windows Hello for Business doesn't allow users to use uppercase letters in their PIN. @@ -2399,11 +2399,11 @@ If you do not configure this policy setting, Windows Hello for Business does not -A Trusted Platform Module (TPM) provides additional security benefits over software because data stored within it cannot be used on other devices. +A Trusted Platform Module (TPM) provides additional security benefits over software because data stored within it can't be used on other devices. - If you enable this policy setting, only devices with a usable TPM provision Windows Hello for Business. -- If you disable or do not configure this policy setting, the TPM is still preferred, but all devices provision Windows Hello for Business using software if the TPM is non-functional or unavailable. +- If you disable or don't configure this policy setting, the TPM is still preferred, but all devices provision Windows Hello for Business using software if the TPM is non-functional or unavailable. @@ -2454,9 +2454,9 @@ A Trusted Platform Module (TPM) provides additional security benefits over softw Windows Hello for Business is an alternative method for signing into Windows using your Active Directory or Azure Active Directory account that can replace passwords, Smart Cards, and Virtual Smart Cards. -- If you enable or do not configure this policy setting, the device provisions Windows Hello for Business for all users. +- If you enable or don't configure this policy setting, the device provisions Windows Hello for Business for all users. -- If you disable this policy setting, the device does not provision Windows Hello for Business for any user. +- If you disable this policy setting, the device doesn't provision Windows Hello for Business for any user. diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index ec88461097..47182cc12f 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -130,7 +130,7 @@ Node for grouping all policies configured by one source. The configuration sourc -The area group that can be configured by a single technology for a single provider. Once added, you cannot change the value. See the individual Area DDFs for Policy CSP for a list of Areas that can be configured. +The area group that can be configured by a single technology for a single provider. Once added, you can't change the value. See the individual Area DDFs for Policy CSP for a list of Areas that can be configured. @@ -257,7 +257,7 @@ The root node for grouping different configuration operations. -Allows settings for ADMX files for Win32 and Desktop Bridge apps to be imported (ingested) by your device and processed into new ADMX-backed policies or preferences. By using ADMXInstall, you can add ADMX-backed policies for those Win32 or Desktop Bridge apps that have been added between OS releases. ADMX-backed policies are ingested to your device by using the Policy CSP URI: ./Vendor/MSFT/Policy/ConfigOperations/ADMXInstall. Each ADMX-backed policy or preference that is added is assigned a unique ID. ADMX files that have been installed by using ConfigOperations/ADMXInstall can later be deleted by using the URI delete operation. Deleting an ADMX file will delete the ADMX file from disk, remove the metadata from the ADMXdefault registry hive, and delete all the policies that were set from the file. The MDM server can also delete all ADMX policies that are tied to a particular app by calling delete on the URI, ./Vendor/MSFT/Policy/ConfigOperations/ADMXInstall/{AppName}. +Allows settings for ADMX files for Win32 and Desktop Bridge apps to be imported (ingested) by your device and processed into new ADMX-backed policies or preferences. By using ADMXInstall, you can add ADMX-backed policies for those Win32 or Desktop Bridge apps that have been added between OS releases. ADMX-backed policies are ingested to your device by using the Policy CSP URI: ./Vendor/MSFT/Policy/ConfigOperations/ADMXInstall. Each ADMX-backed policy or preference that's added is assigned a unique ID. ADMX files that have been installed by using ConfigOperations/ADMXInstall can later be deleted by using the URI delete operation. Deleting an ADMX file will delete the ADMX file from disk, remove the metadata from the ADMXdefault registry hive, and delete all the policies that were set from the file. The MDM server can also delete all ADMX policies that are tied to a particular app by calling delete on the URI, ./Vendor/MSFT/Policy/ConfigOperations/ADMXInstall/{AppName}. @@ -736,7 +736,7 @@ Node for grouping all policies configured by one source. The configuration sourc -The area group that can be configured by a single technology for a single provider. Once added, you cannot change the value. See the individual Area DDFs for Policy CSP for a list of Areas that can be configured. +The area group that can be configured by a single technology for a single provider. Once added, you can't change the value. See the individual Area DDFs for Policy CSP for a list of Areas that can be configured. diff --git a/windows/client-management/mdm/policy-csp-accounts.md b/windows/client-management/mdm/policy-csp-accounts.md index ff1c2283b4..fb9305bfb2 100644 --- a/windows/client-management/mdm/policy-csp-accounts.md +++ b/windows/client-management/mdm/policy-csp-accounts.md @@ -141,10 +141,10 @@ Specifies whether the user is allowed to use an MSA account for non-email relate Allows IT Admins the ability to disable the Microsoft Account Sign-In Assistant (wlidsvc) NT service. > [!NOTE] -> If the MSA service is disabled, Windows Update will no longer offer feature updates to devices running Windows 10 1709 or higher. See Feature updates are not being offered while other updates are. +> If the MSA service is disabled, Windows Update will no longer offer feature updates to devices running Windows 10 1709 or higher. See Feature updates aren't being offered while other updates are. > [!NOTE] -> If the MSA service is disabled, the Subscription Activation feature will not work properly and your users will not be able to "step-up" from Windows 10 Pro to Windows 10 Enterprise, because the MSA ticket for license authentication cannot be generated. The machine will remain on Windows 10 Pro and no error will be displayed in the Activation Settings app. +> If the MSA service is disabled, the Subscription Activation feature won't work properly and your users won't be able to "step-up" from Windows 10 Pro to Windows 10 Enterprise, because the MSA ticket for license authentication can't be generated. The machine will remain on Windows 10 Pro and no error will be displayed in the Activation Settings app. @@ -254,7 +254,7 @@ Most restricted value is 1. | Value | Description | |:--|:--| -| 0 (Default) | Allow both device and user authentication. Do not block user authentication. | +| 0 (Default) | Allow both device and user authentication. Don't block user authentication. | | 1 | Only allow device authentication. Block user authentication. | diff --git a/windows/client-management/mdm/policy-csp-activexcontrols.md b/windows/client-management/mdm/policy-csp-activexcontrols.md index 35349050a0..f392d1166b 100644 --- a/windows/client-management/mdm/policy-csp-activexcontrols.md +++ b/windows/client-management/mdm/policy-csp-activexcontrols.md @@ -43,10 +43,10 @@ This policy setting determines which ActiveX installation sites standard users i - If you enable this setting, the administrator can create a list of approved ActiveX Install sites specified by host URL. -- If you disable or do not configure this policy setting, ActiveX controls prompt the user for administrative credentials before installation. +- If you disable or don't configure this policy setting, ActiveX controls prompt the user for administrative credentials before installation. > [!NOTE] -> Wild card characters cannot be used when specifying the host URLs. +> Wild card characters can't be used when specifying the host URLs. diff --git a/windows/client-management/mdm/policy-csp-admx-activexinstallservice.md b/windows/client-management/mdm/policy-csp-admx-activexinstallservice.md index e4e8dab7ca..bfdb343427 100644 --- a/windows/client-management/mdm/policy-csp-admx-activexinstallservice.md +++ b/windows/client-management/mdm/policy-csp-admx-activexinstallservice.md @@ -43,7 +43,7 @@ This policy setting controls the installation of ActiveX controls for sites in T - If you enable this policy setting, ActiveX controls are installed according to the settings defined by this policy setting. -- If you disable or do not configure this policy setting, ActiveX controls prompt the user before installation. +- If you disable or don't configure this policy setting, ActiveX controls prompt the user before installation. If the trusted site uses the HTTPS protocol, this policy setting can also control how ActiveX Installer Service responds to certificate errors. By default all HTTPS connections must supply a server certificate that passes all validation criteria. If you are aware that a trusted site has a certificate error but you want to trust it anyway you can select the certificate errors that you want to ignore. diff --git a/windows/client-management/mdm/policy-csp-admx-addremoveprograms.md b/windows/client-management/mdm/policy-csp-admx-addremoveprograms.md index 1bac16752b..285f7a332a 100644 --- a/windows/client-management/mdm/policy-csp-admx-addremoveprograms.md +++ b/windows/client-management/mdm/policy-csp-admx-addremoveprograms.md @@ -43,11 +43,11 @@ Specifies the category of programs that appears when users open the "Add New Pro - If you enable this setting, only the programs in the category you specify are displayed when the "Add New Programs" page opens. Users can use the Category box on the "Add New Programs" page to display programs in other categories. -To use this setting, type the name of a category in the Category box for this setting. You must enter a category that is already defined in Add or Remove Programs. To define a category, use Software Installation. +To use this setting, type the name of a category in the Category box for this setting. You must enter a category that's already defined in Add or Remove Programs. To define a category, use Software Installation. -- If you disable this setting or do not configure it, all programs (Category: All) are displayed when the "Add New Programs" page opens. +- If you disable this setting or don't configure it, all programs (Category: All) are displayed when the "Add New Programs" page opens. -You can use this setting to direct users to the programs they are most likely to need. +You can use this setting to direct users to the programs they're most likely to need. > [!NOTE] > This setting is ignored if either the "Remove Add or Remove Programs" setting or the "Hide Add New Programs page" setting is enabled. @@ -106,12 +106,12 @@ You can use this setting to direct users to the programs they are most likely to Removes the "Add a program from CD-ROM or floppy disk" section from the Add New Programs page. This prevents users from using Add or Remove Programs to install programs from removable media. -If you disable this setting or do not configure it, the "Add a program from CD-ROM or floppy disk" option is available to all users. +If you disable this setting or don't configure it, the "Add a program from CD-ROM or floppy disk" option is available to all users. -This setting does not prevent users from using other tools and methods to add or remove program components. +This setting doesn't prevent users from using other tools and methods to add or remove program components. > [!NOTE] -> If the "Hide Add New Programs page" setting is enabled, this setting is ignored. Also, if the "Prevent removable media source for any install" setting (located in User Configuration\Administrative Templates\Windows Components\Windows Installer) is enabled, users cannot add programs from removable media, regardless of this setting. +> If the "Hide Add New Programs page" setting is enabled, this setting is ignored. Also, if the "Prevent removable media source for any install" setting (located in User Configuration\Administrative Templates\Windows Components\Windows Installer) is enabled, users can't add programs from removable media, regardless of this setting. @@ -168,9 +168,9 @@ This setting does not prevent users from using other tools and methods to add or Removes the "Add programs from Microsoft" section from the Add New Programs page. This setting prevents users from using Add or Remove Programs to connect to Windows Update. -If you disable this setting or do not configure it, "Add programs from Microsoft" is available to all users. +If you disable this setting or don't configure it, "Add programs from Microsoft" is available to all users. -This setting does not prevent users from using other tools and methods to connect to Windows Update. +This setting doesn't prevent users from using other tools and methods to connect to Windows Update. > [!NOTE] > If the "Hide Add New Programs page" setting is enabled, this setting is ignored. @@ -234,9 +234,9 @@ This setting removes the "Add programs from your network" section from the Add N Published programs are those programs that the system administrator has explicitly made available to the user with a tool such as Windows Installer. Typically, system administrators publish programs to notify users that the programs are available, to recommend their use, or to enable users to install them without having to search for installation files. -- If you enable this setting, users cannot tell which programs have been published by the system administrator, and they cannot use Add or Remove Programs to install published programs. However, they can still install programs by using other methods, and they can view and install assigned (partially installed) programs that are offered on the desktop or on the Start menu. +- If you enable this setting, users can't tell which programs have been published by the system administrator, and they can't use Add or Remove Programs to install published programs. However, they can still install programs by using other methods, and they can view and install assigned (partially installed) programs that are offered on the desktop or on the Start menu. -- If you disable this setting or do not configure it, "Add programs from your network" is available to all users. +- If you disable this setting or don't configure it, "Add programs from your network" is available to all users. > [!NOTE] > If the "Hide Add New Programs page" setting is enabled, this setting is ignored. @@ -294,13 +294,13 @@ Published programs are those programs that the system administrator has explicit -Removes the Add New Programs button from the Add or Remove Programs bar. As a result, users cannot view or change the attached page. +Removes the Add New Programs button from the Add or Remove Programs bar. As a result, users can't view or change the attached page. The Add New Programs button lets users install programs published or assigned by a system administrator. -If you disable this setting or do not configure it, the Add New Programs button is available to all users. +If you disable this setting or don't configure it, the Add New Programs button is available to all users. -This setting does not prevent users from using other tools and methods to install programs. +This setting doesn't prevent users from using other tools and methods to install programs. @@ -361,11 +361,11 @@ This setting removes Add or Remove Programs from Control Panel and removes the A Add or Remove Programs lets users install, uninstall, repair, add, and remove features and components of Windows 2000 Professional and a wide variety of Windows programs. Programs published or assigned to the user appear in Add or Remove Programs. -If you disable this setting or do not configure it, Add or Remove Programs is available to all users. +If you disable this setting or don't configure it, Add or Remove Programs is available to all users. When enabled, this setting takes precedence over the other settings in this folder. -This setting does not prevent users from using other tools and methods to install or uninstall programs. +This setting doesn't prevent users from using other tools and methods to install or uninstall programs. @@ -420,15 +420,15 @@ This setting does not prevent users from using other tools and methods to instal -Removes the Set Program Access and Defaults button from the Add or Remove Programs bar. As a result, users cannot view or change the associated page. +Removes the Set Program Access and Defaults button from the Add or Remove Programs bar. As a result, users can't view or change the associated page. The Set Program Access and Defaults button lets administrators specify default programs for certain activities, such as Web browsing or sending e-mail, as well as which programs are accessible from the Start menu, desktop, and other locations. -If you disable this setting or do not configure it, the Set Program Access and Defaults button is available to all users. +If you disable this setting or don't configure it, the Set Program Access and Defaults button is available to all users. -This setting does not prevent users from using other tools and methods to change program access or defaults. +This setting doesn't prevent users from using other tools and methods to change program access or defaults. -This setting does not prevent the Set Program Access and Defaults icon from appearing on the Start menu. See the "Remove Set Program Access and Defaults from Start menu" setting. +This setting doesn't prevent the Set Program Access and Defaults icon from appearing on the Start menu. See the "Remove Set Program Access and Defaults from Start menu" setting. @@ -483,13 +483,13 @@ This setting does not prevent the Set Program Access and Defaults icon from appe -Removes the Change or Remove Programs button from the Add or Remove Programs bar. As a result, users cannot view or change the attached page. +Removes the Change or Remove Programs button from the Add or Remove Programs bar. As a result, users can't view or change the attached page. The Change or Remove Programs button lets users uninstall, repair, add, or remove features of installed programs. -If you disable this setting or do not configure it, the Change or Remove Programs page is available to all users. +If you disable this setting or don't configure it, the Change or Remove Programs page is available to all users. -This setting does not prevent users from using other tools and methods to delete or uninstall programs. +This setting doesn't prevent users from using other tools and methods to delete or uninstall programs. @@ -546,16 +546,16 @@ This setting does not prevent users from using other tools and methods to delete Prevents users from using Add or Remove Programs to configure installed services. -This setting removes the "Set up services" section of the Add/Remove Windows Components page. The "Set up services" section lists system services that have not been configured and offers users easy access to the configuration tools. +This setting removes the "Set up services" section of the Add/Remove Windows Components page. The "Set up services" section lists system services that haven't been configured and offers users easy access to the configuration tools. -- If you disable this setting or do not configure it, "Set up services" appears only when there are unconfigured system services. +- If you disable this setting or don't configure it, "Set up services" appears only when there are unconfigured system services. - If you enable this setting, "Set up services" never appears. -This setting does not prevent users from using other methods to configure services. +This setting doesn't prevent users from using other methods to configure services. > [!NOTE] -> When "Set up services" does not appear, clicking the Add/Remove Windows Components button starts the Windows Component Wizard immediately. Because the only remaining option on the Add/Remove Windows Components page starts the wizard, that option is selected automatically, and the page is bypassed. +> When "Set up services" doesn't appear, clicking the Add/Remove Windows Components button starts the Windows Component Wizard immediately. Because the only remaining option on the Add/Remove Windows Components page starts the wizard, that option is selected automatically, and the page is bypassed. To remove "Set up services" and prevent the Windows Component Wizard from starting, enable the "Hide Add/Remove Windows Components page" setting. If the "Hide Add/Remove Windows Components page" setting is enabled, this setting is ignored. @@ -616,7 +616,7 @@ Removes links to the Support Info dialog box from programs on the Change or Remo Programs listed on the Change or Remove Programs page can include a "Click here for support information" hyperlink. When clicked, the hyperlink opens a dialog box that displays troubleshooting information, including a link to the installation files and data that users need to obtain product support, such as the Product ID and version number of the program. The dialog box also includes a hyperlink to support information on the Internet, such as the Microsoft Product Support Services Web page. -If you disable this setting or do not configure it, the Support Info hyperlink appears. +If you disable this setting or don't configure it, the Support Info hyperlink appears. > [!NOTE] > Not all programs provide a support information hyperlink. @@ -674,13 +674,13 @@ If you disable this setting or do not configure it, the Support Info hyperlink a -Removes the Add/Remove Windows Components button from the Add or Remove Programs bar. As a result, users cannot view or change the associated page. +Removes the Add/Remove Windows Components button from the Add or Remove Programs bar. As a result, users can't view or change the associated page. The Add/Remove Windows Components button lets users configure installed services and use the Windows Component Wizard to add, remove, and configure components of Windows from the installation files. -If you disable this setting or do not configure it, the Add/Remove Windows Components button is available to all users. +If you disable this setting or don't configure it, the Add/Remove Windows Components button is available to all users. -This setting does not prevent users from using other tools and methods to configure services or add or remove program components. However, this setting blocks user access to the Windows Component Wizard. +This setting doesn't prevent users from using other tools and methods to configure services or add or remove program components. However, this setting blocks user access to the Windows Component Wizard. diff --git a/windows/client-management/mdm/policy-csp-admx-appcompat.md b/windows/client-management/mdm/policy-csp-admx-appcompat.md index f102251f4a..5e55ec1de2 100644 --- a/windows/client-management/mdm/policy-csp-admx-appcompat.md +++ b/windows/client-management/mdm/policy-csp-admx-appcompat.md @@ -43,7 +43,7 @@ Specifies whether to prevent the MS-DOS subsystem (ntvdm.exe) from running on th You can use this setting to turn off the MS-DOS subsystem, which will reduce resource usage and prevent users from running 16-bit applications. To run any 16-bit application or any application with 16-bit components, ntvdm.exe must be allowed to run. The MS-DOS subsystem starts when the first 16-bit application is launched. While the MS-DOS subsystem is running, any subsequent 16-bit applications launch faster, but overall resource usage on the system is increased. -If the status is set to Enabled, the MS-DOS subsystem is prevented from running, which then prevents any 16-bit applications from running. In addition, any 32-bit applications with 16-bit installers or other 16-bit components cannot run. +If the status is set to Enabled, the MS-DOS subsystem is prevented from running, which then prevents any 16-bit applications from running. In addition, any 32-bit applications with 16-bit installers or other 16-bit components can't run. If the status is set to Disabled, the MS-DOS subsystem runs for all users on this computer. @@ -107,7 +107,7 @@ If the status is set to Not Configured, the OS falls back on a local policy set This policy controls the visibility of the Program Compatibility property page shell extension. This shell extension is visible on the property context-menu of any program shortcut or executable file. -The compatibility property page displays a list of options that can be selected and applied to the application to resolve the most common issues affecting legacy applications. Enabling this policy setting removes the property page from the context-menus, but does not affect previous compatibility settings applied to application using this interface. +The compatibility property page displays a list of options that can be selected and applied to the application to resolve the most common issues affecting legacy applications. Enabling this policy setting removes the property page from the context-menus, but doesn't affect previous compatibility settings applied to application using this interface. @@ -229,11 +229,11 @@ This policy controls the state of the application compatibility engine in the sy The engine is part of the loader and looks through a compatibility database every time an application is started on the system. If a match for the application is found it provides either run-time solutions or compatibility fixes, or displays an Application Help message if the application has a know problem. -Turning off the application compatibility engine will boost system performance. However, this will degrade the compatibility of many popular legacy applications, and will not block known incompatible applications from installing. (For Instance: This may result in a blue screen if an old anti-virus application is installed.) +Turning off the application compatibility engine will boost system performance. However, this will degrade the compatibility of many popular legacy applications, and won't block known incompatible applications from installing. (For Instance: This may result in a blue screen if an old anti-virus application is installed.) -The Windows Resource Protection and User Account Control features of Windows use the application compatibility engine to provide mitigations for application problems. If the engine is turned off, these mitigations will not be applied to applications and their installers and these applications may fail to install or run properly. +The Windows Resource Protection and User Account Control features of Windows use the application compatibility engine to provide mitigations for application problems. If the engine is turned off, these mitigations won't be applied to applications and their installers and these applications may fail to install or run properly. -This option is useful to server administrators who require faster performance and are aware of the compatibility of the applications they are using. It is particularly useful for a web server where applications may be launched several hundred times a second, and the performance of the loader is essential. +This option is useful to server administrators who require faster performance and are aware of the compatibility of the applications they're using. It's particularly useful for a web server where applications may be launched several hundred times a second, and the performance of the loader is essential. > [!NOTE] > Many system processes cache the value of this setting for performance reasons. If you make changes to this setting, please reboot to ensure that your system accurately reflects those changes. @@ -291,7 +291,7 @@ This option is useful to server administrators who require faster performance an -This setting exists only for backward compatibility, and is not valid for this version of Windows. To configure the Program Compatibility Assistant, use the 'Turn off Program Compatibility Assistant' setting under Computer Configuration\Administrative Templates\Windows Components\Application Compatibility. +This setting exists only for backward compatibility, and isn't valid for this version of Windows. To configure the Program Compatibility Assistant, use the 'Turn off Program Compatibility Assistant' setting under Computer Configuration\Administrative Templates\Windows Components\Application Compatibility. @@ -350,9 +350,9 @@ This policy setting controls the state of the Program Compatibility Assistant (P The PCA monitors applications run by the user. When a potential compatibility issue with an application is detected, the PCA will prompt the user with recommended solutions. To configure the diagnostic settings for the PCA, go to System->Troubleshooting and Diagnostics->Application Compatibility Diagnostics. -- If you enable this policy setting, the PCA will be turned off. The user will not be presented with solutions to known compatibility issues when running applications. Turning off the PCA can be useful for system administrators who require better performance and are already aware of application compatibility issues. +- If you enable this policy setting, the PCA will be turned off. The user won't be presented with solutions to known compatibility issues when running applications. Turning off the PCA can be useful for system administrators who require better performance and are already aware of application compatibility issues. -- If you disable or do not configure this policy setting, the PCA will be turned on. To configure the diagnostic settings for the PCA, go to System->Troubleshooting and Diagnostics->Application Compatibility Diagnostics. +- If you disable or don't configure this policy setting, the PCA will be turned on. To configure the diagnostic settings for the PCA, go to System->Troubleshooting and Diagnostics->Application Compatibility Diagnostics. > [!NOTE] > The Diagnostic Policy Service (DPS) and Program Compatibility Assistant Service must be running for the PCA to run. These services can be configured by using the Services snap-in to the Microsoft Management Console. @@ -414,9 +414,9 @@ This policy setting controls the state of the Inventory Collector. The Inventory Collector inventories applications, files, devices, and drivers on the system and sends the information to Microsoft. This information is used to help diagnose compatibility problems. -- If you enable this policy setting, the Inventory Collector will be turned off and data will not be sent to Microsoft. Collection of installation data through the Program Compatibility Assistant is also disabled. +- If you enable this policy setting, the Inventory Collector will be turned off and data won't be sent to Microsoft. Collection of installation data through the Program Compatibility Assistant is also disabled. -- If you disable or do not configure this policy setting, the Inventory Collector will be turned on. +- If you disable or don't configure this policy setting, the Inventory Collector will be turned on. > [!NOTE] > This policy setting has no effect if the Customer Experience Improvement Program is turned off. The Inventory Collector will be off. @@ -480,9 +480,9 @@ Switchback is a mechanism that provides generic compatibility mitigations to old Switchback is on by default. -- If you enable this policy setting, Switchback will be turned off. Turning Switchback off may degrade the compatibility of older applications. This option is useful for server administrators who require performance and are aware of compatibility of the applications they are using. +- If you enable this policy setting, Switchback will be turned off. Turning Switchback off may degrade the compatibility of older applications. This option is useful for server administrators who require performance and are aware of compatibility of the applications they're using. -- If you disable or do not configure this policy setting, the Switchback will be turned on. +- If you disable or don't configure this policy setting, the Switchback will be turned on. Please reboot the system after changing the setting to ensure that your system accurately reflects those changes. @@ -545,7 +545,7 @@ Steps Recorder keeps a record of steps taken by the user. The data generated by - If you enable this policy setting, Steps Recorder will be disabled. -- If you disable or do not configure this policy setting, Steps Recorder will be enabled. +- If you disable or don't configure this policy setting, Steps Recorder will be enabled. diff --git a/windows/client-management/mdm/policy-csp-admx-appxpackagemanager.md b/windows/client-management/mdm/policy-csp-admx-appxpackagemanager.md index 3150a63469..7fddb59d66 100644 --- a/windows/client-management/mdm/policy-csp-admx-appxpackagemanager.md +++ b/windows/client-management/mdm/policy-csp-admx-appxpackagemanager.md @@ -51,7 +51,7 @@ User profiles for the Guest account and members of the Guests group - If you enable this policy setting, Group Policy allows deployment operations (adding, registering, staging, updating, or removing an app package) of Windows Store apps when using a special profile. -- If you disable or do not configure this policy setting, Group Policy blocks deployment operations of Windows Store apps when using a special profile. +- If you disable or don't configure this policy setting, Group Policy blocks deployment operations of Windows Store apps when using a special profile. diff --git a/windows/client-management/mdm/policy-csp-admx-appxruntime.md b/windows/client-management/mdm/policy-csp-admx-appxruntime.md index 6879ce0186..a2a5bd54c3 100644 --- a/windows/client-management/mdm/policy-csp-admx-appxruntime.md +++ b/windows/client-management/mdm/policy-csp-admx-appxruntime.md @@ -104,9 +104,9 @@ This policy setting lets you turn on Content URI Rules to supplement the static This policy setting lets you control whether Windows Store apps can open files using the default desktop app for a file type. Because desktop apps run at a higher integrity level than Windows Store apps, there is a risk that a Windows Store app might compromise the system by opening a file in the default desktop app for a file type. -- If you enable this policy setting, Windows Store apps cannot open files in the default desktop app for a file type; they can open files only in other Windows Store apps. +- If you enable this policy setting, Windows Store apps can't open files in the default desktop app for a file type; they can open files only in other Windows Store apps. -- If you disable or do not configure this policy setting, Windows Store apps can open files in the default desktop app for a file type. +- If you disable or don't configure this policy setting, Windows Store apps can open files in the default desktop app for a file type. @@ -163,11 +163,11 @@ This policy setting lets you control whether Windows Store apps can open files u This policy setting controls whether Universal Windows apps with Windows Runtime API access directly from web content can be launched. -- If you enable this policy setting, Universal Windows apps which declare Windows Runtime API access in ApplicationContentUriRules section of the manifest cannot be launched; Universal Windows apps which have not declared Windows Runtime API access in the manifest are not affected. +- If you enable this policy setting, Universal Windows apps which declare Windows Runtime API access in ApplicationContentUriRules section of the manifest can't be launched; Universal Windows apps which haven't declared Windows Runtime API access in the manifest aren't affected. -- If you disable or do not configure this policy setting, all Universal Windows apps can be launched. +- If you disable or don't configure this policy setting, all Universal Windows apps can be launched. -This policy should not be enabled unless recommended by Microsoft as a security response because it can cause severe app compatibility issues. +This policy shouldn't be enabled unless recommended by Microsoft as a security response because it can cause severe app compatibility issues. @@ -228,12 +228,12 @@ This policy should not be enabled unless recommended by Microsoft as a security This policy setting lets you control whether Windows Store apps can open URIs using the default desktop app for a URI scheme. Because desktop apps run at a higher integrity level than Windows Store apps, there is a risk that a URI scheme launched by a Windows Store app might compromise the system by launching a desktop app. -- If you enable this policy setting, Windows Store apps cannot open URIs in the default desktop app for a URI scheme; they can open URIs only in other Windows Store apps. +- If you enable this policy setting, Windows Store apps can't open URIs in the default desktop app for a URI scheme; they can open URIs only in other Windows Store apps. -- If you disable or do not configure this policy setting, Windows Store apps can open URIs in the default desktop app for a URI scheme. +- If you disable or don't configure this policy setting, Windows Store apps can open URIs in the default desktop app for a URI scheme. > [!NOTE] -> Enabling this policy setting does not block Windows Store apps from opening the default desktop app for the http, https, and mailto URI schemes. The handlers for these URI schemes are hardened against URI-based vulnerabilities from untrusted sources, reducing the associated risk. +> Enabling this policy setting doesn't block Windows Store apps from opening the default desktop app for the http, https, and mailto URI schemes. The handlers for these URI schemes are hardened against URI-based vulnerabilities from untrusted sources, reducing the associated risk. diff --git a/windows/client-management/mdm/policy-csp-admx-attachmentmanager.md b/windows/client-management/mdm/policy-csp-admx-attachmentmanager.md index bb283b2f0f..4e3c88f316 100644 --- a/windows/client-management/mdm/policy-csp-admx-attachmentmanager.md +++ b/windows/client-management/mdm/policy-csp-admx-attachmentmanager.md @@ -51,7 +51,7 @@ Using both the file handler and type data is the most restrictive option. Window - If you disable this policy setting, Windows uses its default trust logic, which prefers the file handler over the file type. -- If you do not configure this policy setting, Windows uses its default trust logic, which prefers the file handler over the file type. +- If you don't configure this policy setting, Windows uses its default trust logic, which prefers the file handler over the file type. @@ -111,13 +111,13 @@ High Risk: If the attachment is in the list of high-risk file types and is from Moderate Risk: If the attachment is in the list of moderate-risk file types and is from the restricted or Internet zone, Windows prompts the user before accessing the file. -Low Risk: If the attachment is in the list of low-risk file types, Windows will not prompt the user before accessing the file, regardless of the file's zone information. +Low Risk: If the attachment is in the list of low-risk file types, Windows won't prompt the user before accessing the file, regardless of the file's zone information. - If you enable this policy setting, you can specify the default risk level for file types. - If you disable this policy setting, Windows sets the default risk level to moderate. -- If you do not configure this policy setting, Windows sets the default risk level to moderate. +- If you don't configure this policy setting, Windows sets the default risk level to moderate. @@ -177,7 +177,7 @@ This policy setting allows you to configure the list of high-risk file types. If - If you disable this policy setting, Windows uses its built-in list of file types that pose a high risk. -- If you do not configure this policy setting, Windows uses its built-in list of high-risk file types. +- If you don't configure this policy setting, Windows uses its built-in list of high-risk file types. @@ -231,13 +231,13 @@ This policy setting allows you to configure the list of high-risk file types. If -This policy setting allows you to configure the list of low-risk file types. If the attachment is in the list of low-risk file types, Windows will not prompt the user before accessing the file, regardless of the file's zone information. This inclusion list overrides the list of high-risk file types built into Windows and has a lower precedence than the high-risk or medium-risk inclusion lists (where an extension is listed in more than one inclusion list). +This policy setting allows you to configure the list of low-risk file types. If the attachment is in the list of low-risk file types, Windows won't prompt the user before accessing the file, regardless of the file's zone information. This inclusion list overrides the list of high-risk file types built into Windows and has a lower precedence than the high-risk or medium-risk inclusion lists (where an extension is listed in more than one inclusion list). - If you enable this policy setting, you can specify file types that pose a low risk. - If you disable this policy setting, Windows uses its default trust logic. -- If you do not configure this policy setting, Windows uses its default trust logic. +- If you don't configure this policy setting, Windows uses its default trust logic. @@ -297,7 +297,7 @@ This policy setting allows you to configure the list of moderate-risk file types - If you disable this policy setting, Windows uses its default trust logic. -- If you do not configure this policy setting, Windows uses its default trust logic. +- If you don't configure this policy setting, Windows uses its default trust logic. diff --git a/windows/client-management/mdm/policy-csp-admx-auditsettings.md b/windows/client-management/mdm/policy-csp-admx-auditsettings.md index c539a033db..f4093a84c0 100644 --- a/windows/client-management/mdm/policy-csp-admx-auditsettings.md +++ b/windows/client-management/mdm/policy-csp-admx-auditsettings.md @@ -45,7 +45,7 @@ This setting only applies when the Audit Process Creation policy is enabled. - If you enable this policy setting the command line information for every process will be logged in plain text in the security event log as part of the Audit Process Creation event 4688, "a new process has been created," on the workstations and servers on which this policy setting is applied. -- If you disable or do not configure this policy setting, the process's command line information will not be included in Audit Process Creation events. +- If you disable or don't configure this policy setting, the process's command line information won't be included in Audit Process Creation events. Default: Not configured diff --git a/windows/client-management/mdm/policy-csp-admx-bits.md b/windows/client-management/mdm/policy-csp-admx-bits.md index 3eba0e7cef..18ca7e97f0 100644 --- a/windows/client-management/mdm/policy-csp-admx-bits.md +++ b/windows/client-management/mdm/policy-csp-admx-bits.md @@ -41,12 +41,12 @@ ms.topic: reference This setting affects whether the BITS client is allowed to use Windows Branch Cache. If the Windows Branch Cache component is installed and enabled on a computer, BITS jobs on that computer can use Windows Branch Cache by default. -- If you enable this policy setting, the BITS client does not use Windows Branch Cache. +- If you enable this policy setting, the BITS client doesn't use Windows Branch Cache. -- If you disable or do not configure this policy setting, the BITS client uses Windows Branch Cache. +- If you disable or don't configure this policy setting, the BITS client uses Windows Branch Cache. > [!NOTE] -> This policy setting does not affect the use of Windows Branch Cache by applications other than BITS. This policy setting does not apply to BITS transfers over SMB. This setting has no effect if the computer's administrative settings for Windows Branch Cache disable its use entirely. +> This policy setting doesn't affect the use of Windows Branch Cache by applications other than BITS. This policy setting doesn't apply to BITS transfers over SMB. This setting has no effect if the computer's administrative settings for Windows Branch Cache disable its use entirely. @@ -105,7 +105,7 @@ This policy setting specifies whether the computer will act as a BITS peer cachi - If you enable this policy setting, the computer will no longer use the BITS peer caching feature to download files; files will be downloaded only from the origin server. However, the computer will still make files available to its peers. -- If you disable or do not configure this policy setting, the computer attempts to download peer-enabled BITS jobs from peer computers before reverting to the origin server. +- If you disable or don't configure this policy setting, the computer attempts to download peer-enabled BITS jobs from peer computers before reverting to the origin server. > [!NOTE] > This policy setting has no effect if the "Allow BITS peer caching" policy setting is disabled or not configured. @@ -167,7 +167,7 @@ This policy setting specifies whether the computer will act as a BITS peer cachi - If you enable this policy setting, the computer will no longer cache downloaded files and offer them to its peers. However, the computer will still download files from peers. -- If you disable or do not configure this policy setting, the computer will offer downloaded and cached files to its peers. +- If you disable or don't configure this policy setting, the computer will offer downloaded and cached files to its peers. > [!NOTE] > This setting has no effect if the "Allow BITS peer caching" setting is disabled or not configured. @@ -229,9 +229,9 @@ This policy setting determines if the Background Intelligent Transfer Service (B If BITS peer caching is enabled, BITS caches downloaded files and makes them available to other BITS peers. When transferring a download job, BITS first requests the files for the job from its peers in the same IP subnet. If none of the peers in the subnet have the requested files, BITS downloads them from the origin server. -- If you enable this policy setting, BITS downloads files from peers, caches the files, and responds to content requests from peers. Using the "Do not allow the computer to act as a BITS peer caching server" and "Do not allow the computer to act as a BITS peer caching client" policy settings, it is possible to control BITS peer caching functionality at a more detailed level. However, it should be noted that the "Allow BITS peer caching" policy setting must be enabled for the other two policy settings to have any effect. +- If you enable this policy setting, BITS downloads files from peers, caches the files, and responds to content requests from peers. Using the "Do not allow the computer to act as a BITS peer caching server" and "Do not allow the computer to act as a BITS peer caching client" policy settings, it's possible to control BITS peer caching functionality at a more detailed level. However, it should be noted that the "Allow BITS peer caching" policy setting must be enabled for the other two policy settings to have any effect. -- If you disable or do not configure this policy setting, the BITS peer caching feature will be disabled, and BITS will download files directly from the origin server. +- If you disable or don't configure this policy setting, the BITS peer caching feature will be disabled, and BITS will download files directly from the origin server. @@ -286,13 +286,13 @@ If BITS peer caching is enabled, BITS caches downloaded files and makes them ava -This policy setting limits the network bandwidth that BITS uses for peer cache transfers (this setting does not affect transfers from the origin server). +This policy setting limits the network bandwidth that BITS uses for peer cache transfers (this setting doesn't affect transfers from the origin server). To prevent any negative impact to a computer caused by serving other peers, by default BITS will use up to 30 percent of the bandwidth of the slowest active network interface. For example, if a computer has both a 100 Mbps network card and a 56 Kbps modem, and both are active, BITS will use a maximum of 30 percent of 56 Kbps. You can change the default behavior of BITS, and specify a fixed maximum bandwidth that BITS will use for peer caching. - If you enable this policy setting, you can enter a value in bits per second (bps) between 1048576 and 4294967200 to use as the maximum network bandwidth used for peer caching. -- If you disable this policy setting or do not configure it, the default value of 30 percent of the slowest active network interface will be used. +- If you disable this policy setting or don't configure it, the default value of 30 percent of the slowest active network interface will be used. > [!NOTE] > This setting has no effect if the "Allow BITS peer caching" policy setting is disabled or not configured. @@ -349,13 +349,13 @@ You can change the default behavior of BITS, and specify a fixed maximum bandwid -This policy setting limits the network bandwidth that Background Intelligent Transfer Service (BITS) uses for background transfers during the maintenance days and hours. Maintenance schedules further limit the network bandwidth that is used for background transfers. +This policy setting limits the network bandwidth that Background Intelligent Transfer Service (BITS) uses for background transfers during the maintenance days and hours. Maintenance schedules further limit the network bandwidth that's used for background transfers. - If you enable this policy setting, you can define a separate set of network bandwidth limits and set up a schedule for the maintenance period. You can specify a limit to use for background jobs during a maintenance schedule. For example, if normal priority jobs are currently limited to 256 Kbps on a work schedule, you can further limit the network bandwidth of normal priority jobs to 0 Kbps from 8:00 A. M. to 10:00 A. M. on a maintenance schedule. -- If you disable or do not configure this policy setting, the limits defined for work or nonwork schedules will be used. +- If you disable or don't configure this policy setting, the limits defined for work or nonwork schedules will be used. > [!NOTE] > The bandwidth limits that are set for the maintenance period supersede any limits defined for work and other schedules. @@ -413,13 +413,13 @@ You can specify a limit to use for background jobs during a maintenance schedule -This policy setting limits the network bandwidth that Background Intelligent Transfer Service (BITS) uses for background transfers during the work and nonwork days and hours. The work schedule is defined using a weekly calendar, which consists of days of the week and hours of the day. All hours and days that are not defined in a work schedule are considered non-work hours. +This policy setting limits the network bandwidth that Background Intelligent Transfer Service (BITS) uses for background transfers during the work and nonwork days and hours. The work schedule is defined using a weekly calendar, which consists of days of the week and hours of the day. All hours and days that aren't defined in a work schedule are considered non-work hours. - If you enable this policy setting, you can set up a schedule for limiting network bandwidth during both work and nonwork hours. After the work schedule is defined, you can set the bandwidth usage limits for each of the three BITS background priority levels: high, normal, and low. You can specify a limit to use for background jobs during a work schedule. For example, you can limit the network bandwidth of low priority jobs to 128 Kbps from 8:00 A. M. to 5:00 P. M. on Monday through Friday, and then set the limit to 512 Kbps for nonwork hours. -- If you disable or do not configure this policy setting, BITS uses all available unused bandwidth for background job transfers. +- If you disable or don't configure this policy setting, BITS uses all available unused bandwidth for background job transfers. @@ -478,7 +478,7 @@ This policy setting limits the maximum amount of disk space that can be used for - If you enable this policy setting, you can enter the percentage of disk space to be used for the BITS peer cache. You can enter a value between 1 percent and 80 percent. -- If you disable or do not configure this policy setting, the default size of the BITS peer cache is 1 percent of the total system disk size. +- If you disable or don't configure this policy setting, the default size of the BITS peer cache is 1 percent of the total system disk size. > [!NOTE] > This policy setting has no effect if the "Allow BITS peer caching" setting is disabled or not configured. @@ -535,11 +535,11 @@ This policy setting limits the maximum amount of disk space that can be used for -This policy setting limits the maximum age of files in the Background Intelligent Transfer Service (BITS) peer cache. In order to make the most efficient use of disk space, by default BITS removes any files in the peer cache that have not been accessed in the past 90 days. +This policy setting limits the maximum age of files in the Background Intelligent Transfer Service (BITS) peer cache. In order to make the most efficient use of disk space, by default BITS removes any files in the peer cache that haven't been accessed in the past 90 days. - If you enable this policy setting, you can specify in days the maximum age of files in the cache. You can enter a value between 1 and 120 days. -- If you disable or do not configure this policy setting, files that have not been accessed for the past 90 days will be removed from the peer cache. +- If you disable or don't configure this policy setting, files that haven't been accessed for the past 90 days will be removed from the peer cache. > [!NOTE] > This policy setting has no effect if the "Allow BITS Peercaching" policy setting is disabled or not configured. @@ -604,7 +604,7 @@ By default BITS uses a maximum download time of 90 days (7,776,000 seconds). - If you enable this policy setting, you can set the maximum job download time to a specified number of seconds. -- If you disable or do not configure this policy setting, the default value of 90 days (7,776,000 seconds) will be used. +- If you disable or don't configure this policy setting, the default value of 90 days (7,776,000 seconds) will be used. @@ -662,10 +662,10 @@ This policy setting limits the number of files that a BITS job can contain. By d - If you enable this policy setting, BITS will limit the maximum number of files a job can contain to the specified number. -- If you disable or do not configure this policy setting, BITS will use the default value of 200 for the maximum number of files a job can contain. +- If you disable or don't configure this policy setting, BITS will use the default value of 200 for the maximum number of files a job can contain. > [!NOTE] -> BITS Jobs created by services and the local administrator account do not count toward this limit. +> BITS Jobs created by services and the local administrator account don't count toward this limit. @@ -723,10 +723,10 @@ This policy setting limits the number of BITS jobs that can be created for all u - If you enable this policy setting, BITS will limit the maximum number of BITS jobs to the specified number. -- If you disable or do not configure this policy setting, BITS will use the default BITS job limit of 300 jobs. +- If you disable or don't configure this policy setting, BITS will use the default BITS job limit of 300 jobs. > [!NOTE] -> BITS jobs created by services and the local administrator account do not count toward this limit. +> BITS jobs created by services and the local administrator account don't count toward this limit. @@ -784,10 +784,10 @@ This policy setting limits the number of BITS jobs that can be created by a user - If you enable this policy setting, BITS will limit the maximum number of BITS jobs a user can create to the specified number. -- If you disable or do not configure this policy setting, BITS will use the default user BITS job limit of 300 jobs. +- If you disable or don't configure this policy setting, BITS will use the default user BITS job limit of 300 jobs. > [!NOTE] -> This limit must be lower than the setting specified in the "Maximum number of BITS jobs for this computer" policy setting, or 300 if the "Maximum number of BITS jobs for this computer" policy setting is not configured. BITS jobs created by services and the local administrator account do not count toward this limit. +> This limit must be lower than the setting specified in the "Maximum number of BITS jobs for this computer" policy setting, or 300 if the "Maximum number of BITS jobs for this computer" policy setting isn't configured. BITS jobs created by services and the local administrator account don't count toward this limit. @@ -845,10 +845,10 @@ This policy setting limits the number of ranges that can be added to a file in a - If you enable this policy setting, BITS will limit the maximum number of ranges that can be added to a file to the specified number. -- If you disable or do not configure this policy setting, BITS will limit ranges to 500 ranges per file. +- If you disable or don't configure this policy setting, BITS will limit ranges to 500 ranges per file. > [!NOTE] -> BITS Jobs created by services and the local administrator account do not count toward this limit. +> BITS Jobs created by services and the local administrator account don't count toward this limit. diff --git a/windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md b/windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md index 27dfe4b48e..a36aa6c74c 100644 --- a/windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md +++ b/windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md @@ -43,7 +43,7 @@ This policy setting determines the cipher suites used by the Secure Socket Layer - If you enable this policy setting, SSL cipher suites are prioritized in the order specified. -- If you disable or do not configure this policy setting, default cipher suite order is used. +- If you disable or don't configure this policy setting, default cipher suite order is used. Link for all the cipherSuites: @@ -103,7 +103,7 @@ This policy setting determines the priority order of ECC curves used with ECDHE - If you enable this policy setting, ECC curves are prioritized in the order specified.(Enter one Curve name per line) -- If you disable or do not configure this policy setting, the default ECC curve order is used. +- If you disable or don't configure this policy setting, the default ECC curve order is used. Default Curve Order diff --git a/windows/client-management/mdm/policy-csp-admx-com.md b/windows/client-management/mdm/policy-csp-admx-com.md index dea711f95b..7f3c480db6 100644 --- a/windows/client-management/mdm/policy-csp-admx-com.md +++ b/windows/client-management/mdm/policy-csp-admx-com.md @@ -41,11 +41,11 @@ ms.topic: reference This policy setting directs the system to search Active Directory for missing Component Object Model (COM) components that a program requires. -Many Windows programs, such as the MMC snap-ins, use the interfaces provided by the COM components. These programs cannot perform all their functions unless Windows has internally registered the required components. +Many Windows programs, such as the MMC snap-ins, use the interfaces provided by the COM components. These programs can't perform all their functions unless Windows has internally registered the required components. -- If you enable this policy setting and a component registration is missing, the system searches for it in Active Directory and, if it is found, downloads it. The resulting searches might make some programs start or run slowly. +- If you enable this policy setting and a component registration is missing, the system searches for it in Active Directory and, if it's found, downloads it. The resulting searches might make some programs start or run slowly. -- If you disable or do not configure this policy setting, the program continues without the registration. As a result, the program might not perform all its functions, or it might stop. +- If you disable or don't configure this policy setting, the program continues without the registration. As a result, the program might not perform all its functions, or it might stop. This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration. @@ -104,11 +104,11 @@ This setting appears in the Computer Configuration and User Configuration folder This policy setting directs the system to search Active Directory for missing Component Object Model (COM) components that a program requires. -Many Windows programs, such as the MMC snap-ins, use the interfaces provided by the COM components. These programs cannot perform all their functions unless Windows has internally registered the required components. +Many Windows programs, such as the MMC snap-ins, use the interfaces provided by the COM components. These programs can't perform all their functions unless Windows has internally registered the required components. -- If you enable this policy setting and a component registration is missing, the system searches for it in Active Directory and, if it is found, downloads it. The resulting searches might make some programs start or run slowly. +- If you enable this policy setting and a component registration is missing, the system searches for it in Active Directory and, if it's found, downloads it. The resulting searches might make some programs start or run slowly. -- If you disable or do not configure this policy setting, the program continues without the registration. As a result, the program might not perform all its functions, or it might stop. +- If you disable or don't configure this policy setting, the program continues without the registration. As a result, the program might not perform all its functions, or it might stop. This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration. diff --git a/windows/client-management/mdm/policy-csp-admx-controlpanel.md b/windows/client-management/mdm/policy-csp-admx-controlpanel.md index 1a2bd4c090..3ba5ac3aaf 100644 --- a/windows/client-management/mdm/policy-csp-admx-controlpanel.md +++ b/windows/client-management/mdm/policy-csp-admx-controlpanel.md @@ -46,12 +46,12 @@ If you enable this setting, you can select specific items not to display on the To hide a Control Panel item, enable this policy setting and click Show to access the list of disallowed Control Panel items. In the Show Contents dialog box in the Value column, enter the Control Panel item's canonical name. For example, enter Microsoft. Mouse, Microsoft. System, or Microsoft. Personalization. > [!NOTE] -> For Windows Vista, Windows Server 2008, and earlier versions of Windows, the module name should be entered, for example timedate.cpl or inetcpl.cpl. If a Control Panel item does not have a CPL file, or the CPL file contains multiple applets, then its module name and string resource identification number should be entered, for example @systemcpl.dll,-1 for System, or @themecpl.dll,-1 for Personalization. A complete list of canonical and module names can be found in MSDN by searching "Control Panel items". +> For Windows Vista, Windows Server 2008, and earlier versions of Windows, the module name should be entered, for example timedate.cpl or inetcpl.cpl. If a Control Panel item doesn't have a CPL file, or the CPL file contains multiple applets, then its module name and string resource identification number should be entered, for example @systemcpl.dll,-1 for System, or @themecpl.dll,-1 for Personalization. A complete list of canonical and module names can be found in MSDN by searching "Control Panel items". If both the "Hide specified Control Panel items" setting and the "Show only specified Control Panel items" setting are enabled, the "Show only specified Control Panel items" setting is ignored. > [!NOTE] -> The Display Control Panel item cannot be hidden in the Desktop context menu by using this setting. To hide the Display Control Panel item and prevent users from modifying the computer's display settings use the "Disable Display Control Panel" setting instead. +> The Display Control Panel item can't be hidden in the Desktop context menu by using this setting. To hide the Display Control Panel item and prevent users from modifying the computer's display settings use the "Disable Display Control Panel" setting instead. > [!NOTE] > To hide pages in the System Settings app, use the "Settings Page Visibility" setting under Computer Configuration. @@ -115,7 +115,7 @@ This policy setting controls the default Control Panel view, whether by category - If this policy setting is disabled, the Control Panel opens to the category view. -- If this policy setting is not configured, the Control Panel opens to the view used in the last Control Panel session. +- If this policy setting isn't configured, the Control Panel opens to the view used in the last Control Panel session. > [!NOTE] > Icon size is dependent upon what the user has set it to in the previous session. @@ -175,7 +175,7 @@ This policy setting controls the default Control Panel view, whether by category Disables all Control Panel programs and the PC settings app. -This setting prevents Control.exe and SystemSettings.exe, the program files for Control Panel and PC settings, from starting. As a result, users cannot start Control Panel or PC settings, or run any of their items. +This setting prevents Control.exe and SystemSettings.exe, the program files for Control Panel and PC settings, from starting. As a result, users can't start Control Panel or PC settings, or run any of their items. This setting removes Control Panel from: The Start screen @@ -247,12 +247,12 @@ This policy setting controls which Control Panel items such as Mouse, System, or To display a Control Panel item, enable this policy setting and click Show to access the list of allowed Control Panel items. In the Show Contents dialog box in the Value column, enter the Control Panel item's canonical name. For example, enter Microsoft. Mouse, Microsoft. System, or Microsoft. Personalization. > [!NOTE] -> For Windows Vista, Windows Server 2008, and earlier versions of Windows, the module name, for example timedate.cpl or inetcpl.cpl, should be entered. If a Control Panel item does not have a CPL file, or the CPL file contains multiple applets, then its module name and string resource identification number should be entered. For example, enter @systemcpl.dll,-1 for System or @themecpl.dll,-1 for Personalization. A complete list of canonical and module names of Control Panel items can be found in MSDN by searching "Control Panel items". +> For Windows Vista, Windows Server 2008, and earlier versions of Windows, the module name, for example timedate.cpl or inetcpl.cpl, should be entered. If a Control Panel item doesn't have a CPL file, or the CPL file contains multiple applets, then its module name and string resource identification number should be entered. For example, enter @systemcpl.dll,-1 for System or @themecpl.dll,-1 for Personalization. A complete list of canonical and module names of Control Panel items can be found in MSDN by searching "Control Panel items". If both the "Hide specified Control Panel items" setting and the "Show only specified Control Panel items" setting are enabled, the "Show only specified Control Panel items" setting is ignored. > [!NOTE] -> The Display Control Panel item cannot be hidden in the Desktop context menu by using this setting. To hide the Display Control Panel item and prevent users from modifying the computer's display settings use the "Disable Display Control Panel" setting instead. +> The Display Control Panel item can't be hidden in the Desktop context menu by using this setting. To hide the Display Control Panel item and prevent users from modifying the computer's display settings use the "Disable Display Control Panel" setting instead. > [!NOTE] > To hide pages in the System Settings app, use the "Settings Page Visibility" setting under Computer Configuration. diff --git a/windows/client-management/mdm/policy-csp-admx-controlpaneldisplay.md b/windows/client-management/mdm/policy-csp-admx-controlpaneldisplay.md index f33a05e04a..b67723e27d 100644 --- a/windows/client-management/mdm/policy-csp-admx-controlpaneldisplay.md +++ b/windows/client-management/mdm/policy-csp-admx-controlpaneldisplay.md @@ -41,7 +41,7 @@ ms.topic: reference Disables the Display Control Panel. -If you enable this setting, the Display Control Panel does not run. When users try to start Display, a message appears explaining that a setting prevents the action. +If you enable this setting, the Display Control Panel doesn't run. When users try to start Display, a message appears explaining that a setting prevents the action. Also, see the "Prohibit access to the Control Panel" (User Configuration\Administrative Templates\Control Panel) and "Remove programs on Settings menu" (User Configuration\Administrative Templates\Start Menu & Taskbar) settings. @@ -157,9 +157,9 @@ This setting prevents users from using Control Panel to add, configure, or chang This setting forces the theme color scheme to be the default color scheme. -- If you enable this setting, a user cannot change the color scheme of the current desktop theme. +- If you enable this setting, a user can't change the color scheme of the current desktop theme. -- If you disable or do not configure this setting, a user may change the color scheme of the current desktop theme. +- If you disable or don't configure this setting, a user may change the color scheme of the current desktop theme. For Windows 7 and later, use the "Prevent changing color and appearance" setting. @@ -218,12 +218,12 @@ For Windows 7 and later, use the "Prevent changing color and appearance" setting This setting disables the theme gallery in the Personalization Control Panel. -- If you enable this setting, users cannot change or save a theme. Elements of a theme such as the desktop background, color, sounds, and screen saver can still be changed (unless policies are set to turn them off). +- If you enable this setting, users can't change or save a theme. Elements of a theme such as the desktop background, color, sounds, and screen saver can still be changed (unless policies are set to turn them off). -- If you disable or do not configure this setting, there is no effect. +- If you disable or don't configure this setting, there is no effect. > [!NOTE] -> If you enable this setting but do not specify a theme using the "load a specific theme" setting, the theme defaults to whatever the user previously set or the system default. +> If you enable this setting but don't specify a theme using the "load a specific theme" setting, the theme defaults to whatever the user previously set or the system default. @@ -339,9 +339,9 @@ When enabled on Windows XP and later systems, this setting prevents users and ap Enables desktop screen savers. -- If you disable this setting, screen savers do not run. Also, this setting disables the Screen Saver section of the Screen Saver dialog in the Personalization or Display Control Panel. As a result, users cannot change the screen saver options. +- If you disable this setting, screen savers don't run. Also, this setting disables the Screen Saver section of the Screen Saver dialog in the Personalization or Display Control Panel. As a result, users can't change the screen saver options. -- If you do not configure it, this setting has no effect on the system. +- If you don't configure it, this setting has no effect on the system. - If you enable it, a screen saver runs, provided the following two conditions hold: First, a valid screen saver on the client is specified through the "Screen Saver executable name" setting or through Control Panel on the client computer. Second, the screen saver timeout is set to a nonzero value through the setting or Control Panel. @@ -467,7 +467,7 @@ Prevents users from changing the size of the font in the windows and buttons dis - If this setting is enabled, the "Font size" drop-down list on the Appearance tab in Display Properties is disabled. -- If you disable or do not configure this setting, a user may change the font size using the "Font size" drop-down list on the Appearance tab. +- If you disable or don't configure this setting, a user may change the font size using the "Font size" drop-down list on the Appearance tab. @@ -526,7 +526,7 @@ Prevents users from changing the background image shown when the machine is lock By default, users can change the background image shown when the machine is locked or displaying the logon screen. -If you enable this setting, the user will not be able to change their lock screen and logon image, and they will instead see the default image. +If you enable this setting, the user won't be able to change their lock screen and logon image, and they will instead see the default image. @@ -585,7 +585,7 @@ Prevents users from changing the look of their start menu background, such as it By default, users can change the look of their start menu background, such as its color or accent. -If you enable this setting, the user will be assigned the default start menu background and colors and will not be allowed to change them. +If you enable this setting, the user will be assigned the default start menu background and colors and won't be allowed to change them. If the "Force a specific background and accent color" policy is also set on a supported version of Windows, then those colors take precedence over this policy. @@ -644,7 +644,7 @@ If the "Force a specific Start background" policy is also set on a supported ver -Disables the Color (or Window Color) page in the Personalization Control Panel, or the Color Scheme dialog in the Display Control Panel on systems where the Personalization feature is not available. +Disables the Color (or Window Color) page in the Personalization Control Panel, or the Color Scheme dialog in the Display Control Panel on systems where the Personalization feature isn't available. This setting prevents users from using Control Panel to change the window border and taskbar color (on Windows 8), glass color (on Windows Vista and Windows 7), system colors, or color scheme of the desktop and windows. @@ -834,9 +834,9 @@ For systems prior to Windows Vista, this setting also hides the Desktop tab in t This policy setting controls whether the lock screen appears for users. -- If you enable this policy setting, users that are not required to press CTRL + ALT + DEL before signing in will see their selected tile after locking their PC. +- If you enable this policy setting, users that aren't required to press CTRL + ALT + DEL before signing in will see their selected tile after locking their PC. -- If you disable or do not configure this policy setting, users that are not required to press CTRL + ALT + DEL before signing in will see a lock screen after locking their PC. They must dismiss the lock screen using touch, the keyboard, or by dragging it with the mouse. +- If you disable or don't configure this policy setting, users that aren't required to press CTRL + ALT + DEL before signing in will see a lock screen after locking their PC. They must dismiss the lock screen using touch, the keyboard, or by dragging it with the mouse. @@ -952,7 +952,7 @@ If you enable this setting, none of the mouse pointer scheme settings can be cha Prevents the Screen Saver dialog from opening in the Personalization or Display Control Panel. -This setting prevents users from using Control Panel to add, configure, or change the screen saver on the computer. It does not prevent a screen saver from running. +This setting prevents users from using Control Panel to add, configure, or change the screen saver on the computer. It doesn't prevent a screen saver from running. @@ -1070,7 +1070,7 @@ Forces Windows to use the specified colors for the background and accent. The co By default, users can change the background and accent colors. -If this setting is enabled, the background and accent colors of Windows will be set to the specified colors and users cannot change those colors. This setting will not be applied if the specified colors do not meet a contrast ratio of 2:1 with white text. +If this setting is enabled, the background and accent colors of Windows will be set to the specified colors and users can't change those colors. This setting won't be applied if the specified colors don't meet a contrast ratio of 2:1 with white text. @@ -1127,11 +1127,11 @@ If this setting is enabled, the background and accent colors of Windows will be Determines whether screen savers used on the computer are password protected. - If you enable this setting, all screen savers are password protected. -- If you disable this setting, password protection cannot be set on any screen saver. +- If you disable this setting, password protection can't be set on any screen saver. This setting also disables the "Password protected" checkbox on the Screen Saver dialog in the Personalization or Display Control Panel, preventing users from changing the password protection setting. -- If you do not configure this setting, users can choose whether or not to set password protection on each screen saver. +- If you don't configure this setting, users can choose whether or not to set password protection on each screen saver. To ensure that a computer will be password protected, enable the "Enable Screen Saver" setting and specify a timeout via the "Screen Saver timeout" setting. @@ -1193,7 +1193,7 @@ To ensure that a computer will be password protected, enable the "Enable Screen Specifies how much user idle time must elapse before the screen saver is launched. -When configured, this idle time can be set from a minimum of 1 second to a maximum of 86,400 seconds, or 24 hours. If set to zero, the screen saver will not be started. +When configured, this idle time can be set from a minimum of 1 second to a maximum of 86,400 seconds, or 24 hours. If set to zero, the screen saver won't be started. This setting has no effect under any of the following circumstances: @@ -1263,14 +1263,14 @@ Specifies the screen saver for the user's desktop. - If you enable this setting, the system displays the specified screen saver on the user's desktop. Also, this setting disables the drop-down list of screen savers in the Screen Saver dialog in the Personalization or Display Control Panel, which prevents users from changing the screen saver. -- If you disable this setting or do not configure it, users can select any screen saver. +- If you disable this setting or don't configure it, users can select any screen saver. -- If you enable this setting, type the name of the file that contains the screen saver, including the .scr file name extension. If the screen saver file is not in the %Systemroot%\System32 directory, type the fully qualified path to the file. +- If you enable this setting, type the name of the file that contains the screen saver, including the .scr file name extension. If the screen saver file isn't in the %Systemroot%\System32 directory, type the fully qualified path to the file. -If the specified screen saver is not installed on a computer to which this setting applies, the setting is ignored. +If the specified screen saver isn't installed on a computer to which this setting applies, the setting is ignored. > [!NOTE] -> This setting can be superseded by the "Enable Screen Saver" setting. If the "Enable Screen Saver" setting is disabled, this setting is ignored, and screen savers do not run. +> This setting can be superseded by the "Enable Screen Saver" setting. If the "Enable Screen Saver" setting is disabled, this setting is ignored, and screen savers don't run. @@ -1330,9 +1330,9 @@ If the specified screen saver is not installed on a computer to which this setti Specifies which theme file is applied to the computer the first time a user logs on. -- If you enable this setting, the theme that you specify will be applied when a new user logs on for the first time. This policy does not prevent the user from changing the theme or any of the theme elements such as the desktop background, color, sounds, or screen saver after the first logon. +- If you enable this setting, the theme that you specify will be applied when a new user logs on for the first time. This policy doesn't prevent the user from changing the theme or any of the theme elements such as the desktop background, color, sounds, or screen saver after the first logon. -- If you disable or do not configure this setting, the default theme will be applied at the first logon. +- If you disable or don't configure this setting, the default theme will be applied at the first logon. @@ -1392,16 +1392,16 @@ This can be a local computer visual style (aero.msstyles), or a file located on - If you enable this setting, the visual style file that you specify will be used. Also, a user may not apply a different visual style when changing themes. -- If you disable or do not configure this setting, the users can select the visual style that they want to use by changing themes (if the Personalization Control Panel is available). +- If you disable or don't configure this setting, the users can select the visual style that they want to use by changing themes (if the Personalization Control Panel is available). > [!NOTE] -> If this setting is enabled and the file is not available at user logon, the default visual style is loaded. +> If this setting is enabled and the file isn't available at user logon, the default visual style is loaded. > [!NOTE] > When running Windows XP, you can select the Luna visual style by typing %windir%\resources\Themes\Luna\Luna.msstyles > [!NOTE] -> To select the Windows Classic visual style, leave the box blank beside "Path to Visual Style:" and enable this setting. When running Windows 8 or Windows RT, you cannot apply the Windows Classic visual style. +> To select the Windows Classic visual style, leave the box blank beside "Path to Visual Style:" and enable this setting. When running Windows 8 or Windows RT, you can't apply the Windows Classic visual style. @@ -1459,7 +1459,7 @@ Forces the Start screen to use one of the available backgrounds, 1 through 20, a If this setting is set to zero or not configured, then Start uses the default background, and users can change it. -If this setting is set to a nonzero value, then Start uses the specified background, and users cannot change it. If the specified background is not supported, the default background is used. +If this setting is set to a nonzero value, then Start uses the specified background, and users can't change it. If the specified background isn't supported, the default background is used. diff --git a/windows/client-management/mdm/policy-csp-admx-cpls.md b/windows/client-management/mdm/policy-csp-admx-cpls.md index 3ed641d22f..30bfe07997 100644 --- a/windows/client-management/mdm/policy-csp-admx-cpls.md +++ b/windows/client-management/mdm/policy-csp-admx-cpls.md @@ -42,11 +42,11 @@ ms.topic: reference This policy setting allows an administrator to standardize the account pictures for all users on a system to the default account picture. One application for this policy setting is to standardize the account pictures to a company logo. > [!NOTE] -> The default account picture is stored at %PROGRAMDATA%\Microsoft\User Account Pictures\user.jpg. The default guest picture is stored at %PROGRAMDATA%\Microsoft\User Account Pictures\guest.jpg. If the default pictures do not exist, an empty frame is displayed. +> The default account picture is stored at %PROGRAMDATA%\Microsoft\User Account Pictures\user.jpg. The default guest picture is stored at %PROGRAMDATA%\Microsoft\User Account Pictures\guest.jpg. If the default pictures don't exist, an empty frame is displayed. - If you enable this policy setting, the default user account picture will display for all users on the system with no customization allowed. -- If you disable or do not configure this policy setting, users will be able to customize their account pictures. +- If you disable or don't configure this policy setting, users will be able to customize their account pictures. diff --git a/windows/client-management/mdm/policy-csp-admx-credentialproviders.md b/windows/client-management/mdm/policy-csp-admx-credentialproviders.md index da3c48d8cb..2f1b2134df 100644 --- a/windows/client-management/mdm/policy-csp-admx-credentialproviders.md +++ b/windows/client-management/mdm/policy-csp-admx-credentialproviders.md @@ -43,9 +43,9 @@ This policy setting allows you to control whether a user can change the time bef - If you enable this policy setting, a user on a Connected Standby device can change the amount of time after the device's screen turns off before a password is required when waking the device. The time is limited by any EAS settings or Group Policies that affect the maximum idle time before a device locks. Additionally, if a password is required when a screensaver turns on, the screensaver timeout will limit the options the user may choose. -- If you disable this policy setting, a user cannot change the amount of time after the device's screen turns off before a password is required when waking the device. Instead, a password is required immediately after the screen turns off. +- If you disable this policy setting, a user can't change the amount of time after the device's screen turns off before a password is required when waking the device. Instead, a password is required immediately after the screen turns off. -- If you don't configure this policy setting on a domain-joined device, a user cannot change the amount of time after the device's screen turns off before a password is required when waking the device. Instead, a password is required immediately after the screen turns off. +- If you don't configure this policy setting on a domain-joined device, a user can't change the amount of time after the device's screen turns off before a password is required when waking the device. Instead, a password is required immediately after the screen turns off. - If you don't configure this policy setting on a workgroup device, a user on a Connected Standby device can change the amount of time after the device's screen turns off before a password is required when waking the device. The time is limited by any EAS settings or Group Policies that affect the maximum idle time before a device locks. Additionally, if a password is required when a screensaver turns on, the screensaver timeout will limit the options the user may choose. @@ -106,7 +106,7 @@ This policy setting allows the administrator to assign a specified credential pr - If you enable this policy setting, the specified credential provider is selected on other user tile. -- If you disable or do not configure this policy setting, the system picks the default credential provider on other user tile. +- If you disable or don't configure this policy setting, the system picks the default credential provider on other user tile. > [!NOTE] > A list of registered credential providers and their GUIDs can be found in the registry at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers. @@ -177,7 +177,7 @@ credential providers for different sets of credentials of the credential providers to exclude from the set of installed credential providers available for authentication purposes. -- If you disable or do not configure this policy, all installed and otherwise enabled credential providers are available for authentication purposes. +- If you disable or don't configure this policy, all installed and otherwise enabled credential providers are available for authentication purposes. diff --git a/windows/client-management/mdm/policy-csp-admx-credssp.md b/windows/client-management/mdm/policy-csp-admx-credssp.md index cb03fe2782..e1aa6cdef1 100644 --- a/windows/client-management/mdm/policy-csp-admx-credssp.md +++ b/windows/client-management/mdm/policy-csp-admx-credssp.md @@ -47,7 +47,7 @@ This policy setting applies when server authentication was achieved by using a t The policy becomes effective the next time the user signs on to a computer running Windows. -- If you disable or do not configure (by default) this policy setting, delegation of default credentials is not permitted to any computer. Applications depending upon this delegation behavior might fail authentication. For more information, see KB. +- If you disable or don't configure (by default) this policy setting, delegation of default credentials isn't permitted to any computer. Applications depending upon this delegation behavior might fail authentication. For more information, see KB. FWlink for KB: @@ -119,7 +119,7 @@ This policy setting applies when server authentication was achieved via NTLM. - If you enable this policy setting, you can specify the servers to which the user's default credentials can be delegated (default credentials are those that you use when first logging on to Windows). -- If you disable or do not configure (by default) this policy setting, delegation of default credentials is not permitted to any machine. +- If you disable or don't configure (by default) this policy setting, delegation of default credentials isn't permitted to any machine. > [!NOTE] > The "Allow delegating default credentials with NTLM-only server authentication" policy setting can be set to one or more Service Principal Names (SPNs). The SPN represents the target server to which the user credentials can be delegated. The use of a single wildcard character is permitted when specifying the SPN. @@ -190,9 +190,9 @@ Some versions of the CredSSP protocol are vulnerable to an encryption oracle att If you enable this policy setting, CredSSP version support will be selected based on the following options: -Force Updated Clients: Client applications which use CredSSP will not be able to fall back to the insecure versions and services using CredSSP will not accept unpatched clients. Note this setting should not be deployed until all remote hosts support the newest version. +Force Updated Clients: Client applications which use CredSSP won't be able to fall back to the insecure versions and services using CredSSP won't accept unpatched clients. Note this setting shouldn't be deployed until all remote hosts support the newest version. -Mitigated: Client applications which use CredSSP will not be able to fall back to the insecure version but services using CredSSP will accept unpatched clients. See the link below for important information about the risk posed by remaining unpatched clients. +Mitigated: Client applications which use CredSSP won't be able to fall back to the insecure version but services using CredSSP will accept unpatched clients. See the link below for important information about the risk posed by remaining unpatched clients. Vulnerable: Client applications which use CredSSP will expose the remote servers to attacks by supporting fall back to the insecure versions and services using CredSSP will accept unpatched clients. @@ -256,9 +256,9 @@ This policy setting applies when server authentication was achieved via a truste - If you enable this policy setting, you can specify the servers to which the user's fresh credentials can be delegated (fresh credentials are those that you are prompted for when executing the application). -- If you do not configure (by default) this policy setting, after proper mutual authentication, delegation of fresh credentials is permitted to Remote Desktop Session Host running on any machine (TERMSRV/*). +- If you don't configure (by default) this policy setting, after proper mutual authentication, delegation of fresh credentials is permitted to Remote Desktop Session Host running on any machine (TERMSRV/*). -- If you disable this policy setting, delegation of fresh credentials is not permitted to any machine. +- If you disable this policy setting, delegation of fresh credentials isn't permitted to any machine. > [!NOTE] > The "Allow delegating fresh credentials" policy setting can be set to one or more Service Principal Names (SPNs). The SPN represents the target server to which the user credentials can be delegated. The use of a single wildcard is permitted when specifying the SPN. @@ -328,9 +328,9 @@ This policy setting applies when server authentication was achieved via NTLM. - If you enable this policy setting, you can specify the servers to which the user's fresh credentials can be delegated (fresh credentials are those that you are prompted for when executing the application). -- If you do not configure (by default) this policy setting, after proper mutual authentication, delegation of fresh credentials is permitted to Remote Desktop Session Host running on any machine (TERMSRV/*). +- If you don't configure (by default) this policy setting, after proper mutual authentication, delegation of fresh credentials is permitted to Remote Desktop Session Host running on any machine (TERMSRV/*). -- If you disable this policy setting, delegation of fresh credentials is not permitted to any machine. +- If you disable this policy setting, delegation of fresh credentials isn't permitted to any machine. > [!NOTE] > The "Allow delegating fresh credentials with NTLM-only server authentication" policy setting can be set to one or more Service Principal Names (SPNs). The SPN represents the target server to which the user credentials can be delegated. The use of a single wildcard character is permitted when specifying the SPN. @@ -399,9 +399,9 @@ This policy setting applies when server authentication was achieved via a truste - If you enable this policy setting, you can specify the servers to which the user's saved credentials can be delegated (saved credentials are those that you elect to save/remember using the Windows credential manager). -- If you do not configure (by default) this policy setting, after proper mutual authentication, delegation of saved credentials is permitted to Remote Desktop Session Host running on any machine (TERMSRV/*). +- If you don't configure (by default) this policy setting, after proper mutual authentication, delegation of saved credentials is permitted to Remote Desktop Session Host running on any machine (TERMSRV/*). -- If you disable this policy setting, delegation of saved credentials is not permitted to any machine. +- If you disable this policy setting, delegation of saved credentials isn't permitted to any machine. > [!NOTE] > The "Allow delegating saved credentials" policy setting can be set to one or more Service Principal Names (SPNs). The SPN represents the target server to which the user credentials can be delegated. The use of a single wildcard character is permitted when specifying the SPN. @@ -470,9 +470,9 @@ This policy setting applies when server authentication was achieved via NTLM. - If you enable this policy setting, you can specify the servers to which the user's saved credentials can be delegated (saved credentials are those that you elect to save/remember using the Windows credential manager). -- If you do not configure (by default) this policy setting, after proper mutual authentication, delegation of saved credentials is permitted to Remote Desktop Session Host running on any machine (TERMSRV/*) if the client machine is not a member of any domain. If the client is domain-joined, by default the delegation of saved credentials is not permitted to any machine. +- If you don't configure (by default) this policy setting, after proper mutual authentication, delegation of saved credentials is permitted to Remote Desktop Session Host running on any machine (TERMSRV/*) if the client machine isn't a member of any domain. If the client is domain-joined, by default the delegation of saved credentials isn't permitted to any machine. -- If you disable this policy setting, delegation of saved credentials is not permitted to any machine. +- If you disable this policy setting, delegation of saved credentials isn't permitted to any machine. > [!NOTE] > The "Allow delegating saved credentials with NTLM-only server authentication" policy setting can be set to one or more Service Principal Names (SPNs). The SPN represents the target server to which the user credentials can be delegated. The use of a single wildcard character is permitted when specifying the SPN. @@ -537,12 +537,12 @@ TERMSRV/*.humanresources.fabrikam.com Remote Desktop Session Host running on all This policy setting applies to applications using the Cred SSP component (for example: Remote Desktop Connection). -- If you enable this policy setting, you can specify the servers to which the user's default credentials cannot be delegated (default credentials are those that you use when first logging on to Windows). +- If you enable this policy setting, you can specify the servers to which the user's default credentials can't be delegated (default credentials are those that you use when first logging on to Windows). -- If you disable or do not configure (by default) this policy setting, this policy setting does not specify any server. +- If you disable or don't configure (by default) this policy setting, this policy setting doesn't specify any server. > [!NOTE] -> The "Deny delegating default credentials" policy setting can be set to one or more Service Principal Names (SPNs). The SPN represents the target server to which the user credentials cannot be delegated. The use of a single wildcard character is permitted when specifying the SPN. +> The "Deny delegating default credentials" policy setting can be set to one or more Service Principal Names (SPNs). The SPN represents the target server to which the user credentials can't be delegated. The use of a single wildcard character is permitted when specifying the SPN. For Example: TERMSRV/host.humanresources.fabrikam.com Remote Desktop Session Host running on host.humanresources.fabrikam.com machine @@ -606,12 +606,12 @@ This policy setting can be used in combination with the "Allow delegating defaul This policy setting applies to applications using the Cred SSP component (for example: Remote Desktop Connection). -- If you enable this policy setting, you can specify the servers to which the user's fresh credentials cannot be delegated (fresh credentials are those that you are prompted for when executing the application). +- If you enable this policy setting, you can specify the servers to which the user's fresh credentials can't be delegated (fresh credentials are those that you are prompted for when executing the application). -- If you disable or do not configure (by default) this policy setting, this policy setting does not specify any server. +- If you disable or don't configure (by default) this policy setting, this policy setting doesn't specify any server. > [!NOTE] -> The "Deny delegating fresh credentials" policy setting can be set to one or more Service Principal Names (SPNs). The SPN represents the target server to which the user credentials cannot be delegated. The use of a single wildcard character is permitted when specifying the SPN. +> The "Deny delegating fresh credentials" policy setting can be set to one or more Service Principal Names (SPNs). The SPN represents the target server to which the user credentials can't be delegated. The use of a single wildcard character is permitted when specifying the SPN. For Example: TERMSRV/host.humanresources.fabrikam.com Remote Desktop Session Host running on host.humanresources.fabrikam.com machine @@ -675,12 +675,12 @@ This policy setting can be used in combination with the "Allow delegating fresh This policy setting applies to applications using the Cred SSP component (for example: Remote Desktop Connection). -- If you enable this policy setting, you can specify the servers to which the user's saved credentials cannot be delegated (saved credentials are those that you elect to save/remember using the Windows credential manager). +- If you enable this policy setting, you can specify the servers to which the user's saved credentials can't be delegated (saved credentials are those that you elect to save/remember using the Windows credential manager). -- If you disable or do not configure (by default) this policy setting, this policy setting does not specify any server. +- If you disable or don't configure (by default) this policy setting, this policy setting doesn't specify any server. > [!NOTE] -> The "Deny delegating saved credentials" policy setting can be set to one or more Service Principal Names (SPNs). The SPN represents the target server to which the user credentials cannot be delegated. The use of a single wildcard character is permitted when specifying the SPN. +> The "Deny delegating saved credentials" policy setting can be set to one or more Service Principal Names (SPNs). The SPN represents the target server to which the user credentials can't be delegated. The use of a single wildcard character is permitted when specifying the SPN. For Example: TERMSRV/host.humanresources.fabrikam.com Remote Desktop Session Host running on host.humanresources.fabrikam.com machine @@ -742,7 +742,7 @@ This policy setting can be used in combination with the "Allow delegating saved -When running in Restricted Admin or Remote Credential Guard mode, participating apps do not expose signed in or supplied credentials to a remote host. Restricted Admin limits access to resources located on other servers or networks from the remote host because credentials are not delegated. Remote Credential Guard does not limit access to resources because it redirects all requests back to the client device. +When running in Restricted Admin or Remote Credential Guard mode, participating apps don't expose signed in or supplied credentials to a remote host. Restricted Admin limits access to resources located on other servers or networks from the remote host because credentials aren't delegated. Remote Credential Guard doesn't limit access to resources because it redirects all requests back to the client device. Participating apps: Remote Desktop Client @@ -755,13 +755,13 @@ Require Remote Credential Guard: Participating applications must use Remote Cred Require Restricted Admin: Participating applications must use Restricted Admin to connect to remote hosts. -- If you disable or do not configure this policy setting, Restricted Admin and Remote Credential Guard mode are not enforced and participating apps can delegate credentials to remote devices. +- If you disable or don't configure this policy setting, Restricted Admin and Remote Credential Guard mode aren't enforced and participating apps can delegate credentials to remote devices. > [!NOTE] > To disable most credential delegation, it may be sufficient to deny delegation in Credential Security Support Provider (CredSSP) by modifying Administrative template settings (located at Computer Configuration\Administrative Templates\System\Credentials Delegation). > [!NOTE] -> On Windows 8.1 and Windows Server 2012 R2, enabling this policy will enforce Restricted Administration mode, regardless of the mode chosen. These versions do not support Remote Credential Guard. +> On Windows 8.1 and Windows Server 2012 R2, enabling this policy will enforce Restricted Administration mode, regardless of the mode chosen. These versions don't support Remote Credential Guard. diff --git a/windows/client-management/mdm/policy-csp-admx-credui.md b/windows/client-management/mdm/policy-csp-admx-credui.md index 34059f6af3..78a89322e1 100644 --- a/windows/client-management/mdm/policy-csp-admx-credui.md +++ b/windows/client-management/mdm/policy-csp-admx-credui.md @@ -46,7 +46,7 @@ This policy setting requires the user to enter Microsoft Windows credentials usi - If you enable this policy setting, users will be required to enter Windows credentials on the Secure Desktop by means of the trusted path mechanism. -- If you disable or do not configure this policy setting, users will enter Windows credentials within the user's desktop session, potentially allowing malicious code access to the user's Windows credentials. +- If you disable or don't configure this policy setting, users will enter Windows credentials within the user's desktop session, potentially allowing malicious code access to the user's Windows credentials. diff --git a/windows/client-management/mdm/policy-csp-admx-ctrlaltdel.md b/windows/client-management/mdm/policy-csp-admx-ctrlaltdel.md index 7596bda38d..5ac2644ebe 100644 --- a/windows/client-management/mdm/policy-csp-admx-ctrlaltdel.md +++ b/windows/client-management/mdm/policy-csp-admx-ctrlaltdel.md @@ -41,7 +41,7 @@ ms.topic: reference This policy setting prevents users from changing their Windows password on demand. -If you enable this policy setting, the 'Change Password' button on the Windows Security dialog box will not appear when you press Ctrl+Alt+Del. +If you enable this policy setting, the 'Change Password' button on the Windows Security dialog box won't appear when you press Ctrl+Alt+Del. However, users are still able to change their password when prompted by the system. The system prompts users for a new password when an administrator requires a new password or their password is expiring. @@ -100,11 +100,11 @@ However, users are still able to change their password when prompted by the syst This policy setting prevents users from locking the system. -While locked, the desktop is hidden and the system cannot be used. Only the user who locked the system or the system administrator can unlock it. +While locked, the desktop is hidden and the system can't be used. Only the user who locked the system or the system administrator can unlock it. -- If you enable this policy setting, users cannot lock the computer from the keyboard using Ctrl+Alt+Del. +- If you enable this policy setting, users can't lock the computer from the keyboard using Ctrl+Alt+Del. -- If you disable or do not configure this policy setting, users will be able to lock the computer from the keyboard using Ctrl+Alt+Del. +- If you disable or don't configure this policy setting, users will be able to lock the computer from the keyboard using Ctrl+Alt+Del. > [!TIP] > To lock a computer without configuring a setting, press Ctrl+Alt+Delete, and then click Lock this computer. @@ -166,9 +166,9 @@ This policy setting prevents users from starting Task Manager. Task Manager (taskmgr.exe) lets users start and stop programs; monitor the performance of their computers; view and monitor all programs running on their computers, including system services; find the executable names of programs; and change the priority of the process in which programs run. -- If you enable this policy setting, users will not be able to access Task Manager. If users try to start Task Manager, a message appears explaining that a policy prevents the action. +- If you enable this policy setting, users won't be able to access Task Manager. If users try to start Task Manager, a message appears explaining that a policy prevents the action. -- If you disable or do not configure this policy setting, users can access Task Manager to start and stop programs, monitor the performance of their computers, view and monitor all programs running on their computers, including system services, find the executable names of programs, and change the priority of the process in which programs run. +- If you disable or don't configure this policy setting, users can access Task Manager to start and stop programs, monitor the performance of their computers, view and monitor all programs running on their computers, including system services, find the executable names of programs, and change the priority of the process in which programs run. @@ -225,11 +225,11 @@ Task Manager (taskmgr.exe) lets users start and stop programs; monitor the perfo This policy setting disables or removes all menu items and buttons that log the user off the system. -- If you enable this policy setting, users will not see the Log off menu item when they press Ctrl+Alt+Del. This will prevent them from logging off unless they restart or shutdown the computer, or clicking Log off from the Start menu. +- If you enable this policy setting, users won't see the Log off menu item when they press Ctrl+Alt+Del. This will prevent them from logging off unless they restart or shutdown the computer, or clicking Log off from the Start menu. Also, see the 'Remove Logoff on the Start Menu' policy setting. -- If you disable or do not configure this policy setting, users can see and select the Log off menu item when they press Ctrl+Alt+Del. +- If you disable or don't configure this policy setting, users can see and select the Log off menu item when they press Ctrl+Alt+Del. diff --git a/windows/client-management/mdm/policy-csp-admx-datacollection.md b/windows/client-management/mdm/policy-csp-admx-datacollection.md index 93a36d03d2..d7d17584e5 100644 --- a/windows/client-management/mdm/policy-csp-admx-datacollection.md +++ b/windows/client-management/mdm/policy-csp-admx-datacollection.md @@ -41,7 +41,7 @@ ms.topic: reference This policy setting defines the identifier used to uniquely associate this device's diagnostic data data as belonging to a given organization. If your organization is participating in a program that requires this device to be identified as belonging to your organization then use this setting to provide that identification. The value for this setting will be provided by Microsoft as part of the onboarding process for the program. -If you disable or do not configure this policy setting, then Microsoft will not be able to use this identifier to associate this machine and its diagnostic data data with your organization. +If you disable or don't configure this policy setting, then Microsoft won't be able to use this identifier to associate this machine and its diagnostic data data with your organization. diff --git a/windows/client-management/mdm/policy-csp-admx-dcom.md b/windows/client-management/mdm/policy-csp-admx-dcom.md index c9cbf39829..7e0c8df5bb 100644 --- a/windows/client-management/mdm/policy-csp-admx-dcom.md +++ b/windows/client-management/mdm/policy-csp-admx-dcom.md @@ -41,11 +41,11 @@ ms.topic: reference Allows you to specify that local computer administrators can supplement the "Define Activation Security Check exemptions" list. -- If you enable this policy setting, and DCOM does not find an explicit entry for a DCOM server application id (appid) in the "Define Activation Security Check exemptions" policy (if enabled), DCOM will look for an entry in the locally configured list. +- If you enable this policy setting, and DCOM doesn't find an explicit entry for a DCOM server application id (appid) in the "Define Activation Security Check exemptions" policy (if enabled), DCOM will look for an entry in the locally configured list. -- If you disable this policy setting, DCOM will not look in the locally configured DCOM activation security check exemption list. +- If you disable this policy setting, DCOM won't look in the locally configured DCOM activation security check exemption list. -- If you do not configure this policy setting, DCOM will only look in the locally configured exemption list if the "Define Activation Security Check exemptions" policy is not configured. +- If you don't configure this policy setting, DCOM will only look in the locally configured exemption list if the "Define Activation Security Check exemptions" policy isn't configured. @@ -105,19 +105,19 @@ Allows you to view and change a list of DCOM server application ids (appids) whi DCOM server appids added to this policy must be listed in curly-brace format. For Example: `{b5dcb061-cefb-42e0-a1be-e6a6438133fe}`. If you enter a non-existent or improperly formatted appid DCOM will add it to the list without checking for errors. -- If you enable this policy setting, you can view and change the list of DCOM activation security check exemptions defined by Group Policy settings. If you add an appid to this list and set its value to 1, DCOM will not enforce the Activation security check for that DCOM server. If you add an appid to this list and set its value to 0 DCOM will always enforce the Activation security check for that DCOM server regardless of local settings. +- If you enable this policy setting, you can view and change the list of DCOM activation security check exemptions defined by Group Policy settings. If you add an appid to this list and set its value to 1, DCOM won't enforce the Activation security check for that DCOM server. If you add an appid to this list and set its value to 0 DCOM will always enforce the Activation security check for that DCOM server regardless of local settings. - If you disable this policy setting, the appid exemption list defined by Group Policy is deleted, and the one defined by local computer administrators is used. -- If you do not configure this policy setting, the appid exemption list defined by local computer administrators is used. +- If you don't configure this policy setting, the appid exemption list defined by local computer administrators is used. Note: The DCOM Activation security check is done after a DCOM server process is started, but before an object activation request is dispatched to the server process. This access check is done against the DCOM server's custom launch permission security descriptor if it exists, or otherwise against the configured defaults. -If the DCOM server's custom launch permission contains explicit DENY entries this may mean that object activations that would have previously succeeded for such specified users, once the DCOM server process was up and running, might now fail instead. The proper action in this situation is to re-configure the DCOM server's custom launch permission settings for correct security settings, but this policy setting may be used in the short-term as an application compatibility deployment aid. +If the DCOM server's custom launch permission contains explicit DENY entries this may mean that object activations that would've previously succeeded for such specified users, once the DCOM server process was up and running, might now fail instead. The proper action in this situation is to re-configure the DCOM server's custom launch permission settings for correct security settings, but this policy setting may be used in the short-term as an application compatibility deployment aid. -DCOM servers added to this exemption list are only exempted if their custom launch permissions do not contain specific LocalLaunch, RemoteLaunch, LocalActivate, or RemoteActivate grant or deny entries for any users or groups. Also note, exemptions for DCOM Server Appids added to this list will apply to both 32-bit and 64-bit versions of the server if present. +DCOM servers added to this exemption list are only exempted if their custom launch permissions don't contain specific LocalLaunch, RemoteLaunch, LocalActivate, or RemoteActivate grant or deny entries for any users or groups. Also note, exemptions for DCOM Server Appids added to this list will apply to both 32-bit and 64-bit versions of the server if present. diff --git a/windows/client-management/mdm/policy-csp-admx-desktop.md b/windows/client-management/mdm/policy-csp-admx-desktop.md index c4fca8d7e4..5c2b83f315 100644 --- a/windows/client-management/mdm/policy-csp-admx-desktop.md +++ b/windows/client-management/mdm/policy-csp-admx-desktop.md @@ -43,9 +43,9 @@ Displays the filter bar above the results of an Active Directory search. The fil - If you enable this setting, the filter bar appears when the Active Directory Find dialog box opens, but users can hide it. -- If you disable this setting or do not configure it, the filter bar does not appear, but users can display it by selecting "Filter" on the "View" menu. +- If you disable this setting or don't configure it, the filter bar doesn't appear, but users can display it by selecting "Filter" on the "View" menu. -To see the filter bar, open Network Locations, click Entire Network, and then click Directory. Right-click the name of a Windows domain, and click Find. Type the name of an object in the directory, such as "Administrator." If the filter bar does not appear above the resulting display, on the View menu, click Filter. +To see the filter bar, open Network Locations, click Entire Network, and then click Directory. Right-click the name of a Windows domain, and click Find. Type the name of an object in the directory, such as "Administrator." If the filter bar doesn't appear above the resulting display, on the View menu, click Filter. @@ -104,9 +104,9 @@ Hides the Active Directory folder in Network Locations. The Active Directory folder displays Active Directory objects in a browse window. -- If you enable this setting, the Active Directory folder does not appear in the Network Locations folder. +- If you enable this setting, the Active Directory folder doesn't appear in the Network Locations folder. -- If you disable this setting or do not configure it, the Active Directory folder appears in the Network Locations folder. +- If you disable this setting or don't configure it, the Active Directory folder appears in the Network Locations folder. This setting is designed to let users search Active Directory but not tempt them to casually browse Active Directory. @@ -167,7 +167,7 @@ Specifies the maximum number of objects the system displays in response to a com - If you enable this setting, you can use the "Number of objects returned" box to limit returns from an Active Directory search. -- If you disable this setting or do not configure it, the system displays up to 10,000 objects. This consumes approximately 2 MB of memory or disk space. +- If you disable this setting or don't configure it, the system displays up to 10,000 objects. This consumes approximately 2 MB of memory or disk space. This setting is designed to protect the network and the domain controller from the effect of expansive searches. @@ -227,7 +227,7 @@ Enables Active Desktop and prevents users from disabling it. This setting prevents users from trying to enable or disable Active Desktop while a policy controls it. -If you disable this setting or do not configure it, Active Desktop is disabled by default, but users can enable it. +If you disable this setting or don't configure it, Active Desktop is disabled by default, but users can enable it. > [!NOTE] > If both the "Enable Active Desktop" setting and the "Disable Active Desktop" setting are enabled, the "Disable Active Desktop" setting is ignored. If the "Turn on Classic Shell" setting ( in User Configuration\Administrative Templates\Windows Components\Windows Explorer) is enabled, Active Desktop is disabled, and both of these policies are ignored. @@ -289,7 +289,7 @@ Disables Active Desktop and prevents users from enabling it. This setting prevents users from trying to enable or disable Active Desktop while a policy controls it. -If you disable this setting or do not configure it, Active Desktop is disabled by default, but users can enable it. +If you disable this setting or don't configure it, Active Desktop is disabled by default, but users can enable it. > [!NOTE] > If both the "Enable Active Desktop" setting and the "Disable Active Desktop" setting are enabled, the "Disable Active Desktop" setting is ignored. If the "Turn on Classic Shell" setting (in User Configuration\Administrative Templates\Windows Components\Windows Explorer) is enabled, Active Desktop is disabled, and both these policies are ignored. @@ -349,7 +349,7 @@ If you disable this setting or do not configure it, Active Desktop is disabled b Prevents the user from enabling or disabling Active Desktop or changing the Active Desktop configuration. -This is a comprehensive setting that locks down the configuration you establish by using other policies in this folder. This setting removes the Web tab from Display in Control Panel. As a result, users cannot enable or disable Active Desktop. If Active Desktop is already enabled, users cannot add, remove, or edit Web content or disable, lock, or synchronize Active Desktop components. +This is a comprehensive setting that locks down the configuration you establish by using other policies in this folder. This setting removes the Web tab from Display in Control Panel. As a result, users can't enable or disable Active Desktop. If Active Desktop is already enabled, users can't add, remove, or edit Web content or disable, lock, or synchronize Active Desktop components. @@ -410,7 +410,7 @@ This is a comprehensive setting that locks down the configuration you establish Removes icons, shortcuts, and other default and user-defined items from the desktop, including Briefcase, Recycle Bin, Computer, and Network Locations. -Removing icons and shortcuts does not prevent the user from using another method to start the programs or opening the items they represent. +Removing icons and shortcuts doesn't prevent the user from using another method to start the programs or opening the items they represent. Also, see "Items displayed in Places Bar" in User Configuration\Administrative Templates\Windows Components\Common Open File Dialog to remove the Desktop icon from the Places Bar. This will help prevent users from saving data to the Desktop. @@ -469,12 +469,12 @@ Also, see "Items displayed in Places Bar" in User Configuration\Administrative T Prevents users from using the Desktop Cleanup Wizard. -- If you enable this setting, the Desktop Cleanup wizard does not automatically run on a users workstation every 60 days. The user will also not be able to access the Desktop Cleanup Wizard. +- If you enable this setting, the Desktop Cleanup wizard doesn't automatically run on a users workstation every 60 days. The user will also not be able to access the Desktop Cleanup Wizard. -- If you disable this setting or do not configure it, the default behavior of the Desktop Clean Wizard running every 60 days occurs. +- If you disable this setting or don't configure it, the default behavior of the Desktop Clean Wizard running every 60 days occurs. > [!NOTE] -> When this setting is not enabled, users can run the Desktop Cleanup Wizard, or have it run automatically every 60 days from Display, by clicking the Desktop tab and then clicking the Customize Desktop button. +> When this setting isn't enabled, users can run the Desktop Cleanup Wizard, or have it run automatically every 60 days from Display, by clicking the Desktop tab and then clicking the Customize Desktop button. @@ -531,7 +531,7 @@ Prevents users from using the Desktop Cleanup Wizard. Removes the Internet Explorer icon from the desktop and from the Quick Launch bar on the taskbar. -This setting does not prevent the user from starting Internet Explorer by using other methods. +This setting doesn't prevent the user from starting Internet Explorer by using other methods. @@ -592,10 +592,10 @@ This setting hides Computer from the desktop and from the new Start menu. It als - If you disable this setting, Computer is displayed as usual, appearing as normal on the desktop, Start menu, folder tree pane, and Web views, unless restricted by another setting. -- If you do not configure this setting, the default is to display Computer as usual. +- If you don't configure this setting, the default is to display Computer as usual. > [!NOTE] -> In operating systems earlier than Microsoft Windows Vista, this policy applies to the My Computer icon. Hiding Computer and its contents does not hide the contents of the child folders of Computer. For example, if the users navigate into one of their hard drives, they see all of their folders and files there, even if this setting is enabled. +> In operating systems earlier than Microsoft Windows Vista, this policy applies to the My Computer icon. Hiding Computer and its contents doesn't hide the contents of the child folders of Computer. For example, if the users navigate into one of their hard drives, they see all of their folders and files there, even if this setting is enabled. @@ -654,9 +654,9 @@ Removes most occurrences of the My Documents icon. This setting removes the My Documents icon from the desktop, from File Explorer, from programs that use the File Explorer windows, and from the standard Open dialog box. -This setting does not prevent the user from using other methods to gain access to the contents of the My Documents folder. +This setting doesn't prevent the user from using other methods to gain access to the contents of the My Documents folder. -This setting does not remove the My Documents icon from the Start menu. To do so, use the "Remove My Documents icon from Start Menu" setting. +This setting doesn't remove the My Documents icon from the Start menu. To do so, use the "Remove My Documents icon from Start Menu" setting. > [!NOTE] > To make changes to this setting effective, you must log off from and log back on to Windows 2000 Professional. @@ -716,7 +716,7 @@ This setting does not remove the My Documents icon from the Start menu. To do so Removes the Network Locations icon from the desktop. -This setting only affects the desktop icon. It does not prevent users from connecting to the network or browsing for shared computers on the network. +This setting only affects the desktop icon. It doesn't prevent users from connecting to the network or browsing for shared computers on the network. > [!NOTE] > In operating systems earlier than Microsoft Windows Vista, this policy applies to the My Network Places icon. @@ -776,9 +776,9 @@ This setting only affects the desktop icon. It does not prevent users from conne This setting hides Properties on the context menu for Computer. -- If you enable this setting, the Properties option will not be present when the user right-clicks My Computer or clicks Computer and then goes to the File menu. Likewise, Alt-Enter does nothing when Computer is selected. +- If you enable this setting, the Properties option won't be present when the user right-clicks My Computer or clicks Computer and then goes to the File menu. Likewise, Alt-Enter does nothing when Computer is selected. -- If you disable or do not configure this setting, the Properties option is displayed as usual. +- If you disable or don't configure this setting, the Properties option is displayed as usual. @@ -835,13 +835,13 @@ This setting hides Properties on the context menu for Computer. This policy setting hides the Properties menu command on the shortcut menu for the My Documents icon. -- If you enable this policy setting, the Properties menu command will not be displayed when the user does any of the following: +- If you enable this policy setting, the Properties menu command won't be displayed when the user does any of the following: Right-clicks the My Documents icon. Clicks the My Documents icon, and then opens the File menu. Clicks the My Documents icon, and then presses ALT+ENTER. -- If you disable or do not configure this policy setting, the Properties menu command is displayed. +- If you disable or don't configure this policy setting, the Properties menu command is displayed. @@ -896,11 +896,11 @@ Clicks the My Documents icon, and then presses ALT+ENTER. -Remote shared folders are not added to Network Locations whenever you open a document in the shared folder. +Remote shared folders aren't added to Network Locations whenever you open a document in the shared folder. -- If you disable this setting or do not configure it, when you open a document in a remote shared folder, the system adds a connection to the shared folder to Network Locations. +- If you disable this setting or don't configure it, when you open a document in a remote shared folder, the system adds a connection to the shared folder to Network Locations. -- If you enable this setting, shared folders are not added to Network Locations automatically when you open a document in the shared folder. +- If you enable this setting, shared folders aren't added to Network Locations automatically when you open a document in the shared folder. @@ -959,7 +959,7 @@ Removes most occurrences of the Recycle Bin icon. This setting removes the Recycle Bin icon from the desktop, from File Explorer, from programs that use the File Explorer windows, and from the standard Open dialog box. -This setting does not prevent the user from using other methods to gain access to the contents of the Recycle Bin folder. +This setting doesn't prevent the user from using other methods to gain access to the contents of the Recycle Bin folder. > [!NOTE] > To make changes to this setting effective, you must log off and then log back on. @@ -1019,9 +1019,9 @@ This setting does not prevent the user from using other methods to gain access t Removes the Properties option from the Recycle Bin context menu. -- If you enable this setting, the Properties option will not be present when the user right-clicks on Recycle Bin or opens Recycle Bin and then clicks File. Likewise, Alt-Enter does nothing when Recycle Bin is selected. +- If you enable this setting, the Properties option won't be present when the user right-clicks on Recycle Bin or opens Recycle Bin and then clicks File. Likewise, Alt-Enter does nothing when Recycle Bin is selected. -- If you disable or do not configure this setting, the Properties option is displayed as usual. +- If you disable or don't configure this setting, the Properties option is displayed as usual. @@ -1078,7 +1078,7 @@ Removes the Properties option from the Recycle Bin context menu. Prevents users from saving certain changes to the desktop. -If you enable this setting, users can change the desktop, but some changes, such as the position of open windows or the size and position of the taskbar, are not saved when users log off. However, shortcuts placed on the desktop are always saved. +If you enable this setting, users can change the desktop, but some changes, such as the position of open windows or the size and position of the taskbar, aren't saved when users log off. However, shortcuts placed on the desktop are always saved. @@ -1135,9 +1135,9 @@ If you enable this setting, users can change the desktop, but some changes, such Prevents windows from being minimized or restored when the active window is shaken back and forth with the mouse. -- If you enable this policy, application windows will not be minimized or restored when the active window is shaken back and forth with the mouse. +- If you enable this policy, application windows won't be minimized or restored when the active window is shaken back and forth with the mouse. -- If you disable or do not configure this policy, this window minimizing and restoring gesture will apply. +- If you disable or don't configure this policy, this window minimizing and restoring gesture will apply. @@ -1199,7 +1199,7 @@ You can use the "Add" box in this setting to add particular Web-based items or s You can also use this setting to delete particular Web-based items from users' desktops. Users can add the item again (if settings allow), but the item is deleted each time the setting is refreshed. > [!NOTE] -> Removing an item from the "Add" list for this setting is not the same as deleting it. Items that are removed from the "Add" list are not removed from the desktop. They are simply not added again. +> Removing an item from the "Add" list for this setting isn't the same as deleting it. Items that are removed from the "Add" list aren't removed from the desktop. They are simply not added again. > [!NOTE] > For this setting to take affect, you must log off and log on to the system. @@ -1258,7 +1258,7 @@ You can also use this setting to delete particular Web-based items from users' d Prevents users from adding Web content to their Active Desktop. -This setting removes the "New" button from Web tab in Display in Control Panel. As a result, users cannot add Web pages or pictures from the Internet or an intranet to the desktop. This setting does not remove existing Web content from their Active Desktop, or prevent users from removing existing Web content. +This setting removes the "New" button from Web tab in Display in Control Panel. As a result, users can't add Web pages or pictures from the Internet or an intranet to the desktop. This setting doesn't remove existing Web content from their Active Desktop, or prevent users from removing existing Web content. Also, see the "Disable all items" setting. @@ -1317,12 +1317,12 @@ Also, see the "Disable all items" setting. Prevents users from removing Web content from their Active Desktop. -In Active Desktop, you can add items to the desktop but close them so they are not displayed. +In Active Desktop, you can add items to the desktop but close them so they aren't displayed. -If you enable this setting, items added to the desktop cannot be closed; they always appear on the desktop. This setting removes the check boxes from items on the Web tab in Display in Control Panel. +If you enable this setting, items added to the desktop can't be closed; they always appear on the desktop. This setting removes the check boxes from items on the Web tab in Display in Control Panel. > [!NOTE] -> This setting does not prevent users from deleting items from their Active Desktop. +> This setting doesn't prevent users from deleting items from their Active Desktop. @@ -1381,7 +1381,7 @@ Prevents users from deleting Web content from their Active Desktop. This setting removes the Delete button from the Web tab in Display in Control Panel. As a result, users can temporarily remove, but not delete, Web content from their Active Desktop. -This setting does not prevent users from adding Web content to their Active Desktop. +This setting doesn't prevent users from adding Web content to their Active Desktop. Also, see the "Prohibit closing items" and "Disable all items" settings. @@ -1440,7 +1440,7 @@ Also, see the "Prohibit closing items" and "Disable all items" settings. Prevents users from changing the properties of Web content items on their Active Desktop. -This setting disables the Properties button on the Web tab in Display in Control Panel. Also, it removes the Properties item from the menu for each item on the Active Desktop. As a result, users cannot change the properties of an item, such as its synchronization schedule, password, or display characteristics. +This setting disables the Properties button on the Web tab in Display in Control Panel. Also, it removes the Properties item from the menu for each item on the Active Desktop. As a result, users can't change the properties of an item, such as its synchronization schedule, password, or display characteristics. @@ -1497,10 +1497,10 @@ This setting disables the Properties button on the Web tab in Display in Control Removes Active Desktop content and prevents users from adding Active Desktop content. -This setting removes all Active Desktop items from the desktop. It also removes the Web tab from Display in Control Panel. As a result, users cannot add Web pages or pictures from the Internet or an intranet to the desktop. +This setting removes all Active Desktop items from the desktop. It also removes the Web tab from Display in Control Panel. As a result, users can't add Web pages or pictures from the Internet or an intranet to the desktop. > [!NOTE] -> This setting does not disable Active Desktop. Users can still use image formats, such as JPEG and GIF, for their desktop wallpaper. +> This setting doesn't disable Active Desktop. Users can still use image formats, such as JPEG and GIF, for their desktop wallpaper. @@ -1557,7 +1557,7 @@ This setting removes all Active Desktop items from the desktop. It also removes Prevents users from manipulating desktop toolbars. -If you enable this setting, users cannot add or remove toolbars from the desktop. Also, users cannot drag toolbars on to or off of docked toolbars. +If you enable this setting, users can't add or remove toolbars from the desktop. Also, users can't drag toolbars on to or off of docked toolbars. > [!NOTE] > If users have added or removed toolbars, this setting prevents them from restoring the default configuration. @@ -1620,9 +1620,9 @@ Also, see the "Prohibit adjusting desktop toolbars" setting. -Prevents users from adjusting the length of desktop toolbars. Also, users cannot reposition items or toolbars on docked toolbars. +Prevents users from adjusting the length of desktop toolbars. Also, users can't reposition items or toolbars on docked toolbars. -This setting does not prevent users from adding or removing toolbars on the desktop. +This setting doesn't prevent users from adding or removing toolbars on the desktop. > [!NOTE] > If users have adjusted their toolbars, this setting prevents them from restoring the default configuration. @@ -1682,7 +1682,7 @@ Also, see the "Prevent adding, dragging, dropping and closing the Taskbar's tool -Permits only bitmap images for wallpaper. This setting limits the desktop background ("wallpaper") to bitmap (.bmp) files. If users select files with other image formats, such as JPEG, GIF, PNG, or HTML, through the Browse button on the Desktop tab, the wallpaper does not load. Files that are autoconverted to a .bmp format, such as JPEG, GIF, and PNG, can be set as Wallpaper by right-clicking the image and selecting "Set as Wallpaper". +Permits only bitmap images for wallpaper. This setting limits the desktop background ("wallpaper") to bitmap (.bmp) files. If users select files with other image formats, such as JPEG, GIF, PNG, or HTML, through the Browse button on the Desktop tab, the wallpaper doesn't load. Files that are autoconverted to a .bmp format, such as JPEG, GIF, and PNG, can be set as Wallpaper by right-clicking the image and selecting "Set as Wallpaper". Also, see the "Desktop Wallpaper" and the "Prevent changing wallpaper" (in User Configuration\Administrative Templates\Control Panel\Display) settings. @@ -1743,14 +1743,14 @@ Specifies the desktop background ("wallpaper") displayed on all users' desktops. This setting lets you specify the wallpaper on users' desktops and prevents users from changing the image or its presentation. The wallpaper you specify can be stored in a bitmap (*.bmp) or JPEG (*.jpg) file. -To use this setting, type the fully qualified path and name of the file that stores the wallpaper image. You can type a local path, such as C:\Windows\web\wallpaper\home.jpg or a UNC path, such as \\Server\Share\Corp.jpg. If the specified file is not available when the user logs on, no wallpaper is displayed. Users cannot specify alternative wallpaper. You can also use this setting to specify that the wallpaper image be centered, tiled, or stretched. Users cannot change this specification. +To use this setting, type the fully qualified path and name of the file that stores the wallpaper image. You can type a local path, such as C:\Windows\web\wallpaper\home.jpg or a UNC path, such as \\Server\Share\Corp.jpg. If the specified file isn't available when the user logs on, no wallpaper is displayed. Users can't specify alternative wallpaper. You can also use this setting to specify that the wallpaper image be centered, tiled, or stretched. Users can't change this specification. -If you disable this setting or do not configure it, no wallpaper is displayed. However, users can select the wallpaper of their choice. +If you disable this setting or don't configure it, no wallpaper is displayed. However, users can select the wallpaper of their choice. Also, see the "Allow only bitmapped wallpaper" in the same location, and the "Prevent changing wallpaper" setting in User Configuration\Administrative Templates\Control Panel. > [!NOTE] -> This setting does not apply to remote desktop server sessions. +> This setting doesn't apply to remote desktop server sessions. diff --git a/windows/client-management/mdm/policy-csp-admx-deviceguard.md b/windows/client-management/mdm/policy-csp-admx-deviceguard.md index 9db0d92210..61e0d5e8c7 100644 --- a/windows/client-management/mdm/policy-csp-admx-deviceguard.md +++ b/windows/client-management/mdm/policy-csp-admx-deviceguard.md @@ -43,7 +43,7 @@ ms.topic: reference Deploy Windows Defender Application Control -This policy setting lets you deploy a Code Integrity Policy to a machine to control what is allowed to run on that machine. +This policy setting lets you deploy a Code Integrity Policy to a machine to control what's allowed to run on that machine. If you deploy a Code Integrity Policy, Windows will restrict what can run in both kernel mode and on the Windows Desktop based on the policy. To enable this policy the machine must be rebooted. diff --git a/windows/client-management/mdm/policy-csp-admx-deviceinstallation.md b/windows/client-management/mdm/policy-csp-admx-deviceinstallation.md index 8505373616..17c29621cf 100644 --- a/windows/client-management/mdm/policy-csp-admx-deviceinstallation.md +++ b/windows/client-management/mdm/policy-csp-admx-deviceinstallation.md @@ -45,7 +45,7 @@ This policy setting allows you to determine whether members of the Administrator - If you enable this policy setting on a remote desktop server, the policy setting affects redirection of the specified devices from a remote desktop client to the remote desktop server. -- If you disable or do not configure this policy setting, members of the Administrators group are subject to all policy settings that restrict device installation. +- If you disable or don't configure this policy setting, members of the Administrators group are subject to all policy settings that restrict device installation. @@ -104,7 +104,7 @@ This policy setting allows you to display a custom message to users in a notific - If you enable this policy setting, Windows displays the text you type in the Detail Text box when a policy setting prevents device installation. -- If you disable or do not configure this policy setting, Windows displays a default message when a policy setting prevents device installation. +- If you disable or don't configure this policy setting, Windows displays a default message when a policy setting prevents device installation. @@ -162,7 +162,7 @@ This policy setting allows you to display a custom message title in a notificati - If you enable this policy setting, Windows displays the text you type in the Main Text box as the title text of a notification when a policy setting prevents device installation. -- If you disable or do not configure this policy setting, Windows displays a default title in a notification when a policy setting prevents device installation. +- If you disable or don't configure this policy setting, Windows displays a default title in a notification when a policy setting prevents device installation. @@ -220,7 +220,7 @@ This policy setting allows you to configure the number of seconds Windows waits - If you enable this policy setting, Windows waits for the number of seconds you specify before terminating the installation. -- If you disable or do not configure this policy setting, Windows waits 240 seconds for a device installation task to complete before terminating the installation. +- If you disable or don't configure this policy setting, Windows waits 240 seconds for a device installation task to complete before terminating the installation. @@ -278,10 +278,10 @@ This policy setting establishes the amount of time (in seconds) that the system - If you enable this policy setting, set the amount of seconds you want the system to wait until a reboot. -- If you disable or do not configure this policy setting, the system does not force a reboot. +- If you disable or don't configure this policy setting, the system doesn't force a reboot. > [!NOTE] -> If no reboot is forced, the device installation restriction right will not take effect until the system is restarted. +> If no reboot is forced, the device installation restriction right won't take effect until the system is restarted. @@ -336,16 +336,16 @@ This policy setting establishes the amount of time (in seconds) that the system -This policy setting allows you to prevent Windows from installing removable devices. A device is considered removable when the driver for the device to which it is connected indicates that the device is removable. For example, a Universal Serial Bus (USB) device is reported to be removable by the drivers for the USB hub to which the device is connected. By default, this policy setting takes precedence over any other policy setting that allows Windows to install a device. +This policy setting allows you to prevent Windows from installing removable devices. A device is considered removable when the driver for the device to which it's connected indicates that the device is removable. For example, a Universal Serial Bus (USB) device is reported to be removable by the drivers for the USB hub to which the device is connected. By default, this policy setting takes precedence over any other policy setting that allows Windows to install a device. > [!NOTE] > To enable the "Allow installation of devices using drivers that match these device setup classes", "Allow installation of devices that match any of these device IDs", and "Allow installation of devices that match any of these device instance IDs" policy settings to supersede this policy setting for applicable devices, enable the "Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria" policy setting. -- If you enable this policy setting, Windows is prevented from installing removable devices and existing removable devices cannot have their drivers updated. +- If you enable this policy setting, Windows is prevented from installing removable devices and existing removable devices can't have their drivers updated. - If you enable this policy setting on a remote desktop server, the policy setting affects redirection of removable devices from a remote desktop client to the remote desktop server. -- If you disable or do not configure this policy setting, Windows can install and update driver packages for removable devices as allowed or prevented by other policy settings. +- If you disable or don't configure this policy setting, Windows can install and update driver packages for removable devices as allowed or prevented by other policy settings. @@ -402,9 +402,9 @@ This policy setting allows you to prevent Windows from installing removable devi This policy setting allows you to prevent Windows from creating a system restore point during device activity that would normally prompt Windows to create a system restore point. Windows normally creates restore points for certain driver activity, such as the installation of an unsigned driver. A system restore point enables you to more easily restore your system to its state before the activity. -- If you enable this policy setting, Windows does not create a system restore point when one would normally be created. +- If you enable this policy setting, Windows doesn't create a system restore point when one would normally be created. -- If you disable or do not configure this policy setting, Windows creates a system restore point as it normally would. +- If you disable or don't configure this policy setting, Windows creates a system restore point as it normally would. @@ -463,7 +463,7 @@ This policy setting specifies a list of device setup class GUIDs describing driv - If you enable this policy setting, members of the Users group may install new drivers for the specified device setup classes. The drivers must be signed according to Windows Driver Signing Policy, or be signed by publishers already in the TrustedPublisher store. -- If you disable or do not configure this policy setting, only members of the Administrators group are allowed to install new driver packages on the system. +- If you disable or don't configure this policy setting, only members of the Administrators group are allowed to install new driver packages on the system. diff --git a/windows/client-management/mdm/policy-csp-admx-devicesetup.md b/windows/client-management/mdm/policy-csp-admx-devicesetup.md index 0e5fd54ad3..031a59b0a8 100644 --- a/windows/client-management/mdm/policy-csp-admx-devicesetup.md +++ b/windows/client-management/mdm/policy-csp-admx-devicesetup.md @@ -41,9 +41,9 @@ ms.topic: reference This policy setting allows you to turn off "Found New Hardware" balloons during device installation. -- If you enable this policy setting, "Found New Hardware" balloons do not appear while a device is being installed. +- If you enable this policy setting, "Found New Hardware" balloons don't appear while a device is being installed. -- If you disable or do not configure this policy setting, "Found New Hardware" balloons appear while a device is being installed, unless the driver for the device suppresses the balloons. +- If you disable or don't configure this policy setting, "Found New Hardware" balloons appear while a device is being installed, unless the driver for the device suppresses the balloons. @@ -102,11 +102,11 @@ This policy setting allows you to specify the order in which Windows searches so - If you enable this policy setting, you can select whether Windows searches for drivers on Windows Update unconditionally, only if necessary, or not at all. -Note that searching always implies that Windows will attempt to search Windows Update exactly one time. With this setting, Windows will not continually search for updates. This setting is used to ensure that the best software will be found for the device, even if the network is temporarily available. +Note that searching always implies that Windows will attempt to search Windows Update exactly one time. With this setting, Windows won't continually search for updates. This setting is used to ensure that the best software will be found for the device, even if the network is temporarily available. -If the setting for searching only if needed is specified, then Windows will search for a driver only if a driver is not locally available on the system. +If the setting for searching only if needed is specified, then Windows will search for a driver only if a driver isn't locally available on the system. -- If you disable or do not configure this policy setting, members of the Administrators group can determine the priority order in which Windows searches source locations for device drivers. +- If you disable or don't configure this policy setting, members of the Administrators group can determine the priority order in which Windows searches source locations for device drivers. diff --git a/windows/client-management/mdm/policy-csp-admx-dfs.md b/windows/client-management/mdm/policy-csp-admx-dfs.md index 99488e0ff1..da7f64566e 100644 --- a/windows/client-management/mdm/policy-csp-admx-dfs.md +++ b/windows/client-management/mdm/policy-csp-admx-dfs.md @@ -43,7 +43,7 @@ This policy setting allows you to configure how often a Distributed File System - If you enable this policy setting, you can configure how often a DFS client attempts to discover domain controllers. This value is specified in minutes. -- If you disable or do not configure this policy setting, the default value of 15 minutes applies. +- If you disable or don't configure this policy setting, the default value of 15 minutes applies. > [!NOTE] > The minimum value you can select is 15 minutes. If you try to set this setting to a value less than 15 minutes, the default value of 15 minutes is applied. diff --git a/windows/client-management/mdm/policy-csp-admx-digitallocker.md b/windows/client-management/mdm/policy-csp-admx-digitallocker.md index c6b4af938a..dca7129486 100644 --- a/windows/client-management/mdm/policy-csp-admx-digitallocker.md +++ b/windows/client-management/mdm/policy-csp-admx-digitallocker.md @@ -43,9 +43,9 @@ Specifies whether Digital Locker can run. Digital Locker is a dedicated download manager associated with Windows Marketplace and a feature of Windows that can be used to manage and download products acquired and stored in the user's Windows Marketplace Digital Locker. -- If you enable this setting, Digital Locker will not run. +- If you enable this setting, Digital Locker won't run. -- If you disable or do not configure this setting, Digital Locker can be run. +- If you disable or don't configure this setting, Digital Locker can be run. @@ -104,9 +104,9 @@ Specifies whether Digital Locker can run. Digital Locker is a dedicated download manager associated with Windows Marketplace and a feature of Windows that can be used to manage and download products acquired and stored in the user's Windows Marketplace Digital Locker. -- If you enable this setting, Digital Locker will not run. +- If you enable this setting, Digital Locker won't run. -- If you disable or do not configure this setting, Digital Locker can be run. +- If you disable or don't configure this setting, Digital Locker can be run. diff --git a/windows/client-management/mdm/policy-csp-admx-diskdiagnostic.md b/windows/client-management/mdm/policy-csp-admx-diskdiagnostic.md index 176eaad89f..b9739f1a11 100644 --- a/windows/client-management/mdm/policy-csp-admx-diskdiagnostic.md +++ b/windows/client-management/mdm/policy-csp-admx-diskdiagnostic.md @@ -43,14 +43,14 @@ This policy setting substitutes custom alert text in the disk diagnostic message - If you enable this policy setting, Windows displays custom alert text in the disk diagnostic message. The custom text may not exceed 512 characters. -- If you disable or do not configure this policy setting, Windows displays the default alert text in the disk diagnostic message. +- If you disable or don't configure this policy setting, Windows displays the default alert text in the disk diagnostic message. No reboots or service restarts are required for this policy setting to take effect: changes take effect immediately. -This policy setting only takes effect if the Disk Diagnostic scenario policy setting is enabled or not configured and the Diagnostic Policy Service (DPS) is in the running state. When the service is stopped or disabled, diagnostic scenarios are not executed. The DPS can be configured with the Services snap-in to the Microsoft Management Console. +This policy setting only takes effect if the Disk Diagnostic scenario policy setting is enabled or not configured and the Diagnostic Policy Service (DPS) is in the running state. When the service is stopped or disabled, diagnostic scenarios aren't executed. The DPS can be configured with the Services snap-in to the Microsoft Management Console. > [!NOTE] -> For Windows Server systems, this policy setting applies only if the Desktop Experience optional component is installed and the Remote Desktop Services role is not installed. +> For Windows Server systems, this policy setting applies only if the Desktop Experience optional component is installed and the Remote Desktop Services role isn't installed. @@ -112,16 +112,16 @@ Self-Monitoring And Reporting Technology (S. M. A. R. T.) is a standard mechanis - If you disable this policy, S. M. A. R. T. faults are still detected and logged, but no corrective action is taken. -- If you do not configure this policy setting, the DPS enables S. M. A. R. T. fault resolution by default. +- If you don't configure this policy setting, the DPS enables S. M. A. R. T. fault resolution by default. -This policy setting takes effect only if the diagnostics-wide scenario execution policy is not configured. +This policy setting takes effect only if the diagnostics-wide scenario execution policy isn't configured. No reboots or service restarts are required for this policy setting to take effect: changes take effect immediately. -This policy setting takes effect only when the DPS is in the running state. When the service is stopped or disabled, diagnostic scenarios are not executed. The DPS can be configured with the Services snap-in to the Microsoft Management Console. +This policy setting takes effect only when the DPS is in the running state. When the service is stopped or disabled, diagnostic scenarios aren't executed. The DPS can be configured with the Services snap-in to the Microsoft Management Console. > [!NOTE] -> For Windows Server systems, this policy setting applies only if the Desktop Experience optional component is installed and the Remote Desktop Services role is not installed. +> For Windows Server systems, this policy setting applies only if the Desktop Experience optional component is installed and the Remote Desktop Services role isn't installed. diff --git a/windows/client-management/mdm/policy-csp-admx-disknvcache.md b/windows/client-management/mdm/policy-csp-admx-disknvcache.md index 680d5e448b..8effe588c4 100644 --- a/windows/client-management/mdm/policy-csp-admx-disknvcache.md +++ b/windows/client-management/mdm/policy-csp-admx-disknvcache.md @@ -41,11 +41,11 @@ ms.topic: reference This policy setting turns off the boot and resume optimizations for the hybrid hard disks in the system. -- If you enable this policy setting, the system does not use the non-volatile (NV) cache to optimize boot and resume. +- If you enable this policy setting, the system doesn't use the non-volatile (NV) cache to optimize boot and resume. - If you disable this policy setting, the system uses the NV cache to achieve faster boot and resume. The system determines the data that will be stored in the NV cache to optimize boot and resume. The required data is stored in the NV cache during shutdown and hibernate, respectively. This might cause a slight increase in the time taken for shutdown and hibernate. -- If you do not configure this policy setting, the default behavior is observed and the NV cache is used for boot and resume optimizations. +- If you don't configure this policy setting, the default behavior is observed and the NV cache is used for boot and resume optimizations. > [!NOTE] > This policy setting is applicable only if the NV cache feature is on. @@ -105,11 +105,11 @@ This policy setting turns off the boot and resume optimizations for the hybrid h This policy setting turns off power save mode on the hybrid hard disks in the system. -- If you enable this policy setting, the hard disks are not put into NV cache power save mode and no power savings are achieved. +- If you enable this policy setting, the hard disks aren't put into NV cache power save mode and no power savings are achieved. - If you disable this policy setting, the hard disks are put into an NV cache power saving mode. In this mode, the system tries to save power by aggressively spinning down the disk. -- If you do not configure this policy setting, the default behavior is to allow the hybrid hard disks to be in power save mode. +- If you don't configure this policy setting, the default behavior is to allow the hybrid hard disks to be in power save mode. > [!NOTE] > This policy setting is applicable only if the NV cache feature is on. @@ -169,14 +169,14 @@ This policy setting turns off power save mode on the hybrid hard disks in the sy This policy setting turns off all support for the non-volatile (NV) cache on all hybrid hard disks in the system. To check if you have hybrid hard disks in the system, from Device Manager, right-click the disk drive and select Properties. The NV cache can be used to optimize boot and resume by reading data from the cache while the disks are spinning up. The NV cache can also be used to reduce the power consumption of the system by keeping the disks spun down while satisfying reads and writes from the cache. -- If you enable this policy setting, the system will not manage the NV cache and will not enable NV cache power saving mode. +- If you enable this policy setting, the system won't manage the NV cache and won't enable NV cache power saving mode. - If you disable this policy setting, the system will manage the NV cache on the disks if the other policy settings for the NV cache are appropriately configured. > [!NOTE] > This policy setting will take effect on next boot. -- If you do not configure this policy setting, the default behavior is to turn on support for the NV cache. +- If you don't configure this policy setting, the default behavior is to turn on support for the NV cache. @@ -237,7 +237,7 @@ This policy setting turns off the solid state mode for the hybrid hard disks. - If you disable this policy setting, the system will store frequently written data into the non-volatile (NV) cache. This allows the system to exclusively run out of the NV cache and power down the disk for longer periods to save power. Note that this can cause increased wear of the NV cache. -- If you do not configure this policy setting, the default behavior of the system is observed and frequently written files will be stored in the NV cache. +- If you don't configure this policy setting, the default behavior of the system is observed and frequently written files will be stored in the NV cache. > [!NOTE] > This policy setting is applicable only if the NV cache feature is on. diff --git a/windows/client-management/mdm/policy-csp-admx-diskquota.md b/windows/client-management/mdm/policy-csp-admx-diskquota.md index 50d89026b3..ffc46e0daf 100644 --- a/windows/client-management/mdm/policy-csp-admx-diskquota.md +++ b/windows/client-management/mdm/policy-csp-admx-diskquota.md @@ -41,16 +41,16 @@ ms.topic: reference This policy setting turns on and turns off disk quota management on all NTFS volumes of the computer, and prevents users from changing the setting. -- If you enable this policy setting, disk quota management is turned on, and users cannot turn it off. +- If you enable this policy setting, disk quota management is turned on, and users can't turn it off. -- If you disable the policy setting, disk quota management is turned off, and users cannot turn it on. +- If you disable the policy setting, disk quota management is turned off, and users can't turn it on. -- If this policy setting is not configured, disk quota management is turned off by default, but administrators can turn it on. +- If this policy setting isn't configured, disk quota management is turned off by default, but administrators can turn it on. To prevent users from changing the setting while a setting is in effect, the system disables the "Enable quota management" option on the Quota tab of NTFS volumes. > [!NOTE] -> This policy setting turns on disk quota management but does not establish or enforce a particular disk quota limit. To specify a disk quota limit, use the "Default quota limit and warning level" policy setting. Otherwise, the system uses the physical space on the volume as the quota limit. +> This policy setting turns on disk quota management but doesn't establish or enforce a particular disk quota limit. To specify a disk quota limit, use the "Default quota limit and warning level" policy setting. Otherwise, the system uses the physical space on the volume as the quota limit. > [!NOTE] > To turn on or turn off disk quota management without specifying a setting, in My Computer, right-click the name of an NTFS volume, click Properties, click the Quota tab, and then click "Enable quota management." @@ -111,9 +111,9 @@ To prevent users from changing the setting while a setting is in effect, the sys This policy setting determines whether disk quota limits are enforced and prevents users from changing the setting. - If you enable this policy setting, disk quota limits are enforced. -- If you disable this policy setting, disk quota limits are not enforced. When you enable or disable this policy setting, the system disables the "Deny disk space to users exceeding quota limit" option on the Quota tab so administrators cannot make changes while the setting is in effect. +- If you disable this policy setting, disk quota limits aren't enforced. When you enable or disable this policy setting, the system disables the "Deny disk space to users exceeding quota limit" option on the Quota tab so administrators can't make changes while the setting is in effect. -- If you do not configure this policy setting, the disk quota limit is not enforced by default, but administrators can change the setting. +- If you don't configure this policy setting, the disk quota limit isn't enforced by default, but administrators can change the setting. Enforcement is optional. When users reach an enforced disk quota limit, the system responds as though the physical space on the volume were exhausted. When users reach an unenforced limit, their status in the Quota Entries window changes, but they can continue to write to the volume as long as physical space is available. @@ -182,13 +182,13 @@ This policy setting determines how much disk space can be used by each user on e This setting overrides new users' settings for the disk quota limit and warning level on their volumes, and it disables the corresponding options in the "Select the default quota limit for new users of this volume" section on the Quota tab. -This policy setting applies to all new users as soon as they write to the volume. It does not affect disk quota limits for current users, or affect customized limits and warning levels set for particular users (on the Quota tab in Volume Properties). +This policy setting applies to all new users as soon as they write to the volume. It doesn't affect disk quota limits for current users, or affect customized limits and warning levels set for particular users (on the Quota tab in Volume Properties). -If you disable or do not configure this policy setting, the disk space available to users is not limited. The disk quota management feature uses the physical space on each volume as its quota limit and warning level. +If you disable or don't configure this policy setting, the disk space available to users isn't limited. The disk quota management feature uses the physical space on each volume as its quota limit and warning level. -When you select a limit, remember that the same limit applies to all users on all volumes, regardless of actual volume size. Be sure to set the limit and warning level so that it is reasonable for the range of volumes in the group. +When you select a limit, remember that the same limit applies to all users on all volumes, regardless of actual volume size. Be sure to set the limit and warning level so that it's reasonable for the range of volumes in the group. -This policy setting is effective only when disk quota management is enabled on the volume. Also, if disk quotas are not enforced, users can exceed the quota limit you set. When users reach the quota limit, their status in the Quota Entries window changes, but users can continue to write to the volume. +This policy setting is effective only when disk quota management is enabled on the volume. Also, if disk quotas aren't enforced, users can exceed the quota limit you set. When users reach the quota limit, their status in the Quota Entries window changes, but users can continue to write to the volume. @@ -245,13 +245,13 @@ This policy setting is effective only when disk quota management is enabled on t This policy setting determines whether the system records an event in the local Application log when users reach their disk quota limit on a volume, and prevents users from changing the logging setting. - If you enable this policy setting, the system records an event when the user reaches their limit. -- If you disable this policy setting, no event is recorded. Also, when you enable or disable this policy setting, the system disables the "Log event when a user exceeds their quota limit" option on the Quota tab, so administrators cannot change the setting while a setting is in effect. +- If you disable this policy setting, no event is recorded. Also, when you enable or disable this policy setting, the system disables the "Log event when a user exceeds their quota limit" option on the Quota tab, so administrators can't change the setting while a setting is in effect. -- If you do not configure this policy setting, no events are recorded, but administrators can use the Quota tab option to change the setting. +- If you don't configure this policy setting, no events are recorded, but administrators can use the Quota tab option to change the setting. This policy setting is independent of the enforcement policy settings for disk quotas. As a result, you can direct the system to log an event, regardless of whether or not you choose to enforce the disk quota limit. -Also, this policy setting does not affect the Quota Entries window on the Quota tab. Even without the logged event, users can detect that they have reached their limit, because their status in the Quota Entries window changes. +Also, this policy setting doesn't affect the Quota Entries window on the Quota tab. Even without the logged event, users can detect that they've reached their limit, because their status in the Quota Entries window changes. > [!NOTE] > To find the logging option, in My Computer, right-click the name of an NTFS file system volume, click Properties, and then click the Quota tab. @@ -312,11 +312,11 @@ Also, this policy setting does not affect the Quota Entries window on the Quota This policy setting determines whether the system records an event in the Application log when users reach their disk quota warning level on a volume. - If you enable this policy setting, the system records an event. -- If you disable this policy setting, no event is recorded. When you enable or disable this policy setting, the system disables the corresponding "Log event when a user exceeds their warning level" option on the Quota tab so that administrators cannot change logging while a policy setting is in effect. +- If you disable this policy setting, no event is recorded. When you enable or disable this policy setting, the system disables the corresponding "Log event when a user exceeds their warning level" option on the Quota tab so that administrators can't change logging while a policy setting is in effect. -- If you do not configure this policy setting, no event is recorded, but administrators can use the Quota tab option to change the logging setting. +- If you don't configure this policy setting, no event is recorded, but administrators can use the Quota tab option to change the logging setting. -This policy setting does not affect the Quota Entries window on the Quota tab. Even without the logged event, users can detect that they have reached their warning level because their status in the Quota Entries window changes. +This policy setting doesn't affect the Quota Entries window on the Quota tab. Even without the logged event, users can detect that they've reached their warning level because their status in the Quota Entries window changes. > [!NOTE] > To find the logging option, in My Computer, right-click the name of an NTFS file system volume, click Properties, and then click the Quota tab. @@ -376,7 +376,7 @@ This policy setting does not affect the Quota Entries window on the Quota tab. E This policy setting extends the disk quota policies in this folder to NTFS file system volumes on removable media. -If you disable or do not configure this policy setting, the disk quota policies established in this folder apply to fixed-media NTFS volumes only. +If you disable or don't configure this policy setting, the disk quota policies established in this folder apply to fixed-media NTFS volumes only. > [!NOTE] > When this policy setting is applied, the computer will apply the disk quota to both fixed and removable media. diff --git a/windows/client-management/mdm/policy-csp-admx-distributedlinktracking.md b/windows/client-management/mdm/policy-csp-admx-distributedlinktracking.md index d58880ef87..9029d36c4c 100644 --- a/windows/client-management/mdm/policy-csp-admx-distributedlinktracking.md +++ b/windows/client-management/mdm/policy-csp-admx-distributedlinktracking.md @@ -39,7 +39,7 @@ ms.topic: reference -Specifies that Distributed Link Tracking clients in this domain may use the Distributed Link Tracking (DLT) server, which runs on domain controllers. The DLT client enables programs to track linked files that are moved within an NTFS volume, to another NTFS volume on the same computer, or to an NTFS volume on another computer. The DLT client can more reliably track links when allowed to use the DLT server. This policy should not be set unless the DLT server is running on all domain controllers in the domain. +Specifies that Distributed Link Tracking clients in this domain may use the Distributed Link Tracking (DLT) server, which runs on domain controllers. The DLT client enables programs to track linked files that are moved within an NTFS volume, to another NTFS volume on the same computer, or to an NTFS volume on another computer. The DLT client can more reliably track links when allowed to use the DLT server. This policy shouldn't be set unless the DLT server is running on all domain controllers in the domain. diff --git a/windows/client-management/mdm/policy-csp-admx-dnsclient.md b/windows/client-management/mdm/policy-csp-admx-dnsclient.md index 8b260020c7..a05adfaa5a 100644 --- a/windows/client-management/mdm/policy-csp-admx-dnsclient.md +++ b/windows/client-management/mdm/policy-csp-admx-dnsclient.md @@ -43,7 +43,7 @@ Specifies that NetBIOS over TCP/IP (NetBT) queries are issued for fully qualifie - If you enable this policy setting, NetBT queries will be issued for multi-label and fully qualified domain names such as "www.example.com" in addition to single-label names. -- If you disable this policy setting, or if you do not configure this policy setting, NetBT queries will only be issued for single-label names such as "example" and not for multi-label and fully qualified domain names. +- If you disable this policy setting, or if you don't configure this policy setting, NetBT queries will only be issued for single-label names such as "example" and not for multi-label and fully qualified domain names. @@ -110,7 +110,7 @@ If attaching suffixes is allowed, and a DNS client with a primary domain suffix - If you disable this policy setting, no suffixes are appended to unqualified multi-label name queries if the original name query fails. -- If you do not configure this policy setting, computers will use their local DNS client settings to determine the query behavior for unqualified multi-label names. +- If you don't configure this policy setting, computers will use their local DNS client settings to determine the query behavior for unqualified multi-label names. @@ -171,7 +171,7 @@ To use this policy setting, click Enabled, and then enter a string value represe - If you enable this policy setting, the DNS suffix that you enter will be applied to all network connections used by computers that receive this policy setting. -- If you disable this policy setting, or if you do not configure this policy setting, computers will use the local or DHCP supplied connection specific DNS suffix, if configured. +- If you disable this policy setting, or if you don't configure this policy setting, computers will use the local or DHCP supplied connection specific DNS suffix, if configured. @@ -231,9 +231,9 @@ With devolution, a DNS client creates queries by appending a single-label, unqua The DNS client appends DNS suffixes to the single-label, unqualified domain name based on the state of the Append primary and connection specific DNS suffixes radio button and Append parent suffixes of the primary DNS suffix check box on the DNS tab in Advanced TCP/IP Settings for the Internet Protocol (TCP/IP) Properties dialog box. -Devolution is not enabled if a global suffix search list is configured using Group Policy. +Devolution isn't enabled if a global suffix search list is configured using Group Policy. -If a global suffix search list is not configured, and the Append primary and connection specific DNS suffixes radio button is selected, the DNS client appends the following names to a single-label name when it sends DNS queries: +If a global suffix search list isn't configured, and the Append primary and connection specific DNS suffixes radio button is selected, the DNS client appends the following names to a single-label name when it sends DNS queries: The primary DNS suffix, as specified on the Computer Name tab of the System control panel. @@ -241,13 +241,13 @@ Each connection-specific DNS suffix, assigned either through DHCP or specified i For example, when a user submits a query for a single-label name such as "example," the DNS client attaches a suffix such as "microsoft.com" resulting in the query "example.microsoft.com," before sending the query to a DNS server. -If a DNS suffix search list is not specified, the DNS client attaches the primary DNS suffix to a single-label name. If this query fails, the connection-specific DNS suffix is attached for a new query. If none of these queries are resolved, the client devolves the primary DNS suffix of the computer (drops the leftmost label of the primary DNS suffix), attaches this devolved primary DNS suffix to the single-label name, and submits this new query to a DNS server. +If a DNS suffix search list isn't specified, the DNS client attaches the primary DNS suffix to a single-label name. If this query fails, the connection-specific DNS suffix is attached for a new query. If none of these queries are resolved, the client devolves the primary DNS suffix of the computer (drops the leftmost label of the primary DNS suffix), attaches this devolved primary DNS suffix to the single-label name, and submits this new query to a DNS server. -For example, if the primary DNS suffix ooo.aaa.microsoft.com is attached to the non-dot-terminated single-label name "example," and the DNS query for example.ooo.aaa.microsoft.com fails, the DNS client devolves the primary DNS suffix (drops the leftmost label) till the specified devolution level, and submits a query for example.aaa.microsoft.com. If this query fails, the primary DNS suffix is devolved further if it is under specified devolution level and the query example.microsoft.com is submitted. If this query fails, devolution continues if it is under specified devolution level and the query example.microsoft.com is submitted, corresponding to a devolution level of two. The primary DNS suffix cannot be devolved beyond a devolution level of two. The devolution level can be configured using this policy setting. The default devolution level is two. +For example, if the primary DNS suffix ooo.aaa.microsoft.com is attached to the non-dot-terminated single-label name "example," and the DNS query for example.ooo.aaa.microsoft.com fails, the DNS client devolves the primary DNS suffix (drops the leftmost label) till the specified devolution level, and submits a query for example.aaa.microsoft.com. If this query fails, the primary DNS suffix is devolved further if it's under specified devolution level and the query example.microsoft.com is submitted. If this query fails, devolution continues if it's under specified devolution level and the query example.microsoft.com is submitted, corresponding to a devolution level of two. The primary DNS suffix can't be devolved beyond a devolution level of two. The devolution level can be configured using this policy setting. The default devolution level is two. - If you enable this policy setting and DNS devolution is also enabled, DNS clients use the DNS devolution level that you specify. -- If this policy setting is disabled, or if this policy setting is not configured, DNS clients use the default devolution level of two provided that DNS devolution is enabled. +- If this policy setting is disabled, or if this policy setting isn't configured, DNS clients use the default devolution level of two provided that DNS devolution is enabled. @@ -304,9 +304,9 @@ For example, if the primary DNS suffix ooo.aaa.microsoft.com is attached to the Specifies whether the DNS client should convert internationalized domain names (IDNs) to Punycode when the computer is on non-domain networks with no WINS servers configured. -- If this policy setting is enabled, IDNs are not converted to Punycode. +- If this policy setting is enabled, IDNs aren't converted to Punycode. -- If this policy setting is disabled, or if this policy setting is not configured, IDNs are converted to Punycode when the computer is on non-domain networks with no WINS servers configured. +- If this policy setting is disabled, or if this policy setting isn't configured, IDNs are converted to Punycode when the computer is on non-domain networks with no WINS servers configured. @@ -365,7 +365,7 @@ Specifies whether the DNS client should convert internationalized domain names ( - If this policy setting is enabled, IDNs are converted to the Nameprep form. -- If this policy setting is disabled, or if this policy setting is not configured, IDNs are not converted to the Nameprep form. +- If this policy setting is disabled, or if this policy setting isn't configured, IDNs aren't converted to the Nameprep form. @@ -426,7 +426,7 @@ To use this policy setting, click Enabled, and then enter a space-delimited list - If you enable this policy setting, the list of DNS servers is applied to all network connections used by computers that receive this policy setting. -- If you disable this policy setting, or if you do not configure this policy setting, computers will use the local or DHCP supplied list of DNS servers, if configured. +- If you disable this policy setting, or if you don't configure this policy setting, computers will use the local or DHCP supplied list of DNS servers, if configured. @@ -480,11 +480,11 @@ To use this policy setting, click Enabled, and then enter a space-delimited list -Specifies that responses from link local name resolution protocols received over a network interface that is higher in the binding order are preferred over DNS responses from network interfaces lower in the binding order. Examples of link local name resolution protocols include link local multicast name resolution (LLMNR) and NetBIOS over TCP/IP (NetBT). +Specifies that responses from link local name resolution protocols received over a network interface that's higher in the binding order are preferred over DNS responses from network interfaces lower in the binding order. Examples of link local name resolution protocols include link local multicast name resolution (LLMNR) and NetBIOS over TCP/IP (NetBT). - If you enable this policy setting, responses from link local protocols will be preferred over DNS responses if the local responses are from a network with a higher binding order. -- If you disable this policy setting, or if you do not configure this policy setting, then DNS responses from networks lower in the binding order will be preferred over responses from link local protocols received from networks higher in the binding order. +- If you disable this policy setting, or if you don't configure this policy setting, then DNS responses from networks lower in the binding order will be preferred over responses from link local protocols received from networks higher in the binding order. > [!NOTE] > This policy setting is applicable only if the turn off smart multi-homed name resolution policy setting is disabled or not configured. @@ -553,7 +553,7 @@ To use this policy setting, click Enabled and enter the entire primary DNS suffi You can use this policy setting to prevent users, including local administrators, from changing the primary DNS suffix. -- If you disable this policy setting, or if you do not configure this policy setting, each computer uses its local primary DNS suffix, which is usually the DNS name of Active Directory domain to which it is joined. +- If you disable this policy setting, or if you don't configure this policy setting, each computer uses its local primary DNS suffix, which is usually the DNS name of Active Directory domain to which it's joined. @@ -618,7 +618,7 @@ For example, with a computer name of mycomputer, a primary DNS suffix of microso > [!IMPORTANT] > This policy setting is ignored on a DNS client computer if dynamic DNS registration is disabled. -- If you disable this policy setting, or if you do not configure this policy setting, a DNS client computer will not register any A and PTR resource records using a connection-specific DNS suffix. +- If you disable this policy setting, or if you don't configure this policy setting, a DNS client computer won't register any A and PTR resource records using a connection-specific DNS suffix. @@ -681,13 +681,13 @@ By default, DNS clients configured to perform dynamic DNS registration will atte To use this policy setting, click Enabled, and then select one of the following options from the drop-down list: -Do not register: Computers will not attempt to register PTR resource records. +Don't register: Computers won't attempt to register PTR resource records. -Register: Computers will attempt to register PTR resource records even if registration of the corresponding A records was not successful. +Register: Computers will attempt to register PTR resource records even if registration of the corresponding A records wasn't successful. Register only if A record registration succeeds: Computers will attempt to register PTR resource records only if registration of the corresponding A records was successful. -- If you disable this policy setting, or if you do not configure this policy setting, computers will use locally configured settings. +- If you disable this policy setting, or if you don't configure this policy setting, computers will use locally configured settings. @@ -743,7 +743,7 @@ Register only if A record registration succeeds: Computers will attempt to regis Specifies if DNS dynamic update is enabled. Computers configured for DNS dynamic update automatically register and update their DNS resource records with a DNS server. -- If you enable this policy setting, or you do not configure this policy setting, computers will attempt to use dynamic DNS registration on all network connections that have connection-specific dynamic DNS registration enabled. For a dynamic DNS registration to be enabled on a network connection, the connection-specific configuration must allow dynamic DNS registration, and this policy setting must not be disabled. +- If you enable this policy setting, or you don't configure this policy setting, computers will attempt to use dynamic DNS registration on all network connections that have connection-specific dynamic DNS registration enabled. For a dynamic DNS registration to be enabled on a network connection, the connection-specific configuration must allow dynamic DNS registration, and this policy setting mustn't be disabled. - If you disable this policy setting, computers may not use dynamic DNS registration for any of their network connections, regardless of the configuration for individual network connections. @@ -802,13 +802,13 @@ Specifies if DNS dynamic update is enabled. Computers configured for DNS dynamic Specifies whether dynamic updates should overwrite existing resource records that contain conflicting IP addresses. -This policy setting is designed for computers that register address (A) resource records in DNS zones that do not use Secure Dynamic Updates. Secure Dynamic Update preserves ownership of resource records and does not allow a DNS client to overwrite records that are registered by other computers. +This policy setting is designed for computers that register address (A) resource records in DNS zones that don't use Secure Dynamic Updates. Secure Dynamic Update preserves ownership of resource records and doesn't allow a DNS client to overwrite records that are registered by other computers. -During dynamic update of resource records in a zone that does not use Secure Dynamic Updates, an A resource record might exist that associates the client's host name with an IP address different than the one currently in use by the client. By default, the DNS client attempts to replace the existing A resource record with an A resource record that has the client's current IP address. +During dynamic update of resource records in a zone that doesn't use Secure Dynamic Updates, an A resource record might exist that associates the client's host name with an IP address different than the one currently in use by the client. By default, the DNS client attempts to replace the existing A resource record with an A resource record that has the client's current IP address. -- If you enable this policy setting or if you do not configure this policy setting, DNS clients maintain their default behavior and will attempt to replace conflicting A resource records during dynamic update. +- If you enable this policy setting or if you don't configure this policy setting, DNS clients maintain their default behavior and will attempt to replace conflicting A resource records during dynamic update. -- If you disable this policy setting, existing A resource records that contain conflicting IP addresses will not be replaced during a dynamic update, and an error will be recorded in Event Viewer. +- If you disable this policy setting, existing A resource records that contain conflicting IP addresses won't be replaced during a dynamic update, and an error will be recorded in Event Viewer. @@ -865,7 +865,7 @@ During dynamic update of resource records in a zone that does not use Secure Dyn Specifies the interval used by DNS clients to refresh registration of A and PTR resource. This policy setting only applies to computers performing dynamic DNS updates. -Computers configured to perform dynamic DNS registration of A and PTR resource records periodically reregister their records with DNS servers, even if the record has not changed. This reregistration is required to indicate to DNS servers that records are current and should not be automatically removed (scavenged) when a DNS server is configured to delete stale records. +Computers configured to perform dynamic DNS registration of A and PTR resource records periodically reregister their records with DNS servers, even if the record hasn't changed. This reregistration is required to indicate to DNS servers that records are current and shouldn't be automatically removed (scavenged) when a DNS server is configured to delete stale records. > [!WARNING] > If record scavenging is enabled on the zone, the value of this policy setting should never be longer than the value of the DNS zone refresh interval. Configuring the registration refresh interval to be longer than the refresh interval of the DNS zone might result in the undesired deletion of A and PTR resource records. @@ -874,7 +874,7 @@ To specify the registration refresh interval, click Enabled and then enter a val - If you enable this policy setting, registration refresh interval that you specify will be applied to all network connections used by computers that receive this policy setting. -- If you disable this policy setting, or if you do not configure this policy setting, computers will use the local or DHCP supplied setting. By default, client computers configured with a static IP address attempt to update their DNS resource records once every 24 hours and DHCP clients will attempt to update their DNS resource records when a DHCP lease is granted or renewed. +- If you disable this policy setting, or if you don't configure this policy setting, computers will use the local or DHCP supplied setting. By default, client computers configured with a static IP address attempt to update their DNS resource records once every 24 hours and DHCP clients will attempt to update their DNS resource records when a DHCP lease is granted or renewed. @@ -934,7 +934,7 @@ To specify the TTL, click Enabled and then enter a value in seconds (for example - If you enable this policy setting, the TTL value that you specify will be applied to DNS resource records registered for all network connections used by computers that receive this policy setting. -- If you disable this policy setting, or if you do not configure this policy setting, computers will use the TTL settings specified in DNS. By default, the TTL is 1200 seconds (20 minutes). +- If you disable this policy setting, or if you don't configure this policy setting, computers will use the TTL settings specified in DNS. By default, the TTL is 1200 seconds (20 minutes). @@ -998,7 +998,7 @@ To use this policy setting, click Enabled, and then enter a string value represe - If you enable this policy setting, one DNS suffix is attached at a time for each query. If a query is unsuccessful, a new DNS suffix is added in place of the failed suffix, and this new query is submitted. The values are used in the order they appear in the string, starting with the leftmost value and proceeding to the right until a query is successful or all suffixes are tried. -- If you disable this policy setting, or if you do not configure this policy setting, the primary DNS suffix and network connection-specific DNS suffixes are appended to the unqualified queries. +- If you disable this policy setting, or if you don't configure this policy setting, the primary DNS suffix and network connection-specific DNS suffixes are appended to the unqualified queries. @@ -1054,9 +1054,9 @@ To use this policy setting, click Enabled, and then enter a string value represe Specifies that a multi-homed DNS client should optimize name resolution across networks. The setting improves performance by issuing parallel DNS, link local multicast name resolution (LLMNR) and NetBIOS over TCP/IP (NetBT) queries across all networks. In the event that multiple positive responses are received, the network binding order is used to determine which response to accept. -- If you enable this policy setting, the DNS client will not perform any optimizations. DNS queries will be issued across all networks first. LLMNR queries will be issued if the DNS queries fail, followed by NetBT queries if LLMNR queries fail. +- If you enable this policy setting, the DNS client won't perform any optimizations. DNS queries will be issued across all networks first. LLMNR queries will be issued if the DNS queries fail, followed by NetBT queries if LLMNR queries fail. -- If you disable this policy setting, or if you do not configure this policy setting, name resolution will be optimized when issuing DNS, LLMNR and NetBT queries. +- If you disable this policy setting, or if you don't configure this policy setting, name resolution will be optimized when issuing DNS, LLMNR and NetBT queries. @@ -1115,7 +1115,7 @@ Specifies that the DNS client should prefer responses from link local name resol - If you enable this policy setting, the DNS client will prefer DNS responses, followed by LLMNR, followed by NetBT for all networks. -- If you disable this policy setting, or if you do not configure this policy setting, the DNS client will prefer link local responses for flat name queries on non-domain networks. +- If you disable this policy setting, or if you don't configure this policy setting, the DNS client will prefer link local responses for flat name queries on non-domain networks. > [!NOTE] > This policy setting is applicable only if the turn off smart multi-homed name resolution policy setting is disabled or not configured. @@ -1185,7 +1185,7 @@ Only secure - computers send only secure dynamic updates. - If you enable this policy setting, computers that attempt to send dynamic DNS updates will use the security level that you specify in this policy setting. -- If you disable this policy setting, or if you do not configure this policy setting, computers will use local settings. By default, DNS clients attempt to use unsecured dynamic update first. If an unsecured update is refused, clients try to use secure update. +- If you disable this policy setting, or if you don't configure this policy setting, computers will use local settings. By default, DNS clients attempt to use unsecured dynamic update first. If an unsecured update is refused, clients try to use secure update. @@ -1241,11 +1241,11 @@ Only secure - computers send only secure dynamic updates. Specifies if computers may send dynamic updates to zones with a single label name. These zones are also known as top-level domain zones, for example: "com." -By default, a DNS client that is configured to perform dynamic DNS update will update the DNS zone that is authoritative for its DNS resource records unless the authoritative zone is a top-level domain or root zone. +By default, a DNS client that's configured to perform dynamic DNS update will update the DNS zone that's authoritative for its DNS resource records unless the authoritative zone is a top-level domain or root zone. -- If you enable this policy setting, computers send dynamic updates to any zone that is authoritative for the resource records that the computer needs to update, except the root zone. +- If you enable this policy setting, computers send dynamic updates to any zone that's authoritative for the resource records that the computer needs to update, except the root zone. -- If you disable this policy setting, or if you do not configure this policy setting, computers do not send dynamic updates to the root zone or top-level domain zones that are authoritative for the resource records that the computer needs to update. +- If you disable this policy setting, or if you don't configure this policy setting, computers don't send dynamic updates to the root zone or top-level domain zones that are authoritative for the resource records that the computer needs to update. @@ -1306,9 +1306,9 @@ With devolution, a DNS client creates queries by appending a single-label, unqua The DNS client appends DNS suffixes to the single-label, unqualified domain name based on the state of the Append primary and connection specific DNS suffixes radio button and Append parent suffixes of the primary DNS suffix check box on the DNS tab in Advanced TCP/IP Settings for the Internet Protocol (TCP/IP) Properties dialog box. -Devolution is not enabled if a global suffix search list is configured using Group Policy. +Devolution isn't enabled if a global suffix search list is configured using Group Policy. -If a global suffix search list is not configured, and the Append primary and connection specific DNS suffixes radio button is selected, the DNS client appends the following names to a single-label name when it sends DNS queries: +If a global suffix search list isn't configured, and the Append primary and connection specific DNS suffixes radio button is selected, the DNS client appends the following names to a single-label name when it sends DNS queries: The primary DNS suffix, as specified on the Computer Name tab of the System control panel. @@ -1316,13 +1316,13 @@ Each connection-specific DNS suffix, assigned either through DHCP or specified i For example, when a user submits a query for a single-label name such as "example," the DNS client attaches a suffix such as "microsoft.com" resulting in the query "example.microsoft.com," before sending the query to a DNS server. -If a DNS suffix search list is not specified, the DNS client attaches the primary DNS suffix to a single-label name. If this query fails, the connection-specific DNS suffix is attached for a new query. If none of these queries are resolved, the client devolves the primary DNS suffix of the computer (drops the leftmost label of the primary DNS suffix), attaches this devolved primary DNS suffix to the single-label name, and submits this new query to a DNS server. +If a DNS suffix search list isn't specified, the DNS client attaches the primary DNS suffix to a single-label name. If this query fails, the connection-specific DNS suffix is attached for a new query. If none of these queries are resolved, the client devolves the primary DNS suffix of the computer (drops the leftmost label of the primary DNS suffix), attaches this devolved primary DNS suffix to the single-label name, and submits this new query to a DNS server. -For example, if the primary DNS suffix ooo.aaa.microsoft.com is attached to the non-dot-terminated single-label name "example," and the DNS query for example.ooo.aaa.microsoft.com fails, the DNS client devolves the primary DNS suffix (drops the leftmost label) till the specified devolution level, and submits a query for example.aaa.microsoft.com. If this query fails, the primary DNS suffix is devolved further if it is under specified devolution level and the query example.microsoft.com is submitted. If this query fails, devolution continues if it is under specified devolution level and the query example.microsoft.com is submitted, corresponding to a devolution level of two. The primary DNS suffix cannot be devolved beyond a devolution level of two. The devolution level can be configured using the primary DNS suffix devolution level policy setting. The default devolution level is two. +For example, if the primary DNS suffix ooo.aaa.microsoft.com is attached to the non-dot-terminated single-label name "example," and the DNS query for example.ooo.aaa.microsoft.com fails, the DNS client devolves the primary DNS suffix (drops the leftmost label) till the specified devolution level, and submits a query for example.aaa.microsoft.com. If this query fails, the primary DNS suffix is devolved further if it's under specified devolution level and the query example.microsoft.com is submitted. If this query fails, devolution continues if it's under specified devolution level and the query example.microsoft.com is submitted, corresponding to a devolution level of two. The primary DNS suffix can't be devolved beyond a devolution level of two. The devolution level can be configured using the primary DNS suffix devolution level policy setting. The default devolution level is two. -- If you enable this policy setting, or if you do not configure this policy setting, DNS clients attempt to resolve single-label names using concatenations of the single-label name to be resolved and the devolved primary DNS suffix. +- If you enable this policy setting, or if you don't configure this policy setting, DNS clients attempt to resolve single-label names using concatenations of the single-label name to be resolved and the devolved primary DNS suffix. -- If you disable this policy setting, DNS clients do not attempt to resolve names that are concatenations of the single-label name to be resolved and the devolved primary DNS suffix. +- If you disable this policy setting, DNS clients don't attempt to resolve names that are concatenations of the single-label name to be resolved and the devolved primary DNS suffix. @@ -1379,11 +1379,11 @@ For example, if the primary DNS suffix ooo.aaa.microsoft.com is attached to the Specifies that link local multicast name resolution (LLMNR) is disabled on client computers. -LLMNR is a secondary name resolution protocol. With LLMNR, queries are sent using multicast over a local network link on a single subnet from a client computer to another client computer on the same subnet that also has LLMNR enabled. LLMNR does not require a DNS server or DNS client configuration, and provides name resolution in scenarios in which conventional DNS name resolution is not possible. +LLMNR is a secondary name resolution protocol. With LLMNR, queries are sent using multicast over a local network link on a single subnet from a client computer to another client computer on the same subnet that also has LLMNR enabled. LLMNR doesn't require a DNS server or DNS client configuration, and provides name resolution in scenarios in which conventional DNS name resolution isn't possible. - If you enable this policy setting, LLMNR will be disabled on all available network adapters on the client computer. -- If you disable this policy setting, or you do not configure this policy setting, LLMNR will be enabled on all available network adapters. +- If you disable this policy setting, or you don't configure this policy setting, LLMNR will be enabled on all available network adapters. diff --git a/windows/client-management/mdm/policy-csp-admx-dwm.md b/windows/client-management/mdm/policy-csp-admx-dwm.md index 78db3acd1f..e4a0ac56f6 100644 --- a/windows/client-management/mdm/policy-csp-admx-dwm.md +++ b/windows/client-management/mdm/policy-csp-admx-dwm.md @@ -39,14 +39,14 @@ ms.topic: reference -This policy setting controls the default color for window frames when the user does not specify a color. +This policy setting controls the default color for window frames when the user doesn't specify a color. -- If you enable this policy setting and specify a default color, this color is used in glass window frames, if the user does not specify a color. +- If you enable this policy setting and specify a default color, this color is used in glass window frames, if the user doesn't specify a color. -- If you disable or do not configure this policy setting, the default internal color is used, if the user does not specify a color. +- If you disable or don't configure this policy setting, the default internal color is used, if the user doesn't specify a color. > [!NOTE] -> This policy setting can be used in conjunction with the "Prevent color changes of window frames" setting, to enforce a specific color for window frames that cannot be changed by users. +> This policy setting can be used in conjunction with the "Prevent color changes of window frames" setting, to enforce a specific color for window frames that can't be changed by users. @@ -101,14 +101,14 @@ This policy setting controls the default color for window frames when the user d -This policy setting controls the default color for window frames when the user does not specify a color. +This policy setting controls the default color for window frames when the user doesn't specify a color. -- If you enable this policy setting and specify a default color, this color is used in glass window frames, if the user does not specify a color. +- If you enable this policy setting and specify a default color, this color is used in glass window frames, if the user doesn't specify a color. -- If you disable or do not configure this policy setting, the default internal color is used, if the user does not specify a color. +- If you disable or don't configure this policy setting, the default internal color is used, if the user doesn't specify a color. > [!NOTE] -> This policy setting can be used in conjunction with the "Prevent color changes of window frames" setting, to enforce a specific color for window frames that cannot be changed by users. +> This policy setting can be used in conjunction with the "Prevent color changes of window frames" setting, to enforce a specific color for window frames that can't be changed by users. @@ -167,7 +167,7 @@ This policy setting controls the appearance of window animations such as those f - If you enable this policy setting, window animations are turned off. -- If you disable or do not configure this policy setting, window animations are turned on. +- If you disable or don't configure this policy setting, window animations are turned on. Changing this policy setting requires a logoff for it to be applied. @@ -228,7 +228,7 @@ This policy setting controls the appearance of window animations such as those f - If you enable this policy setting, window animations are turned off. -- If you disable or do not configure this policy setting, window animations are turned on. +- If you disable or don't configure this policy setting, window animations are turned on. Changing this policy setting requires a logoff for it to be applied. @@ -289,10 +289,10 @@ This policy setting controls the ability to change the color of window frames. - If you enable this policy setting, you prevent users from changing the default window frame color. -- If you disable or do not configure this policy setting, you allow users to change the default window frame color. +- If you disable or don't configure this policy setting, you allow users to change the default window frame color. > [!NOTE] -> This policy setting can be used in conjunction with the "Specify a default color for window frames" policy setting, to enforce a specific color for window frames that cannot be changed by users. +> This policy setting can be used in conjunction with the "Specify a default color for window frames" policy setting, to enforce a specific color for window frames that can't be changed by users. @@ -351,10 +351,10 @@ This policy setting controls the ability to change the color of window frames. - If you enable this policy setting, you prevent users from changing the default window frame color. -- If you disable or do not configure this policy setting, you allow users to change the default window frame color. +- If you disable or don't configure this policy setting, you allow users to change the default window frame color. > [!NOTE] -> This policy setting can be used in conjunction with the "Specify a default color for window frames" policy setting, to enforce a specific color for window frames that cannot be changed by users. +> This policy setting can be used in conjunction with the "Specify a default color for window frames" policy setting, to enforce a specific color for window frames that can't be changed by users. diff --git a/windows/client-management/mdm/policy-csp-admx-eaime.md b/windows/client-management/mdm/policy-csp-admx-eaime.md index f6800a18e5..41b87fc7cd 100644 --- a/windows/client-management/mdm/policy-csp-admx-eaime.md +++ b/windows/client-management/mdm/policy-csp-admx-eaime.md @@ -41,14 +41,14 @@ ms.topic: reference This policy setting allows you to include the Non-Publishing Standard Glyph in the candidate list when Publishing Standard Glyph for the word exists. -- If you enable this policy setting, Non-Publishing Standard Glyph is not included in the candidate list when Publishing Standard Glyph for the word exists. +- If you enable this policy setting, Non-Publishing Standard Glyph isn't included in the candidate list when Publishing Standard Glyph for the word exists. -- If you disable or do not configure this policy setting, both Publishing Standard Glyph and Non-Publishing Standard Glyph are included in the candidate list. +- If you disable or don't configure this policy setting, both Publishing Standard Glyph and Non-Publishing Standard Glyph are included in the candidate list. This policy setting applies to Japanese Microsoft IME only. > [!NOTE] -> Changes to this setting will not take effect until the user logs off. +> Changes to this setting won't take effect until the user logs off. @@ -119,12 +119,12 @@ This policy setting allows you to restrict character code range of conversion by 0x1000 // IVS char 0xFFFF // no definition. -- If you disable or do not configure this policy setting, no range of characters are filtered by default. +- If you disable or don't configure this policy setting, no range of characters are filtered by default. This policy setting applies to Japanese Microsoft IME only. > [!NOTE] -> Changes to this setting will not take effect until the user logs off. +> Changes to this setting won't take effect until the user logs off. @@ -180,9 +180,9 @@ This policy setting applies to Japanese Microsoft IME only. This policy setting allows you to turn off the ability to use a custom dictionary. -- If you enable this policy setting, you cannot add, edit, and delete words in the custom dictionary either with GUI tools or APIs. A word registered in the custom dictionary before enabling this policy setting can continue to be used for conversion. +- If you enable this policy setting, you can't add, edit, and delete words in the custom dictionary either with GUI tools or APIs. A word registered in the custom dictionary before enabling this policy setting can continue to be used for conversion. -- If you disable or do not configure this policy setting, the custom dictionary can be used by default. +- If you disable or don't configure this policy setting, the custom dictionary can be used by default. [Clear auto-tuning information] removes self-tuned words from the custom dictionary, even if a group policy setting is turned on. To do this, select Settings > Time & Language > Japanese Options > Microsoft IME Options. If compatibility mode is turned on, select Advanced options > Dictionary/Auto-tuning > [Clear auto-tuning information]. @@ -191,7 +191,7 @@ This policy setting allows you to turn off the ability to use a custom dictionar This policy setting is applied to Japanese Microsoft IME. > [!NOTE] -> Changes to this setting will not take effect until the user logs off. +> Changes to this setting won't take effect until the user logs off. @@ -250,12 +250,12 @@ This policy setting allows you to turn off history-based predictive input. - If you enable this policy setting, history-based predictive input is turned off. -- If you disable or do not configure this policy setting, history-based predictive input is on by default. +- If you disable or don't configure this policy setting, history-based predictive input is on by default. This policy setting applies to Japanese Microsoft IME only. > [!NOTE] -> Changes to this setting will not take effect until the user logs off. +> Changes to this setting won't take effect until the user logs off. @@ -314,14 +314,14 @@ This policy setting allows you to turn off Internet search integration. Search integration includes both using Search Provider (Japanese Microsoft IME) and performing bing search from predictive input for Japanese Microsoft IME. -- If you enable this policy setting, you cannot use search integration. +- If you enable this policy setting, you can't use search integration. -- If you disable or do not configure this policy setting, the search integration function can be used by default. +- If you disable or don't configure this policy setting, the search integration function can be used by default. This policy setting applies to Japanese Microsoft IME. > [!NOTE] -> Changes to this setting will not take effect until the user logs off. +> Changes to this setting won't take effect until the user logs off. @@ -378,11 +378,11 @@ This policy setting applies to Japanese Microsoft IME. This policy setting allows you to turn off Open Extended Dictionary. -- If you enable this policy setting, Open Extended Dictionary is turned off. You cannot add a new Open Extended Dictionary. +- If you enable this policy setting, Open Extended Dictionary is turned off. You can't add a new Open Extended Dictionary. -For Japanese Microsoft IME, an Open Extended Dictionary that is added before enabling this policy setting is not used for conversion. +For Japanese Microsoft IME, an Open Extended Dictionary that's added before enabling this policy setting isn't used for conversion. -- If you disable or do not configure this policy setting, Open Extended Dictionary can be added and used by default. +- If you disable or don't configure this policy setting, Open Extended Dictionary can be added and used by default. This policy setting is applied to Japanese Microsoft IME. @@ -441,9 +441,9 @@ This policy setting is applied to Japanese Microsoft IME. This policy setting allows you to turn off saving the auto-tuning result to file. -- If you enable this policy setting, the auto-tuning data is not saved to file. +- If you enable this policy setting, the auto-tuning data isn't saved to file. -- If you disable or do not configure this policy setting, auto-tuning data is saved to file by default. +- If you disable or don't configure this policy setting, auto-tuning data is saved to file by default. This policy setting applies to Japanese Microsoft IME only. @@ -748,7 +748,7 @@ This policy setting allows you to turn on logging of misconversion for the misco - If you enable this policy setting, misconversion logging is turned on. -- If you disable or do not configure this policy setting, misconversion logging is turned off. +- If you disable or don't configure this policy setting, misconversion logging is turned off. This policy setting applies to Japanese Microsoft IME and Traditional Chinese IME. diff --git a/windows/client-management/mdm/policy-csp-admx-encryptfilesonmove.md b/windows/client-management/mdm/policy-csp-admx-encryptfilesonmove.md index 98d10dad33..92b42d9267 100644 --- a/windows/client-management/mdm/policy-csp-admx-encryptfilesonmove.md +++ b/windows/client-management/mdm/policy-csp-admx-encryptfilesonmove.md @@ -41,9 +41,9 @@ ms.topic: reference This policy setting prevents File Explorer from encrypting files that are moved to an encrypted folder. -- If you enable this policy setting, File Explorer will not automatically encrypt files that are moved to an encrypted folder. +- If you enable this policy setting, File Explorer won't automatically encrypt files that are moved to an encrypted folder. -- If you disable or do not configure this policy setting, File Explorer automatically encrypts files that are moved to an encrypted folder. +- If you disable or don't configure this policy setting, File Explorer automatically encrypts files that are moved to an encrypted folder. This setting applies only to files moved within a volume. When files are moved to other volumes, or if you create a new file in an encrypted folder, File Explorer encrypts those files automatically. diff --git a/windows/client-management/mdm/policy-csp-admx-enhancedstorage.md b/windows/client-management/mdm/policy-csp-admx-enhancedstorage.md index 9f14232190..8d775dd553 100644 --- a/windows/client-management/mdm/policy-csp-admx-enhancedstorage.md +++ b/windows/client-management/mdm/policy-csp-admx-enhancedstorage.md @@ -43,7 +43,7 @@ This policy setting allows you to configure a list of Enhanced Storage devices b - If you enable this policy setting, only Enhanced Storage devices that contain a manufacturer and product ID specified in this policy are usable on your computer. -- If you disable or do not configure this policy setting, all Enhanced Storage devices are usable on your computer. +- If you disable or don't configure this policy setting, all Enhanced Storage devices are usable on your computer. @@ -102,7 +102,7 @@ This policy setting allows you to create a list of IEEE 1667 silos, compliant wi - If you enable this policy setting, only IEEE 1667 silos that match a silo type identifier specified in this policy are usable on your computer. -- If you disable or do not configure this policy setting, all IEEE 1667 silos on Enhanced Storage devices are usable on your computer. +- If you disable or don't configure this policy setting, all IEEE 1667 silos on Enhanced Storage devices are usable on your computer. @@ -159,9 +159,9 @@ This policy setting allows you to create a list of IEEE 1667 silos, compliant wi This policy setting configures whether or not a password can be used to unlock an Enhanced Storage device. -- If you enable this policy setting, a password cannot be used to unlock an Enhanced Storage device. +- If you enable this policy setting, a password can't be used to unlock an Enhanced Storage device. -- If you disable or do not configure this policy setting, a password can be used to unlock an Enhanced Storage device. +- If you disable or don't configure this policy setting, a password can be used to unlock an Enhanced Storage device. @@ -218,9 +218,9 @@ This policy setting configures whether or not a password can be used to unlock a This policy setting configures whether or not non-Enhanced Storage removable devices are allowed on your computer. -- If you enable this policy setting, non-Enhanced Storage removable devices are not allowed on your computer. +- If you enable this policy setting, non-Enhanced Storage removable devices aren't allowed on your computer. -- If you disable or do not configure this policy setting, non-Enhanced Storage removable devices are allowed on your computer. +- If you disable or don't configure this policy setting, non-Enhanced Storage removable devices are allowed on your computer. @@ -281,7 +281,7 @@ This policy setting is supported in Windows Server SKUs only. - If you enable this policy setting, the Enhanced Storage device remains locked when the computer is locked. -- If you disable or do not configure this policy setting, the Enhanced Storage device state is not changed when the computer is locked. +- If you disable or don't configure this policy setting, the Enhanced Storage device state isn't changed when the computer is locked. @@ -340,7 +340,7 @@ This policy setting configures whether or not only USB root hub connected Enhanc - If you enable this policy setting, only USB root hub connected Enhanced Storage devices are allowed. -- If you disable or do not configure this policy setting, USB Enhanced Storage devices connected to both USB root hubs and non-root hubs will be allowed. +- If you disable or don't configure this policy setting, USB Enhanced Storage devices connected to both USB root hubs and non-root hubs will be allowed. diff --git a/windows/client-management/mdm/policy-csp-admx-errorreporting.md b/windows/client-management/mdm/policy-csp-admx-errorreporting.md index 1745ef8c82..8c8777e9ed 100644 --- a/windows/client-management/mdm/policy-csp-admx-errorreporting.md +++ b/windows/client-management/mdm/policy-csp-admx-errorreporting.md @@ -45,7 +45,7 @@ This policy setting controls whether errors in general applications are included If the Report all errors in Microsoft applications check box is filled, all errors in Microsoft applications are reported, regardless of the setting in the Default pull-down menu. When the Report all errors in Windows check box is filled, all errors in Windows applications are reported, regardless of the setting in the Default dropdown list. The Windows applications category is a subset of Microsoft applications. -- If you disable or do not configure this policy setting, users can enable or disable Windows Error Reporting in Control Panel. The default setting in Control Panel is Upload all applications. +- If you disable or don't configure this policy setting, users can enable or disable Windows Error Reporting in Control Panel. The default setting in Control Panel is Upload all applications. This policy setting is ignored if the Configure Error Reporting policy setting is disabled or not configured. @@ -105,11 +105,11 @@ For related information, see the Configure Error Reporting and Report Operating This policy setting controls Windows Error Reporting behavior for errors in general applications when Windows Error Reporting is turned on. -- If you enable this policy setting, you can create a list of applications that are never included in error reports. To create a list of applications for which Windows Error Reporting never reports errors, click Show under the Exclude errors for applications on this list setting, and then add or remove applications from the list of application file names in the Show Contents dialog box (example: notepad.exe). File names must always include the .exe file name extension. Errors that are generated by applications in this list are not reported, even if the Default Application Reporting Settings policy setting is configured to report all application errors. +- If you enable this policy setting, you can create a list of applications that are never included in error reports. To create a list of applications for which Windows Error Reporting never reports errors, click Show under the Exclude errors for applications on this list setting, and then add or remove applications from the list of application file names in the Show Contents dialog box (example: notepad.exe). File names must always include the .exe file name extension. Errors that are generated by applications in this list aren't reported, even if the Default Application Reporting Settings policy setting is configured to report all application errors. - If this policy setting is enabled, the Exclude errors for applications on this list setting takes precedence. If an application is listed both in the List of applications to always report errors for policy setting, and in the exclusion list in this policy setting, the application is excluded from error reporting. You can also use the exclusion list in this policy setting to exclude specific Microsoft applications or parts of Windows if the check boxes for these categories are filled in the Default application reporting settings policy setting. -- If you disable or do not configure this policy setting, the Default application reporting settings policy setting takes precedence. +- If you disable or don't configure this policy setting, the Default application reporting settings policy setting takes precedence. @@ -165,13 +165,13 @@ This policy setting controls Windows Error Reporting behavior for errors in gene This policy setting specifies applications for which Windows Error Reporting should always report errors. -To create a list of applications for which Windows Error Reporting never reports errors, click Show under the Exclude errors for applications on this list setting, and then add or remove applications from the list of application file names in the Show Contents dialog box (example: notepad.exe). Errors that are generated by applications in this list are not reported, even if the Default Application Reporting Settings policy setting is configured to report all application errors. +To create a list of applications for which Windows Error Reporting never reports errors, click Show under the Exclude errors for applications on this list setting, and then add or remove applications from the list of application file names in the Show Contents dialog box (example: notepad.exe). Errors that are generated by applications in this list aren't reported, even if the Default Application Reporting Settings policy setting is configured to report all application errors. - If you enable this policy setting, you can create a list of applications that are always included in error reporting. To add applications to the list, click Show under the Report errors for applications on this list setting, and edit the list of application file names in the Show Contents dialog box. The file names must include the .exe file name extension (for example, notepad.exe). Errors that are generated by applications on this list are always reported, even if the Default dropdown in the Default application reporting policy setting is set to report no application errors. If the Report all errors in Microsoft applications or Report all errors in Windows components check boxes in the Default Application Reporting policy setting are filled, Windows Error Reporting reports errors as if all applications in these categories were added to the list in this policy setting. (Note: The Microsoft applications category includes the Windows components category.) -- If you disable this policy setting or do not configure it, the Default application reporting settings policy setting takes precedence. +- If you disable this policy setting or don't configure it, the Default application reporting settings policy setting takes precedence. Also see the "Default Application Reporting" and "Application Exclusion List" policies. @@ -231,28 +231,28 @@ This setting will be ignored if the 'Configure Error Reporting' setting is disab This policy setting configures how errors are reported to Microsoft, and what information is sent when Windows Error Reporting is enabled. -This policy setting does not enable or disable Windows Error Reporting. To turn Windows Error Reporting on or off, see the Turn off Windows Error Reporting policy setting in Computer Configuration/Administrative Templates/System/Internet Communication Management/Internet Communication settings. +This policy setting doesn't enable or disable Windows Error Reporting. To turn Windows Error Reporting on or off, see the Turn off Windows Error Reporting policy setting in Computer Configuration/Administrative Templates/System/Internet Communication Management/Internet Communication settings. > [!IMPORTANT] -> If the Turn off Windows Error Reporting policy setting is not configured, then Control Panel settings for Windows Error Reporting override this policy setting. +> If the Turn off Windows Error Reporting policy setting isn't configured, then Control Panel settings for Windows Error Reporting override this policy setting. -- If you enable this policy setting, the setting overrides any user changes made to Windows Error Reporting settings in Control Panel, and default values are applied for any Windows Error Reporting policy settings that are not configured (even if users have changed settings by using Control Panel). +- If you enable this policy setting, the setting overrides any user changes made to Windows Error Reporting settings in Control Panel, and default values are applied for any Windows Error Reporting policy settings that aren't configured (even if users have changed settings by using Control Panel). - If you enable this policy setting, you can configure the following settings in the policy setting: -- "Do not display links to any Microsoft 'More information' websites": Select this option if you do not want error dialog boxes to display links to Microsoft websites. +- "Do not display links to any Microsoft 'More information' websites": Select this option if you don't want error dialog boxes to display links to Microsoft websites. -- "Do not collect additional files": Select this option if you do not want additional files to be collected and included in error reports. +- "Do not collect additional files": Select this option if you don't want additional files to be collected and included in error reports. -- "Do not collect additional computer data": Select this if you do not want additional information about the computer to be collected and included in error reports. +- "Do not collect additional computer data": Select this if you don't want additional information about the computer to be collected and included in error reports. -- "Force queue mode for application errors": Select this option if you do not want users to report errors. When this option is selected, errors are stored in a queue directory, and the next administrator to log on to the computer can send the error reports to Microsoft. +- "Force queue mode for application errors": Select this option if you don't want users to report errors. When this option is selected, errors are stored in a queue directory, and the next administrator to log on to the computer can send the error reports to Microsoft. - "Corporate file path": Type a UNC path to enable Corporate Error Reporting. All errors are stored at the specified location instead of being sent directly to Microsoft, and the next administrator to log onto the computer can send the error reports to Microsoft. - "Replace instances of the word 'Microsoft' with": You can specify text with which to customize your error report dialog boxes. The word "Microsoft" is replaced with the specified text. -- If you do not configure this policy setting, users can change Windows Error Reporting settings in Control Panel. By default, these settings are Enable Reporting on computers that are running Windows XP, and Report to Queue on computers that are running Windows Server 2003. +- If you don't configure this policy setting, users can change Windows Error Reporting settings in Control Panel. By default, these settings are Enable Reporting on computers that are running Windows XP, and Report to Queue on computers that are running Windows Server 2003. - If you disable this policy setting, configuration settings in the policy setting are left blank. @@ -314,9 +314,9 @@ This policy setting controls whether errors in the operating system are included - If you enable this policy setting, Windows Error Reporting includes operating system errors. -- If you disable this policy setting, operating system errors are not included in error reports. +- If you disable this policy setting, operating system errors aren't included in error reports. -- If you do not configure this policy setting, users can change this setting in Control Panel. By default, Windows Error Reporting settings in Control Panel are set to upload operating system errors. +- If you don't configure this policy setting, users can change this setting in Control Panel. By default, Windows Error Reporting settings in Control Panel are set to upload operating system errors. See also the Configure Error Reporting policy setting. @@ -377,7 +377,7 @@ This policy setting controls the behavior of the Windows Error Reporting archive - If you enable this policy setting, you can configure Windows Error Reporting archiving behavior. If Archive behavior is set to Store all, all data collected for each error report is stored in the appropriate location. If Archive behavior is set to Store parameters only, only the minimum information required to check for an existing solution is stored. The Maximum number of reports to store setting determines how many reports are stored before older reports are automatically deleted. -- If you disable or do not configure this policy setting, no Windows Error Reporting information is stored. +- If you disable or don't configure this policy setting, no Windows Error Reporting information is stored. @@ -436,7 +436,7 @@ This policy setting controls the behavior of the Windows Error Reporting archive - If you enable this policy setting, you can configure Windows Error Reporting archiving behavior. If Archive behavior is set to Store all, all data collected for each error report is stored in the appropriate location. If Archive behavior is set to Store parameters only, only the minimum information required to check for an existing solution is stored. The Maximum number of reports to store setting determines how many reports are stored before older reports are automatically deleted. -- If you disable or do not configure this policy setting, no Windows Error Reporting information is stored. +- If you disable or don't configure this policy setting, no Windows Error Reporting information is stored. @@ -491,9 +491,9 @@ This policy setting controls the behavior of the Windows Error Reporting archive -This policy setting controls whether memory dumps in support of OS-generated error reports can be sent to Microsoft automatically. This policy does not apply to error reports generated by 3rd-party products, or additional data other than memory dumps. +This policy setting controls whether memory dumps in support of OS-generated error reports can be sent to Microsoft automatically. This policy doesn't apply to error reports generated by 3rd-party products, or additional data other than memory dumps. -- If you enable or do not configure this policy setting, any memory dumps generated for error reports by Microsoft Windows are automatically uploaded, without notification to the user. +- If you enable or don't configure this policy setting, any memory dumps generated for error reports by Microsoft Windows are automatically uploaded, without notification to the user. - If you disable this policy setting, then all memory dumps are uploaded according to the default consent and notification settings. @@ -550,9 +550,9 @@ This policy setting controls whether memory dumps in support of OS-generated err -This policy setting controls whether memory dumps in support of OS-generated error reports can be sent to Microsoft automatically. This policy does not apply to error reports generated by 3rd-party products, or additional data other than memory dumps. +This policy setting controls whether memory dumps in support of OS-generated error reports can be sent to Microsoft automatically. This policy doesn't apply to error reports generated by 3rd-party products, or additional data other than memory dumps. -- If you enable or do not configure this policy setting, any memory dumps generated for error reports by Microsoft Windows are automatically uploaded, without notification to the user. +- If you enable or don't configure this policy setting, any memory dumps generated for error reports by Microsoft Windows are automatically uploaded, without notification to the user. - If you disable this policy setting, then all memory dumps are uploaded according to the default consent and notification settings. @@ -611,9 +611,9 @@ This policy setting controls whether memory dumps in support of OS-generated err This policy setting determines whether Windows Error Reporting (WER) sends additional, second-level report data even if a CAB file containing data about the same event types has already been uploaded to the server. -- If you enable this policy setting, WER does not throttle data; that is, WER uploads additional CAB files that can contain data about the same event types as an earlier uploaded report. +- If you enable this policy setting, WER doesn't throttle data; that is, WER uploads additional CAB files that can contain data about the same event types as an earlier uploaded report. -- If you disable or do not configure this policy setting, WER throttles data by default; that is, WER does not upload more than one CAB file for a report that contains data about the same event types. +- If you disable or don't configure this policy setting, WER throttles data by default; that is, WER doesn't upload more than one CAB file for a report that contains data about the same event types. @@ -670,9 +670,9 @@ This policy setting determines whether Windows Error Reporting (WER) sends addit This policy setting determines whether Windows Error Reporting (WER) sends additional, second-level report data even if a CAB file containing data about the same event types has already been uploaded to the server. -- If you enable this policy setting, WER does not throttle data; that is, WER uploads additional CAB files that can contain data about the same event types as an earlier uploaded report. +- If you enable this policy setting, WER doesn't throttle data; that is, WER uploads additional CAB files that can contain data about the same event types as an earlier uploaded report. -- If you disable or do not configure this policy setting, WER throttles data by default; that is, WER does not upload more than one CAB file for a report that contains data about the same event types. +- If you disable or don't configure this policy setting, WER throttles data by default; that is, WER doesn't upload more than one CAB file for a report that contains data about the same event types. @@ -727,11 +727,11 @@ This policy setting determines whether Windows Error Reporting (WER) sends addit -This policy setting determines whether Windows Error Reporting (WER) checks for a network cost policy that restricts the amount of data that is sent over the network. +This policy setting determines whether Windows Error Reporting (WER) checks for a network cost policy that restricts the amount of data that's sent over the network. -- If you enable this policy setting, WER does not check for network cost policy restrictions, and transmits data even if network cost is restricted. +- If you enable this policy setting, WER doesn't check for network cost policy restrictions, and transmits data even if network cost is restricted. -- If you disable or do not configure this policy setting, WER does not send data, but will check the network cost policy again if the network profile is changed. +- If you disable or don't configure this policy setting, WER doesn't send data, but will check the network cost policy again if the network profile is changed. @@ -786,11 +786,11 @@ This policy setting determines whether Windows Error Reporting (WER) checks for -This policy setting determines whether Windows Error Reporting (WER) checks for a network cost policy that restricts the amount of data that is sent over the network. +This policy setting determines whether Windows Error Reporting (WER) checks for a network cost policy that restricts the amount of data that's sent over the network. -- If you enable this policy setting, WER does not check for network cost policy restrictions, and transmits data even if network cost is restricted. +- If you enable this policy setting, WER doesn't check for network cost policy restrictions, and transmits data even if network cost is restricted. -- If you disable or do not configure this policy setting, WER does not send data, but will check the network cost policy again if the network profile is changed. +- If you disable or don't configure this policy setting, WER doesn't send data, but will check the network cost policy again if the network profile is changed. @@ -845,11 +845,11 @@ This policy setting determines whether Windows Error Reporting (WER) checks for -This policy setting determines whether Windows Error Reporting (WER) checks if the computer is running on battery power. By default, when a computer is running on battery power, WER only checks for solutions, but does not upload additional report data until the computer is connected to a more permanent power source. +This policy setting determines whether Windows Error Reporting (WER) checks if the computer is running on battery power. By default, when a computer is running on battery power, WER only checks for solutions, but doesn't upload additional report data until the computer is connected to a more permanent power source. -- If you enable this policy setting, WER does not determine whether the computer is running on battery power, but checks for solutions and uploads report data normally. +- If you enable this policy setting, WER doesn't determine whether the computer is running on battery power, but checks for solutions and uploads report data normally. -- If you disable or do not configure this policy setting, WER checks for solutions while a computer is running on battery power, but does not upload report data until the computer is connected to a more permanent power source. +- If you disable or don't configure this policy setting, WER checks for solutions while a computer is running on battery power, but doesn't upload report data until the computer is connected to a more permanent power source. @@ -904,11 +904,11 @@ This policy setting determines whether Windows Error Reporting (WER) checks if t -This policy setting determines whether Windows Error Reporting (WER) checks if the computer is running on battery power. By default, when a computer is running on battery power, WER only checks for solutions, but does not upload additional report data until the computer is connected to a more permanent power source. +This policy setting determines whether Windows Error Reporting (WER) checks if the computer is running on battery power. By default, when a computer is running on battery power, WER only checks for solutions, but doesn't upload additional report data until the computer is connected to a more permanent power source. -- If you enable this policy setting, WER does not determine whether the computer is running on battery power, but checks for solutions and uploads report data normally. +- If you enable this policy setting, WER doesn't determine whether the computer is running on battery power, but checks for solutions and uploads report data normally. -- If you disable or do not configure this policy setting, WER checks for solutions while a computer is running on battery power, but does not upload report data until the computer is connected to a more permanent power source. +- If you disable or don't configure this policy setting, WER checks for solutions while a computer is running on battery power, but doesn't upload report data until the computer is connected to a more permanent power source. @@ -963,11 +963,11 @@ This policy setting determines whether Windows Error Reporting (WER) checks if t -This policy setting specifies a corporate server to which Windows Error Reporting sends reports (if you do not want to send error reports to Microsoft). +This policy setting specifies a corporate server to which Windows Error Reporting sends reports (if you don't want to send error reports to Microsoft). - If you enable this policy setting, you can specify the name or IP address of an error report destination server on your organization's network. You can also select Connect using SSL to transmit error reports over a Secure Sockets Layer (SSL) connection, and specify a port number on the destination server for transmission. -- If you disable or do not configure this policy setting, Windows Error Reporting sends error reports to Microsoft. +- If you disable or don't configure this policy setting, Windows Error Reporting sends error reports to Microsoft. @@ -1031,11 +1031,11 @@ This policy setting determines the consent behavior of Windows Error Reporting f - 2 (Send parameters): Windows Error Reporting automatically sends the minimum data required to check for an existing solution, and Windows prompts the user for consent to send any additional data requested by Microsoft. -- 3 (Send parameters and safe additional data): Windows Error Reporting automatically sends the minimum data required to check for an existing solution, as well as data which Windows has determined (within a high probability) does not contain personally identifiable data, and prompts the user for consent to send any additional data requested by Microsoft. +- 3 (Send parameters and safe additional data): Windows Error Reporting automatically sends the minimum data required to check for an existing solution, as well as data which Windows has determined (within a high probability) doesn't contain personally identifiable data, and prompts the user for consent to send any additional data requested by Microsoft. - 4 (Send all data): Any data requested by Microsoft is sent automatically. -- If you disable or do not configure this policy setting, then the default consent settings that are applied are those specified by the user in Control Panel, or in the Configure Default Consent policy setting. +- If you disable or don't configure this policy setting, then the default consent settings that are applied are those specified by the user in Control Panel, or in the Configure Default Consent policy setting. @@ -1093,7 +1093,7 @@ This policy setting determines the behavior of the Configure Default Consent set - If you enable this policy setting, the default consent levels of Windows Error Reporting always override any other consent policy setting. -- If you disable or do not configure this policy setting, custom consent policy settings for error reporting determine the consent level for specified event types, and the default consent setting determines only the consent level of any other error reports. +- If you disable or don't configure this policy setting, custom consent policy settings for error reporting determine the consent level for specified event types, and the default consent setting determines only the consent level of any other error reports. @@ -1152,7 +1152,7 @@ This policy setting determines the behavior of the Configure Default Consent set - If you enable this policy setting, the default consent levels of Windows Error Reporting always override any other consent policy setting. -- If you disable or do not configure this policy setting, custom consent policy settings for error reporting determine the consent level for specified event types, and the default consent setting determines only the consent level of any other error reports. +- If you disable or don't configure this policy setting, custom consent policy settings for error reporting determine the consent level for specified event types, and the default consent setting determines only the consent level of any other error reports. @@ -1213,9 +1213,9 @@ This policy setting determines the default consent behavior of Windows Error Rep - Always ask before sending data: Windows prompts users for consent to send reports. -- Send parameters: Only the minimum data that is required to check for an existing solution is sent automatically, and Windows prompts users for consent to send any additional data that is requested by Microsoft. +- Send parameters: Only the minimum data that's required to check for an existing solution is sent automatically, and Windows prompts users for consent to send any additional data that's requested by Microsoft. -- Send parameters and safe additional data: the minimum data that is required to check for an existing solution, along with data which Windows has determined (within a high probability) does not contain personally-identifiable information is sent automatically, and Windows prompts the user for consent to send any additional data that is requested by Microsoft. +- Send parameters and safe additional data: the minimum data that's required to check for an existing solution, along with data which Windows has determined (within a high probability) doesn't contain personally-identifiable information is sent automatically, and Windows prompts the user for consent to send any additional data that's requested by Microsoft. - Send all data: any error reporting data requested by Microsoft is sent automatically. @@ -1279,9 +1279,9 @@ This policy setting determines the default consent behavior of Windows Error Rep - Always ask before sending data: Windows prompts users for consent to send reports. -- Send parameters: Only the minimum data that is required to check for an existing solution is sent automatically, and Windows prompts users for consent to send any additional data that is requested by Microsoft. +- Send parameters: Only the minimum data that's required to check for an existing solution is sent automatically, and Windows prompts users for consent to send any additional data that's requested by Microsoft. -- Send parameters and safe additional data: the minimum data that is required to check for an existing solution, along with data which Windows has determined (within a high probability) does not contain personally-identifiable information is sent automatically, and Windows prompts the user for consent to send any additional data that is requested by Microsoft. +- Send parameters and safe additional data: the minimum data that's required to check for an existing solution, along with data which Windows has determined (within a high probability) doesn't contain personally-identifiable information is sent automatically, and Windows prompts the user for consent to send any additional data that's requested by Microsoft. - Send all data: any error reporting data requested by Microsoft is sent automatically. @@ -1339,11 +1339,11 @@ This policy setting determines the default consent behavior of Windows Error Rep -This policy setting turns off Windows Error Reporting, so that reports are not collected or sent to either Microsoft or internal servers within your organization when software unexpectedly stops working or fails. +This policy setting turns off Windows Error Reporting, so that reports aren't collected or sent to either Microsoft or internal servers within your organization when software unexpectedly stops working or fails. -- If you enable this policy setting, Windows Error Reporting does not send any problem information to Microsoft. Additionally, solution information is not available in Security and Maintenance in Control Panel. +- If you enable this policy setting, Windows Error Reporting doesn't send any problem information to Microsoft. Additionally, solution information isn't available in Security and Maintenance in Control Panel. -- If you disable or do not configure this policy setting, the Turn off Windows Error Reporting policy setting in Computer Configuration/Administrative Templates/System/Internet Communication Management/Internet Communication settings takes precedence. If Turn off Windows Error Reporting is also either disabled or not configured, user settings in Control Panel for Windows Error Reporting are applied. +- If you disable or don't configure this policy setting, the Turn off Windows Error Reporting policy setting in Computer Configuration/Administrative Templates/System/Internet Communication Management/Internet Communication settings takes precedence. If Turn off Windows Error Reporting is also either disabled or not configured, user settings in Control Panel for Windows Error Reporting are applied. @@ -1404,7 +1404,7 @@ This policy setting limits Windows Error Reporting behavior for errors in genera - If this policy setting is enabled, the Exclude errors for applications on this list setting takes precedence. -- If you disable or do not configure this policy setting, errors are reported on all Microsoft and Windows applications by default. +- If you disable or don't configure this policy setting, errors are reported on all Microsoft and Windows applications by default. @@ -1464,7 +1464,7 @@ This policy setting limits Windows Error Reporting behavior for errors in genera - If this policy setting is enabled, the Exclude errors for applications on this list setting takes precedence. -- If you disable or do not configure this policy setting, errors are reported on all Microsoft and Windows applications by default. +- If you disable or don't configure this policy setting, errors are reported on all Microsoft and Windows applications by default. @@ -1520,9 +1520,9 @@ This policy setting limits Windows Error Reporting behavior for errors in genera This policy setting controls whether Windows Error Reporting saves its own events and error messages to the system event log. -- If you enable this policy setting, Windows Error Reporting events are not recorded in the system event log. +- If you enable this policy setting, Windows Error Reporting events aren't recorded in the system event log. -- If you disable or do not configure this policy setting, Windows Error Reporting events and errors are logged to the system event log, as with other Windows-based programs. +- If you disable or don't configure this policy setting, Windows Error Reporting events and errors are logged to the system event log, as with other Windows-based programs. @@ -1579,9 +1579,9 @@ This policy setting controls whether Windows Error Reporting saves its own event This policy setting controls whether Windows Error Reporting saves its own events and error messages to the system event log. -- If you enable this policy setting, Windows Error Reporting events are not recorded in the system event log. +- If you enable this policy setting, Windows Error Reporting events aren't recorded in the system event log. -- If you disable or do not configure this policy setting, Windows Error Reporting events and errors are logged to the system event log, as with other Windows-based programs. +- If you disable or don't configure this policy setting, Windows Error Reporting events and errors are logged to the system event log, as with other Windows-based programs. @@ -1640,7 +1640,7 @@ This policy setting controls whether additional data in support of error reports - If you enable this policy setting, any additional data requests from Microsoft in response to a Windows Error Reporting report are automatically declined, without notification to the user. -- If you disable or do not configure this policy setting, then consent policy settings in Computer Configuration/Administrative Templates/Windows Components/Windows Error Reporting/Consent take precedence. +- If you disable or don't configure this policy setting, then consent policy settings in Computer Configuration/Administrative Templates/Windows Components/Windows Error Reporting/Consent take precedence. @@ -1701,7 +1701,7 @@ This policy setting determines the behavior of the Windows Error Reporting repor The Maximum number of reports to queue setting determines how many reports can be queued before older reports are automatically deleted. The setting for Number of days between solution check reminders determines the interval time between the display of system notifications that remind the user to check for solutions to problems. A value of 0 disables the reminder. -- If you disable or do not configure this policy setting, Windows Error Reporting reports are not queued, and users can only send reports at the time that a problem occurs. +- If you disable or don't configure this policy setting, Windows Error Reporting reports aren't queued, and users can only send reports at the time that a problem occurs. @@ -1762,7 +1762,7 @@ This policy setting determines the behavior of the Windows Error Reporting repor The Maximum number of reports to queue setting determines how many reports can be queued before older reports are automatically deleted. The setting for Number of days between solution check reminders determines the interval time between the display of system notifications that remind the user to check for solutions to problems. A value of 0 disables the reminder. -- If you disable or do not configure this policy setting, Windows Error Reporting reports are not queued, and users can only send reports at the time that a problem occurs. +- If you disable or don't configure this policy setting, Windows Error Reporting reports aren't queued, and users can only send reports at the time that a problem occurs. diff --git a/windows/client-management/mdm/policy-csp-admx-eventforwarding.md b/windows/client-management/mdm/policy-csp-admx-eventforwarding.md index 671ae2c735..3270f35b6e 100644 --- a/windows/client-management/mdm/policy-csp-admx-eventforwarding.md +++ b/windows/client-management/mdm/policy-csp-admx-eventforwarding.md @@ -43,7 +43,7 @@ This policy setting controls resource usage for the forwarder (source computer) - If you enable this policy setting, you can control the volume of events sent to the Event Collector by the source computer. This may be required in high volume environments. -- If you disable or do not configure this policy setting, forwarder resource usage is not specified. +- If you disable or don't configure this policy setting, forwarder resource usage isn't specified. This setting applies across all subscriptions for the forwarder (source computer). @@ -106,7 +106,7 @@ This policy setting allows you to configure the server address, refresh interval Use the following syntax when using the HTTPS protocol: Server=https://``:5986/wsman/SubscriptionManager/WEC,Refresh=``,IssuerCA=``. When using the HTTP protocol, use port 5985. -- If you disable or do not configure this policy setting, the Event Collector computer will not be specified. +- If you disable or don't configure this policy setting, the Event Collector computer won't be specified. diff --git a/windows/client-management/mdm/policy-csp-admx-eventlog.md b/windows/client-management/mdm/policy-csp-admx-eventlog.md index 7367be19af..95133de171 100644 --- a/windows/client-management/mdm/policy-csp-admx-eventlog.md +++ b/windows/client-management/mdm/policy-csp-admx-eventlog.md @@ -41,11 +41,11 @@ ms.topic: reference This policy setting controls Event Log behavior when the log file reaches its maximum size and takes effect only if the "Retain old events" policy setting is enabled. -- If you enable this policy setting and the "Retain old events" policy setting is enabled, the Event Log file is automatically closed and renamed when it is full. A new file is then started. +- If you enable this policy setting and the "Retain old events" policy setting is enabled, the Event Log file is automatically closed and renamed when it's full. A new file is then started. - If you disable this policy setting and the "Retain old events" policy setting is enabled, new events are discarded and old events are retained. -- If you do not configure this policy setting and the "Retain old events" policy setting is enabled, new events are discarded and the old events are retained. +- If you don't configure this policy setting and the "Retain old events" policy setting is enabled, new events are discarded and the old events are retained. @@ -102,11 +102,11 @@ This policy setting controls Event Log behavior when the log file reaches its ma This policy setting controls Event Log behavior when the log file reaches its maximum size and takes effect only if the "Retain old events" policy setting is enabled. -- If you enable this policy setting and the "Retain old events" policy setting is enabled, the Event Log file is automatically closed and renamed when it is full. A new file is then started. +- If you enable this policy setting and the "Retain old events" policy setting is enabled, the Event Log file is automatically closed and renamed when it's full. A new file is then started. - If you disable this policy setting and the "Retain old events" policy setting is enabled, new events are discarded and old events are retained. -- If you do not configure this policy setting and the "Retain old events" policy setting is enabled, new events are discarded and the old events are retained. +- If you don't configure this policy setting and the "Retain old events" policy setting is enabled, new events are discarded and the old events are retained. @@ -163,11 +163,11 @@ This policy setting controls Event Log behavior when the log file reaches its ma This policy setting controls Event Log behavior when the log file reaches its maximum size and takes effect only if the "Retain old events" policy setting is enabled. -- If you enable this policy setting and the "Retain old events" policy setting is enabled, the Event Log file is automatically closed and renamed when it is full. A new file is then started. +- If you enable this policy setting and the "Retain old events" policy setting is enabled, the Event Log file is automatically closed and renamed when it's full. A new file is then started. - If you disable this policy setting and the "Retain old events" policy setting is enabled, new events are discarded and old events are retained. -- If you do not configure this policy setting and the "Retain old events" policy setting is enabled, new events are discarded and the old events are retained. +- If you don't configure this policy setting and the "Retain old events" policy setting is enabled, new events are discarded and the old events are retained. @@ -224,11 +224,11 @@ This policy setting controls Event Log behavior when the log file reaches its ma This policy setting controls Event Log behavior when the log file reaches its maximum size and takes effect only if the "Retain old events" policy setting is enabled. -- If you enable this policy setting and the "Retain old events" policy setting is enabled, the Event Log file is automatically closed and renamed when it is full. A new file is then started. +- If you enable this policy setting and the "Retain old events" policy setting is enabled, the Event Log file is automatically closed and renamed when it's full. A new file is then started. - If you disable this policy setting and the "Retain old events" policy setting is enabled, new events are discarded and old events are retained. -- If you do not configure this policy setting and the "Retain old events" policy setting is enabled, new events are discarded and the old events are retained. +- If you don't configure this policy setting and the "Retain old events" policy setting is enabled, new events are discarded and the old events are retained. @@ -287,7 +287,7 @@ This policy setting specifies the security descriptor to use for the log using t - If you enable this policy setting, only those users matching the security descriptor can access the log. -- If you disable or do not configure this policy setting, all authenticated users and system services can write, read, or clear this log. +- If you disable or don't configure this policy setting, all authenticated users and system services can write, read, or clear this log. > [!NOTE] > If you enable this policy setting, some tools and APIs may ignore it. The same change should be made to the "Configure log access (legacy)" policy setting to enforce this change across all tools and APIs. @@ -344,11 +344,11 @@ This policy setting specifies the security descriptor to use for the log using t -This policy setting specifies the security descriptor to use for the log using the Security Descriptor Definition Language (SDDL) string. You cannot configure write permissions for this log. You must set both "configure log access" policy settings for this log in order to affect the both modern and legacy tools. +This policy setting specifies the security descriptor to use for the log using the Security Descriptor Definition Language (SDDL) string. You can't configure write permissions for this log. You must set both "configure log access" policy settings for this log in order to affect the both modern and legacy tools. - If you enable this policy setting, only those users whose security descriptor matches the configured specified value can access the log. -- If you disable or do not configure this policy setting, only system software and administrators can read or clear this log. +- If you disable or don't configure this policy setting, only system software and administrators can read or clear this log. > [!NOTE] > If you enable this policy setting, some tools and APIs may ignore it. The same change should be made to the "Configure log access (legacy)" policy setting to enforce this change across all tools and APIs. @@ -409,7 +409,7 @@ This policy setting specifies the security descriptor to use for the log using t - If you enable this policy setting, only those users matching the security descriptor can access the log. -- If you disable or do not configure this policy setting, all authenticated users and system services can write, read, or clear this log. +- If you disable or don't configure this policy setting, all authenticated users and system services can write, read, or clear this log. > [!NOTE] > If you enable this policy setting, some tools and APIs may ignore it. The same change should be made to the "Configure log access (legacy)" policy setting to enforce this change across all tools and APIs. @@ -470,7 +470,7 @@ This policy setting specifies the security descriptor to use for the log using t - If you enable this policy setting, only users whose security descriptor matches the configured value can access the log. -- If you disable or do not configure this policy setting, only system software and administrators can write or clear this log, and any authenticated user can read events from it. +- If you disable or don't configure this policy setting, only system software and administrators can write or clear this log, and any authenticated user can read events from it. > [!NOTE] > If you enable this policy setting, some tools and APIs may ignore it. The same change should be made to the "Configure log access (legacy)" policy setting to enforce this change across all tools and APIs. @@ -533,7 +533,7 @@ This policy setting specifies the security descriptor to use for the log using t - If you disable this policy setting, all authenticated users and system services can write, read, or clear this log. -- If you do not configure this policy setting, the previous policy setting configuration remains in effect. +- If you don't configure this policy setting, the previous policy setting configuration remains in effect. @@ -587,13 +587,13 @@ This policy setting specifies the security descriptor to use for the log using t -This policy setting specifies the security descriptor to use for the log using the Security Descriptor Definition Language (SDDL) string. You cannot configure write permissions for this log. +This policy setting specifies the security descriptor to use for the log using the Security Descriptor Definition Language (SDDL) string. You can't configure write permissions for this log. - If you enable this policy setting, only those users whose security descriptor matches the configured specified value can access the log. - If you disable this policy setting, only system software and administrators can read or clear this log. -- If you do not configure this policy setting, the previous policy setting configuration remains in effect. +- If you don't configure this policy setting, the previous policy setting configuration remains in effect. @@ -653,7 +653,7 @@ This policy setting specifies the security descriptor to use for the log using t - If you disable this policy setting, all authenticated users and system services can write, read, or clear this log. -- If you do not configure this policy setting, the previous policy setting configuration remains in effect. +- If you don't configure this policy setting, the previous policy setting configuration remains in effect. @@ -713,7 +713,7 @@ This policy setting specifies the security descriptor to use for the log using t - If you disable this policy setting, only system software and administrators can write or clear this log, and any authenticated user can read events from it. -- If you do not configure this policy setting, the previous policy setting configuration remains in effect. +- If you don't configure this policy setting, the previous policy setting configuration remains in effect. @@ -769,9 +769,9 @@ This policy setting specifies the security descriptor to use for the log using t This policy setting controls Event Log behavior when the log file reaches its maximum size. -- If you enable this policy setting and a log file reaches its maximum size, new events are not written to the log and are lost. +- If you enable this policy setting and a log file reaches its maximum size, new events aren't written to the log and are lost. -- If you disable or do not configure this policy setting and a log file reaches its maximum size, new events overwrite old events. +- If you disable or don't configure this policy setting and a log file reaches its maximum size, new events overwrite old events. > [!NOTE] > Old events may or may not be retained according to the "Backup log automatically when full" policy setting. @@ -831,9 +831,9 @@ This policy setting controls Event Log behavior when the log file reaches its ma This policy setting controls Event Log behavior when the log file reaches its maximum size. -- If you enable this policy setting and a log file reaches its maximum size, new events are not written to the log and are lost. +- If you enable this policy setting and a log file reaches its maximum size, new events aren't written to the log and are lost. -- If you disable or do not configure this policy setting and a log file reaches its maximum size, new events overwrite old events. +- If you disable or don't configure this policy setting and a log file reaches its maximum size, new events overwrite old events. > [!NOTE] > Old events may or may not be retained according to the "Backup log automatically when full" policy setting. @@ -893,9 +893,9 @@ This policy setting controls Event Log behavior when the log file reaches its ma This policy setting controls Event Log behavior when the log file reaches its maximum size. -- If you enable this policy setting and a log file reaches its maximum size, new events are not written to the log and are lost. +- If you enable this policy setting and a log file reaches its maximum size, new events aren't written to the log and are lost. -- If you disable or do not configure this policy setting and a log file reaches its maximum size, new events overwrite old events. +- If you disable or don't configure this policy setting and a log file reaches its maximum size, new events overwrite old events. > [!NOTE] > Old events may or may not be retained according to the "Backup log automatically when full" policy setting. @@ -955,7 +955,7 @@ This policy setting controls Event Log behavior when the log file reaches its ma This policy setting turns on logging. -If you enable or do not configure this policy setting, then events can be written to this log. +If you enable or don't configure this policy setting, then events can be written to this log. If the policy setting is disabled, then no new events can be logged. Events can always be read from the log, regardless of this policy setting. @@ -1016,7 +1016,7 @@ This policy setting controls the location of the log file. The location of the f - If you enable this policy setting, the Event Log uses the path specified in this policy setting. -- If you disable or do not configure this policy setting, the Event Log uses the folder %SYSTEMROOT%\System32\winevt\Logs. +- If you disable or don't configure this policy setting, the Event Log uses the folder %SYSTEMROOT%\System32\winevt\Logs. @@ -1074,7 +1074,7 @@ This policy setting controls the location of the log file. The location of the f - If you enable this policy setting, the Event Log uses the path specified in this policy setting. -- If you disable or do not configure this policy setting, the Event Log uses the folder %SYSTEMROOT%\System32\winevt\Logs. +- If you disable or don't configure this policy setting, the Event Log uses the folder %SYSTEMROOT%\System32\winevt\Logs. @@ -1132,7 +1132,7 @@ This policy setting controls the location of the log file. The location of the f - If you enable this policy setting, the Event Log uses the path specified in this policy setting. -- If you disable or do not configure this policy setting, the Event Log uses the folder %SYSTEMROOT%\System32\winevt\Logs. +- If you disable or don't configure this policy setting, the Event Log uses the folder %SYSTEMROOT%\System32\winevt\Logs. @@ -1190,7 +1190,7 @@ This policy setting controls the location of the log file. The location of the f - If you enable this policy setting, the Event Log uses the path specified in this policy setting. -- If you disable or do not configure this policy setting, the Event Log uses the folder %SYSTEMROOT%\System32\winevt\Logs. +- If you disable or don't configure this policy setting, the Event Log uses the folder %SYSTEMROOT%\System32\winevt\Logs. @@ -1248,7 +1248,7 @@ This policy setting specifies the maximum size of the log file in kilobytes. - If you enable this policy setting, you can configure the maximum log file size to be between 1 megabyte (1024 kilobytes) and 2 terabytes (2147483647 kilobytes), in kilobyte increments. -- If you disable or do not configure this policy setting, the maximum size of the log file will be set to the locally configured value. This value can be changed by the local administrator using the Log Properties dialog, and it defaults to 1 megabyte. +- If you disable or don't configure this policy setting, the maximum size of the log file will be set to the locally configured value. This value can be changed by the local administrator using the Log Properties dialog, and it defaults to 1 megabyte. diff --git a/windows/client-management/mdm/policy-csp-admx-eventlogging.md b/windows/client-management/mdm/policy-csp-admx-eventlogging.md index 3f32e259bc..5e2a32c92c 100644 --- a/windows/client-management/mdm/policy-csp-admx-eventlogging.md +++ b/windows/client-management/mdm/policy-csp-admx-eventlogging.md @@ -43,7 +43,7 @@ This policy setting lets you configure Protected Event Logging. - If you enable this policy setting, components that support it will use the certificate you supply to encrypt potentially sensitive event log data before writing it to the event log. Data will be encrypted using the Cryptographic Message Syntax (CMS) standard and the public key you provide. You can use the Unprotect-CmsMessage PowerShell cmdlet to decrypt these encrypted messages, provided that you have access to the private key corresponding to the public key that they were encrypted with. -- If you disable or do not configure this policy setting, components will not encrypt event log messages before writing them to the event log. +- If you disable or don't configure this policy setting, components won't encrypt event log messages before writing them to the event log. diff --git a/windows/client-management/mdm/policy-csp-admx-explorer.md b/windows/client-management/mdm/policy-csp-admx-explorer.md index f7a98013c4..6596872ac7 100644 --- a/windows/client-management/mdm/policy-csp-admx-explorer.md +++ b/windows/client-management/mdm/policy-csp-admx-explorer.md @@ -39,7 +39,7 @@ ms.topic: reference -Sets the target of the More Information link that will be displayed when the user attempts to run a program that is blocked by policy. +Sets the target of the More Information link that will be displayed when the user attempts to run a program that's blocked by policy. @@ -96,14 +96,14 @@ Sets the target of the More Information link that will be displayed when the use This policy setting configures File Explorer to always display the menu bar. > [!NOTE] -> By default, the menu bar is not displayed in File Explorer. +> By default, the menu bar isn't displayed in File Explorer. - If you enable this policy setting, the menu bar will be displayed in File Explorer. -- If you disable or do not configure this policy setting, the menu bar will not be displayed in File Explorer. +- If you disable or don't configure this policy setting, the menu bar won't be displayed in File Explorer. > [!NOTE] -> When the menu bar is not displayed, users can access the menu bar by pressing the 'ALT' key. +> When the menu bar isn't displayed, users can access the menu bar by pressing the 'ALT' key. @@ -158,9 +158,9 @@ This policy setting configures File Explorer to always display the menu bar. -This policy setting allows administrators who have configured roaming profile in conjunction with Delete Cached Roaming Profile Group Policy setting to ensure that Explorer will not reinitialize default program associations and other settings to default values. +This policy setting allows administrators who have configured roaming profile in conjunction with Delete Cached Roaming Profile Group Policy setting to ensure that Explorer won't reinitialize default program associations and other settings to default values. -If you enable this policy setting on a machine that does not contain all programs installed in the same manner as it was on the machine on which the user had last logged on, unexpected behavior could occur. +If you enable this policy setting on a machine that doesn't contain all programs installed in the same manner as it was on the machine on which the user had last logged on, unexpected behavior could occur. @@ -219,10 +219,10 @@ This policy setting allows administrators to prevent users from adding new items - If you enable this policy setting, users will no longer be able to add new items such as files or folders to the root of their Users Files folder in File Explorer. -- If you disable or do not configure this policy setting, users will be able to add new items such as files or folders to the root of their Users Files folder in File Explorer. +- If you disable or don't configure this policy setting, users will be able to add new items such as files or folders to the root of their Users Files folder in File Explorer. > [!NOTE] -> Enabling this policy setting does not prevent the user from being able to add new items such as files and folders to their actual file system profile folder at %userprofile%. +> Enabling this policy setting doesn't prevent the user from being able to add new items such as files and folders to their actual file system profile folder at %userprofile%. diff --git a/windows/client-management/mdm/policy-csp-admx-externalboot.md b/windows/client-management/mdm/policy-csp-admx-externalboot.md index b92d628508..11eda286b9 100644 --- a/windows/client-management/mdm/policy-csp-admx-externalboot.md +++ b/windows/client-management/mdm/policy-csp-admx-externalboot.md @@ -100,11 +100,11 @@ Specifies whether the PC can use the hibernation sleep state (S4) when started f This policy setting controls whether the PC will boot to Windows To Go if a USB device containing a Windows To Go workspace is connected, and controls whether users can make changes using the Windows To Go Startup Options Control Panel item. -- If you enable this setting, booting to Windows To Go when a USB device is connected will be enabled, and users will not be able to make changes using the Windows To Go Startup Options Control Panel item. +- If you enable this setting, booting to Windows To Go when a USB device is connected will be enabled, and users won't be able to make changes using the Windows To Go Startup Options Control Panel item. -- If you disable this setting, booting to Windows To Go when a USB device is connected will not be enabled unless a user configures the option manually in the BIOS or other boot order configuration. +- If you disable this setting, booting to Windows To Go when a USB device is connected won't be enabled unless a user configures the option manually in the BIOS or other boot order configuration. -- If you do not configure this setting, users who are members of the Administrators group can make changes using the Windows To Go Startup Options Control Panel item. +- If you don't configure this setting, users who are members of the Administrators group can make changes using the Windows To Go Startup Options Control Panel item. diff --git a/windows/client-management/mdm/policy-csp-admx-filerecovery.md b/windows/client-management/mdm/policy-csp-admx-filerecovery.md index 6282a944ba..97a587ead0 100644 --- a/windows/client-management/mdm/policy-csp-admx-filerecovery.md +++ b/windows/client-management/mdm/policy-csp-admx-filerecovery.md @@ -45,18 +45,18 @@ Regular: Detection, troubleshooting, and recovery of corrupted files will automa Silent: Detection, troubleshooting, and recovery of corrupted files will automatically start with no UI. Windows will log an administrator event when a system restart is required. This behavior is recommended for headless operation. -Troubleshooting Only: Detection and troubleshooting of corrupted files will automatically start with no UI. Recovery is not attempted automatically. Windows will log an administrator event with instructions if manual recovery is possible. +Troubleshooting Only: Detection and troubleshooting of corrupted files will automatically start with no UI. Recovery isn't attempted automatically. Windows will log an administrator event with instructions if manual recovery is possible. - If you enable this setting, the recovery behavior for corrupted files will be set to either the regular (default), silent, or troubleshooting only state. - If you disable this setting, the recovery behavior for corrupted files will be disabled. No troubleshooting or resolution will be attempted. -- If you do not configure this setting, the recovery behavior for corrupted files will be set to the regular recovery behavior. +- If you don't configure this setting, the recovery behavior for corrupted files will be set to the regular recovery behavior. No system or service restarts are required for changes to this policy to take immediate effect after a Group Policy refresh. > [!NOTE] -> This policy setting will take effect only when the Diagnostic Policy Service (DPS) is in the running state. When the service is stopped or disabled, system file recovery will not be attempted. The DPS can be configured with the Services snap-in to the Microsoft Management Console. +> This policy setting will take effect only when the Diagnostic Policy Service (DPS) is in the running state. When the service is stopped or disabled, system file recovery won't be attempted. The DPS can be configured with the Services snap-in to the Microsoft Management Console. diff --git a/windows/client-management/mdm/policy-csp-admx-filerevocation.md b/windows/client-management/mdm/policy-csp-admx-filerevocation.md index 173917b501..bd89712c67 100644 --- a/windows/client-management/mdm/policy-csp-admx-filerevocation.md +++ b/windows/client-management/mdm/policy-csp-admx-filerevocation.md @@ -39,14 +39,14 @@ ms.topic: reference -Windows Runtime applications can protect content which has been associated with an enterprise identifier (EID), but can only revoke access to content it protected. To allow an application to revoke access to all content on the device that is protected by a particular enterprise, add an entry to the list on a new line that contains the enterprise identifier, separated by a comma, and the Package Family Name of the application. The EID must be an internet domain belonging to the enterprise in standard international domain name format. +Windows Runtime applications can protect content which has been associated with an enterprise identifier (EID), but can only revoke access to content it protected. To allow an application to revoke access to all content on the device that's protected by a particular enterprise, add an entry to the list on a new line that contains the enterprise identifier, separated by a comma, and the Package Family Name of the application. The EID must be an internet domain belonging to the enterprise in standard international domain name format. Example value: Contoso.com,ContosoIT. HumanResourcesApp_m5g0r7arhahqy - If you enable this policy setting, the application identified by the Package Family Name will be permitted to revoke access to all content protected using the specified EID on the device. -- If you disable or do not configure this policy setting, the only Windows Runtime applications that can revoke access to all enterprise-protected content on the device are Windows Mail and the user-selected mailto protocol handler app. Any other Windows Runtime application will only be able to revoke access to content it protected. +- If you disable or don't configure this policy setting, the only Windows Runtime applications that can revoke access to all enterprise-protected content on the device are Windows Mail and the user-selected mailto protocol handler app. Any other Windows Runtime application will only be able to revoke access to content it protected. > [!NOTE] > File revocation applies to all content protected under the same second level domain as the provided enterprise identifier. So, revoking an enterprise ID of mail.contoso.com will revoke the user's access to all content protected under the contoso.com hierarchy. diff --git a/windows/client-management/mdm/policy-csp-admx-folderredirection.md b/windows/client-management/mdm/policy-csp-admx-folderredirection.md index 85dfacc588..5bcd0b1a15 100644 --- a/windows/client-management/mdm/policy-csp-admx-folderredirection.md +++ b/windows/client-management/mdm/policy-csp-admx-folderredirection.md @@ -43,13 +43,13 @@ This policy setting allows you to control whether all redirected shell folders, - If you enable this policy setting, users must manually select the files they wish to make available offline. -- If you disable or do not configure this policy setting, redirected shell folders are automatically made available offline. All subfolders within the redirected folders are also made available offline. +- If you disable or don't configure this policy setting, redirected shell folders are automatically made available offline. All subfolders within the redirected folders are also made available offline. > [!NOTE] -> This policy setting does not prevent files from being automatically cached if the network share is configured for "Automatic Caching", nor does it affect the availability of the "Always available offline" menu option in the user interface. +> This policy setting doesn't prevent files from being automatically cached if the network share is configured for "Automatic Caching", nor does it affect the availability of the "Always available offline" menu option in the user interface. > [!NOTE] -> Do not enable this policy setting if users will need access to their redirected files if the network or server holding the redirected files becomes unavailable. +> Don't enable this policy setting if users will need access to their redirected files if the network or server holding the redirected files becomes unavailable. > [!NOTE] > If one or more valid folder GUIDs are specified in the policy setting "Do not automatically make specific redirected folders available offline", that setting will override the configured value of "Do not automatically make all redirected folders available offline". @@ -111,10 +111,10 @@ This policy setting allows you to control whether individual redirected shell fo For the folders affected by this setting, users must manually select the files they wish to make available offline. -If you disable or do not configure this policy setting, all redirected shell folders are automatically made available offline. All subfolders within the redirected folders are also made available offline. +If you disable or don't configure this policy setting, all redirected shell folders are automatically made available offline. All subfolders within the redirected folders are also made available offline. > [!NOTE] -> This policy setting does not prevent files from being automatically cached if the network share is configured for "Automatic Caching", nor does it affect the availability of the "Always available offline" menu option in the user interface. +> This policy setting doesn't prevent files from being automatically cached if the network share is configured for "Automatic Caching", nor does it affect the availability of the "Always available offline" menu option in the user interface. > [!NOTE] > The configuration of this policy for any folder will override the configured value of "Do not automatically make all redirected folders available offline". @@ -175,7 +175,7 @@ This policy setting controls whether the contents of redirected folders is copie - If you enable this policy setting, when the path to a redirected folder is changed from one network location to another and Folder Redirection is configured to move the content to the new location, instead of copying the content to the new location, the cached content is renamed in the local cache and not copied to the new location. To use this policy setting, you must move or restore the server content to the new network location using a method that preserves the state of the files, including their timestamps, before updating the Folder Redirection location. -- If you disable or do not configure this policy setting, when the path to a redirected folder is changed and Folder Redirection is configured to move the content to the new location, Windows copies the contents of the local cache to the new network location, then deleted the content from the old network location. +- If you disable or don't configure this policy setting, when the path to a redirected folder is changed and Folder Redirection is configured to move the content to the new location, Windows copies the contents of the local cache to the new network location, then deleted the content from the old network location. @@ -360,7 +360,7 @@ To designate a user's primary computers, an administrator must use management so - If you enable this policy setting and the user has redirected folders, such as the Documents and Pictures folders, the folders are redirected on the user's primary computer only. -- If you disable or do not configure this policy setting and the user has redirected folders, the folders are redirected on every computer that the user logs on to. +- If you disable or don't configure this policy setting and the user has redirected folders, the folders are redirected on every computer that the user logs on to. > [!NOTE] > If you enable this policy setting in Computer Configuration and User Configuration, the Computer Configuration policy setting takes precedence. @@ -424,7 +424,7 @@ To designate a user's primary computers, an administrator must use management so - If you enable this policy setting and the user has redirected folders, such as the Documents and Pictures folders, the folders are redirected on the user's primary computer only. -- If you disable or do not configure this policy setting and the user has redirected folders, the folders are redirected on every computer that the user logs on to. +- If you disable or don't configure this policy setting and the user has redirected folders, the folders are redirected on every computer that the user logs on to. > [!NOTE] > If you enable this policy setting in Computer Configuration and User Configuration, the Computer Configuration policy setting takes precedence. diff --git a/windows/client-management/mdm/policy-csp-admx-framepanes.md b/windows/client-management/mdm/policy-csp-admx-framepanes.md index 82c7531c07..c4904acf06 100644 --- a/windows/client-management/mdm/policy-csp-admx-framepanes.md +++ b/windows/client-management/mdm/policy-csp-admx-framepanes.md @@ -41,14 +41,14 @@ ms.topic: reference This policy setting shows or hides the Details Pane in File Explorer. -If you enable this policy setting and configure it to hide the pane, the Details Pane in File Explorer is hidden and cannot be turned on by the user. +If you enable this policy setting and configure it to hide the pane, the Details Pane in File Explorer is hidden and can't be turned on by the user. -If you enable this policy setting and configure it to show the pane, the Details Pane is always visible and cannot be hidden by the user. +If you enable this policy setting and configure it to show the pane, the Details Pane is always visible and can't be hidden by the user. > [!NOTE] -> This has a side effect of not being able to toggle to the Preview Pane since the two cannot be displayed at the same time. +> This has a side effect of not being able to toggle to the Preview Pane since the two can't be displayed at the same time. -If you disable, or do not configure this policy setting, the Details Pane is hidden by default and can be displayed by the user. This is the default policy setting. +If you disable, or don't configure this policy setting, the Details Pane is hidden by default and can be displayed by the user. This is the default policy setting. @@ -104,9 +104,9 @@ If you disable, or do not configure this policy setting, the Details Pane is hid Hides the Preview Pane in File Explorer. -If you enable this policy setting, the Preview Pane in File Explorer is hidden and cannot be turned on by the user. +If you enable this policy setting, the Preview Pane in File Explorer is hidden and can't be turned on by the user. -If you disable, or do not configure this setting, the Preview Pane is hidden by default and can be displayed by the user. +If you disable, or don't configure this setting, the Preview Pane is hidden by default and can be displayed by the user. diff --git a/windows/client-management/mdm/policy-csp-admx-fthsvc.md b/windows/client-management/mdm/policy-csp-admx-fthsvc.md index 55105cb653..986c171695 100644 --- a/windows/client-management/mdm/policy-csp-admx-fthsvc.md +++ b/windows/client-management/mdm/policy-csp-admx-fthsvc.md @@ -43,13 +43,13 @@ This policy setting permits or prohibits the Diagnostic Policy Service (DPS) fro - If you enable this policy setting, the DPS detects, troubleshoots, and attempts to resolve automatically any heap corruption problems. -- If you disable this policy setting, Windows cannot detect, troubleshoot, and attempt to resolve automatically any heap corruption problems that are handled by the DPS. +- If you disable this policy setting, Windows can't detect, troubleshoot, and attempt to resolve automatically any heap corruption problems that are handled by the DPS. -- If you do not configure this policy setting, the DPS enables Fault Tolerant Heap for resolution by default. +- If you don't configure this policy setting, the DPS enables Fault Tolerant Heap for resolution by default. -This policy setting takes effect only if the diagnostics-wide scenario execution policy is not configured. +This policy setting takes effect only if the diagnostics-wide scenario execution policy isn't configured. -This policy setting takes effect only when the Diagnostic Policy Service is in the running state. When the service is stopped or disabled, diagnostic scenarios are not executed. The DPS can be configured with the Services snap-in to the Microsoft Management Console. +This policy setting takes effect only when the Diagnostic Policy Service is in the running state. When the service is stopped or disabled, diagnostic scenarios aren't executed. The DPS can be configured with the Services snap-in to the Microsoft Management Console. No system restart or service restart is required for this policy setting to take effect: changes take effect immediately. diff --git a/windows/client-management/mdm/policy-csp-admx-globalization.md b/windows/client-management/mdm/policy-csp-admx-globalization.md index d81c3def66..70fc0069ba 100644 --- a/windows/client-management/mdm/policy-csp-admx-globalization.md +++ b/windows/client-management/mdm/policy-csp-admx-globalization.md @@ -41,7 +41,7 @@ ms.topic: reference This policy prevents automatic copying of user input methods to the system account for use on the sign-in screen. The user is restricted to the set of input methods that are enabled in the system account. -Note this does not affect the availability of user input methods on the lock screen or with the UAC prompt. +Note this doesn't affect the availability of user input methods on the lock screen or with the UAC prompt. - If the policy is enabled, then the user will get input methods enabled for the system account on the sign-in page. @@ -102,19 +102,19 @@ Note this does not affect the availability of user input methods on the lock scr This policy setting prevents a user from selecting a supplemental custom locale as their user locale. The user is restricted to the set of locales that are installed with the operating system. -This does not affect the selection of replacement locales. To prevent the selection of replacement locales, adjust the permissions of the %windir%\Globalization directory to prevent the installation of locales by unauthorized users. +This doesn't affect the selection of replacement locales. To prevent the selection of replacement locales, adjust the permissions of the %windir%\Globalization directory to prevent the installation of locales by unauthorized users. -The policy setting "Restrict user locales" can also be enabled to disallow selection of a custom locale, even if this policy setting is not configured. +The policy setting "Restrict user locales" can also be enabled to disallow selection of a custom locale, even if this policy setting isn't configured. -- If you enable this policy setting, the user cannot select a custom locale as their user locale, but they can still select a replacement locale if one is installed. +- If you enable this policy setting, the user can't select a custom locale as their user locale, but they can still select a replacement locale if one is installed. -- If you disable or do not configure this policy setting, the user can select a custom locale as their user locale. +- If you disable or don't configure this policy setting, the user can select a custom locale as their user locale. -- If this policy setting is enabled at the machine level, it cannot be disabled by a per-user policy setting. +- If this policy setting is enabled at the machine level, it can't be disabled by a per-user policy setting. - If this policy setting is disabled at the machine level, the per-user policy setting will be ignored. -- If this policy setting is not configured at the machine level, restrictions will be based on per-user policy settings. +- If this policy setting isn't configured at the machine level, restrictions will be based on per-user policy settings. -To set this policy setting on a per-user basis, make sure that you do not configure the per-machine policy setting. +To set this policy setting on a per-user basis, make sure that you don't configure the per-machine policy setting. @@ -171,19 +171,19 @@ To set this policy setting on a per-user basis, make sure that you do not config This policy setting prevents a user from selecting a supplemental custom locale as their user locale. The user is restricted to the set of locales that are installed with the operating system. -This does not affect the selection of replacement locales. To prevent the selection of replacement locales, adjust the permissions of the %windir%\Globalization directory to prevent the installation of locales by unauthorized users. +This doesn't affect the selection of replacement locales. To prevent the selection of replacement locales, adjust the permissions of the %windir%\Globalization directory to prevent the installation of locales by unauthorized users. -The policy setting "Restrict user locales" can also be enabled to disallow selection of a custom locale, even if this policy setting is not configured. +The policy setting "Restrict user locales" can also be enabled to disallow selection of a custom locale, even if this policy setting isn't configured. -- If you enable this policy setting, the user cannot select a custom locale as their user locale, but they can still select a replacement locale if one is installed. +- If you enable this policy setting, the user can't select a custom locale as their user locale, but they can still select a replacement locale if one is installed. -- If you disable or do not configure this policy setting, the user can select a custom locale as their user locale. +- If you disable or don't configure this policy setting, the user can select a custom locale as their user locale. -- If this policy setting is enabled at the machine level, it cannot be disabled by a per-user policy setting. +- If this policy setting is enabled at the machine level, it can't be disabled by a per-user policy setting. - If this policy setting is disabled at the machine level, the per-user policy setting will be ignored. -- If this policy setting is not configured at the machine level, restrictions will be based on per-user policy settings. +- If this policy setting isn't configured at the machine level, restrictions will be based on per-user policy settings. -To set this policy setting on a per-user basis, make sure that you do not configure the per-machine policy setting. +To set this policy setting on a per-user basis, make sure that you don't configure the per-machine policy setting. @@ -242,9 +242,9 @@ This policy setting removes the Administrative options from the Region settings This policy setting is used only to simplify the Regional Options control panel. -- If you enable this policy setting, the user cannot see the Administrative options. +- If you enable this policy setting, the user can't see the Administrative options. -- If you disable or do not configure this policy setting, the user can see the Administrative options. +- If you disable or don't configure this policy setting, the user can see the Administrative options. > [!NOTE] > Even if a user can see the Administrative options, other policies may prevent them from modifying the values. @@ -306,9 +306,9 @@ This policy setting removes the option to change the user's geographical locatio This policy setting is used only to simplify the Regional Options control panel. -- If you enable this policy setting, the user does not see the option to change the GeoID. This does not prevent the user or an application from changing the GeoID programmatically. +- If you enable this policy setting, the user doesn't see the option to change the GeoID. This doesn't prevent the user or an application from changing the GeoID programmatically. -- If you disable or do not configure this policy setting, the user sees the option for changing the user location (GeoID). +- If you disable or don't configure this policy setting, the user sees the option for changing the user location (GeoID). > [!NOTE] > Even if a user can see the GeoID option, the "Disallow changing of geographical location" option can prevent them from actually changing their current geographical location. @@ -370,9 +370,9 @@ This policy setting removes the option to change the user's menus and dialogs (U This policy setting is used only to simplify the Regional Options control panel. -- If you enable this policy setting, the user does not see the option for changing the UI language. This does not prevent the user or an application from changing the UI language programmatically. +- If you enable this policy setting, the user doesn't see the option for changing the UI language. This doesn't prevent the user or an application from changing the UI language programmatically. -- If you disable or do not configure this policy setting, the user sees the option for changing the UI language. +- If you disable or don't configure this policy setting, the user sees the option for changing the UI language. > [!NOTE] > Even if a user can see the option to change the UI language, other policy settings can prevent them from changing their UI language. @@ -434,9 +434,9 @@ This policy setting removes the regional formats interface from the Region setti This policy setting is used only to simplify the Regional and Language Options control panel. -- If you enable this policy setting, the user does not see the regional formats options. This does not prevent the user or an application from changing their user locale or user overrides programmatically. +- If you enable this policy setting, the user doesn't see the regional formats options. This doesn't prevent the user or an application from changing their user locale or user overrides programmatically. -- If you disable or do not configure this policy setting, the user sees the regional formats options for changing and customizing the user locale. +- If you disable or don't configure this policy setting, the user sees the regional formats options for changing and customizing the user locale. @@ -495,16 +495,16 @@ This policy setting turns off the automatic learning component of handwriting re Automatic learning enables the collection and storage of text and ink written by the user in order to help adapt handwriting recognition to the vocabulary and handwriting style of the user. -Text that is collected includes all outgoing messages in Windows Mail, and MAPI enabled email clients, as well as URLs from the Internet Explorer browser history. The information that is stored includes word frequency and new words not already known to the handwriting recognition engines (for example, proper names and acronyms). Deleting email content or the browser history does not delete the stored personalization data. Ink entered through Input Panel is collected and stored. +Text that's collected includes all outgoing messages in Windows Mail, and MAPI enabled email clients, as well as URLs from the Internet Explorer browser history. The information that's stored includes word frequency and new words not already known to the handwriting recognition engines (for example, proper names and acronyms). Deleting email content or the browser history doesn't delete the stored personalization data. Ink entered through Input Panel is collected and stored. > [!NOTE] > Automatic learning of both text and ink might not be available for all languages, even when handwriting personalization is available. See Tablet PC Help for more information. -- If you enable this policy setting, automatic learning stops and any stored data is deleted. Users cannot configure this setting in Control Panel. +- If you enable this policy setting, automatic learning stops and any stored data is deleted. Users can't configure this setting in Control Panel. -- If you disable this policy setting, automatic learning is turned on. Users cannot configure this policy setting in Control Panel. Collected data is only used for handwriting recognition, if handwriting personalization is turned on. +- If you disable this policy setting, automatic learning is turned on. Users can't configure this policy setting in Control Panel. Collected data is only used for handwriting recognition, if handwriting personalization is turned on. -- If you do not configure this policy, users can choose to enable or disable automatic learning either from the Handwriting tab in the Tablet Settings in Control Panel or from the opt-in dialog. +- If you don't configure this policy, users can choose to enable or disable automatic learning either from the Handwriting tab in the Tablet Settings in Control Panel or from the opt-in dialog. This policy setting is related to the "Turn off handwriting personalization" policy setting. @@ -570,16 +570,16 @@ This policy setting turns off the automatic learning component of handwriting re Automatic learning enables the collection and storage of text and ink written by the user in order to help adapt handwriting recognition to the vocabulary and handwriting style of the user. -Text that is collected includes all outgoing messages in Windows Mail, and MAPI enabled email clients, as well as URLs from the Internet Explorer browser history. The information that is stored includes word frequency and new words not already known to the handwriting recognition engines (for example, proper names and acronyms). Deleting email content or the browser history does not delete the stored personalization data. Ink entered through Input Panel is collected and stored. +Text that's collected includes all outgoing messages in Windows Mail, and MAPI enabled email clients, as well as URLs from the Internet Explorer browser history. The information that's stored includes word frequency and new words not already known to the handwriting recognition engines (for example, proper names and acronyms). Deleting email content or the browser history doesn't delete the stored personalization data. Ink entered through Input Panel is collected and stored. > [!NOTE] > Automatic learning of both text and ink might not be available for all languages, even when handwriting personalization is available. See Tablet PC Help for more information. -- If you enable this policy setting, automatic learning stops and any stored data is deleted. Users cannot configure this setting in Control Panel. +- If you enable this policy setting, automatic learning stops and any stored data is deleted. Users can't configure this setting in Control Panel. -- If you disable this policy setting, automatic learning is turned on. Users cannot configure this policy setting in Control Panel. Collected data is only used for handwriting recognition, if handwriting personalization is turned on. +- If you disable this policy setting, automatic learning is turned on. Users can't configure this policy setting in Control Panel. Collected data is only used for handwriting recognition, if handwriting personalization is turned on. -- If you do not configure this policy, users can choose to enable or disable automatic learning either from the Handwriting tab in the Tablet Settings in Control Panel or from the opt-in dialog. +- If you don't configure this policy, users can choose to enable or disable automatic learning either from the Handwriting tab in the Tablet Settings in Control Panel or from the opt-in dialog. This policy setting is related to the "Turn off handwriting personalization" policy setting. @@ -641,13 +641,13 @@ This policy setting is related to the "Turn off handwriting personalization" pol -This policy setting restricts the permitted system locales to the specified list. If the list is empty, it locks the system locale to its current value. This policy setting does not change the existing system locale; however, the next time that an administrator attempts to change the computer's system locale, they will be restricted to the specified list. +This policy setting restricts the permitted system locales to the specified list. If the list is empty, it locks the system locale to its current value. This policy setting doesn't change the existing system locale; however, the next time that an administrator attempts to change the computer's system locale, they will be restricted to the specified list. The locale list is specified using language names, separated by a semicolon (;). For example, en-US is English (United States). Specifying "en-US;en-CA" would restrict the system locale to English (United States) and English (Canada). - If you enable this policy setting, administrators can select a system locale only from the specified system locale list. -- If you disable or do not configure this policy setting, administrators can select any system locale shipped with the operating system. +- If you disable or don't configure this policy setting, administrators can select any system locale shipped with the operating system. @@ -702,19 +702,19 @@ The locale list is specified using language names, separated by a semicolon (;). -This policy setting restricts users on a computer to the specified list of user locales. If the list is empty, it locks all user locales to their current values. This policy setting does not change existing user locale settings; however, the next time a user attempts to change their user locale, their choices will be restricted to locales in this list. +This policy setting restricts users on a computer to the specified list of user locales. If the list is empty, it locks all user locales to their current values. This policy setting doesn't change existing user locale settings; however, the next time a user attempts to change their user locale, their choices will be restricted to locales in this list. -To set this policy setting on a per-user basis, make sure that you do not configure the per-computer policy setting. +To set this policy setting on a per-user basis, make sure that you don't configure the per-computer policy setting. The locale list is specified using language tags, separated by a semicolon (;). For example, en-US is English (United States). Specifying "en-CA;fr-CA" would restrict the user locale to English (Canada) and French (Canada). - If you enable this policy setting, only locales in the specified locale list can be selected by users. -- If you disable or do not configure this policy setting, users can select any locale installed on the computer, unless restricted by the "Disallow selection of Custom Locales" policy setting. +- If you disable or don't configure this policy setting, users can select any locale installed on the computer, unless restricted by the "Disallow selection of Custom Locales" policy setting. -- If this policy setting is enabled at the computer level, it cannot be disabled by a per-user policy. +- If this policy setting is enabled at the computer level, it can't be disabled by a per-user policy. - If this policy setting is disabled at the computer level, the per-user policy is ignored. -- If this policy setting is not configured at the computer level, restrictions are based on per-user policies. +- If this policy setting isn't configured at the computer level, restrictions are based on per-user policies. @@ -769,19 +769,19 @@ The locale list is specified using language tags, separated by a semicolon (;). -This policy setting restricts users on a computer to the specified list of user locales. If the list is empty, it locks all user locales to their current values. This policy setting does not change existing user locale settings; however, the next time a user attempts to change their user locale, their choices will be restricted to locales in this list. +This policy setting restricts users on a computer to the specified list of user locales. If the list is empty, it locks all user locales to their current values. This policy setting doesn't change existing user locale settings; however, the next time a user attempts to change their user locale, their choices will be restricted to locales in this list. -To set this policy setting on a per-user basis, make sure that you do not configure the per-computer policy setting. +To set this policy setting on a per-user basis, make sure that you don't configure the per-computer policy setting. The locale list is specified using language tags, separated by a semicolon (;). For example, en-US is English (United States). Specifying "en-CA;fr-CA" would restrict the user locale to English (Canada) and French (Canada). - If you enable this policy setting, only locales in the specified locale list can be selected by users. -- If you disable or do not configure this policy setting, users can select any locale installed on the computer, unless restricted by the "Disallow selection of Custom Locales" policy setting. +- If you disable or don't configure this policy setting, users can select any locale installed on the computer, unless restricted by the "Disallow selection of Custom Locales" policy setting. -- If this policy setting is enabled at the computer level, it cannot be disabled by a per-user policy. +- If this policy setting is enabled at the computer level, it can't be disabled by a per-user policy. - If this policy setting is disabled at the computer level, the per-user policy is ignored. -- If this policy setting is not configured at the computer level, restrictions are based on per-user policies. +- If this policy setting isn't configured at the computer level, restrictions are based on per-user policies. @@ -840,9 +840,9 @@ This policy setting restricts the Windows UI language for all users. This is a policy setting for computers with more than one UI language installed. -- If you enable this policy setting, the UI language of Windows menus and dialogs for systems with more than one language will follow the language specified by the administrator as the system UI languages. The UI language selected by the user will be ignored if it is different than any of the system UI languages. +- If you enable this policy setting, the UI language of Windows menus and dialogs for systems with more than one language will follow the language specified by the administrator as the system UI languages. The UI language selected by the user will be ignored if it's different than any of the system UI languages. -- If you disable or do not configure this policy setting, the user can specify which UI language is used. +- If you disable or don't configure this policy setting, the user can specify which UI language is used. @@ -900,9 +900,9 @@ This policy setting restricts the Windows UI language for specific users. This policy setting applies to computers with more than one UI language installed. -- If you enable this policy setting, the UI language of Windows menus and dialogs for systems with more than one language is restricted to a specified language for the selected user. If the specified language is not installed on the target computer or you disable this policy setting, the language selection defaults to the language selected by the user. +- If you enable this policy setting, the UI language of Windows menus and dialogs for systems with more than one language is restricted to a specified language for the selected user. If the specified language isn't installed on the target computer or you disable this policy setting, the language selection defaults to the language selected by the user. -- If you disable or do not configure this policy setting, there is no restriction on which language users should use. +- If you disable or don't configure this policy setting, there is no restriction on which language users should use. To enable this policy setting in Windows Server 2003, Windows XP, or Windows 2000, to use the "Restrict selection of Windows menus and dialogs language" policy setting. @@ -960,15 +960,15 @@ To enable this policy setting in Windows Server 2003, Windows XP, or Windows 200 This policy setting prevents users from changing their user geographical location (GeoID). -- If you enable this policy setting, users cannot change their GeoID. +- If you enable this policy setting, users can't change their GeoID. -- If you disable or do not configure this policy setting, users may select any GeoID. +- If you disable or don't configure this policy setting, users may select any GeoID. -- If you enable this policy setting at the computer level, it cannot be disabled by a per-user policy setting. +- If you enable this policy setting at the computer level, it can't be disabled by a per-user policy setting. - If you disable this policy setting at the computer level, the per-user policy is ignored. -- If you do not configure this policy setting at the computer level, restrictions are based on per-user policy settings. +- If you don't configure this policy setting at the computer level, restrictions are based on per-user policy settings. -To set this policy setting on a per-user basis, make sure that the per-computer policy setting is not configured. +To set this policy setting on a per-user basis, make sure that the per-computer policy setting isn't configured. @@ -1025,15 +1025,15 @@ To set this policy setting on a per-user basis, make sure that the per-computer This policy setting prevents users from changing their user geographical location (GeoID). -- If you enable this policy setting, users cannot change their GeoID. +- If you enable this policy setting, users can't change their GeoID. -- If you disable or do not configure this policy setting, users may select any GeoID. +- If you disable or don't configure this policy setting, users may select any GeoID. -- If you enable this policy setting at the computer level, it cannot be disabled by a per-user policy setting. +- If you enable this policy setting at the computer level, it can't be disabled by a per-user policy setting. - If you disable this policy setting at the computer level, the per-user policy is ignored. -- If you do not configure this policy setting at the computer level, restrictions are based on per-user policy settings. +- If you don't configure this policy setting at the computer level, restrictions are based on per-user policy settings. -To set this policy setting on a per-user basis, make sure that the per-computer policy setting is not configured. +To set this policy setting on a per-user basis, make sure that the per-computer policy setting isn't configured. @@ -1092,11 +1092,11 @@ This policy setting prevents the user from customizing their locale by changing Any existing overrides in place when this policy is enabled will be frozen. To remove existing user overrides, first reset the user(s) values to the defaults and then apply this policy. -When this policy setting is enabled, users can still choose alternate locales installed on the system unless prevented by other policies, however, they will be unable to customize those choices. The user cannot customize their user locale with user overrides. +When this policy setting is enabled, users can still choose alternate locales installed on the system unless prevented by other policies, however, they will be unable to customize those choices. The user can't customize their user locale with user overrides. - If this policy setting is disabled or not configured, then the user can customize their user locale overrides. -- If this policy is set to Enabled at the computer level, then it cannot be disabled by a per-User policy. +- If this policy is set to Enabled at the computer level, then it can't be disabled by a per-User policy. - If this policy is set to Disabled at the computer level, then the per-User policy will be ignored. - If this policy is set to Not Configured at the computer level, then restrictions will be based on per-User policies. @@ -1159,11 +1159,11 @@ This policy setting prevents the user from customizing their locale by changing Any existing overrides in place when this policy is enabled will be frozen. To remove existing user overrides, first reset the user(s) values to the defaults and then apply this policy. -When this policy setting is enabled, users can still choose alternate locales installed on the system unless prevented by other policies, however, they will be unable to customize those choices. The user cannot customize their user locale with user overrides. +When this policy setting is enabled, users can still choose alternate locales installed on the system unless prevented by other policies, however, they will be unable to customize those choices. The user can't customize their user locale with user overrides. - If this policy setting is disabled or not configured, then the user can customize their user locale overrides. -- If this policy is set to Enabled at the computer level, then it cannot be disabled by a per-User policy. +- If this policy is set to Enabled at the computer level, then it can't be disabled by a per-User policy. - If this policy is set to Disabled at the computer level, then the per-User policy will be ignored. - If this policy is set to Not Configured at the computer level, then restrictions will be based on per-User policies. @@ -1222,13 +1222,13 @@ To set this policy on a per-user basis, make sure that the per-computer policy i -This policy setting restricts users to the specified language by disabling the menus and dialog box controls in the Region settings control panel. If the specified language is not installed on the target computer, the language selection defaults to English. +This policy setting restricts users to the specified language by disabling the menus and dialog box controls in the Region settings control panel. If the specified language isn't installed on the target computer, the language selection defaults to English. -- If you enable this policy setting, the dialog box controls in the Regional and Language Options control panel are not accessible to the logged on user. This prevents users from specifying a language different than the one used. +- If you enable this policy setting, the dialog box controls in the Regional and Language Options control panel aren't accessible to the logged-on user. This prevents users from specifying a language different than the one used. To enable this policy setting in Windows Vista, use the "Restricts the UI languages Windows should use for the selected user" policy setting. -- If you disable or do not configure this policy setting, the logged-on user can access the dialog box controls in the Regional and Language Options control panel to select any available UI language. +- If you disable or don't configure this policy setting, the logged-on user can access the dialog box controls in the Regional and Language Options control panel to select any available UI language. @@ -1536,13 +1536,13 @@ Note that the availability and function of this setting is dependent on supporte This policy setting determines how programs interpret two-digit years. -This policy setting affects only the programs that use this Windows feature to interpret two-digit years. If a program does not interpret two-digit years correctly, consult the documentation or manufacturer of the program. +This policy setting affects only the programs that use this Windows feature to interpret two-digit years. If a program doesn't interpret two-digit years correctly, consult the documentation or manufacturer of the program. - If you enable this policy setting, the system specifies the largest two-digit year interpreted as being preceded by 20. All numbers less than or equal to the specified value are interpreted as being preceded by 20. All numbers greater than the specified value are interpreted as being preceded by 19. -For example, the default value, 2029, specifies that all two-digit years less than or equal to 29 (00 to 29) are interpreted as being preceded by 20, that is 2000 to 2029. Conversely, all two-digit years greater than 29 (30 to 99) are interpreted as being preceded by 19, that is, 1930 to 1999. +For example, the default value, 2029, specifies that all two-digit years less than or equal to 29 (00 to 29) are interpreted as being preceded by 20, that's 2000 to 2029. Conversely, all two-digit years greater than 29 (30 to 99) are interpreted as being preceded by 19, that is, 1930 to 1999. -- If you disable or do not configure this policy setting, Windows does not interpret two-digit year formats using this scheme for the program. +- If you disable or don't configure this policy setting, Windows doesn't interpret two-digit year formats using this scheme for the program. diff --git a/windows/client-management/mdm/policy-csp-admx-grouppolicy.md b/windows/client-management/mdm/policy-csp-admx-grouppolicy.md index d6bf0cde71..58f02f82ae 100644 --- a/windows/client-management/mdm/policy-csp-admx-grouppolicy.md +++ b/windows/client-management/mdm/policy-csp-admx-grouppolicy.md @@ -43,16 +43,16 @@ This policy setting allows user-based policy processing, roaming user profiles, This policy setting affects all user accounts that interactively log on to a computer in a different forest when a trust across forests or a two-way forest trust exists. -- If you do not configure this policy setting: +- If you don't configure this policy setting: - No user-based policy settings are applied from the user's forest. - - Users do not receive their roaming profiles; they receive a local profile on the computer from the local forest. A warning message appears to the user, and an event log message (1529) is posted. + - Users don't receive their roaming profiles; they receive a local profile on the computer from the local forest. A warning message appears to the user, and an event log message (1529) is posted. - Loopback Group Policy processing is applied, using the Group Policy Objects (GPOs) that are scoped to the computer. - An event log message (1109) is posted, stating that loopback was invoked in Replace mode. - If you enable this policy setting, the behavior is exactly the same as in Windows 2000: user policy is applied, and a roaming user profile is allowed from the trusted forest. -- If you disable this policy setting, the behavior is the same as if it is not configured. +- If you disable this policy setting, the behavior is the same as if it isn't configured. @@ -107,11 +107,11 @@ This policy setting affects all user accounts that interactively log on to a com -This policy setting specifies how long Group Policy should wait for workplace connectivity notifications during startup policy processing. If the startup policy processing is synchronous, the computer is blocked until workplace connectivity is available or the wait time is reached. If the startup policy processing is asynchronous, the computer is not blocked and policy processing will occur in the background. In either case, configuring this policy setting overrides any system-computed wait times. +This policy setting specifies how long Group Policy should wait for workplace connectivity notifications during startup policy processing. If the startup policy processing is synchronous, the computer is blocked until workplace connectivity is available or the wait time is reached. If the startup policy processing is asynchronous, the computer isn't blocked and policy processing will occur in the background. In either case, configuring this policy setting overrides any system-computed wait times. - If you enable this policy setting, Group Policy uses this administratively configured maximum wait time for workplace connectivity, and overrides any default or system-computed wait time. -- If you disable or do not configure this policy setting, Group Policy will use the default wait time of 60 seconds on computers running Windows operating systems greater than Windows 7 configured for workplace connectivity. +- If you disable or don't configure this policy setting, Group Policy will use the default wait time of 60 seconds on computers running Windows operating systems greater than Windows 7 configured for workplace connectivity. @@ -172,11 +172,11 @@ This policy setting affects all policy settings that use the software installati This policy setting overrides customized settings that the program implementing the software installation policy set when it was installed. - If you enable this policy setting, you can use the check boxes provided to change the options. -- If you disable or do not configure this policy setting, it has no effect on the system. +- If you disable or don't configure this policy setting, it has no effect on the system. The "Allow processing across a slow network connection" option updates the policies even when the update is being transmitted across a slow network connection, such as a telephone line. Updates across slow connections can cause significant delays. -The "Process even if the Group Policy objects have not changed" option updates and reapplies the policies even if the policies have not changed. Many policy setting implementations specify that they are updated only when changed. However, you might want to update unchanged policy settings, such as reapplying a desired policies in case a user has changed it. +The "Process even if the Group Policy objects haven't changed" option updates and reapplies the policies even if the policies haven't changed. Many policy setting implementations specify that they're updated only when changed. However, you might want to update unchanged policy settings, such as reapplying a desired policies in case a user has changed it. @@ -237,13 +237,13 @@ This policy setting affects all policies that use the disk quota component of Gr This policy setting overrides customized settings that the program implementing the disk quota policy set when it was installed. - If you enable this policy setting, you can use the check boxes provided to change the options. -- If you disable or do not configure this policy setting, it has no effect on the system. +- If you disable or don't configure this policy setting, it has no effect on the system. The "Allow processing across a slow network connection" option updates the policies even when the update is being transmitted across a slow network connection, such as a telephone line. Updates across slow connections can cause significant delays. -The "Do not apply during periodic background processing" option prevents the system from updating affected policies in the background while the computer is in use. When background updates are disabled, policy changes will not take effect until the next user logon or system restart. +The "Do not apply during periodic background processing" option prevents the system from updating affected policies in the background while the computer is in use. When background updates are disabled, policy changes won't take effect until the next user logon or system restart. -The "Process even if the Group Policy objects have not changed" option updates and reapplies the policies even if the policies have not changed. Many policy implementations specify that they are updated only when changed. However, you might want to update unchanged policies, such as reapplying a desired setting in case a user has changed it. +The "Process even if the Group Policy objects haven't changed" option updates and reapplies the policies even if the policies haven't changed. Many policy implementations specify that they're updated only when changed. However, you might want to update unchanged policies, such as reapplying a desired setting in case a user has changed it. @@ -304,13 +304,13 @@ This policy setting affects all policies that use the encryption component of Gr It overrides customized settings that the program implementing the encryption policy set when it was installed. - If you enable this policy setting, you can use the check boxes provided to change the options. -- If you disable or do not configure this policy setting, it has no effect on the system. +- If you disable or don't configure this policy setting, it has no effect on the system. The "Allow processing across a slow network connection" option updates the policies even when the update is being transmitted across a slow network connection, such as a telephone line. Updates across slow connections can cause significant delays. -The "Do not apply during periodic background processing" option prevents the system from updating affected policies in the background while the computer is in use. When background updates are disabled, policy changes will not take effect until the next user logon or system restart. +The "Do not apply during periodic background processing" option prevents the system from updating affected policies in the background while the computer is in use. When background updates are disabled, policy changes won't take effect until the next user logon or system restart. -The "Process even if the Group Policy objects have not changed" option updates and reapplies the policies even if the policies have not changed. Many policy implementations specify that they are updated only when changed. However, you might want to update unchanged policies, such as reapplying a desired setting in case a user has changed it. +The "Process even if the Group Policy objects haven't changed" option updates and reapplies the policies even if the policies haven't changed. Many policy implementations specify that they're updated only when changed. However, you might want to update unchanged policies, such as reapplying a desired setting in case a user has changed it. @@ -371,11 +371,11 @@ This policy setting affects all policies that use the folder redirection compone This policy setting overrides customized settings that the program implementing the folder redirection policy setting set when it was installed. - If you enable this policy setting, you can use the check boxes provided to change the options. -- If you disable or do not configure this policy setting, it has no effect on the system. +- If you disable or don't configure this policy setting, it has no effect on the system. The "Allow processing across a slow network connection" option updates the policies even when the update is being transmitted across a slow network connection, such as a telephone line. Updates across slow connections can cause significant delays. -The "Process even if the Group Policy objects have not changed" option updates and reapplies the policies even if the policies have not changed. Many policy implementations specify that they are updated only when changed. However, you might want to update unchanged policies, such as reapplying a desired setting in case a user has changed it. +The "Process even if the Group Policy objects haven't changed" option updates and reapplies the policies even if the policies haven't changed. Many policy implementations specify that they're updated only when changed. However, you might want to update unchanged policies, such as reapplying a desired setting in case a user has changed it. @@ -436,13 +436,13 @@ This policy setting affects all policies that use the Internet Explorer Maintena This policy setting overrides customized settings that the program implementing the Internet Explorer Maintenance policy set when it was installed. - If you enable this policy setting, you can use the check boxes provided to change the options. -- If you disable or do not configure this policy setting, it has no effect on the system. +- If you disable or don't configure this policy setting, it has no effect on the system. The "Allow processing across a slow network connection" option updates the policies even when the update is being transmitted across a slow network connection, such as a telephone line. Updates across slow connections can cause significant delays. -The "Do not apply during periodic background processing" option prevents the system from updating affected policies in the background while the computer is in use. When background updates are disabled, policy changes will not take effect until the next user logon or system restart. +The "Do not apply during periodic background processing" option prevents the system from updating affected policies in the background while the computer is in use. When background updates are disabled, policy changes won't take effect until the next user logon or system restart. -The "Process even if the Group Policy objects have not changed" option updates and reapplies the policies even if the policies have not changed. Many policy implementations specify that they are updated only when changed. However, you might want to update unchanged policies, such as reapplying a desired policy setting in case a user has changed it. +The "Process even if the Group Policy objects haven't changed" option updates and reapplies the policies even if the policies haven't changed. Many policy implementations specify that they're updated only when changed. However, you might want to update unchanged policies, such as reapplying a desired policy setting in case a user has changed it. @@ -503,13 +503,13 @@ This policy setting affects all policies that use the IP security component of G This policy setting overrides customized settings that the program implementing the IP security policy set when it was installed. - If you enable this policy setting, you can use the check boxes provided to change the options. -- If you disable or do not configure this policy setting, it has no effect on the system. +- If you disable or don't configure this policy setting, it has no effect on the system. The "Allow processing across a slow network connection" option updates the policies even when the update is being transmitted across a slow network connection, such as a telephone line. Updates across slow connections can cause significant delays. -The "Do not apply during periodic background processing" option prevents the system from updating affected policies in the background while the computer is in use. When background updates are disabled, policy changes will not take effect until the next user logon or system restart. +The "Do not apply during periodic background processing" option prevents the system from updating affected policies in the background while the computer is in use. When background updates are disabled, policy changes won't take effect until the next user logon or system restart. -The "Process even if the Group Policy objects have not changed" option updates and reapplies the policies even if the policies have not changed. Many policy implementations specify that they are updated only when changed. However, you might want to update unchanged policies, such as reapplying a desired policy setting in case a user has changed it. +The "Process even if the Group Policy objects haven't changed" option updates and reapplies the policies even if the policies haven't changed. Many policy implementations specify that they're updated only when changed. However, you might want to update unchanged policies, such as reapplying a desired policy setting in case a user has changed it. @@ -568,11 +568,11 @@ This policy setting determines when registry policies are updated. This policy setting affects all policies in the Administrative Templates folder and any other policies that store values in the registry. It overrides customized settings that the program implementing a registry policy set when it was installed. - If you enable this policy setting, you can use the check boxes provided to change the options. -- If you disable or do not configure this policy setting, it has no effect on the system. +- If you disable or don't configure this policy setting, it has no effect on the system. -The "Do not apply during periodic background processing" option prevents the system from updating affected policies in the background while the computer is in use. When background updates are disabled, policy changes will not take effect until the next user logon or system restart. +The "Do not apply during periodic background processing" option prevents the system from updating affected policies in the background while the computer is in use. When background updates are disabled, policy changes won't take effect until the next user logon or system restart. -The "Process even if the Group Policy objects have not changed" option updates and reapplies the policies even if the policies have not changed. Many policy implementations specify that they are updated only when changed. However, you might want to update unchanged policies, such as reapplying a desired policy setting in case a user has changed it. +The "Process even if the Group Policy objects haven't changed" option updates and reapplies the policies even if the policies haven't changed. Many policy implementations specify that they're updated only when changed. However, you might want to update unchanged policies, such as reapplying a desired policy setting in case a user has changed it. @@ -631,13 +631,13 @@ This policy setting determines when policies that assign shared scripts are upda This policy setting affects all policies that use the scripts component of Group Policy, such as those in WindowsSettings\Scripts. It overrides customized settings that the program implementing the scripts policy set when it was installed. - If you enable this policy setting, you can use the check boxes provided to change the options. -- If you disable or do not configure this setting, it has no effect on the system. +- If you disable or don't configure this setting, it has no effect on the system. The "Allow processing across a slow network connection" option updates the policies even when the update is being transmitted across a slow network connection, such as a telephone line. Updates across slow connections can cause significant delays. -The "Do not apply during periodic background processing" option prevents the system from updating affected policies in the background while the computer is in use. When background updates are disabled, policy changes will not take effect until the next user logon or system restart. +The "Do not apply during periodic background processing" option prevents the system from updating affected policies in the background while the computer is in use. When background updates are disabled, policy changes won't take effect until the next user logon or system restart. -The "Process even if the Group Policy objects have not changed" option updates and reapplies the policies even if the policies have not changed. Many policy implementations specify that they are updated only when changed. However, you might want to update unchanged policies, such as reapplying a desired policy setting in case a user has changed it. +The "Process even if the Group Policy objects haven't changed" option updates and reapplies the policies even if the policies haven't changed. Many policy implementations specify that they're updated only when changed. However, you might want to update unchanged policies, such as reapplying a desired policy setting in case a user has changed it. @@ -698,11 +698,11 @@ This policy setting affects all policies that use the security component of Grou This policy setting overrides customized settings that the program implementing the security policy set when it was installed. - If you enable this policy setting, you can use the check boxes provided to change the options. -- If you disable or do not configure this policy setting, it has no effect on the system. +- If you disable or don't configure this policy setting, it has no effect on the system. -The "Do not apply during periodic background processing" option prevents the system from updating affected policies in the background while the computer is in use. When background updates are disabled, policy changes will not take effect until the next user logon or system restart. +The "Do not apply during periodic background processing" option prevents the system from updating affected policies in the background while the computer is in use. When background updates are disabled, policy changes won't take effect until the next user logon or system restart. -The "Process even if the Group Policy objects have not changed" option updates and reapplies the policies even if the policies have not changed. Many policy implementations specify that they be updated only when changed. However, you might want to update unchanged policies, such as reapplying a desired policy setting in case a user has changed it. +The "Process even if the Group Policy objects haven't changed" option updates and reapplies the policies even if the policies haven't changed. Many policy implementations specify that they be updated only when changed. However, you might want to update unchanged policies, such as reapplying a desired policy setting in case a user has changed it. @@ -764,13 +764,13 @@ It overrides customized settings that the program implementing the wired network - If you enable this policy, you can use the check boxes provided to change the options. -- If you disable this setting or do not configure it, it has no effect on the system. +- If you disable this setting or don't configure it, it has no effect on the system. The "Allow processing across a slow network connection" option updates the policies even when the update is being transmitted across a slow network connection, such as a telephone line. Updates across slow connections can cause significant delays. -The "Do not apply during periodic background processing" option prevents the system from updating affected policies in the background while the computer is in use. When background updates are disabled, policy changes will not take effect until the next user logon or system restart. +The "Do not apply during periodic background processing" option prevents the system from updating affected policies in the background while the computer is in use. When background updates are disabled, policy changes won't take effect until the next user logon or system restart. -The "Process even if the Group Policy objects have not changed" option updates and reapplies the policies even if the policies have not changed. Many policy implementations specify that they are updated only when changed. However, you might want to update unchanged policies, such as reapplying a desired setting in case a user has changed it. +The "Process even if the Group Policy objects haven't changed" option updates and reapplies the policies even if the policies haven't changed. Many policy implementations specify that they're updated only when changed. However, you might want to update unchanged policies, such as reapplying a desired setting in case a user has changed it. @@ -832,13 +832,13 @@ It overrides customized settings that the program implementing the wireless netw - If you enable this policy, you can use the check boxes provided to change the options. -- If you disable this setting or do not configure it, it has no effect on the system. +- If you disable this setting or don't configure it, it has no effect on the system. The "Allow processing across a slow network connection" option updates the policies even when the update is being transmitted across a slow network connection, such as a telephone line. Updates across slow connections can cause significant delays. -The "Do not apply during periodic background processing" option prevents the system from updating affected policies in the background while the computer is in use. When background updates are disabled, policy changes will not take effect until the next user logon or system restart. +The "Do not apply during periodic background processing" option prevents the system from updating affected policies in the background while the computer is in use. When background updates are disabled, policy changes won't take effect until the next user logon or system restart. -The "Process even if the Group Policy objects have not changed" option updates and reapplies the policies even if the policies have not changed. Many policy implementations specify that they are updated only when changed. However, you might want to update unchanged policies, such as reapplying a desired setting in case a user has changed it. +The "Process even if the Group Policy objects haven't changed" option updates and reapplies the policies even if the policies haven't changed. Many policy implementations specify that they're updated only when changed. However, you might want to update unchanged policies, such as reapplying a desired setting in case a user has changed it. @@ -894,14 +894,14 @@ The "Process even if the Group Policy objects have not changed" option updates a This policy setting controls the ability of users to view their Resultant Set of Policy (RSoP) data. -By default, interactively logged on users can view their own Resultant Set of Policy (RSoP) data. +By default, interactively logged-on users can view their own Resultant Set of Policy (RSoP) data. -- If you enable this policy setting, interactive users cannot generate RSoP data. +- If you enable this policy setting, interactive users can't generate RSoP data. -- If you disable or do not configure this policy setting, interactive users can generate RSoP. +- If you disable or don't configure this policy setting, interactive users can generate RSoP. > [!NOTE] -> This policy setting does not affect administrators. If you enable or disable this policy setting, by default administrators can view RSoP data. +> This policy setting doesn't affect administrators. If you enable or disable this policy setting, by default administrators can view RSoP data. > [!NOTE] > To view RSoP data on a client computer, use the RSoP snap-in for the Microsoft Management Console. You can launch the RSoP snap-in from the command line by typing RSOP.msc @@ -966,14 +966,14 @@ Also, see the "Turn off Resultant set of Policy logging" policy setting in Compu This policy setting controls the ability of users to view their Resultant Set of Policy (RSoP) data. -By default, interactively logged on users can view their own Resultant Set of Policy (RSoP) data. +By default, interactively logged-on users can view their own Resultant Set of Policy (RSoP) data. -- If you enable this policy setting, interactive users cannot generate RSoP data. +- If you enable this policy setting, interactive users can't generate RSoP data. -- If you disable or do not configure this policy setting, interactive users can generate RSoP. +- If you disable or don't configure this policy setting, interactive users can generate RSoP. > [!NOTE] -> This policy setting does not affect administrators. If you enable or disable this policy setting, by default administrators can view RSoP data. +> This policy setting doesn't affect administrators. If you enable or disable this policy setting, by default administrators can view RSoP data. > [!NOTE] > To view RSoP data on a client computer, use the RSoP snap-in for the Microsoft Management Console. You can launch the RSoP snap-in from the command line by typing RSOP.msc @@ -1091,13 +1091,13 @@ This policy setting prevents the Group Policy Client Service from stopping when -Prevents the system from updating the Administrative Templates source files automatically when you open the Group Policy Object Editor. Administrators might want to use this if they are concerned about the amount of space used on the system volume of a DC. +Prevents the system from updating the Administrative Templates source files automatically when you open the Group Policy Object Editor. Administrators might want to use this if they're concerned about the amount of space used on the system volume of a DC. -By default, when you start the Group Policy Object Editor, a timestamp comparison is performed on the source files in the local %SYSTEMROOT%\inf directory and the source files stored in the GPO. If the local files are newer, they are copied into the GPO. +By default, when you start the Group Policy Object Editor, a timestamp comparison is performed on the source files in the local %SYSTEMROOT%\inf directory and the source files stored in the GPO. If the local files are newer, they're copied into the GPO. Changing the status of this setting to Enabled will keep any source files from copying to the GPO. -Changing the status of this setting to Disabled will enforce the default behavior. Files will always be copied to the GPO if they have a later timestamp. +Changing the status of this setting to Disabled will enforce the default behavior. Files will always be copied to the GPO if they've a later timestamp. > [!NOTE] > If the Computer Configuration policy setting, "Always use local ADM files for the Group Policy Object Editor" is enabled, the state of this setting is ignored and always treated as Enabled. @@ -1159,7 +1159,7 @@ This policy setting prevents Group Policy from being updated while the computer - If you enable this policy setting, the system waits until the current user logs off the system before updating the computer and user settings. -- If you disable or do not configure this policy setting, updates can be applied while users are working. The frequency of updates is determined by the "Set Group Policy refresh interval for computers" and "Set Group Policy refresh interval for users" policy settings. +- If you disable or don't configure this policy setting, updates can be applied while users are working. The frequency of updates is determined by the "Set Group Policy refresh interval for computers" and "Set Group Policy refresh interval for users" policy settings. > [!NOTE] > If you make changes to this policy setting, you must restart your computer for it to take effect. @@ -1221,12 +1221,12 @@ This policy setting prevents Local Group Policy Objects (Local GPOs) from being By default, the policy settings in Local GPOs are applied before any domain-based GPO policy settings. These policy settings can apply to both users and the local computer. You can disable the processing and application of all Local GPOs to ensure that only domain-based GPOs are applied. -- If you enable this policy setting, the system does not process and apply any Local GPOs. +- If you enable this policy setting, the system doesn't process and apply any Local GPOs. -- If you disable or do not configure this policy setting, Local GPOs continue to be applied. +- If you disable or don't configure this policy setting, Local GPOs continue to be applied. > [!NOTE] -> For computers joined to a domain, it is strongly recommended that you only configure this policy setting in domain-based GPOs. This policy setting will be ignored on computers that are joined to a workgroup. +> For computers joined to a domain, it's strongly recommended that you only configure this policy setting in domain-based GPOs. This policy setting will be ignored on computers that are joined to a workgroup. @@ -1283,9 +1283,9 @@ By default, the policy settings in Local GPOs are applied before any domain-base This policy setting allows you to control a user's ability to invoke a computer policy refresh. -- If you enable this policy setting, users are not able to invoke a refresh of computer policy. Computer policy will still be applied at startup or when an official policy refresh occurs. +- If you enable this policy setting, users aren't able to invoke a refresh of computer policy. Computer policy will still be applied at startup or when an official policy refresh occurs. -- If you disable or do not configure this policy setting, the default behavior applies. By default, computer policy is applied when the computer starts up. It also applies at a specified refresh interval or when manually invoked by the user. +- If you disable or don't configure this policy setting, the default behavior applies. By default, computer policy is applied when the computer starts up. It also applies at a specified refresh interval or when manually invoked by the user. > [!NOTE] > This policy setting applies only to non-administrators. Administrators can still invoke a refresh of computer policy at any time, no matter how this policy setting is configured. @@ -1352,9 +1352,9 @@ This policy setting determines whether the Windows device is allowed to particip - If you enable this policy setting, the Windows device is discoverable by other Windows devices that belong to the same user, and can participate in cross-device experiences. -- If you disable this policy setting, the Windows device is not discoverable by other devices, and cannot participate in cross-device experiences. +- If you disable this policy setting, the Windows device isn't discoverable by other devices, and can't participate in cross-device experiences. -- If you do not configure this policy setting, the default behavior depends on the Windows edition. Changes to this policy take effect on reboot. +- If you don't configure this policy setting, the default behavior depends on the Windows edition. Changes to this policy take effect on reboot. @@ -1411,13 +1411,13 @@ This policy setting determines whether the Windows device is allowed to particip This policy setting allows you to configure Group Policy caching behavior. -- If you enable or do not configure this policy setting, Group Policy caches policy information after every background processing session. This cache saves applicable GPOs and the settings contained within them. When Group Policy runs in synchronous foreground mode, it refers to this cache, which enables it to run faster. When the cache is read, Group Policy attempts to contact a logon domain controller to determine the link speed. When Group Policy runs in background mode or asynchronous foreground mode, it continues to download the latest version of the policy information, and it uses a bandwidth estimate to determine slow link thresholds. (See the "Configure Group Policy Slow Link Detection" policy setting to configure asynchronous foreground behavior.) +- If you enable or don't configure this policy setting, Group Policy caches policy information after every background processing session. This cache saves applicable GPOs and the settings contained within them. When Group Policy runs in synchronous foreground mode, it refers to this cache, which enables it to run faster. When the cache is read, Group Policy attempts to contact a logon domain controller to determine the link speed. When Group Policy runs in background mode or asynchronous foreground mode, it continues to download the latest version of the policy information, and it uses a bandwidth estimate to determine slow link thresholds. (See the "Configure Group Policy Slow Link Detection" policy setting to configure asynchronous foreground behavior.) -The slow link value that is defined in this policy setting determines how long Group Policy will wait for a response from the domain controller before reporting the link speed as slow. The default is 500 milliseconds. +The slow link value that's defined in this policy setting determines how long Group Policy will wait for a response from the domain controller before reporting the link speed as slow. The default is 500 milliseconds. -The timeout value that is defined in this policy setting determines how long Group Policy will wait for a response from the domain controller before determining that there is no network connectivity. This stops the current Group Policy processing. Group Policy will run in the background the next time a connection to a domain controller is established. Setting this value too high might result in longer waits for the user at boot or logon. The default is 5000 milliseconds. +The timeout value that's defined in this policy setting determines how long Group Policy will wait for a response from the domain controller before determining that there is no network connectivity. This stops the current Group Policy processing. Group Policy will run in the background the next time a connection to a domain controller is established. Setting this value too high might result in longer waits for the user at boot or logon. The default is 5000 milliseconds. -- If you disable this policy setting, the Group Policy client will not cache applicable GPOs or settings that are contained within the GPOs. When Group Policy runs synchronously, it downloads the latest version of the policy from the network and uses bandwidth estimates to determine slow link thresholds. (See the "Configure Group Policy Slow Link Detection" policy setting to configure asynchronous foreground behavior.) +- If you disable this policy setting, the Group Policy client won't cache applicable GPOs or settings that are contained within the GPOs. When Group Policy runs synchronously, it downloads the latest version of the policy from the network and uses bandwidth estimates to determine slow link thresholds. (See the "Configure Group Policy Slow Link Detection" policy setting to configure asynchronous foreground behavior.) @@ -1475,9 +1475,9 @@ The timeout value that is defined in this policy setting determines how long Gro This policy setting allows you to configure Group Policy caching behavior on Windows Server machines. - If you enable this policy setting, Group Policy caches policy information after every background processing session. This cache saves applicable GPOs and the settings contained within them. When Group Policy runs in synchronous foreground mode, it refers to this cache, which enables it to run faster. When the cache is read, Group Policy attempts to contact a logon domain controller to determine the link speed. When Group Policy runs in background mode or asynchronous foreground mode, it continues to download the latest version of the policy information, and it uses a bandwidth estimate to determine slow link thresholds. (See the "Configure Group Policy Slow Link Detection" policy setting to configure asynchronous foreground behavior.) -The slow link value that is defined in this policy setting determines how long Group Policy will wait for a response from the domain controller before reporting the link speed as slow. The default is 500 milliseconds. -The timeout value that is defined in this policy setting determines how long Group Policy will wait for a response from the domain controller before determining that there is no network connectivity. This stops the current Group Policy processing. Group Policy will run in the background the next time a connection to a domain controller is established. Setting this value too high might result in longer waits for the user at boot or logon. The default is 5000 milliseconds. -- If you disable or do not configure this policy setting, the Group Policy client will not cache applicable GPOs or settings that are contained within the GPOs. When Group Policy runs synchronously, it downloads the latest version of the policy from the network and uses bandwidth estimates to determine slow link thresholds. (See the "Configure Group Policy Slow Link Detection" policy setting to configure asynchronous foreground behavior.) +The slow link value that's defined in this policy setting determines how long Group Policy will wait for a response from the domain controller before reporting the link speed as slow. The default is 500 milliseconds. +The timeout value that's defined in this policy setting determines how long Group Policy will wait for a response from the domain controller before determining that there is no network connectivity. This stops the current Group Policy processing. Group Policy will run in the background the next time a connection to a domain controller is established. Setting this value too high might result in longer waits for the user at boot or logon. The default is 5000 milliseconds. +- If you disable or don't configure this policy setting, the Group Policy client won't cache applicable GPOs or settings that are contained within the GPOs. When Group Policy runs synchronously, it downloads the latest version of the policy from the network and uses bandwidth estimates to determine slow link thresholds. (See the "Configure Group Policy Slow Link Detection" policy setting to configure asynchronous foreground behavior.) @@ -1536,9 +1536,9 @@ This policy allows IT admins to turn off the ability to Link a Phone with a PC t - If you enable this policy setting, the Windows device will be able to enroll in Phone-PC linking functionality and participate in Continue on PC experiences. -- If you disable this policy setting, the Windows device is not allowed to be linked to Phones, will remove itself from the device list of any linked Phones, and cannot participate in Continue on PC experiences. +- If you disable this policy setting, the Windows device isn't allowed to be linked to Phones, will remove itself from the device list of any linked Phones, and can't participate in Continue on PC experiences. -- If you do not configure this policy setting, the default behavior depends on the Windows edition. Changes to this policy take effect on reboot. +- If you don't configure this policy setting, the default behavior depends on the Windows edition. Changes to this policy take effect on reboot. @@ -1595,11 +1595,11 @@ This policy allows IT admins to turn off the ability to Link a Phone with a PC t This policy setting prevents administrators from viewing or using Group Policy preferences. -A Group Policy administration (.adm) file can contain both true settings and preferences. True settings, which are fully supported by Group Policy, must use registry entries in the Software\Policies or Software\Microsoft\Windows\CurrentVersion\Policies registry subkeys. Preferences, which are not fully supported, use registry entries in other subkeys. +A Group Policy administration (.adm) file can contain both true settings and preferences. True settings, which are fully supported by Group Policy, must use registry entries in the Software\Policies or Software\Microsoft\Windows\CurrentVersion\Policies registry subkeys. Preferences, which aren't fully supported, use registry entries in other subkeys. -- If you enable this policy setting, the "Show Policies Only" command is turned on, and administrators cannot turn it off. As a result, Group Policy Object Editor displays only true settings; preferences do not appear. +- If you enable this policy setting, the "Show Policies Only" command is turned on, and administrators can't turn it off. As a result, Group Policy Object Editor displays only true settings; preferences don't appear. -- If you disable or do not configure this policy setting, the "Show Policies Only" command is turned on by default, but administrators can view preferences by turning off the "Show Policies Only" command. +- If you disable or don't configure this policy setting, the "Show Policies Only" command is turned on by default, but administrators can view preferences by turning off the "Show Policies Only" command. > [!NOTE] > To find the "Show Policies Only" command, in Group Policy Object Editor, click the Administrative Templates folder (either one), right-click the same folder, and then point to "View." @@ -1659,7 +1659,7 @@ In Group Policy Object Editor, preferences have a red icon to distinguish them f -This security feature provides a global setting to prevent programs from loading untrusted fonts. Untrusted fonts are any font installed outside of the %windir%\Fonts directory. This feature can be configured to be in 3 modes: On, Off, and Audit. By default, it is Off and no fonts are blocked. If you aren't quite ready to deploy this feature into your organization, you can run it in Audit mode to see if blocking untrusted fonts causes any usability or compatibility issues. +This security feature provides a global setting to prevent programs from loading untrusted fonts. Untrusted fonts are any font installed outside of the %windir%\Fonts directory. This feature can be configured to be in 3 modes: On, Off, and Audit. By default, it's Off and no fonts are blocked. If you aren't quite ready to deploy this feature into your organization, you can run it in Audit mode to see if blocking untrusted fonts causes any usability or compatibility issues. @@ -1723,7 +1723,7 @@ This policy setting determines which domain controller the Group Policy Object E "Use any available domain controller" indicates that the Group Policy Object Editor snap-in can read and write changes to any available domain controller. -- If you disable this setting or do not configure it, the Group Policy Object Editor snap-in uses the domain controller designated as the PDC Operations Master for the domain. +- If you disable this setting or don't configure it, the Group Policy Object Editor snap-in uses the domain controller designated as the PDC Operations Master for the domain. > [!NOTE] > To change the PDC Operations Master for a domain, in Active Directory Users and Computers, right-click a domain, and then click "Operations Masters." @@ -1788,14 +1788,14 @@ The system's response to a slow policy connection varies among policies. The pro - If you enable this setting, you can, in the "Connection speed" box, type a decimal number between 0 and 4,294,967,200, indicating a transfer rate in kilobits per second. Any connection slower than this rate is considered to be slow. If you type 0, all connections are considered to be fast. -- If you disable this setting or do not configure it, the system uses the default value of 500 kilobits per second. +- If you disable this setting or don't configure it, the system uses the default value of 500 kilobits per second. This setting appears in the Computer Configuration and User Configuration folders. The setting in Computer Configuration defines a slow link for policies in the Computer Configuration folder. The setting in User Configuration defines a slow link for settings in the User Configuration folder. Also, see the "Do not detect slow network connections" and related policies in Computer Configuration\Administrative Templates\System\User Profile. > [!NOTE] -> If the profile server has IP connectivity, the connection speed setting is used. If the profile server does not have IP connectivity, the SMB timing is used. +> If the profile server has IP connectivity, the connection speed setting is used. If the profile server doesn't have IP connectivity, the SMB timing is used. @@ -1857,14 +1857,14 @@ The system's response to a slow policy connection varies among policies. The pro - If you enable this setting, you can, in the "Connection speed" box, type a decimal number between 0 and 4,294,967,200, indicating a transfer rate in kilobits per second. Any connection slower than this rate is considered to be slow. If you type 0, all connections are considered to be fast. -- If you disable this setting or do not configure it, the system uses the default value of 500 kilobits per second. +- If you disable this setting or don't configure it, the system uses the default value of 500 kilobits per second. This setting appears in the Computer Configuration and User Configuration folders. The setting in Computer Configuration defines a slow link for policies in the Computer Configuration folder. The setting in User Configuration defines a slow link for settings in the User Configuration folder. Also, see the "Do not detect slow network connections" and related policies in Computer Configuration\Administrative Templates\System\User Profile. > [!NOTE] -> If the profile server has IP connectivity, the connection speed setting is used. If the profile server does not have IP connectivity, the SMB timing is used. +> If the profile server has IP connectivity, the connection speed setting is used. If the profile server doesn't have IP connectivity, the SMB timing is used. @@ -1924,7 +1924,7 @@ In addition to background updates, Group Policy for the computer is always updat By default, computer Group Policy is updated in the background every 90 minutes, with a random offset of 0 to 30 minutes. -- If you enable this setting, you can specify an update rate from 0 to 64,800 minutes (45 days). If you select 0 minutes, the computer tries to update Group Policy every 7 seconds. However, because updates might interfere with users' work and increase network traffic, very short update intervals are not appropriate for most installations. +- If you enable this setting, you can specify an update rate from 0 to 64,800 minutes (45 days). If you select 0 minutes, the computer tries to update Group Policy every 7 seconds. However, because updates might interfere with users' work and increase network traffic, very short update intervals aren't appropriate for most installations. - If you disable this setting, Group Policy is updated every 90 minutes (the default). To specify that Group Policy should never be updated while the computer is in use, select the "Turn off background refresh of Group Policy" policy. @@ -1932,7 +1932,7 @@ The Set Group Policy refresh interval for computers policy also lets you specify This setting establishes the update rate for computer Group Policy. To set an update rate for user policies, use the "Set Group Policy refresh interval for users" setting (located in User Configuration\Administrative Templates\System\Group Policy). -This setting is only used when the "Turn off background refresh of Group Policy" setting is not enabled. +This setting is only used when the "Turn off background refresh of Group Policy" setting isn't enabled. > [!NOTE] > Consider notifying users that their policy is updated periodically so that they recognize the signs of a policy update. When Group Policy is updated, the Windows desktop is refreshed; it flickers briefly and closes open menus. Also, restrictions imposed by Group Policies, such as those that limit the programs users can run, might interfere with tasks in progress. @@ -1989,13 +1989,13 @@ This setting is only used when the "Turn off background refresh of Group Policy" -This policy setting specifies how often Group Policy is updated on domain controllers while they are running (in the background). The updates specified by this setting occur in addition to updates performed when the system starts. +This policy setting specifies how often Group Policy is updated on domain controllers while they're running (in the background). The updates specified by this setting occur in addition to updates performed when the system starts. By default, Group Policy on the domain controllers is updated every five minutes. -- If you enable this setting, you can specify an update rate from 0 to 64,800 minutes (45 days). If you select 0 minutes, the domain controller tries to update Group Policy every 7 seconds. However, because updates might interfere with users' work and increase network traffic, very short update intervals are not appropriate for most installations. +- If you enable this setting, you can specify an update rate from 0 to 64,800 minutes (45 days). If you select 0 minutes, the domain controller tries to update Group Policy every 7 seconds. However, because updates might interfere with users' work and increase network traffic, very short update intervals aren't appropriate for most installations. -- If you disable or do not configure this setting, the domain controller updates Group Policy every 5 minutes (the default). To specify that Group Policies for users should never be updated while the computer is in use, select the "Turn off background refresh of Group Policy" setting. +- If you disable or don't configure this setting, the domain controller updates Group Policy every 5 minutes (the default). To specify that Group Policies for users should never be updated while the computer is in use, select the "Turn off background refresh of Group Policy" setting. This setting also lets you specify how much the actual update interval varies. To prevent domain controllers with the same update interval from requesting updates simultaneously, the system varies the update interval for each controller by a random number of minutes. The number you type in the random time box sets the upper limit for the range of variance. For example, if you type 30 minutes, the system selects a variance of 0 to 30 minutes. Typing a large number establishes a broad range and makes it less likely that update requests overlap. However, updates might be delayed significantly. @@ -2060,7 +2060,7 @@ In addition to background updates, Group Policy for users is always updated when By default, user Group Policy is updated in the background every 90 minutes, with a random offset of 0 to 30 minutes. -- If you enable this setting, you can specify an update rate from 0 to 64,800 minutes (45 days). If you select 0 minutes, the computer tries to update user Group Policy every 7 seconds. However, because updates might interfere with users' work and increase network traffic, very short update intervals are not appropriate for most installations. +- If you enable this setting, you can specify an update rate from 0 to 64,800 minutes (45 days). If you select 0 minutes, the computer tries to update user Group Policy every 7 seconds. However, because updates might interfere with users' work and increase network traffic, very short update intervals aren't appropriate for most installations. - If you disable this setting, user Group Policy is updated every 90 minutes (the default). To specify that Group Policy for users should never be updated while the computer is in use, select the "Turn off background refresh of Group Policy" setting. @@ -2137,7 +2137,7 @@ By default, the Group Policy client waits five minutes before running logon scri - If you disable this policy setting, Group Policy will run scripts immediately after logon. -- If you do not configure this policy setting, Group Policy will wait five minutes before running logon scripts. +- If you don't configure this policy setting, Group Policy will wait five minutes before running logon scripts. @@ -2256,7 +2256,7 @@ This policy setting allows you to create new Group Policy object links in the di - If you enable this setting, you can create all new Group Policy object links in the disabled state by default. After you configure and test the new object links by using a policy compliant Group Policy management tool such as Active Directory Users and Computers or Active Directory Sites and Services, you can enable the object links for use on the system. -- If you disable this setting or do not configure it, new Group Policy object links are created in the enabled state. If you do not want them to be effective until they are configured and tested, you must disable the object link. +- If you disable this setting or don't configure it, new Group Policy object links are created in the enabled state. If you don't want them to be effective until they're configured and tested, you must disable the object link. @@ -2329,10 +2329,10 @@ This leads to the following behavior: - If you had originally created the GPO with an English system, and then you edit the GPO with a Japanese system, the Group Policy Object Editor snap-in uses the local Japanese ADM files, and you see the text in Japanese under Administrative Templates. -- If you disable or do not configure this setting, the Group Policy Object Editor snap-in always loads all ADM files from the actual GPO. +- If you disable or don't configure this setting, the Group Policy Object Editor snap-in always loads all ADM files from the actual GPO. > [!NOTE] -> If the ADMs that you require are not all available locally in your %windir%\inf directory, you might not be able to see all the settings that have been configured in the GPO that you are editing. +> If the ADMs that you require aren't all available locally in your %windir%\inf directory, you might not be able to see all the settings that have been configured in the GPO that you are editing. @@ -2403,7 +2403,7 @@ PROCESS_CREATION_MITIGATION_POLICY_SEHOP_ENABLE (0x00000004) Enables structured exception handler overwrite protection (SEHOP) for the child process. SEHOP blocks exploits that use the structured exception handler (SEH) overwrite technique. PROCESS_CREATION_MITIGATION_POLICY_FORCE_RELOCATE_IMAGES_ALWAYS_ON (0x00000100) -The force Address Space Layout Randomization (ASLR) policy forcibly rebases images that are not dynamic base compatible by acting as though an image base collision happened at load time. If relocations are required, images that do not have a base relocation section will not be loaded. +The force Address Space Layout Randomization (ASLR) policy forcibly rebases images that aren't dynamic base compatible by acting as though an image base collision happened at load time. If relocations are required, images that don't have a base relocation section won't be loaded. PROCESS_CREATION_MITIGATION_POLICY_BOTTOM_UP_ASLR_ALWAYS_ON (0x00010000) PROCESS_CREATION_MITIGATION_POLICY_BOTTOM_UP_ASLR_ALWAYS_OFF (0x00020000) @@ -2527,10 +2527,10 @@ RSoP logs information on Group Policy settings that have been applied to the cli - If you enable this setting, RSoP logging is turned off. -- If you disable or do not configure this setting, RSoP logging is turned on. By default, RSoP logging is always on. +- If you disable or don't configure this setting, RSoP logging is turned on. By default, RSoP logging is always on. > [!NOTE] -> To view the RSoP information logged on a client computer, you can use the RSoP snap-in in the Microsoft Management Console (MMC). +> To view the RSoP information logged-on a client computer, you can use the RSoP snap-in in the Microsoft Management Console (MMC). @@ -2592,9 +2592,9 @@ When Group Policy detects the bandwidth speed of a Direct Access connection, the > [!NOTE] > When Group Policy detects a slow network connection, Group Policy will only process those client side extensions configured for processing across a slow link (slow network connection). -- If you enable this policy, when Group Policy cannot determine the bandwidth speed across Direct Access, Group Policy will evaluate the network connection as a fast link and process all client side extensions. +- If you enable this policy, when Group Policy can't determine the bandwidth speed across Direct Access, Group Policy will evaluate the network connection as a fast link and process all client side extensions. -- If you disable this setting or do not configure it, Group Policy will evaluate the network connection as a slow link and process only those client side extensions configured to process over a slow link. +- If you disable this setting or don't configure it, Group Policy will evaluate the network connection as a slow link and process only those client side extensions configured to process over a slow link. @@ -2652,16 +2652,16 @@ When Group Policy detects the bandwidth speed of a Direct Access connection, the This policy directs Group Policy processing to skip processing any client side extension that requires synchronous processing (that is, whether computers wait for the network to be fully initialized during computer startup and user logon) when a slow network connection is detected. - If you enable this policy setting, when a slow network connection is detected, Group Policy processing will always run in an asynchronous manner. -Client computers will not wait for the network to be fully initialized at startup and logon. Existing users will be logged on using cached credentials, +Client computers won't wait for the network to be fully initialized at startup and logon. Existing users will be logged-on using cached credentials, which will result in shorter logon times. Group Policy will be applied in the background after the network becomes available. Note that because this is a background refresh, extensions requiring synchronous processing such as Software Installation, Folder Redirection -and Drive Maps preference extension will not be applied. +and Drive Maps preference extension won't be applied. Note There are two conditions that will cause Group Policy to be processed synchronously even if this policy setting is enabled: 1 - At the first computer startup after the client computer has joined the domain. 2 - If the policy setting "Always wait for the network at computer startup and logon" is enabled. -- If you disable or do not configure this policy setting, detecting a slow network connection will not affect whether Group Policy processing will be synchronous or asynchronous. +- If you disable or don't configure this policy setting, detecting a slow network connection won't affect whether Group Policy processing will be synchronous or asynchronous. @@ -2716,11 +2716,11 @@ Note There are two conditions that will cause Group Policy to be processed synch -This policy setting specifies how long Group Policy should wait for network availability notifications during startup policy processing. If the startup policy processing is synchronous, the computer is blocked until the network is available or the default wait time is reached. If the startup policy processing is asynchronous, the computer is not blocked and policy processing will occur in the background. In either case, configuring this policy setting overrides any system-computed wait times. +This policy setting specifies how long Group Policy should wait for network availability notifications during startup policy processing. If the startup policy processing is synchronous, the computer is blocked until the network is available or the default wait time is reached. If the startup policy processing is asynchronous, the computer isn't blocked and policy processing will occur in the background. In either case, configuring this policy setting overrides any system-computed wait times. - If you enable this policy setting, Group Policy will use this administratively configured maximum wait time and override any default or system-computed wait time. -- If you disable or do not configure this policy setting, Group Policy will use the default wait time of 30 seconds on computers running Windows Vista operating system. +- If you disable or don't configure this policy setting, Group Policy will use the default wait time of 30 seconds on computers running Windows Vista operating system. @@ -2774,7 +2774,7 @@ This policy setting specifies how long Group Policy should wait for network avai -This policy setting directs the system to apply the set of Group Policy objects for the computer to any user who logs on to a computer affected by this setting. It is intended for special-use computers, such as those in public places, laboratories, and classrooms, where you must modify the user setting based on the computer that is being used. +This policy setting directs the system to apply the set of Group Policy objects for the computer to any user who logs on to a computer affected by this setting. It's intended for special-use computers, such as those in public places, laboratories, and classrooms, where you must modify the user setting based on the computer that's being used. By default, the user's Group Policy Objects determine which user settings apply. @@ -2786,7 +2786,7 @@ By default, the user's Group Policy Objects determine which user settings apply. "Merge" indicates that the user settings defined in the computer's Group Policy Objects and the user settings normally applied to the user are combined. If the settings conflict, the user settings in the computer's Group Policy Objects take precedence over the user's normal settings. -- If you disable this setting or do not configure it, the user's Group Policy Objects determines which user settings apply. +- If you disable this setting or don't configure it, the user's Group Policy Objects determines which user settings apply. > [!NOTE] > This setting is effective only when both the computer account and the user account are in at least Windows 2000 domains. diff --git a/windows/client-management/mdm/policy-csp-admx-help.md b/windows/client-management/mdm/policy-csp-admx-help.md index 37b6bab922..dabc23d834 100644 --- a/windows/client-management/mdm/policy-csp-admx-help.md +++ b/windows/client-management/mdm/policy-csp-admx-help.md @@ -45,7 +45,7 @@ Data Execution Prevention (DEP) is designed to block malicious code that takes a - If you enable this policy setting, DEP for HTML Help Executable is turned off. This will allow certain legacy ActiveX controls to function without DEP shutting down HTML Help Executable. -- If you disable or do not configure this policy setting, DEP is turned on for HTML Help Executable. This provides an additional security benefit, but HTLM Help stops if DEP detects system memory abnormalities. +- If you disable or don't configure this policy setting, DEP is turned on for HTML Help Executable. This provides an additional security benefit, but HTLM Help stops if DEP detects system memory abnormalities. @@ -100,23 +100,23 @@ Data Execution Prevention (DEP) is designed to block malicious code that takes a -This policy setting allows you to restrict certain HTML Help commands to function only in HTML Help (.chm) files within specified folders and their subfolders. Alternatively, you can disable these commands on the entire system. It is strongly recommended that only folders requiring administrative privileges be added to this policy setting. +This policy setting allows you to restrict certain HTML Help commands to function only in HTML Help (.chm) files within specified folders and their subfolders. Alternatively, you can disable these commands on the entire system. It's strongly recommended that only folders requiring administrative privileges be added to this policy setting. - If you enable this policy setting, the commands function only for .chm files in the specified folders and their subfolders. To restrict the commands to one or more folders, enable the policy setting and enter the desired folders in the text box on the Settings tab of the Policy Properties dialog box. Use a semicolon to separate folders. For example, to restrict the commands to only .chm files in the %windir%\help folder and D:\somefolder, add the following string to the edit box: "%windir%\help;D:\somefolder". > [!NOTE] -> An environment variable may be used, (for example, %windir%), as long as it is defined on the system. For example, %programfiles% is not defined on some early versions of Windows. +> An environment variable may be used, (for example, %windir%), as long as it's defined on the system. For example, %programfiles% isn't defined on some early versions of Windows. The "Shortcut" command is used to add a link to a Help topic, and runs executables that are external to the Help file. The "WinHelp" command is used to add a link to a Help topic, and runs a WinHLP32.exe Help (.hlp) file. To disallow the "Shortcut" and "WinHelp" commands on the entire local system, enable the policy setting and leave the text box on the Settings tab of the Policy Properties dialog box blank. -- If you disable or do not configure this policy setting, these commands are fully functional for all Help files. +- If you disable or don't configure this policy setting, these commands are fully functional for all Help files. > [!NOTE] -> Only folders on the local computer can be specified in this policy setting. You cannot use this policy setting to enable the "Shortcut" and "WinHelp" commands for .chm files that are stored on mapped drives or accessed using UNC paths. +> Only folders on the local computer can be specified in this policy setting. You can't use this policy setting to enable the "Shortcut" and "WinHelp" commands for .chm files that are stored on mapped drives or accessed using UNC paths. For additional options, see the "Restrict these programs from being launched from Help" policy. @@ -176,13 +176,13 @@ This policy setting allows you to restrict programs from being run from online H - If you enable this policy setting, you can prevent specified programs from being run from Help. When you enable this policy setting, enter the file names names of the programs you want to restrict, separated by commas. -- If you disable or do not configure this policy setting, users can run all applications from online Help. +- If you disable or don't configure this policy setting, users can run all applications from online Help. > [!NOTE] > You can also restrict users from running applications by using the Software Restriction Policy settings available in Computer Configuration\Security Settings. > [!NOTE] -> This policy setting is available under Computer Configuration and User Configuration. If both are settings are used, any programs listed in either of these locations cannot launched from Help. +> This policy setting is available under Computer Configuration and User Configuration. If both are settings are used, any programs listed in either of these locations can't launched from Help. @@ -240,13 +240,13 @@ This policy setting allows you to restrict programs from being run from online H - If you enable this policy setting, you can prevent specified programs from being run from Help. When you enable this policy setting, enter the file names names of the programs you want to restrict, separated by commas. -- If you disable or do not configure this policy setting, users can run all applications from online Help. +- If you disable or don't configure this policy setting, users can run all applications from online Help. > [!NOTE] > You can also restrict users from running applications by using the Software Restriction Policy settings available in Computer Configuration\Security Settings. > [!NOTE] -> This policy setting is available under Computer Configuration and User Configuration. If both are settings are used, any programs listed in either of these locations cannot launched from Help. +> This policy setting is available under Computer Configuration and User Configuration. If both are settings are used, any programs listed in either of these locations can't launched from Help. diff --git a/windows/client-management/mdm/policy-csp-admx-helpandsupport.md b/windows/client-management/mdm/policy-csp-admx-helpandsupport.md index 6a5196435b..a0c5be299f 100644 --- a/windows/client-management/mdm/policy-csp-admx-helpandsupport.md +++ b/windows/client-management/mdm/policy-csp-admx-helpandsupport.md @@ -41,9 +41,9 @@ ms.topic: reference This policy setting specifies whether active content links in trusted assistance content are rendered. By default, the Help viewer renders trusted assistance content with active elements such as ShellExecute links and Guided Help links. -- If you enable this policy setting, active content links are not rendered. The text is displayed, but there are no clickable links for these elements. +- If you enable this policy setting, active content links aren't rendered. The text is displayed, but there are no clickable links for these elements. -- If you disable or do not configure this policy setting, the default behavior applies (Help viewer renders trusted assistance content with active elements). +- If you disable or don't configure this policy setting, the default behavior applies (Help viewer renders trusted assistance content with active elements). @@ -100,9 +100,9 @@ This policy setting specifies whether active content links in trusted assistance This policy setting specifies whether users can provide ratings for Help content. -- If you enable this policy setting, ratings controls are not added to Help content. +- If you enable this policy setting, ratings controls aren't added to Help content. -- If you disable or do not configure this policy setting, ratings controls are added to Help topics. +- If you disable or don't configure this policy setting, ratings controls are added to Help topics. Users can use the control to provide feedback on the quality and usefulness of the Help and Support content. @@ -161,9 +161,9 @@ Users can use the control to provide feedback on the quality and usefulness of t This policy setting specifies whether users can participate in the Help Experience Improvement program. The Help Experience Improvement program collects information about how customers use Windows Help so that Microsoft can improve it. -- If you enable this policy setting, users cannot participate in the Help Experience Improvement program. +- If you enable this policy setting, users can't participate in the Help Experience Improvement program. -- If you disable or do not configure this policy setting, users can turn on the Help Experience Improvement program feature from the Help and Support settings page. +- If you disable or don't configure this policy setting, users can turn on the Help Experience Improvement program feature from the Help and Support settings page. @@ -222,7 +222,7 @@ This policy setting specifies whether users can search and view content from Win - If you enable this policy setting, users are prevented from accessing online assistance content from Windows Online. -- If you disable or do not configure this policy setting, users can access online assistance if they have a connection to the Internet and have not disabled Windows Online from the Help and Support Options page. +- If you disable or don't configure this policy setting, users can access online assistance if they've a connection to the Internet and haven't disabled Windows Online from the Help and Support Options page. diff --git a/windows/client-management/mdm/policy-csp-admx-hotspotauth.md b/windows/client-management/mdm/policy-csp-admx-hotspotauth.md index 65215b4418..639fa6323a 100644 --- a/windows/client-management/mdm/policy-csp-admx-hotspotauth.md +++ b/windows/client-management/mdm/policy-csp-admx-hotspotauth.md @@ -43,9 +43,9 @@ This policy setting defines whether WLAN hotspots are probed for Wireless Intern If a WLAN hotspot supports the WISPr protocol, users can submit credentials when manually connecting to the network. If authentication is successful, users will be connected automatically on subsequent attempts. Credentials can also be configured by network operators. -- If you enable this policy setting, or if you do not configure this policy setting, WLAN hotspots are automatically probed for WISPR protocol support. +- If you enable this policy setting, or if you don't configure this policy setting, WLAN hotspots are automatically probed for WISPR protocol support. -- If you disable this policy setting, WLAN hotspots are not probed for WISPr protocol support, and users can only authenticate with WLAN hotspots using a web browser. +- If you disable this policy setting, WLAN hotspots aren't probed for WISPr protocol support, and users can only authenticate with WLAN hotspots using a web browser. diff --git a/windows/client-management/mdm/policy-csp-admx-icm.md b/windows/client-management/mdm/policy-csp-admx-icm.md index 87ad65829d..8b83fbf9b0 100644 --- a/windows/client-management/mdm/policy-csp-admx-icm.md +++ b/windows/client-management/mdm/policy-csp-admx-icm.md @@ -39,13 +39,13 @@ ms.topic: reference -This policy setting turns off the Windows Customer Experience Improvement Program. The Windows Customer Experience Improvement Program collects information about your hardware configuration and how you use our software and services to identify trends and usage patterns. Microsoft will not collect your name, address, or any other personally identifiable information. There are no surveys to complete, no salesperson will call, and you can continue working without interruption. It is simple and user-friendly. +This policy setting turns off the Windows Customer Experience Improvement Program. The Windows Customer Experience Improvement Program collects information about your hardware configuration and how you use our software and services to identify trends and usage patterns. Microsoft won't collect your name, address, or any other personally identifiable information. There are no surveys to complete, no salesperson will call, and you can continue working without interruption. It's simple and user-friendly. - If you enable this policy setting, all users are opted out of the Windows Customer Experience Improvement Program. - If you disable this policy setting, all users are opted into the Windows Customer Experience Improvement Program. -- If you do not configure this policy setting, the administrator can use the Problem Reports and Solutions component in Control Panel to enable Windows Customer Experience Improvement Program for all users. +- If you don't configure this policy setting, the administrator can use the Problem Reports and Solutions component in Control Panel to enable Windows Customer Experience Improvement Program for all users. @@ -104,9 +104,9 @@ This policy setting specifies whether to automatically update root certificates Typically, a certificate is used when you use a secure website or when you send and receive secure email. Anyone can issue certificates, but to have transactions that are as secure as possible, certificates must be issued by a trusted certificate authority (CA). Microsoft has included a list in Windows XP and other products of companies and organizations that it considers trusted authorities. -- If you enable this policy setting, when you are presented with a certificate issued by an untrusted root authority, your computer will not contact the Windows Update website to see if Microsoft has added the CA to its list of trusted authorities. +- If you enable this policy setting, when you are presented with a certificate issued by an untrusted root authority, your computer won't contact the Windows Update website to see if Microsoft has added the CA to its list of trusted authorities. -- If you disable or do not configure this policy setting, your computer will contact the Windows Update website. +- If you disable or don't configure this policy setting, your computer will contact the Windows Update website. @@ -166,11 +166,11 @@ This policy setting specifies whether to allow printing over HTTP from this clie Printing over HTTP allows a client to print to printers on the intranet as well as the Internet. > [!NOTE] -> This policy setting affects the client side of Internet printing only. It does not prevent this computer from acting as an Internet Printing server and making its shared printers available via HTTP. +> This policy setting affects the client side of Internet printing only. It doesn't prevent this computer from acting as an Internet Printing server and making its shared printers available via HTTP. - If you enable this policy setting, it prevents this client from printing to Internet printers over HTTP. -- If you disable or do not configure this policy setting, users can choose to print to Internet printers over HTTP. +- If you disable or don't configure this policy setting, users can choose to print to Internet printers over HTTP. Also, see the "Web-based printing" policy setting in Computer Configuration/Administrative Templates/Printers. @@ -232,11 +232,11 @@ This policy setting specifies whether to allow this client to download print dri To set up HTTP printing, non-inbox drivers need to be downloaded over HTTP. > [!NOTE] -> This policy setting does not prevent the client from printing to printers on the Intranet or the Internet over HTTP. It only prohibits downloading drivers that are not already installed locally. +> This policy setting doesn't prevent the client from printing to printers on the Intranet or the Internet over HTTP. It only prohibits downloading drivers that aren't already installed locally. -- If you enable this policy setting, print drivers cannot be downloaded over HTTP. +- If you enable this policy setting, print drivers can't be downloaded over HTTP. -- If you disable or do not configure this policy setting, users can download print drivers over HTTP. +- If you disable or don't configure this policy setting, users can download print drivers over HTTP. @@ -293,13 +293,13 @@ To set up HTTP printing, non-inbox drivers need to be downloaded over HTTP. This policy setting specifies whether Windows searches Windows Update for device drivers when no local drivers for a device are present. -- If you enable this policy setting, Windows Update is not searched when a new device is installed. +- If you enable this policy setting, Windows Update isn't searched when a new device is installed. - If you disable this policy setting, Windows Update is always searched for drivers when no local drivers are present. -- If you do not configure this policy setting, searching Windows Update is optional when installing a device. +- If you don't configure this policy setting, searching Windows Update is optional when installing a device. -Also see "Turn off Windows Update device driver search prompt" in "Administrative Templates/System," which governs whether an administrator is prompted before searching Windows Update for device drivers if a driver is not found locally. +Also see "Turn off Windows Update device driver search prompt" in "Administrative Templates/System," which governs whether an administrator is prompted before searching Windows Update for device drivers if a driver isn't found locally. > [!NOTE] > This policy setting is replaced by "Specify Driver Source Search Order" in "Administrative Templates/System/Device Installation" on newer versions of Windows. @@ -361,9 +361,9 @@ This policy setting specifies whether "Events.asp" hyperlinks are available for The Event Viewer normally makes all HTTP(S) URLs into hyperlinks that activate the Internet browser when clicked. In addition, "More Information" is placed at the end of the description text if the event is created by a Microsoft component. This text contains a link (URL) that, if clicked, sends information about the event to Microsoft, and allows users to learn more about why that event occurred. -- If you enable this policy setting, event description hyperlinks are not activated and the text "More Information" is not displayed at the end of the description. +- If you enable this policy setting, event description hyperlinks aren't activated and the text "More Information" isn't displayed at the end of the description. -- If you disable or do not configure this policy setting, the user can click the hyperlink, which prompts the user and then sends information about the event over the Internet to Microsoft. Also, see "Events.asp URL", "Events.asp program", and "Events.asp Program Command Line Parameters" settings in "Administrative Templates/Windows Components/Event Viewer". +- If you disable or don't configure this policy setting, the user can click the hyperlink, which prompts the user and then sends information about the event over the Internet to Microsoft. Also, see "Events.asp URL", "Events.asp program", and "Events.asp Program Command Line Parameters" settings in "Administrative Templates/Windows Components/Event Viewer". @@ -424,9 +424,9 @@ This content is dynamically updated when users who are connected to the Internet - If you enable this policy setting, the Help and Support Center no longer retrieves nor displays "Did you know?" content. -- If you disable or do not configure this policy setting, the Help and Support Center retrieves and displays "Did you know?" content. +- If you disable or don't configure this policy setting, the Help and Support Center retrieves and displays "Did you know?" content. -You might want to enable this policy setting for users who do not have Internet access, because the content in the "Did you know?" section will remain static indefinitely without an Internet connection. +You might want to enable this policy setting for users who don't have Internet access, because the content in the "Did you know?" section will remain static indefinitely without an Internet connection. @@ -487,7 +487,7 @@ The Knowledge Base is an online source of technical support information and self - If you enable this policy setting, it removes the Knowledge Base section from the Help and Support Center "Set search options" page, and only Help content on the local computer is searched. -- If you disable or do not configure this policy setting, the Knowledge Base is searched if the user has a connection to the Internet and has not disabled the Knowledge Base search from the Search Options page. +- If you disable or don't configure this policy setting, the Knowledge Base is searched if the user has a connection to the Internet and hasn't disabled the Knowledge Base search from the Search Options page. @@ -544,11 +544,11 @@ The Knowledge Base is an online source of technical support information and self This policy setting specifies whether Windows can access the Internet to accomplish tasks that require Internet resources. -- If you enable this setting, all of the policy settings listed in the "Internet Communication settings" section are set such that their respective features cannot access the Internet. +- If you enable this setting, all of the policy settings listed in the "Internet Communication settings" section are set such that their respective features can't access the Internet. - If you disable this policy setting, all of the policy settings listed in the "Internet Communication settings" section are set such that their respective features can access the Internet. -- If you do not configure this policy setting, all of the policy settings in the "Internet Communication settings" section are set to not configured. +- If you don't configure this policy setting, all of the policy settings in the "Internet Communication settings" section are set to not configured. @@ -605,11 +605,11 @@ This policy setting specifies whether Windows can access the Internet to accompl This policy setting specifies whether Windows can access the Internet to accomplish tasks that require Internet resources. -- If you enable this setting, all of the policy settings listed in the "Internet Communication settings" section are set such that their respective features cannot access the Internet. +- If you enable this setting, all of the policy settings listed in the "Internet Communication settings" section are set such that their respective features can't access the Internet. - If you disable this policy setting, all of the policy settings listed in the "Internet Communication settings" section are set such that their respective features can access the Internet. -- If you do not configure this policy setting, all of the policy settings in the "Internet Communication settings" section are set to not configured. +- If you don't configure this policy setting, all of the policy settings in the "Internet Communication settings" section are set to not configured. @@ -668,7 +668,7 @@ This policy setting specifies whether the Internet Connection Wizard can connect - If you enable this policy setting, the "Choose a list of Internet Service Providers" path in the Internet Connection Wizard causes the wizard to exit. This prevents users from retrieving the list of ISPs, which resides on Microsoft servers. -- If you disable or do not configure this policy setting, users can connect to Microsoft to download a list of ISPs for their area. +- If you disable or don't configure this policy setting, users can connect to Microsoft to download a list of ISPs for their area. @@ -725,11 +725,11 @@ This policy setting specifies whether the Internet Connection Wizard can connect This policy setting specifies whether the Windows Registration Wizard connects to Microsoft.com for online registration. -- If you enable this policy setting, it blocks users from connecting to Microsoft.com for online registration and users cannot register their copy of Windows online. +- If you enable this policy setting, it blocks users from connecting to Microsoft.com for online registration and users can't register their copy of Windows online. -- If you disable or do not configure this policy setting, users can connect to Microsoft.com to complete the online Windows Registration. +- If you disable or don't configure this policy setting, users can connect to Microsoft.com to complete the online Windows Registration. -Note that registration is optional and involves submitting some personal information to Microsoft. However, Windows Product Activation is required but does not involve submitting any personal information (except the country/region you live in). +Note that registration is optional and involves submitting some personal information to Microsoft. However, Windows Product Activation is required but doesn't involve submitting any personal information (except the country/region you live in). @@ -788,9 +788,9 @@ This policy setting controls whether or not errors are reported to Microsoft. Error Reporting is used to report information about a system or application that has failed or has stopped responding and is used to improve the quality of the product. -- If you enable this policy setting, users are not given the option to report errors. +- If you enable this policy setting, users aren't given the option to report errors. -- If you disable or do not configure this policy setting, the errors may be reported to Microsoft via the Internet or to a corporate file share. +- If you disable or don't configure this policy setting, the errors may be reported to Microsoft via the Internet or to a corporate file share. This policy setting overrides any user setting made from the Control Panel for error reporting. @@ -852,7 +852,7 @@ This policy setting allows you to remove access to Windows Update. - If you enable this policy setting, all Windows Update features are removed. This includes blocking access to the Windows Update website at , from the Windows Update hyperlink on the Start menu, and also on the Tools menu in Internet Explorer. Windows automatic updating is also disabled; you will neither be notified about nor will you receive critical updates from Windows Update. This policy setting also prevents Device Manager from automatically installing driver updates from the Windows Update website. -- If you disable or do not configure this policy setting, users can access the Windows Update website and enable automatic updating to receive notifications and critical updates from Windows Update. +- If you disable or don't configure this policy setting, users can access the Windows Update website and enable automatic updating to receive notifications and critical updates from Windows Update. > [!NOTE] > This policy applies only when this PC is configured to connect to an intranet update service using the "Specify intranet Microsoft update service location" policy. @@ -914,9 +914,9 @@ This policy setting specifies whether Search Companion should automatically down When users search the local computer or the Internet, Search Companion occasionally connects to Microsoft to download an updated privacy policy and additional content files used to format and display results. -- If you enable this policy setting, Search Companion does not download content updates during searches. +- If you enable this policy setting, Search Companion doesn't download content updates during searches. -- If you disable or do not configure this policy setting, Search Companion downloads content updates unless the user is using Classic Search. +- If you disable or don't configure this policy setting, Search Companion downloads content updates unless the user is using Classic Search. > [!NOTE] > Internet searches still send the search text and information about the search to Microsoft and the chosen search provider. Choosing Classic Search turns off the Search Companion feature completely. @@ -976,11 +976,11 @@ When users search the local computer or the Internet, Search Companion occasiona This policy setting specifies whether to use the Microsoft Web service for finding an application to open a file with an unhandled file association. -When a user opens a file that has an extension that is not associated with any applications on the computer, the user is given the choice to select a local application or use the Web service to find an application. +When a user opens a file that has an extension that isn't associated with any applications on the computer, the user is given the choice to select a local application or use the Web service to find an application. - If you enable this policy setting, the link and the dialog for using the Web service to open an unhandled file association are removed. -- If you disable or do not configure this policy setting, the user is allowed to use the Web service. +- If you disable or don't configure this policy setting, the user is allowed to use the Web service. @@ -1037,11 +1037,11 @@ When a user opens a file that has an extension that is not associated with any a This policy setting specifies whether to use the Microsoft Web service for finding an application to open a file with an unhandled file association. -When a user opens a file that has an extension that is not associated with any applications on the computer, the user is given the choice to select a local application or use the Web service to find an application. +When a user opens a file that has an extension that isn't associated with any applications on the computer, the user is given the choice to select a local application or use the Web service to find an application. - If you enable this policy setting, the link and the dialog for using the Web service to open an unhandled file association are removed. -- If you disable or do not configure this policy setting, the user is allowed to use the Web service. +- If you disable or don't configure this policy setting, the user is allowed to use the Web service. @@ -1098,11 +1098,11 @@ When a user opens a file that has an extension that is not associated with any a This policy setting specifies whether to use the Store service for finding an application to open a file with an unhandled file type or protocol association. -When a user opens a file type or protocol that is not associated with any applications on the computer, the user is given the choice to select a local application or use the Store service to find an application. +When a user opens a file type or protocol that isn't associated with any applications on the computer, the user is given the choice to select a local application or use the Store service to find an application. - If you enable this policy setting, the "Look for an app in the Store" item in the Open With dialog is removed. -- If you disable or do not configure this policy setting, the user is allowed to use the Store service and the Store item is available in the Open With dialog. +- If you disable or don't configure this policy setting, the user is allowed to use the Store service and the Store item is available in the Open With dialog. @@ -1159,11 +1159,11 @@ When a user opens a file type or protocol that is not associated with any applic This policy setting specifies whether to use the Store service for finding an application to open a file with an unhandled file type or protocol association. -When a user opens a file type or protocol that is not associated with any applications on the computer, the user is given the choice to select a local application or use the Store service to find an application. +When a user opens a file type or protocol that isn't associated with any applications on the computer, the user is given the choice to select a local application or use the Store service to find an application. - If you enable this policy setting, the "Look for an app in the Store" item in the Open With dialog is removed. -- If you disable or do not configure this policy setting, the user is allowed to use the Store service and the Store item is available in the Open With dialog. +- If you disable or don't configure this policy setting, the user is allowed to use the Store service and the Store item is available in the Open With dialog. @@ -1222,9 +1222,9 @@ This policy setting specifies whether Windows should download a list of provider These wizards allow users to select from a list of companies that provide services such as online storage and photographic printing. By default, Windows displays providers downloaded from a Windows website in addition to providers specified in the registry. -- If you enable this policy setting, Windows does not download providers, and only the service providers that are cached in the local registry are displayed. +- If you enable this policy setting, Windows doesn't download providers, and only the service providers that are cached in the local registry are displayed. -- If you disable or do not configure this policy setting, a list of providers are downloaded when the user uses the web publishing or online ordering wizards. +- If you disable or don't configure this policy setting, a list of providers are downloaded when the user uses the web publishing or online ordering wizards. See the documentation for the web publishing and online ordering wizards for more information, including details on specifying service providers in the registry. @@ -1287,7 +1287,7 @@ The Order Prints Online Wizard is used to download a list of providers and allow - If you enable this policy setting, the task "Order Prints Online" is removed from Picture Tasks in File Explorer folders. -- If you disable or do not configure this policy setting, the task is displayed. +- If you disable or don't configure this policy setting, the task is displayed. @@ -1348,7 +1348,7 @@ The Order Prints Online Wizard is used to download a list of providers and allow - If you enable this policy setting, the task "Order Prints Online" is removed from Picture Tasks in File Explorer folders. -- If you disable or do not configure this policy setting, the task is displayed. +- If you disable or don't configure this policy setting, the task is displayed. @@ -1409,7 +1409,7 @@ The Web Publishing Wizard is used to download a list of providers and allow user - If you enable this policy setting, these tasks are removed from the File and Folder tasks in Windows folders. -- If you disable or do not configure this policy setting, the tasks are shown. +- If you disable or don't configure this policy setting, the tasks are shown. @@ -1470,7 +1470,7 @@ The Web Publishing Wizard is used to download a list of providers and allow user - If you enable this policy setting, these tasks are removed from the File and Folder tasks in Windows folders. -- If you disable or do not configure this policy setting, the tasks are shown. +- If you disable or don't configure this policy setting, the tasks are shown. @@ -1529,11 +1529,11 @@ This policy setting specifies whether Windows Messenger collects anonymous infor With the Customer Experience Improvement program, users can allow Microsoft to collect anonymous information about how the product is used. This information is used to improve the product in future releases. -- If you enable this policy setting, Windows Messenger does not collect usage information, and the user settings to enable the collection of usage information are not shown. +- If you enable this policy setting, Windows Messenger doesn't collect usage information, and the user settings to enable the collection of usage information aren't shown. -- If you disable this policy setting, Windows Messenger collects anonymous usage information, and the setting is not shown. +- If you disable this policy setting, Windows Messenger collects anonymous usage information, and the setting isn't shown. -- If you do not configure this policy setting, users have the choice to opt in and allow information to be collected. +- If you don't configure this policy setting, users have the choice to opt in and allow information to be collected. @@ -1592,11 +1592,11 @@ This policy setting specifies whether Windows Messenger collects anonymous infor With the Customer Experience Improvement program, users can allow Microsoft to collect anonymous information about how the product is used. This information is used to improve the product in future releases. -- If you enable this policy setting, Windows Messenger does not collect usage information, and the user settings to enable the collection of usage information are not shown. +- If you enable this policy setting, Windows Messenger doesn't collect usage information, and the user settings to enable the collection of usage information aren't shown. -- If you disable this policy setting, Windows Messenger collects anonymous usage information, and the setting is not shown. +- If you disable this policy setting, Windows Messenger collects anonymous usage information, and the setting isn't shown. -- If you do not configure this policy setting, users have the choice to opt in and allow information to be collected. +- If you don't configure this policy setting, users have the choice to opt in and allow information to be collected. diff --git a/windows/client-management/mdm/policy-csp-admx-iis.md b/windows/client-management/mdm/policy-csp-admx-iis.md index 4723887660..eabc93b5ad 100644 --- a/windows/client-management/mdm/policy-csp-admx-iis.md +++ b/windows/client-management/mdm/policy-csp-admx-iis.md @@ -41,8 +41,8 @@ ms.topic: reference "This policy setting prevents installation of Internet Information Services (IIS) on this computer. -- If you enable this policy setting, Internet Information Services (IIS) cannot be installed, and you will not be able to install Windows components or applications that require IIS. Users installing Windows components or applications that require IIS might not receive a warning that IIS cannot be installed because of this Group Policy setting. Enabling this setting will not have any effect on IIS if IIS is already installed on the computer. -- If you disable or do not configure this policy setting, IIS can be installed, as well as all the programs and applications that require IIS to run." +- If you enable this policy setting, Internet Information Services (IIS) can't be installed, and you won't be able to install Windows components or applications that require IIS. Users installing Windows components or applications that require IIS might not receive a warning that IIS can't be installed because of this Group Policy setting. Enabling this setting won't have any effect on IIS if IIS is already installed on the computer. +- If you disable or don't configure this policy setting, IIS can be installed, as well as all the programs and applications that require IIS to run." diff --git a/windows/client-management/mdm/policy-csp-admx-iscsi.md b/windows/client-management/mdm/policy-csp-admx-iscsi.md index d595d630eb..ab2b61dabd 100644 --- a/windows/client-management/mdm/policy-csp-admx-iscsi.md +++ b/windows/client-management/mdm/policy-csp-admx-iscsi.md @@ -259,7 +259,7 @@ If enabled then new targets may not be manually configured by entering the targe -If enabled then do not allow the initiator iqn name to be changed. If disabled then the initiator iqn name may be changed. +If enabled then don't allow the initiator iqn name to be changed. If disabled then the initiator iqn name may be changed. @@ -369,7 +369,7 @@ If enabled then only those sessions that are established via a persistent login -If enabled then do not allow the initiator CHAP secret to be changed. If disabled then the initiator CHAP secret may be changed. +If enabled then don't allow the initiator CHAP secret to be changed. If disabled then the initiator CHAP secret may be changed. diff --git a/windows/client-management/mdm/policy-csp-admx-kdc.md b/windows/client-management/mdm/policy-csp-admx-kdc.md index 59d1ad1721..7c67c906a2 100644 --- a/windows/client-management/mdm/policy-csp-admx-kdc.md +++ b/windows/client-management/mdm/policy-csp-admx-kdc.md @@ -43,12 +43,12 @@ This policy setting allows you to configure a domain controller to support claim - If you enable this policy setting, client computers that support claims and compound authentication for Dynamic Access Control and are Kerberos armor-aware will use this feature for Kerberos authentication messages. This policy should be applied to all domain controllers to ensure consistent application of this policy in the domain. -- If you disable or do not configure this policy setting, the domain controller does not support claims, compound authentication or armoring. +- If you disable or don't configure this policy setting, the domain controller doesn't support claims, compound authentication or armoring. -If you configure the "Not supported" option, the domain controller does not support claims, compound authentication or armoring which is the default behavior for domain controllers running Windows Server 2008 R2 or earlier operating systems. +If you configure the "Not supported" option, the domain controller doesn't support claims, compound authentication or armoring which is the default behavior for domain controllers running Windows Server 2008 R2 or earlier operating systems. > [!NOTE] -> For the following options of this KDC policy to be effective, the Kerberos Group Policy "Kerberos client support for claims, compound authentication and Kerberos armoring" must be enabled on supported systems. If the Kerberos policy setting is not enabled, Kerberos authentication messages will not use these features. +> For the following options of this KDC policy to be effective, the Kerberos Group Policy "Kerberos client support for claims, compound authentication and Kerberos armoring" must be enabled on supported systems. If the Kerberos policy setting isn't enabled, Kerberos authentication messages won't use these features. If you configure "Supported", the domain controller supports claims, compound authentication and Kerberos armoring. The domain controller advertises to Kerberos client computers that the domain is capable of claims and compound authentication for Dynamic Access Control and Kerberos armoring. @@ -61,7 +61,7 @@ When the domain functional level is set to Windows Server 2012 then the domain c - If you set the "Fail unarmored authentication requests" option, rejects unarmored Kerberos messages. > [!WARNING] -> When "Fail unarmored authentication requests" is set, then client computers which do not support Kerberos armoring will fail to authenticate to the domain controller. +> When "Fail unarmored authentication requests" is set, then client computers which don't support Kerberos armoring will fail to authenticate to the domain controller. To ensure this feature is effective, deploy enough domain controllers that support claims and compound authentication for Dynamic Access Control and are Kerberos armor-aware to handle the authentication requests. Insufficient number of domain controllers that support this policy result in authentication failures whenever Dynamic Access Control or Kerberos armoring is required (that is, the "Supported" option is enabled). @@ -69,7 +69,7 @@ Impact on domain controller performance when this policy setting is enabled: - Secure Kerberos domain capability discovery is required resulting in additional message exchanges. - Claims and compound authentication for Dynamic Access Control increases the size and complexity of the data in the message which results in more processing time and greater Kerberos service ticket size. - - Kerberos armoring fully encrypts Kerberos messages and signs Kerberos errors which results in increased processing time, but does not change the service ticket size. + - Kerberos armoring fully encrypts Kerberos messages and signs Kerberos errors which results in increased processing time, but doesn't change the service ticket size. @@ -130,10 +130,10 @@ This policy setting controls whether the domain controller provides information For Windows Logon to leverage this feature, the "Display information about previous logons during user logon" policy setting located in the Windows Logon Options node under Windows Components also needs to be enabled. -- If you disable or do not configure this policy setting, the domain controller does not provide information about previous logons unless the "Display information about previous logons during user logon" policy setting is enabled. +- If you disable or don't configure this policy setting, the domain controller doesn't provide information about previous logons unless the "Display information about previous logons during user logon" policy setting is enabled. > [!NOTE] -> Information about previous logons is provided only if the domain functional level is Windows Server 2008. In domains with a domain functional level of Windows Server 2003, Windows 2000 native, or Windows 2000 mixed, domain controllers cannot provide information about previous logons, and enabling this policy setting does not affect anything. +> Information about previous logons is provided only if the domain functional level is Windows Server 2008. In domains with a domain functional level of Windows Server 2003, Windows 2000 native, or Windows 2000 mixed, domain controllers can't provide information about previous logons, and enabling this policy setting doesn't affect anything. @@ -190,9 +190,9 @@ For Windows Logon to leverage this feature, the "Display information about previ This policy setting defines the list of trusting forests that the Key Distribution Center (KDC) searches when attempting to resolve two-part service principal names (SPNs). -- If you enable this policy setting, the KDC will search the forests in this list if it is unable to resolve a two-part SPN in the local forest. The forest search is performed by using a global catalog or name suffix hints. If a match is found, the KDC will return a referral ticket to the client for the appropriate domain. +- If you enable this policy setting, the KDC will search the forests in this list if it's unable to resolve a two-part SPN in the local forest. The forest search is performed by using a global catalog or name suffix hints. If a match is found, the KDC will return a referral ticket to the client for the appropriate domain. -- If you disable or do not configure this policy setting, the KDC will not search the listed forests to resolve the SPN. If the KDC is unable to resolve the SPN because the name is not found, NTLM authentication might be used. +- If you disable or don't configure this policy setting, the KDC won't search the listed forests to resolve the SPN. If the KDC is unable to resolve the SPN because the name isn't found, NTLM authentication might be used. To ensure consistent behavior, this policy setting must be supported and set identically on all domain controllers in the domain. @@ -249,7 +249,7 @@ To ensure consistent behavior, this policy setting must be supported and set ide -Support for PKInit Freshness Extension requires Windows Server 2016 domain functional level (DFL). If the domain controller's domain is not at Windows Server 2016 DFL or higher this policy will not be applied. +Support for PKInit Freshness Extension requires Windows Server 2016 domain functional level (DFL). If the domain controller's domain isn't at Windows Server 2016 DFL or higher this policy won't be applied. This policy setting allows you to configure a domain controller (DC) to support the PKInit Freshness Extension. @@ -257,7 +257,7 @@ This policy setting allows you to configure a domain controller (DC) to support Supported: PKInit Freshness Extension is supported on request. Kerberos clients successfully authenticating with the PKInit Freshness Extension will get the fresh public key identity SID. -Required: PKInit Freshness Extension is required for successful authentication. Kerberos clients which do not support the PKInit Freshness Extension will always fail when using public key credentials. +Required: PKInit Freshness Extension is required for successful authentication. Kerberos clients which don't support the PKInit Freshness Extension will always fail when using public key credentials. - If you disable or not configure this policy setting, then the DC will never offer the PKInit Freshness Extension and accept valid authentication requests without checking for freshness. Users will never receive the fresh public key identity SID. @@ -320,7 +320,7 @@ This policy setting allows you to configure a domain controller to request compo - If you enable this policy setting, domain controllers will request compound authentication. The returned service ticket will contain compound authentication only when the account is explicitly configured. This policy should be applied to all domain controllers to ensure consistent application of this policy in the domain. -- If you disable or do not configure this policy setting, domain controllers will return service tickets that contain compound authentication any time the client sends a compound authentication request regardless of the account configuration. +- If you disable or don't configure this policy setting, domain controllers will return service tickets that contain compound authentication any time the client sends a compound authentication request regardless of the account configuration. @@ -377,9 +377,9 @@ This policy setting allows you to configure a domain controller to request compo This policy setting allows you to configure at what size Kerberos tickets will trigger the warning event issued during Kerberos authentication. The ticket size warnings are logged in the System log. -- If you enable this policy setting, you can set the threshold limit for Kerberos ticket which trigger the warning events. If set too high, then authentication failures might be occurring even though warning events are not being logged. If set too low, then there will be too many ticket warnings in the log to be useful for analysis. This value should be set to the same value as the Kerberos policy "Set maximum Kerberos SSPI context token buffer size" or the smallest MaxTokenSize used in your environment if you are not configuring using Group Policy. +- If you enable this policy setting, you can set the threshold limit for Kerberos ticket which trigger the warning events. If set too high, then authentication failures might be occurring even though warning events aren't being logged. If set too low, then there will be too many ticket warnings in the log to be useful for analysis. This value should be set to the same value as the Kerberos policy "Set maximum Kerberos SSPI context token buffer size" or the smallest MaxTokenSize used in your environment if you aren't configuring using Group Policy. -- If you disable or do not configure this policy setting, the threshold value defaults to 12,000 bytes, which is the default Kerberos MaxTokenSize for Windows 7, Windows Server 2008 R2 and prior versions. +- If you disable or don't configure this policy setting, the threshold value defaults to 12,000 bytes, which is the default Kerberos MaxTokenSize for Windows 7, Windows Server 2008 R2 and prior versions. diff --git a/windows/client-management/mdm/policy-csp-admx-kerberos.md b/windows/client-management/mdm/policy-csp-admx-kerberos.md index 8064ca30a9..3a2249f9ea 100644 --- a/windows/client-management/mdm/policy-csp-admx-kerberos.md +++ b/windows/client-management/mdm/policy-csp-admx-kerberos.md @@ -46,7 +46,7 @@ This policy setting controls whether a device always sends a compound authentica - If you enable this policy setting and the resource domain requests compound authentication, devices that support compound authentication always send a compound authentication request. -- If you disable or do not configure this policy setting and the resource domain requests compound authentication, devices will send a non-compounded authentication request first then a compound authentication request when the service requests compound authentication. +- If you disable or don't configure this policy setting and the resource domain requests compound authentication, devices will send a non-compounded authentication request first then a compound authentication request when the service requests compound authentication. @@ -107,12 +107,12 @@ This policy setting allows you to set support for Kerberos to attempt authentica - If you enable this policy setting, the device’s credentials will be selected based on the following options: -Automatic: Device will attempt to authenticate using its certificate. If the DC does not support computer account authentication using certificates then authentication with password will be attempted. +Automatic: Device will attempt to authenticate using its certificate. If the DC doesn't support computer account authentication using certificates then authentication with password will be attempted. -Force: Device will always authenticate using its certificate. If a DC cannot be found which support computer account authentication using certificates then authentication will fail. +Force: Device will always authenticate using its certificate. If a DC can't be found which support computer account authentication using certificates then authentication will fail. - If you disable this policy setting, certificates will never be used. -- If you do not configure this policy setting, Automatic will be used. +- If you don't configure this policy setting, Automatic will be used. @@ -173,7 +173,7 @@ This policy setting allows you to specify which DNS host names and which DNS suf - If you disable this policy setting, the host name-to-Kerberos realm mappings list defined by Group Policy is deleted. -- If you do not configure this policy setting, the system uses the host name-to-Kerberos realm mappings that are defined in the local registry, if they exist. +- If you don't configure this policy setting, the system uses the host name-to-Kerberos realm mappings that are defined in the local registry, if they exist. @@ -233,9 +233,9 @@ This policy setting allows you to disable revocation check for the SSL certifica - If you enable this policy setting, revocation check for the SSL certificate of the KDC proxy server is ignored by the Kerberos client. This policy setting should only be used in troubleshooting KDC proxy connections. > [!WARNING] -> When revocation check is ignored, the server represented by the certificate is not guaranteed valid. +> When revocation check is ignored, the server represented by the certificate isn't guaranteed valid. -- If you disable or do not configure this policy setting, the Kerberos client enforces the revocation check for the SSL certificate. The connection to the KDC proxy server is not established if the revocation check fails. +- If you disable or don't configure this policy setting, the Kerberos client enforces the revocation check for the SSL certificate. The connection to the KDC proxy server isn't established if the revocation check fails. @@ -292,9 +292,9 @@ This policy setting allows you to disable revocation check for the SSL certifica This policy setting configures the Kerberos client's mapping to KDC proxy servers for domains based on their DNS suffix names. -- If you enable this policy setting, the Kerberos client will use the KDC proxy server for a domain when a domain controller cannot be located based on the configured mappings. To map a KDC proxy server to a domain, enable the policy setting, click Show, and then map the KDC proxy server name(s) to the DNS name for the domain using the syntax described in the options pane. In the Show Contents dialog box in the Value Name column, type a DNS suffix name. In the Value column, type the list of proxy servers using the appropriate syntax format. To view the list of mappings, enable the policy setting and then click the Show button. To remove a mapping from the list, click the mapping entry to be removed, and then press the DELETE key. To edit a mapping, remove the current entry from the list and add a new one with different parameters. +- If you enable this policy setting, the Kerberos client will use the KDC proxy server for a domain when a domain controller can't be located based on the configured mappings. To map a KDC proxy server to a domain, enable the policy setting, click Show, and then map the KDC proxy server name(s) to the DNS name for the domain using the syntax described in the options pane. In the Show Contents dialog box in the Value Name column, type a DNS suffix name. In the Value column, type the list of proxy servers using the appropriate syntax format. To view the list of mappings, enable the policy setting and then click the Show button. To remove a mapping from the list, click the mapping entry to be removed, and then press the DELETE key. To edit a mapping, remove the current entry from the list and add a new one with different parameters. -- If you disable or do not configure this policy setting, the Kerberos client does not have KDC proxy servers settings defined by Group Policy. +- If you disable or don't configure this policy setting, the Kerberos client doesn't have KDC proxy servers settings defined by Group Policy. @@ -355,7 +355,7 @@ This policy setting configures the Kerberos client so that it can authenticate w - If you disable this policy setting, the interoperable Kerberos V5 realm settings defined by Group Policy are deleted. -- If you do not configure this policy setting, the system uses the interoperable Kerberos V5 realm settings that are defined in the local registry, if they exist. +- If you don't configure this policy setting, the system uses the interoperable Kerberos V5 realm settings that are defined in the local registry, if they exist. @@ -423,7 +423,7 @@ Automatic: Compound authentication is provided for this computer account when on Always: Compound authentication is always provided for this computer account. - If you disable this policy setting, Never will be used. -- If you do not configure this policy setting, Automatic will be used. +- If you don't configure this policy setting, Automatic will be used. @@ -482,7 +482,7 @@ This policy setting allows you to configure this server so that Kerberos can dec - If you enable this policy setting, only services running as LocalSystem or NetworkService are allowed to accept these connections. Services running as identities different from LocalSystem or NetworkService might fail to authenticate. -- If you disable or do not configure this policy setting, any service is allowed to accept incoming connections by using this system-generated SPN. +- If you disable or don't configure this policy setting, any service is allowed to accept incoming connections by using this system-generated SPN. diff --git a/windows/client-management/mdm/policy-csp-admx-lanmanserver.md b/windows/client-management/mdm/policy-csp-admx-lanmanserver.md index 5f36e5d7f4..33edf55abc 100644 --- a/windows/client-management/mdm/policy-csp-admx-lanmanserver.md +++ b/windows/client-management/mdm/policy-csp-admx-lanmanserver.md @@ -43,7 +43,7 @@ This policy setting determines the cipher suites used by the SMB server. If you enable this policy setting, cipher suites are prioritized in the order specified. -If you enable this policy setting and do not specify at least one supported cipher suite, or if you disable or do not configure this policy setting, the default cipher suite order is used. +If you enable this policy setting and don't specify at least one supported cipher suite, or if you disable or don't configure this policy setting, the default cipher suite order is used. SMB 3.11 cipher suites: @@ -61,7 +61,7 @@ How to modify this setting: Arrange the desired cipher suites in the edit box, one cipher suite per line, in order from most to least preferred, with the most preferred cipher suite at the top. Remove any cipher suites you don't want to use. > [!NOTE] -> When configuring this security setting, changes will not take effect until you restart Windows. +> When configuring this security setting, changes won't take effect until you restart Windows. @@ -115,15 +115,15 @@ Arrange the desired cipher suites in the edit box, one cipher suite per line, in -This policy setting specifies whether a hash generation service generates hashes, also called content information, for data that is stored in shared folders. This policy setting must be applied to server computers that have the File Services role and both the File Server and the BranchCache for Network Files role services installed. +This policy setting specifies whether a hash generation service generates hashes, also called content information, for data that's stored in shared folders. This policy setting must be applied to server computers that have the File Services role and both the File Server and the BranchCache for Network Files role services installed. Policy configuration Select one of the following: -- Not Configured. With this selection, hash publication settings are not applied to file servers. In the circumstance where file servers are domain members but you do not want to enable BranchCache on all file servers, you can specify Not Configured for this domain Group Policy setting, and then configure local machine policy to enable BranchCache on individual file servers. Because the domain Group Policy setting is not configured, it will not over-write the enabled setting that you use on individual servers where you want to enable BranchCache. +- Not Configured. With this selection, hash publication settings aren't applied to file servers. In the circumstance where file servers are domain members but you don't want to enable BranchCache on all file servers, you can specify Not Configured for this domain Group Policy setting, and then configure local machine policy to enable BranchCache on individual file servers. Because the domain Group Policy setting isn't configured, it won't over-write the enabled setting that you use on individual servers where you want to enable BranchCache. -- Enabled. With this selection, hash publication is turned on for all file servers where Group Policy is applied. For example, if Hash Publication for BranchCache is enabled in domain Group Policy, hash publication is turned on for all domain member file servers to which the policy is applied. The file servers are then able to create content information for all content that is stored in BranchCache-enabled file shares. +- Enabled. With this selection, hash publication is turned on for all file servers where Group Policy is applied. For example, if Hash Publication for BranchCache is enabled in domain Group Policy, hash publication is turned on for all domain member file servers to which the policy is applied. The file servers are then able to create content information for all content that's stored in BranchCache-enabled file shares. - Disabled. With this selection, hash publication is turned off for all file servers where Group Policy is applied. @@ -133,7 +133,7 @@ In circumstances where this policy setting is enabled, you can also select the f - Allow hash publication only for shared folders on which BranchCache is enabled. With this option, content information is generated only for shared folders on which BranchCache is enabled. If you use this setting, you must enable BranchCache for individual shares in Share and Storage Management on the file server. -- Disallow hash publication on all shared folders. With this option, BranchCache does not generate content information for any shares on the computer and does not send content information to client computers that request content. +- Disallow hash publication on all shared folders. With this option, BranchCache doesn't generate content information for any shares on the computer and doesn't send content information to client computers that request content. @@ -189,13 +189,13 @@ In circumstances where this policy setting is enabled, you can also select the f This policy setting specifies whether the BranchCache hash generation service supports version 1 (V1) hashes, version 2 (V2) hashes, or both V1 and V2 hashes. Hashes, also called content information, are created based on the data in shared folders where BranchCache is enabled. -If you specify only one version that is supported, content information for that version is the only type that is generated by BranchCache, and it is the only type of content information that can be retrieved by client computers. For example, if you enable support for V1 hashes, BranchCache generates only V1 hashes and client computers can retrieve only V1 hashes. +If you specify only one version that's supported, content information for that version is the only type that's generated by BranchCache, and it's the only type of content information that can be retrieved by client computers. For example, if you enable support for V1 hashes, BranchCache generates only V1 hashes and client computers can retrieve only V1 hashes. Policy configuration Select one of the following: -- Not Configured. With this selection, BranchCache settings are not applied to client computers by this policy setting. In this circumstance, which is the default, both V1 and V2 hash generation and retrieval are supported. +- Not Configured. With this selection, BranchCache settings aren't applied to client computers by this policy setting. In this circumstance, which is the default, both V1 and V2 hash generation and retrieval are supported. - Enabled. With this selection, the policy setting is applied and the hash version(s) that are specified in "Hash version supported" are generated and retrieved. @@ -267,10 +267,10 @@ This policy setting determines how the SMB server selects a cipher suite when ne - If you enable this policy setting, the SMB server will select the cipher suite it most prefers from the list of client-supported cipher suites, ignoring the client's preferences. -- If you disable or do not configure this policy setting, the SMB server will select the cipher suite the client most prefers from the list of server-supported cipher suites. +- If you disable or don't configure this policy setting, the SMB server will select the cipher suite the client most prefers from the list of server-supported cipher suites. > [!NOTE] -> When configuring this security setting, changes will not take effect until you restart Windows. +> When configuring this security setting, changes won't take effect until you restart Windows. diff --git a/windows/client-management/mdm/policy-csp-admx-lanmanworkstation.md b/windows/client-management/mdm/policy-csp-admx-lanmanworkstation.md index 77bf2e4301..8d1cb9b196 100644 --- a/windows/client-management/mdm/policy-csp-admx-lanmanworkstation.md +++ b/windows/client-management/mdm/policy-csp-admx-lanmanworkstation.md @@ -43,7 +43,7 @@ This policy setting determines the cipher suites used by the SMB client. If you enable this policy setting, cipher suites are prioritized in the order specified. -If you enable this policy setting and do not specify at least one supported cipher suite, or if you disable or do not configure this policy setting, the default cipher suite order is used. +If you enable this policy setting and don't specify at least one supported cipher suite, or if you disable or don't configure this policy setting, the default cipher suite order is used. SMB 3.11 cipher suites: @@ -61,7 +61,7 @@ How to modify this setting: Arrange the desired cipher suites in the edit box, one cipher suite per line, in order from most to least preferred, with the most preferred cipher suite at the top. Remove any cipher suites you don't want to use. > [!NOTE] -> When configuring this security setting, changes will not take effect until you restart Windows. +> When configuring this security setting, changes won't take effect until you restart Windows. @@ -120,10 +120,10 @@ This policy setting determines the behavior of SMB handle caching for clients co - If you enable this policy setting, the SMB client will allow cached handles to files on CA shares. This may lead to better performance when repeatedly accessing a large number of unstructured data files on CA shares running in Microsoft Azure Files. -- If you disable or do not configure this policy setting, Windows will prevent use of cached handles to files opened through CA shares. +- If you disable or don't configure this policy setting, Windows will prevent use of cached handles to files opened through CA shares. > [!NOTE] -> This policy has no effect when connecting Scale-out File Server shares provided by a Windows Server. Microsoft does not recommend enabling this policy for clients that routinely connect to files hosted on a Windows Failover Cluster with the File Server for General Use role, as it can lead to adverse failover times and increased memory and CPU usage. +> This policy has no effect when connecting Scale-out File Server shares provided by a Windows Server. Microsoft doesn't recommend enabling this policy for clients that routinely connect to files hosted on a Windows Failover Cluster with the File Server for General Use role, as it can lead to adverse failover times and increased memory and CPU usage. @@ -182,10 +182,10 @@ This policy setting determines the behavior of Offline Files on clients connecti - If you enable this policy setting, the "Always Available offline" option will appear in the File Explorer menu on a Windows computer when connecting to a CA-enabled share. Pinning of files on CA-enabled shares using client-side caching will also be possible. -- If you disable or do not configure this policy setting, Windows will prevent use of Offline Files with CA-enabled shares. +- If you disable or don't configure this policy setting, Windows will prevent use of Offline Files with CA-enabled shares. > [!NOTE] -> Microsoft does not recommend enabling this group policy. Use of CA with Offline Files will lead to very long transition times between the online and offline states. +> Microsoft doesn't recommend enabling this group policy. Use of CA with Offline Files will lead to very long transition times between the online and offline states. diff --git a/windows/client-management/mdm/policy-csp-admx-leakdiagnostic.md b/windows/client-management/mdm/policy-csp-admx-leakdiagnostic.md index bac5ee83d9..f7be07c69a 100644 --- a/windows/client-management/mdm/policy-csp-admx-leakdiagnostic.md +++ b/windows/client-management/mdm/policy-csp-admx-leakdiagnostic.md @@ -41,14 +41,14 @@ ms.topic: reference This policy setting determines whether Diagnostic Policy Service (DPS) diagnoses memory leak problems. -- If you enable or do not configure this policy setting, the DPS enables Windows Memory Leak Diagnosis by default. +- If you enable or don't configure this policy setting, the DPS enables Windows Memory Leak Diagnosis by default. -- If you disable this policy setting, the DPS is not able to diagnose memory leak problems. +- If you disable this policy setting, the DPS isn't able to diagnose memory leak problems. This policy setting takes effect only under the following conditions: - - If the diagnostics-wide scenario execution policy is not configured. - - When the Diagnostic Policy Service is in the running state. When the service is stopped or disabled, diagnostic scenarios are not executed. + - If the diagnostics-wide scenario execution policy isn't configured. + - When the Diagnostic Policy Service is in the running state. When the service is stopped or disabled, diagnostic scenarios aren't executed. > [!NOTE] > The DPS can be configured with the Services snap-in to the Microsoft Management Console. diff --git a/windows/client-management/mdm/policy-csp-admx-linklayertopologydiscovery.md b/windows/client-management/mdm/policy-csp-admx-linklayertopologydiscovery.md index e9d07bfeca..e2a7738d53 100644 --- a/windows/client-management/mdm/policy-csp-admx-linklayertopologydiscovery.md +++ b/windows/client-management/mdm/policy-csp-admx-linklayertopologydiscovery.md @@ -45,7 +45,7 @@ LLTDIO allows a computer to discover the topology of a network it's connected to - If you enable this policy setting, additional options are available to fine-tune your selection. You may choose the "Allow operation while in domain" option to allow LLTDIO to operate on a network interface that's connected to a managed network. On the other hand, if a network interface is connected to an unmanaged network, you may choose the "Allow operation while in public network" and "Prohibit operation while in private network" options instead. -- If you disable or do not configure this policy setting, the default behavior of LLTDIO will apply. +- If you disable or don't configure this policy setting, the default behavior of LLTDIO will apply. @@ -106,7 +106,7 @@ The Responder allows a computer to participate in Link Layer Topology Discovery - If you enable this policy setting, additional options are available to fine-tune your selection. You may choose the "Allow operation while in domain" option to allow the Responder to operate on a network interface that's connected to a managed network. On the other hand, if a network interface is connected to an unmanaged network, you may choose the "Allow operation while in public network" and "Prohibit operation while in private network" options instead. -- If you disable or do not configure this policy setting, the default behavior for the Responder will apply. +- If you disable or don't configure this policy setting, the default behavior for the Responder will apply. diff --git a/windows/client-management/mdm/policy-csp-admx-locationprovideradm.md b/windows/client-management/mdm/policy-csp-admx-locationprovideradm.md index 6d99e67a98..de0cfbc611 100644 --- a/windows/client-management/mdm/policy-csp-admx-locationprovideradm.md +++ b/windows/client-management/mdm/policy-csp-admx-locationprovideradm.md @@ -43,9 +43,9 @@ ms.topic: reference This policy setting turns off the Windows Location Provider feature for this computer. -- If you enable this policy setting, the Windows Location Provider feature will be turned off, and all programs on this computer will not be able to use the Windows Location Provider feature. +- If you enable this policy setting, the Windows Location Provider feature will be turned off, and all programs on this computer won't be able to use the Windows Location Provider feature. -- If you disable or do not configure this policy setting, all programs on this computer can use the Windows Location Provider feature. +- If you disable or don't configure this policy setting, all programs on this computer can use the Windows Location Provider feature. diff --git a/windows/client-management/mdm/policy-csp-admx-logon.md b/windows/client-management/mdm/policy-csp-admx-logon.md index 0b651742b0..17891ec45a 100644 --- a/windows/client-management/mdm/policy-csp-admx-logon.md +++ b/windows/client-management/mdm/policy-csp-admx-logon.md @@ -41,9 +41,9 @@ ms.topic: reference This policy prevents the user from showing account details (email address or user name) on the sign-in screen. -- If you enable this policy setting, the user cannot choose to show account details on the sign-in screen. +- If you enable this policy setting, the user can't choose to show account details on the sign-in screen. -- If you disable or do not configure this policy setting, the user may choose to show account details on the sign-in screen. +- If you disable or don't configure this policy setting, the user may choose to show account details on the sign-in screen. @@ -101,7 +101,7 @@ This policy prevents the user from showing account details (email address or use This policy setting disables the acrylic blur effect on logon background image. - If you enable this policy, the logon background image shows without blur. -- If you disable or do not configure this policy, the logon background image adopts the acrylic blur effect. +- If you disable or don't configure this policy, the logon background image adopts the acrylic blur effect. @@ -162,7 +162,7 @@ You can create a customized list of additional programs and documents that the s - If you enable this policy setting, the system ignores the run list for Windows Vista, Windows XP Professional, and Windows 2000 Professional. -- If you disable or do not configure this policy setting, Windows Vista adds any customized run list configured to its run list. +- If you disable or don't configure this policy setting, Windows Vista adds any customized run list configured to its run list. This policy setting appears in the Computer Configuration and User Configuration folders. If both policy settings are configured, the policy setting in Computer Configuration takes precedence over the policy setting in User Configuration. @@ -230,7 +230,7 @@ You can create a customized list of additional programs and documents that the s - If you enable this policy setting, the system ignores the run list for Windows Vista, Windows XP Professional, and Windows 2000 Professional. -- If you disable or do not configure this policy setting, Windows Vista adds any customized run list configured to its run list. +- If you disable or don't configure this policy setting, Windows Vista adds any customized run list configured to its run list. This policy setting appears in the Computer Configuration and User Configuration folders. If both policy settings are configured, the policy setting in Computer Configuration takes precedence over the policy setting in User Configuration. @@ -298,7 +298,7 @@ You can create a customized list of additional programs and documents that are s - If you enable this policy setting, the system ignores the run-once list. -- If you disable or do not configure this policy setting, the system runs the programs in the run-once list. +- If you disable or don't configure this policy setting, the system runs the programs in the run-once list. This policy setting appears in the Computer Configuration and User Configuration folders. If both policy settings are configured, the policy setting in Computer Configuration takes precedence over the policy setting in User Configuration. @@ -366,7 +366,7 @@ You can create a customized list of additional programs and documents that are s - If you enable this policy setting, the system ignores the run-once list. -- If you disable or do not configure this policy setting, the system runs the programs in the run-once list. +- If you disable or don't configure this policy setting, the system runs the programs in the run-once list. This policy setting appears in the Computer Configuration and User Configuration folders. If both policy settings are configured, the policy setting in Computer Configuration takes precedence over the policy setting in User Configuration. @@ -430,9 +430,9 @@ Also, see the "Do not process the legacy run list" policy setting. This policy setting suppresses system status messages. -- If you enable this setting, the system does not display a message reminding users to wait while their system starts or shuts down, or while users log on or off. +- If you enable this setting, the system doesn't display a message reminding users to wait while their system starts or shuts down, or while users log on or off. -- If you disable or do not configure this policy setting, the system displays the message reminding users to wait while their system starts or shuts down, or while users log on or off. +- If you disable or don't configure this policy setting, the system displays the message reminding users to wait while their system starts or shuts down, or while users log on or off. @@ -489,9 +489,9 @@ This policy setting suppresses system status messages. This policy setting prevents connected users from being enumerated on domain-joined computers. -- If you enable this policy setting, the Logon UI will not enumerate any connected users on domain-joined computers. +- If you enable this policy setting, the Logon UI won't enumerate any connected users on domain-joined computers. -- If you disable or do not configure this policy setting, connected users will be enumerated on domain-joined computers. +- If you disable or don't configure this policy setting, connected users will be enumerated on domain-joined computers. @@ -546,15 +546,15 @@ This policy setting prevents connected users from being enumerated on domain-joi -This policy setting hides the welcome screen that is displayed on Windows 2000 Professional each time the user logs on. +This policy setting hides the welcome screen that's displayed on Windows 2000 Professional each time the user logs on. - If you enable this policy setting, the welcome screen is hidden from the user logging on to a computer where this policy is applied. Users can still display the welcome screen by selecting it on the Start menu or by typing "Welcome" in the Run dialog box. -- If you disable or do not configure this policy, the welcome screen is displayed each time a user logs on to the computer. +- If you disable or don't configure this policy, the welcome screen is displayed each time a user logs on to the computer. -This setting applies only to Windows 2000 Professional. It does not affect the "Configure Your Server on a Windows 2000 Server" screen on Windows 2000 Server. +This setting applies only to Windows 2000 Professional. It doesn't affect the "Configure Your Server on a Windows 2000 Server" screen on Windows 2000 Server. > [!NOTE] > This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration. @@ -615,15 +615,15 @@ This setting applies only to Windows 2000 Professional. It does not affect the " -This policy setting hides the welcome screen that is displayed on Windows 2000 Professional each time the user logs on. +This policy setting hides the welcome screen that's displayed on Windows 2000 Professional each time the user logs on. - If you enable this policy setting, the welcome screen is hidden from the user logging on to a computer where this policy is applied. Users can still display the welcome screen by selecting it on the Start menu or by typing "Welcome" in the Run dialog box. -- If you disable or do not configure this policy, the welcome screen is displayed each time a user logs on to the computer. +- If you disable or don't configure this policy, the welcome screen is displayed each time a user logs on to the computer. -This setting applies only to Windows 2000 Professional. It does not affect the "Configure Your Server on a Windows 2000 Server" screen on Windows 2000 Server. +This setting applies only to Windows 2000 Professional. It doesn't affect the "Configure Your Server on a Windows 2000 Server" screen on Windows 2000 Server. > [!NOTE] > This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration. @@ -690,7 +690,7 @@ This policy setting specifies additional programs or documents that Windows star To specify values for this policy setting, click Show. In the Show Contents dialog box in the Value column, type the name of the executable program (.exe) file or document file. To specify another name, press ENTER, and type the name. Unless the file is located in the %Systemroot% directory, you must specify the fully qualified path to the file. -- If you disable or do not configure this policy setting, the user will have to start the appropriate programs after logon. +- If you disable or don't configure this policy setting, the user will have to start the appropriate programs after logon. > [!NOTE] > This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the system starts the programs specified in the Computer Configuration setting just before it starts the programs specified in the User Configuration setting. @@ -755,7 +755,7 @@ This policy setting specifies additional programs or documents that Windows star To specify values for this policy setting, click Show. In the Show Contents dialog box in the Value column, type the name of the executable program (.exe) file or document file. To specify another name, press ENTER, and type the name. Unless the file is located in the %Systemroot% directory, you must specify the fully qualified path to the file. -- If you disable or do not configure this policy setting, the user will have to start the appropriate programs after logon. +- If you disable or don't configure this policy setting, the user will have to start the appropriate programs after logon. > [!NOTE] > This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the system starts the programs specified in the Computer Configuration setting just before it starts the programs specified in the User Configuration setting. @@ -814,11 +814,11 @@ Also, see the "Do not process the legacy run list" and the "Do not process the r -This policy setting determines whether Group Policy processing is synchronous (that is, whether computers wait for the network to be fully initialized during computer startup and user logon). By default, on client computers, Group Policy processing is not synchronous; client computers typically do not wait for the network to be fully initialized at startup and logon. Existing users are logged on using cached credentials, which results in shorter logon times. Group Policy is applied in the background after the network becomes available. +This policy setting determines whether Group Policy processing is synchronous (that is, whether computers wait for the network to be fully initialized during computer startup and user logon). By default, on client computers, Group Policy processing isn't synchronous; client computers typically don't wait for the network to be fully initialized at startup and logon. Existing users are logged-on using cached credentials, which results in shorter logon times. Group Policy is applied in the background after the network becomes available. Note that because this is a background refresh, extensions such as Software Installation and Folder Redirection take two logons to apply changes. To be able to operate safely, these extensions require that no users be logged on. Therefore, they must be processed in the foreground before users are actively using the computer. In addition, changes that are made to the user object, such as adding a roaming profile path, home directory, or user object logon script, may take up to two logons to be detected. -If a user with a roaming profile, home directory, or user object logon script logs on to a computer, computers always wait for the network to be initialized before logging the user on. If a user has never logged on to this computer before, computers always wait for the network to be initialized. +If a user with a roaming profile, home directory, or user object logon script logs on to a computer, computers always wait for the network to be initialized before logging the user on. If a user has never logged-on to this computer before, computers always wait for the network to be initialized. - If you enable this policy setting, computers wait for the network to be fully initialized before users are logged on. Group Policy is applied in the foreground, synchronously. @@ -829,9 +829,9 @@ If the server is configured as follows, this policy setting takes effect during - The server is configured as a terminal server (that is, the Terminal Server role service is installed and configured on the server); and - The "Allow asynchronous user Group Policy processing when logging on through Terminal Services" policy setting is enabled. This policy setting is located under Computer Configuration\Policies\Administrative templates\System\Group Policy\. -If this configuration is not implemented on the server, this policy setting is ignored. In this case, Group Policy processing at user logon is synchronous (these servers wait for the network to be initialized during user logon). +If this configuration isn't implemented on the server, this policy setting is ignored. In this case, Group Policy processing at user logon is synchronous (these servers wait for the network to be initialized during user logon). -- If you disable or do not configure this policy setting and users log on to a client computer or a server running Windows Server 2008 or later and that is configured as described earlier, the computer typically does not wait for the network to be fully initialized. In this case, users are logged on with cached credentials. Group Policy is applied asynchronously in the background. +- If you disable or don't configure this policy setting and users log on to a client computer or a server running Windows Server 2008 or later and that's configured as described earlier, the computer typically doesn't wait for the network to be fully initialized. In this case, users are logged-on with cached credentials. Group Policy is applied asynchronously in the background. Note -If you want to guarantee the application of Folder Redirection, Software Installation, or roaming user profile settings in just one logon, enable this policy setting to ensure that Windows waits for the network to be available before applying policy. @@ -896,7 +896,7 @@ This policy setting may be used to make Windows give preference to a custom logo - If you enable this policy setting, the logon screen always attempts to load a custom background instead of the Windows-branded logon background. -- If you disable or do not configure this policy setting, Windows uses the default Windows logon background or custom background. +- If you disable or don't configure this policy setting, Windows uses the default Windows logon background or custom background. @@ -957,7 +957,7 @@ This policy setting is designed for advanced users who require this information. - If you enable this policy setting, the system displays status messages that reflect each step in the process of starting, shutting down, logging on, or logging off the system. -- If you disable or do not configure this policy setting, only the default status messages are displayed to the user during these processes. +- If you disable or don't configure this policy setting, only the default status messages are displayed to the user during these processes. > [!NOTE] > This policy setting is ignored if the "Remove Boot/Shutdown/Logon/Logoff status messages" policy setting is enabled. diff --git a/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md b/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md index a6779046e7..1684e792d2 100644 --- a/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md +++ b/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md @@ -41,7 +41,7 @@ ms.topic: reference This policy setting controls the load priority for the antimalware service. Increasing the load priority will allow for faster service startup, but may impact performance. -- If you enable or do not configure this setting, the antimalware service will load as a normal priority task. +- If you enable or don't configure this setting, the antimalware service will load as a normal priority task. - If you disable this setting, the antimalware service will load as a low priority task. @@ -100,13 +100,13 @@ This policy setting controls the load priority for the antimalware service. Incr This policy setting turns off Microsoft Defender Antivirus. -- If you enable this policy setting, Microsoft Defender Antivirus does not run, and will not scan computers for malware or other potentially unwanted software. +- If you enable this policy setting, Microsoft Defender Antivirus doesn't run, and won't scan computers for malware or other potentially unwanted software. - If you disable this policy setting, Microsoft Defender Antivirus will run regardless of any other installed antivirus product. -- If you do not configure this policy setting, Windows will internally manage Microsoft Defender Antivirus. If you install another antivirus program, Windows automatically disables Microsoft Defender Antivirus. Otherwise, Microsoft Defender Antivirus will scan your computers for malware and other potentially unwanted software. +- If you don't configure this policy setting, Windows will internally manage Microsoft Defender Antivirus. If you install another antivirus program, Windows automatically disables Microsoft Defender Antivirus. Otherwise, Microsoft Defender Antivirus will scan your computers for malware and other potentially unwanted software. -Enabling or disabling this policy may lead to unexpected or unsupported behavior. It is recommended that you leave this policy setting unconfigured. +Enabling or disabling this policy may lead to unexpected or unsupported behavior. It's recommended that you leave this policy setting unconfigured. @@ -169,7 +169,7 @@ Disabled (Default): Microsoft Defender will exclude pre-defined list of paths from the scan to improve performance. Enabled: -Microsoft Defender will not exclude pre-defined list of paths from scans. This can impact machine performance in some scenarios. +Microsoft Defender won't exclude pre-defined list of paths from scans. This can impact machine performance in some scenarios. Not configured: Same as Disabled. @@ -227,15 +227,15 @@ Same as Disabled. -This feature ensures the device checks in real time with the Microsoft Active Protection Service (MAPS) before allowing certain content to be run or accessed. If this feature is disabled, the check will not occur, which will lower the protection state of the device. +This feature ensures the device checks in real time with the Microsoft Active Protection Service (MAPS) before allowing certain content to be run or accessed. If this feature is disabled, the check won't occur, which will lower the protection state of the device. Enabled - The Block at First Sight setting is turned on. Disabled - The Block at First Sight setting is turned off. This feature requires these Group Policy settings to be set as follows: -MAPS -> The "Join Microsoft MAPS" must be enabled or the "Block at First Sight" feature will not function. -MAPS -> The "Send file samples when further analysis is required" should be set to 1 (Send safe samples) or 3 (Send all samples). Setting to 0 (Always Prompt) will lower the protection state of the device. Setting to 2 (Never send) means the "Block at First Sight" feature will not function. -Real-time Protection -> The "Scan all downloaded files and attachments" policy must be enabled or the "Block at First Sight" feature will not function. -Real-time Protection -> Do not enable the "Turn off real-time protection" policy or the "Block at First Sight" feature will not function. +MAPS -> The "Join Microsoft MAPS" must be enabled or the "Block at First Sight" feature won't function. +MAPS -> The "Send file samples when further analysis is required" should be set to 1 (Send safe samples) or 3 (Send all samples). Setting to 0 (Always Prompt) will lower the protection state of the device. Setting to 2 (Never send) means the "Block at First Sight" feature won't function. +Real-time Protection -> The "Scan all downloaded files and attachments" policy must be enabled or the "Block at First Sight" feature won't function. +Real-time Protection -> Don't enable the "Turn off real-time protection" policy or the "Block at First Sight" feature won't function. @@ -294,7 +294,7 @@ Real-time Protection -> Do not enable the "Turn off real-time protection" policy This policy setting controls whether or not complex list settings configured by a local administrator are merged with Group Policy settings. This setting applies to lists such as threats and Exclusions. -- If you disable or do not configure this setting, unique items defined in Group Policy and in preference settings configured by the local administrator will be merged into the resulting effective policy. In the case of conflicts, Group policy Settings will override preference settings. +- If you disable or don't configure this setting, unique items defined in Group Policy and in preference settings configured by the local administrator will be merged into the resulting effective policy. In the case of conflicts, Group policy Settings will override preference settings. - If you enable this setting, only items defined by Group Policy will be used in the resulting effective policy. Group Policy settings will override preference settings configured by the local administrator. @@ -357,7 +357,7 @@ Real-time protection consists of always-on scanning with file and process behavi - If you enable this policy setting, real-time protection is turned off. -- If you either disable or do not configure this policy setting, real-time protection is turned on. +- If you either disable or don't configure this policy setting, real-time protection is turned on. @@ -416,9 +416,9 @@ Real-time protection consists of always-on scanning with file and process behavi This policy setting allows you to configure whether Microsoft Defender Antivirus automatically takes action on all detected threats. The action to be taken on a particular threat is determined by the combination of the policy-defined action, user-defined action, and the signature-defined action. -- If you enable this policy setting, Microsoft Defender Antivirus does not automatically take action on the detected threats, but prompts users to choose from the actions available for each threat. +- If you enable this policy setting, Microsoft Defender Antivirus doesn't automatically take action on the detected threats, but prompts users to choose from the actions available for each threat. -- If you disable or do not configure this policy setting, Microsoft Defender Antivirus automatically takes action on all detected threats after a nonconfigurable delay of approximately five seconds. +- If you disable or don't configure this policy setting, Microsoft Defender Antivirus automatically takes action on all detected threats after a nonconfigurable delay of approximately five seconds. @@ -475,7 +475,7 @@ This policy setting allows you to configure whether Microsoft Defender Antivirus -This policy setting allows you specify a list of file types that should be excluded from scheduled, custom, and real-time scanning. File types should be added under the Options for this setting. Each entry must be listed as a name value pair, where the name should be a string representation of the file type extension (such as "obj" or "lib"). The value is not used and it is recommended that this be set to 0. +This policy setting allows you specify a list of file types that should be excluded from scheduled, custom, and real-time scanning. File types should be added under the Options for this setting. Each entry must be listed as a name value pair, where the name should be a string representation of the file type extension (such as "obj" or "lib"). The value isn't used and it's recommended that this be set to 0. @@ -532,7 +532,7 @@ This policy setting allows you specify a list of file types that should be exclu -This policy setting allows you to disable scheduled and real-time scanning for files under the paths specified or for the fully qualified resources specified. Paths should be added under the Options for this setting. Each entry must be listed as a name value pair, where the name should be a string representation of a path or a fully qualified resource name. As an example, a path might be defined as: "c:\Windows" to exclude all files in this directory. A fully qualified resource name might be defined as: "C:\Windows\App.exe". The value is not used and it is recommended that this be set to 0. +This policy setting allows you to disable scheduled and real-time scanning for files under the paths specified or for the fully qualified resources specified. Paths should be added under the Options for this setting. Each entry must be listed as a name value pair, where the name should be a string representation of a path or a fully qualified resource name. As an example, a path might be defined as: "c:\Windows" to exclude all files in this directory. A fully qualified resource name might be defined as: "C:\Windows\App.exe". The value isn't used and it's recommended that this be set to 0. @@ -589,7 +589,7 @@ This policy setting allows you to disable scheduled and real-time scanning for f -This policy setting allows you to disable real-time scanning for any file opened by any of the specified processes. This policy does not apply to scheduled scans. The process itself will not be excluded. To exclude the process, use the Path exclusion. Processes should be added under the Options for this setting. Each entry must be listed as a name value pair, where the name should be a string representation of the path to the process image. Note that only executables can be excluded. For example, a process might be defined as: "c:\windows\app.exe". The value is not used and it is recommended that this be set to 0. +This policy setting allows you to disable real-time scanning for any file opened by any of the specified processes. This policy doesn't apply to scheduled scans. The process itself won't be excluded. To exclude the process, use the Path exclusion. Processes should be added under the Options for this setting. Each entry must be listed as a name value pair, where the name should be a string representation of the path to the process image. Note that only executables can be excluded. For example, a process might be defined as: "c:\windows\app.exe". The value isn't used and it's recommended that this be set to 0. @@ -721,8 +721,8 @@ Set the state for each Attack Surface Reduction (ASR) rule. After enabling this setting, you can set each rule to the following in the Options section: - Block: the rule will be applied - - Audit Mode: if the rule would normally cause an event, then it will be recorded (although the rule will not actually be applied) - - Off: the rule will not be applied + - Audit Mode: if the rule would normally cause an event, then it will be recorded (although the rule won't actually be applied) + - Off: the rule won't be applied - Not Configured: the rule is enabled with default values - Warn: the rule will be applied and the end-user will have the option to bypass the block @@ -886,7 +886,7 @@ Default system folders are automatically guarded, but you can add folders in the Specify additional folders that should be guarded by the Controlled folder access feature. -Files in these folders cannot be modified or deleted by untrusted applications. +Files in these folders can't be modified or deleted by untrusted applications. Default system folders are automatically protected. You can configure this setting to add additional folders. The list of default system folders that are protected is shown in Windows Security. @@ -963,7 +963,7 @@ Enabled: When this feature is enabled Microsoft Defender will compute hash value for files it scans. Disabled: -File hash value is not computed +File hash value isn't computed Not configured: Same as Disabled. @@ -1021,9 +1021,9 @@ Same as Disabled. -This policy setting allows you to configure definition retirement for network protection against exploits of known vulnerabilities. Definition retirement checks to see if a computer has the required security updates necessary to protect it against a particular vulnerability. If the system is not vulnerable to the exploit detected by a definition, then that definition is "retired". If all security intelligence for a given protocal are retired then that protocol is no longer parsed. Enabling this feature helps to improve performance. On a computer that is up-to-date with all the latest security updates, network protection will have no impact on network performance. +This policy setting allows you to configure definition retirement for network protection against exploits of known vulnerabilities. Definition retirement checks to see if a computer has the required security updates necessary to protect it against a particular vulnerability. If the system isn't vulnerable to the exploit detected by a definition, then that definition is "retired". If all security intelligence for a given protocal are retired then that protocol is no longer parsed. Enabling this feature helps to improve performance. On a computer that's up-to-date with all the latest security updates, network protection will have no impact on network performance. -- If you enable or do not configure this setting, definition retirement will be enabled. +- If you enable or don't configure this setting, definition retirement will be enabled. - If you disable this setting, definition retirement will be disabled. @@ -1080,7 +1080,7 @@ This policy setting allows you to configure definition retirement for network pr -This policy setting defines additional definition sets to enable for network traffic inspection. Definition set GUIDs should be added under the Options for this setting. Each entry must be listed as a name value pair, where the name should be a string representation of a definition set GUID. As an example, the definition set GUID to enable test security intelligence is defined as: "{b54b6ac9-a737-498e-9120-6616ad3bf590}". The value is not used and it is recommended that this be set to 0. +This policy setting defines additional definition sets to enable for network traffic inspection. Definition set GUIDs should be added under the Options for this setting. Each entry must be listed as a name value pair, where the name should be a string representation of a definition set GUID. As an example, the definition set GUID to enable test security intelligence is defined as: "{b54b6ac9-a737-498e-9120-6616ad3bf590}". The value isn't used and it's recommended that this be set to 0. @@ -1137,7 +1137,7 @@ This policy setting defines additional definition sets to enable for network tra This policy setting allows you to configure protocol recognition for network protection against exploits of known vulnerabilities. -- If you enable or do not configure this setting, protocol recognition will be enabled. +- If you enable or don't configure this setting, protocol recognition will be enabled. - If you disable this setting, protocol recognition will be disabled. @@ -1198,7 +1198,7 @@ This policy, if defined, will prevent antimalware from using the configured prox - If you enable this setting, the proxy server will be bypassed for the specified addresses. -- If you disable or do not configure this setting, the proxy server will not be bypassed for the specified addresses. +- If you disable or don't configure this setting, the proxy server won't be bypassed for the specified addresses. @@ -1264,7 +1264,7 @@ This policy setting defines the URL of a proxy .pac file that should be used whe - If you enable this setting, the proxy setting will be set to use the specified proxy .pac according to the order specified above. -- If you disable or do not configure this setting, the proxy will skip over this fallback step according to the order specified above. +- If you disable or don't configure this setting, the proxy will skip over this fallback step according to the order specified above. @@ -1330,7 +1330,7 @@ This policy setting allows you to configure the named proxy that should be used - If you enable this setting, the proxy will be set to the specified URL according to the order specified above. The URL should be proceeded with either https:// or https://. -- If you disable or do not configure this setting, the proxy will skip over this fallback step according to the order specified above. +- If you disable or don't configure this setting, the proxy will skip over this fallback step according to the order specified above. @@ -1388,7 +1388,7 @@ This policy setting configures a local override for the configuration of the num - If you enable this setting, the local preference setting will take priority over Group Policy. -- If you disable or do not configure this setting, Group Policy will take priority over the local preference setting. +- If you disable or don't configure this setting, Group Policy will take priority over the local preference setting. @@ -1447,7 +1447,7 @@ This policy setting defines the number of days items should be kept in the Quara - If you enable this setting, items will be removed from the Quarantine folder after the number of days specified. -- If you disable or do not configure this setting, items will be kept in the quarantine folder indefinitely and will not be automatically removed. +- If you disable or don't configure this setting, items will be kept in the quarantine folder indefinitely and won't be automatically removed. @@ -1504,7 +1504,7 @@ This policy setting defines the number of days items should be kept in the Quara This policy setting allows you to configure the scheduled scan, and the scheduled security intelligence update, start time window in hours. -- If you disable or do not configure this setting, scheduled tasks will begin at a random time within 4 hours after the time specified in Task Scheduler. +- If you disable or don't configure this setting, scheduled tasks will begin at a random time within 4 hours after the time specified in Task Scheduler. - If you enable this setting, you can widen, or narrow, this randomization period. Specify a randomization window of between 1 and 23 hours. @@ -1563,7 +1563,7 @@ This policy setting allows you to configure the scheduled scan, and the schedule This policy setting allows you to configure behavior monitoring. -- If you enable or do not configure this setting, behavior monitoring will be enabled. +- If you enable or don't configure this setting, behavior monitoring will be enabled. - If you disable this setting, behavior monitoring will be disabled. @@ -1624,7 +1624,7 @@ This policy setting allows you to configure behavior monitoring. This policy setting allows you to configure scanning for all downloaded files and attachments. -- If you enable or do not configure this setting, scanning for all downloaded files and attachments will be enabled. +- If you enable or don't configure this setting, scanning for all downloaded files and attachments will be enabled. - If you disable this setting, scanning for all downloaded files and attachments will be disabled. @@ -1685,7 +1685,7 @@ This policy setting allows you to configure scanning for all downloaded files an This policy setting allows you to configure monitoring for file and program activity. -- If you enable or do not configure this setting, monitoring for file and program activity will be enabled. +- If you enable or don't configure this setting, monitoring for file and program activity will be enabled. - If you disable this setting, monitoring for file and program activity will be disabled. @@ -1746,7 +1746,7 @@ This policy setting allows you to configure monitoring for file and program acti This policy setting controls whether raw volume write notifications are sent to behavior monitoring. -- If you enable or do not configure this setting, raw write notifications will be enabled. +- If you enable or don't configure this setting, raw write notifications will be enabled. - If you disable this setting, raw write notifications be disabled. @@ -1805,9 +1805,9 @@ This policy setting controls whether raw volume write notifications are sent to This policy setting allows you to configure process scanning when real-time protection is turned on. This helps to catch malware which could start when real-time protection is turned off. -- If you enable or do not configure this setting, a process scan will be initiated when real-time protection is turned on. +- If you enable or don't configure this setting, a process scan will be initiated when real-time protection is turned on. -- If you disable this setting, a process scan will not be initiated when real-time protection is turned on. +- If you disable this setting, a process scan won't be initiated when real-time protection is turned on. @@ -1868,7 +1868,7 @@ This policy setting defines the maximum size (in kilobytes) of downloaded files - If you enable this setting, downloaded files and attachments smaller than the size specified will be scanned. -- If you disable or do not configure this setting, a default size will be applied. +- If you disable or don't configure this setting, a default size will be applied. @@ -1927,7 +1927,7 @@ This policy setting configures a local override for the configuration of behavio - If you enable this setting, the local preference setting will take priority over Group Policy. -- If you disable or do not configure this setting, Group Policy will take priority over the local preference setting. +- If you disable or don't configure this setting, Group Policy will take priority over the local preference setting. @@ -1986,7 +1986,7 @@ This policy setting configures a local override for the configuration of scannin - If you enable this setting, the local preference setting will take priority over Group Policy. -- If you disable or do not configure this setting, Group Policy will take priority over the local preference setting. +- If you disable or don't configure this setting, Group Policy will take priority over the local preference setting. @@ -2045,7 +2045,7 @@ This policy setting configures a local override for the configuration of monitor - If you enable this setting, the local preference setting will take priority over Group Policy. -- If you disable or do not configure this setting, Group Policy will take priority over the local preference setting. +- If you disable or don't configure this setting, Group Policy will take priority over the local preference setting. @@ -2104,7 +2104,7 @@ This policy setting configures a local override for the configuration to turn on - If you enable this setting, the local preference setting will take priority over Group Policy. -- If you disable or do not configure this setting, Group Policy will take priority over the local preference setting. +- If you disable or don't configure this setting, Group Policy will take priority over the local preference setting. @@ -2163,7 +2163,7 @@ This policy setting configures a local override for the configuration of monitor - If you enable this setting, the local preference setting will take priority over Group Policy. -- If you disable or do not configure this setting, Group Policy will take priority over the local preference setting. +- If you disable or don't configure this setting, Group Policy will take priority over the local preference setting. @@ -2222,7 +2222,7 @@ This policy setting configures a local override for the configuration of the tim - If you enable this setting, the local preference setting will take priority over Group Policy. -- If you disable or do not configure this setting, Group Policy will take priority over the local preference setting. +- If you disable or don't configure this setting, Group Policy will take priority over the local preference setting. @@ -2292,7 +2292,7 @@ This setting can be configured with the following ordinal number values: - If you enable this setting, a scheduled full scan to complete remediation will run at the frequency specified. -- If you disable or do not configure this setting, a scheduled full scan to complete remediation will run at a default frequency. +- If you disable or don't configure this setting, a scheduled full scan to complete remediation will run at a default frequency. @@ -2351,7 +2351,7 @@ This policy setting allows you to specify the time of day at which to perform a - If you enable this setting, a scheduled full scan to complete remediation will run at the time of day specified. -- If you disable or do not configure this setting, a scheduled full scan to complete remediation will run at a default time. +- If you disable or don't configure this setting, a scheduled full scan to complete remediation will run at a default time. @@ -2518,9 +2518,9 @@ This policy setting configures the time in minutes before a detection in the "cr Use this policy setting to specify if you want Microsoft Defender Antivirus enhanced notifications to display on clients. -- If you disable or do not configure this setting, Microsoft Defender Antivirus enhanced notifications will display on clients. +- If you disable or don't configure this setting, Microsoft Defender Antivirus enhanced notifications will display on clients. -- If you enable this setting, Microsoft Defender Antivirus enhanced notifications will not display on clients. +- If you enable this setting, Microsoft Defender Antivirus enhanced notifications won't display on clients. @@ -2579,9 +2579,9 @@ Use this policy setting to specify if you want Microsoft Defender Antivirus enha This policy setting allows you to configure whether or not Watson events are sent. -- If you enable or do not configure this setting, Watson events will be sent. +- If you enable or don't configure this setting, Watson events will be sent. -- If you disable this setting, Watson events will not be sent. +- If you disable this setting, Watson events won't be sent. @@ -2863,9 +2863,9 @@ Tracing levels are defined as: This policy setting allows you to manage whether or not end users can pause a scan in progress. -- If you enable or do not configure this setting, a new context menu will be added to the task tray icon to allow the user to pause a scan. +- If you enable or don't configure this setting, a new context menu will be added to the task tray icon to allow the user to pause a scan. -- If you disable this setting, users will not be able to pause scans. +- If you disable this setting, users won't be able to pause scans. @@ -2924,7 +2924,7 @@ This policy setting allows you to configure the maximum directory depth level in - If you enable this setting, archive files will be scanned to the directory depth level specified. -- If you disable or do not configure this setting, archive files will be scanned to the default directory depth level. +- If you disable or don't configure this setting, archive files will be scanned to the default directory depth level. @@ -2983,7 +2983,7 @@ This policy setting allows you to configure the maximum size of archive files su - If you enable this setting, archive files less than or equal to the size specified will be scanned. -- If you disable or do not configure this setting, archive files will be scanned according to the default value. +- If you disable or don't configure this setting, archive files will be scanned according to the default value. @@ -3040,9 +3040,9 @@ This policy setting allows you to configure the maximum size of archive files su This policy setting allows you to configure scans for malicious software and unwanted software in archive files such as . ZIP or . CAB files. -- If you enable or do not configure this setting, archive files will be scanned. +- If you enable or don't configure this setting, archive files will be scanned. -- If you disable this setting, archive files will not be scanned. However, archives are always scanned during directed scans. +- If you disable this setting, archive files won't be scanned. However, archives are always scanned during directed scans. @@ -3099,11 +3099,11 @@ This policy setting allows you to configure scans for malicious software and unw -This policy setting allows you to configure e-mail scanning. When e-mail scanning is enabled, the engine will parse the mailbox and mail files, according to their specific format, in order to analyze the mail bodies and attachments. Several e-mail formats are currently supported, for example: pst (Outlook), dbx, mbx, mime (Outlook Express), binhex (Mac). Email scanning is not supported on modern email clients. +This policy setting allows you to configure e-mail scanning. When e-mail scanning is enabled, the engine will parse the mailbox and mail files, according to their specific format, in order to analyze the mail bodies and attachments. Several e-mail formats are currently supported, for example: pst (Outlook), dbx, mbx, mime (Outlook Express), binhex (Mac). Email scanning isn't supported on modern email clients. - If you enable this setting, e-mail scanning will be enabled. -- If you disable or do not configure this setting, e-mail scanning will be disabled. +- If you disable or don't configure this setting, e-mail scanning will be disabled. @@ -3158,9 +3158,9 @@ This policy setting allows you to configure e-mail scanning. When e-mail scannin -This policy setting allows you to configure heuristics. Suspicious detections will be suppressed right before reporting to the engine client. Turning off heuristics will reduce the capability to flag new threats. It is recommended that you do not turn off heuristics. +This policy setting allows you to configure heuristics. Suspicious detections will be suppressed right before reporting to the engine client. Turning off heuristics will reduce the capability to flag new threats. It's recommended that you don't turn off heuristics. -- If you enable or do not configure this setting, heuristics will be enabled. +- If you enable or don't configure this setting, heuristics will be enabled. - If you disable this setting, heuristics will be disabled. @@ -3271,7 +3271,7 @@ This policy setting allows you to manage whether or not to scan for malicious so - If you enable this setting, removable drives will be scanned during any type of scan. -- If you disable or do not configure this setting, removable drives will not be scanned during a full scan. Removable drives may still be scanned during quick scan and custom scan. +- If you disable or don't configure this setting, removable drives won't be scanned during a full scan. Removable drives may still be scanned during quick scan and custom scan. @@ -3330,7 +3330,7 @@ This policy setting allows you to configure reparse point scanning. If you allow - If you enable this setting, reparse point scanning will be enabled. -- If you disable or do not configure this setting, reparse point scanning will be disabled. +- If you disable or don't configure this setting, reparse point scanning will be disabled. @@ -3389,7 +3389,7 @@ This policy setting allows you to create a system restore point on the computer - If you enable this setting, a system restore point will be created. -- If you disable or do not configure this setting, a system restore point will not be created. +- If you disable or don't configure this setting, a system restore point won't be created. @@ -3448,7 +3448,7 @@ This policy setting allows you to configure scanning mapped network drives. - If you enable this setting, mapped network drives will be scanned. -- If you disable or do not configure this setting, mapped network drives will not be scanned. +- If you disable or don't configure this setting, mapped network drives won't be scanned. @@ -3503,11 +3503,11 @@ This policy setting allows you to configure scanning mapped network drives. -This policy setting allows you to configure scanning for network files. It is recommended that you do not enable this setting. +This policy setting allows you to configure scanning for network files. It's recommended that you don't enable this setting. - If you enable this setting, network files will be scanned. -- If you disable or do not configure this setting, network files will not be scanned. +- If you disable or don't configure this setting, network files won't be scanned. @@ -3566,7 +3566,7 @@ This policy setting configures a local override for the configuration of maximum - If you enable this setting, the local preference setting will take priority over Group Policy. -- If you disable or do not configure this setting, Group Policy will take priority over the local preference setting. +- If you disable or don't configure this setting, Group Policy will take priority over the local preference setting. @@ -3625,7 +3625,7 @@ This policy setting configures a local override for the configuration of the sca - If you enable this setting, the local preference setting will take priority over Group Policy. -- If you disable or do not configure this setting, Group Policy will take priority over the local preference setting. +- If you disable or don't configure this setting, Group Policy will take priority over the local preference setting. @@ -3684,7 +3684,7 @@ This policy setting configures a local override for the configuration of schedul - If you enable this setting, the local preference setting will take priority over Group Policy. -- If you disable or do not configure this setting, Group Policy will take priority over the local preference setting. +- If you disable or don't configure this setting, Group Policy will take priority over the local preference setting. @@ -3743,7 +3743,7 @@ This policy setting configures a local override for the configuration of schedul - If you enable this setting, the local preference setting will take priority over Group Policy. -- If you disable or do not configure this setting, Group Policy will take priority over the local preference setting. +- If you disable or don't configure this setting, Group Policy will take priority over the local preference setting. @@ -3802,7 +3802,7 @@ This policy setting configures a local override for the configuration of schedul - If you enable this setting, the local preference setting will take priority over Group Policy. -- If you disable or do not configure this setting, Group Policy will take priority over the local preference setting. +- If you disable or don't configure this setting, Group Policy will take priority over the local preference setting. @@ -3861,7 +3861,7 @@ This policy setting allows you to enable or disable low CPU priority for schedul - If you enable this setting, low CPU priority will be used during scheduled scans. -- If you disable or do not configure this setting, not changes will be made to CPU priority for scheduled scans. +- If you disable or don't configure this setting, not changes will be made to CPU priority for scheduled scans. @@ -3920,7 +3920,7 @@ This policy setting allows you to define the number of consecutive scheduled sca - If you enable this setting, a catch-up scan will occur after the specified number consecutive missed scheduled scans. -- If you disable or do not configure this setting, a catch-up scan will occur after the 2 consecutive missed scheduled scans. +- If you disable or don't configure this setting, a catch-up scan will occur after the 2 consecutive missed scheduled scans. @@ -3975,11 +3975,11 @@ This policy setting allows you to define the number of consecutive scheduled sca -This policy setting defines the number of days items should be kept in the scan history folder before being permanently removed. The value represents the number of days to keep items in the folder. If set to zero, items will be kept forever and will not be automatically removed. By default, the value is set to 30 days. +This policy setting defines the number of days items should be kept in the scan history folder before being permanently removed. The value represents the number of days to keep items in the folder. If set to zero, items will be kept forever and won't be automatically removed. By default, the value is set to 30 days. - If you enable this setting, items will be removed from the scan history folder after the number of days specified. -- If you disable or do not configure this setting, items will be kept in the scan history folder for the default number of days. +- If you disable or don't configure this setting, items will be kept in the scan history folder for the default number of days. @@ -4034,11 +4034,11 @@ This policy setting defines the number of days items should be kept in the scan -This policy setting allows you to specify an interval at which to perform a quick scan. The time value is represented as the number of hours between quick scans. Valid values range from 1 (every hour) to 24 (once per day). If set to zero, interval quick scans will not occur. By default, this setting is set to 0. +This policy setting allows you to specify an interval at which to perform a quick scan. The time value is represented as the number of hours between quick scans. Valid values range from 1 (every hour) to 24 (once per day). If set to zero, interval quick scans won't occur. By default, this setting is set to 0. - If you enable this setting, a quick scan will run at the interval specified. -- If you disable or do not configure this setting, quick scan controlled by this config will not be run. +- If you disable or don't configure this setting, quick scan controlled by this config won't be run. @@ -4095,7 +4095,7 @@ This policy setting allows you to specify an interval at which to perform a quic This policy setting allows you to configure scheduled scans to start only when your computer is on but not in use. -- If you enable or do not configure this setting, scheduled scans will only run when the computer is on but not in use. +- If you enable or don't configure this setting, scheduled scans will only run when the computer is on but not in use. - If you disable this setting, scheduled scans will run at the scheduled time. @@ -4167,7 +4167,7 @@ This setting can be configured with the following ordinal number values: - If you enable this setting, a scheduled scan will run at the frequency specified. -- If you disable or do not configure this setting, a scheduled scan will run at a default frequency. +- If you disable or don't configure this setting, a scheduled scan will run at a default frequency. @@ -4226,7 +4226,7 @@ This policy setting allows you to specify the time of day at which to perform a - If you enable this setting, a scheduled scan will run at the time of day specified. -- If you disable or do not configure this setting, a scheduled scan will run at a default time. +- If you disable or don't configure this setting, a scheduled scan will run at a default time. @@ -4281,11 +4281,11 @@ This policy setting allows you to specify the time of day at which to perform a -This policy setting allows you to configure whether or not the antimalware service remains running when antivirus and antispyware security intelligence is disabled. It is recommended that this setting remain disabled. +This policy setting allows you to configure whether or not the antimalware service remains running when antivirus and antispyware security intelligence is disabled. It's recommended that this setting remain disabled. - If you enable this setting, the antimalware service will always remain running even if both antivirus and antispyware security intelligence is disabled. -- If you disable or do not configure this setting, the antimalware service will be stopped when both antivirus and antispyware security intelligence is disabled. If the computer is restarted, the service will be started if it is set to Automatic startup. After the service has started, there will be a check to see if antivirus and antispyware security intelligence is enabled. If at least one is enabled, the service will remain running. If both are disabled, the service will be stopped. +- If you disable or don't configure this setting, the antimalware service will be stopped when both antivirus and antispyware security intelligence is disabled. If the computer is restarted, the service will be started if it's set to Automatic startup. After the service has started, there will be a check to see if antivirus and antispyware security intelligence is enabled. If at least one is enabled, the service will remain running. If both are disabled, the service will be stopped. @@ -4344,7 +4344,7 @@ This policy setting allows you to define the number of days that must pass befor - If you enable this setting, spyware security intelligence will be considered out of date after the number of days specified have passed without an update. -- If you disable or do not configure this setting, spyware security intelligence will be considered out of date after the default number of days have passed without an update. +- If you disable or don't configure this setting, spyware security intelligence will be considered out of date after the default number of days have passed without an update. @@ -4403,7 +4403,7 @@ This policy setting allows you to define the number of days that must pass befor - If you enable this setting, virus security intelligence will be considered out of date after the number of days specified have passed without an update. -- If you disable or do not configure this setting, virus security intelligence will be considered out of date after the default number of days have passed without an update. +- If you disable or don't configure this setting, virus security intelligence will be considered out of date after the default number of days have passed without an update. @@ -4458,11 +4458,11 @@ This policy setting allows you to define the number of days that must pass befor -This policy setting allows you to configure UNC file share sources for downloading security intelligence updates. Sources will be contacted in the order specified. The value of this setting should be entered as a pipe-separated string enumerating the security intelligence update sources. For example: "{\\unc1 | \\unc2 }". The list is empty by default. +This policy setting allows you to configure UNC file share sources for downloading security intelligence updates. Sources will be contacted in the order specified. The value of this setting should be entered as a pipe-separated string enumerating the security intelligence update sources. For example: "`{\\unc1 | \\unc2 }`". The list is empty by default. -- If you enable this setting, the specified sources will be contacted for security intelligence updates. Once security intelligence updates have been successfully downloaded from one specified source, the remaining sources in the list will not be contacted. +- If you enable this setting, the specified sources will be contacted for security intelligence updates. Once security intelligence updates have been successfully downloaded from one specified source, the remaining sources in the list won't be contacted. -- If you disable or do not configure this setting, the list will remain empty by default and no sources will be contacted. +- If you disable or don't configure this setting, the list will remain empty by default and no sources will be contacted. @@ -4518,9 +4518,9 @@ This policy setting allows you to configure UNC file share sources for downloadi This policy setting allows you to configure the automatic scan which starts after a security intelligence update has occurred. -- If you enable or do not configure this setting, a scan will start following a security intelligence update. +- If you enable or don't configure this setting, a scan will start following a security intelligence update. -- If you disable this setting, a scan will not start following a security intelligence update. +- If you disable this setting, a scan won't start following a security intelligence update. @@ -4577,7 +4577,7 @@ This policy setting allows you to configure the automatic scan which starts afte This policy setting allows you to configure security intelligence updates when the computer is running on battery power. -- If you enable or do not configure this setting, security intelligence updates will occur as usual regardless of power state. +- If you enable or don't configure this setting, security intelligence updates will occur as usual regardless of power state. - If you disable this setting, security intelligence updates will be turned off while the computer is running on battery power. @@ -4636,9 +4636,9 @@ This policy setting allows you to configure security intelligence updates when t This policy setting allows you to configure security intelligence updates on startup when there is no antimalware engine present. -- If you enable or do not configure this setting, security intelligence updates will be initiated on startup when there is no antimalware engine present. +- If you enable or don't configure this setting, security intelligence updates will be initiated on startup when there is no antimalware engine present. -- If you disable this setting, security intelligence updates will not be initiated on startup when there is no antimalware engine present. +- If you disable this setting, security intelligence updates won't be initiated on startup when there is no antimalware engine present. @@ -4697,9 +4697,9 @@ This policy setting allows you to define the order in which different security i For Example: `{ InternalDefinitionUpdateServer | MicrosoftUpdateServer | MMPC }` -- If you enable this setting, security intelligence update sources will be contacted in the order specified. Once security intelligence updates have been successfully downloaded from one specified source, the remaining sources in the list will not be contacted. +- If you enable this setting, security intelligence update sources will be contacted in the order specified. Once security intelligence updates have been successfully downloaded from one specified source, the remaining sources in the list won't be contacted. -- If you disable or do not configure this setting, security intelligence update sources will be contacted in a default order. +- If you disable or don't configure this setting, security intelligence update sources will be contacted in a default order. @@ -4757,7 +4757,7 @@ This policy setting allows you to enable download of security intelligence updat - If you enable this setting, security intelligence updates will be downloaded from Microsoft Update. -- If you disable or do not configure this setting, security intelligence updates will be downloaded from the configured download source. +- If you disable or don't configure this setting, security intelligence updates will be downloaded from the configured download source. @@ -4814,7 +4814,7 @@ This policy setting allows you to enable download of security intelligence updat This policy setting allows you to enable real-time security intelligence updates in response to reports sent to Microsoft MAPS. If the service reports a file as an unknown and Microsoft MAPS finds that the latest security intelligence update has security intelligence for a threat involving that file, the service will receive all of the latest security intelligence for that threat immediately. You must have configured your computer to join Microsoft MAPS for this functionality to work. -- If you enable or do not configure this setting, real-time security intelligence updates will be enabled. +- If you enable or don't configure this setting, real-time security intelligence updates will be enabled. - If you disable this setting, real-time security intelligence updates will disabled. @@ -4886,7 +4886,7 @@ This setting can be configured with the following ordinal number values: - If you enable this setting, the check for security intelligence updates will occur at the frequency specified. -- If you disable or do not configure this setting, the check for security intelligence updates will occur at a default frequency. +- If you disable or don't configure this setting, the check for security intelligence updates will occur at a default frequency. @@ -4945,7 +4945,7 @@ This policy setting allows you to specify the time of day at which to check for - If you enable this setting, the check for security intelligence updates will occur at the time of day specified. -- If you disable or do not configure this setting, the check for security intelligence updates will occur at the default time. +- If you disable or don't configure this setting, the check for security intelligence updates will occur at the default time. @@ -5002,7 +5002,7 @@ This policy setting allows you to specify the time of day at which to check for This policy setting allows you to define the security intelligence location for VDI-configured computers. -If you disable or do not configure this setting, security intelligence will be referred from the default local source. +If you disable or don't configure this setting, security intelligence will be referred from the default local source. @@ -5058,9 +5058,9 @@ If you disable or do not configure this setting, security intelligence will be r This policy setting allows you to configure the antimalware service to receive notifications to disable individual security intelligence in response to reports it sends to Microsoft MAPS. Microsoft MAPS uses these notifications to disable security intelligence that are causing false positive reports. You must have configured your computer to join Microsoft MAPS for this functionality to work. -- If you enable this setting or do not configure, the antimalware service will receive notifications to disable security intelligence. +- If you enable this setting or don't configure, the antimalware service will receive notifications to disable security intelligence. -- If you disable this setting, the antimalware service will not receive notifications to disable security intelligence. +- If you disable this setting, the antimalware service won't receive notifications to disable security intelligence. @@ -5119,7 +5119,7 @@ This policy setting allows you to define the number of days after which a catch- - If you enable this setting, a catch-up security intelligence update will occur after the specified number of days. -- If you disable or do not configure this setting, a catch-up security intelligence update will be required after the default number of days. +- If you disable or don't configure this setting, a catch-up security intelligence update will be required after the default number of days. @@ -5178,7 +5178,7 @@ This policy setting allows you to manage whether a check for new virus and spywa - If you enable this setting, a check for new security intelligence will occur after service startup. -- If you disable this setting or do not configure this setting, a check for new security intelligence will not occur after service startup. +- If you disable this setting or don't configure this setting, a check for new security intelligence won't occur after service startup. @@ -5237,7 +5237,7 @@ This policy setting configures a local override for the configuration to join Mi - If you enable this setting, the local preference setting will take priority over Group Policy. -- If you disable or do not configure this setting, Group Policy will take priority over the local preference setting. +- If you disable or don't configure this setting, Group Policy will take priority over the local preference setting. @@ -5294,7 +5294,7 @@ This policy setting configures a local override for the configuration to join Mi This policy setting allows you to join Microsoft MAPS. Microsoft MAPS is the online community that helps you choose how to respond to potential threats. The community also helps stop the spread of new malicious software infections. -You can choose to send basic or additional information about detected software. Additional information helps Microsoft create new security intelligence and help it to protect your computer. This information can include things like location of detected items on your computer if harmful software was removed. The information will be automatically collected and sent. In some instances, personal information might unintentionally be sent to Microsoft. However, Microsoft will not use this information to identify you or contact you. +You can choose to send basic or additional information about detected software. Additional information helps Microsoft create new security intelligence and help it to protect your computer. This information can include things like location of detected items on your computer if harmful software was removed. The information will be automatically collected and sent. In some instances, personal information might unintentionally be sent to Microsoft. However, Microsoft won't use this information to identify you or contact you. Possible options are: (0x0) Disabled (default) @@ -5307,7 +5307,7 @@ Advanced membership, in addition to basic information, will send more informatio - If you enable this setting, you will join Microsoft MAPS with the membership specified. -- If you disable or do not configure this setting, you will not join Microsoft MAPS. +- If you disable or don't configure this setting, you won't join Microsoft MAPS. In Windows 10, Basic membership is no longer available, so setting the value to 1 or 2 enrolls the device into Advanced membership. @@ -5364,7 +5364,7 @@ In Windows 10, Basic membership is no longer available, so setting the value to -This policy setting customize which remediation action will be taken for each listed Threat ID when it is detected during a scan. Threats should be added under the Options for this setting. Each entry must be listed as a name value pair. The name defines a valid Threat ID, while the value contains the action ID for the remediation action that should be taken. +This policy setting customize which remediation action will be taken for each listed Threat ID when it's detected during a scan. Threats should be added under the Options for this setting. Each entry must be listed as a name value pair. The name defines a valid Threat ID, while the value contains the action ID for the remediation action that should be taken. Valid remediation action values are: 2 = Quarantine @@ -5428,7 +5428,7 @@ This policy setting allows you to configure whether or not to display additional - If you enable this setting, the additional text specified will be displayed. -- If you disable or do not configure this setting, there will be no additional text displayed. +- If you disable or don't configure this setting, there will be no additional text displayed. @@ -5483,9 +5483,9 @@ This policy setting allows you to configure whether or not to display additional Use this policy setting to specify if you want Microsoft Defender Antivirus notifications to display on clients. -- If you disable or do not configure this setting, Microsoft Defender Antivirus notifications will display on clients. +- If you disable or don't configure this setting, Microsoft Defender Antivirus notifications will display on clients. -- If you enable this setting, Microsoft Defender Antivirus notifications will not display on clients. +- If you enable this setting, Microsoft Defender Antivirus notifications won't display on clients. diff --git a/windows/client-management/mdm/policy-csp-admx-mmc.md b/windows/client-management/mdm/policy-csp-admx-mmc.md index 5d31524cc8..82283dcdcc 100644 --- a/windows/client-management/mdm/policy-csp-admx-mmc.md +++ b/windows/client-management/mdm/policy-csp-admx-mmc.md @@ -43,17 +43,17 @@ Permits or prohibits use of this snap-in. If you enable this setting, the snap-in is permitted. If you disable the setting, the snap-in is prohibited. -If this setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. +- If "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. -To explicitly permit use of this snap-in, enable this setting. If this setting is not configured (or disabled), this snap-in is prohibited. +To explicitly permit use of this snap-in, enable this setting. If this setting isn't configured (or disabled), this snap-in is prohibited. - If "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. -To explicitly prohibit use of this snap-in, disable this setting. If this setting is not configured (or enabled), the snap-in is permitted. +To explicitly prohibit use of this snap-in, disable this setting. If this setting isn't configured (or enabled), the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -112,17 +112,17 @@ Permits or prohibits use of this snap-in. If you enable this setting, the snap-in is permitted. If you disable the setting, the snap-in is prohibited. -If this setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. +- If "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. -To explicitly permit use of this snap-in, enable this setting. If this setting is not configured (or disabled), this snap-in is prohibited. +To explicitly permit use of this snap-in, enable this setting. If this setting isn't configured (or disabled), this snap-in is prohibited. - If "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. -To explicitly prohibit use of this snap-in, disable this setting. If this setting is not configured (or enabled), the snap-in is permitted. +To explicitly prohibit use of this snap-in, disable this setting. If this setting isn't configured (or enabled), the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -181,17 +181,17 @@ Permits or prohibits use of this snap-in. If you enable this setting, the snap-in is permitted. If you disable the setting, the snap-in is prohibited. -If this setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. +- If "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. -To explicitly permit use of this snap-in, enable this setting. If this setting is not configured (or disabled), this snap-in is prohibited. +To explicitly permit use of this snap-in, enable this setting. If this setting isn't configured (or disabled), this snap-in is prohibited. - If "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. -To explicitly prohibit use of this snap-in, disable this setting. If this setting is not configured (or enabled), the snap-in is permitted. +To explicitly prohibit use of this snap-in, disable this setting. If this setting isn't configured (or enabled), the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -250,11 +250,11 @@ Prevents users from entering author mode. This setting prevents users from opening the Microsoft Management Console (MMC) in author mode, explicitly opening console files in author mode, and opening any console files that open in author mode by default. -As a result, users cannot create console files or add or remove snap-ins. Also, because they cannot open author-mode console files, they cannot use the tools that the files contain. +As a result, users can't create console files or add or remove snap-ins. Also, because they can't open author-mode console files, they can't use the tools that the files contain. -This setting permits users to open MMC user-mode console files, such as those on the Administrative Tools menu in Windows 2000 Server family or Windows Server 2003 family. However, users cannot open a blank MMC console window on the Start menu. (To open the MMC, click Start, click Run, and type mmc.) Users also cannot open a blank MMC console window from a command prompt. +This setting permits users to open MMC user-mode console files, such as those on the Administrative Tools menu in Windows 2000 Server family or Windows Server 2003 family. However, users can't open a blank MMC console window on the Start menu. (To open the MMC, click Start, click Run, and type mmc.) Users also can't open a blank MMC console window from a command prompt. -If you disable this setting or do not configure it, users can enter author mode and open author-mode console files. +If you disable this setting or don't configure it, users can enter author mode and open author-mode console files. @@ -315,14 +315,14 @@ Lets you selectively permit or prohibit the use of Microsoft Management Console To explicitly permit a snap-in, open the Restricted/Permitted snap-ins setting folder and enable the settings representing the snap-in you want to permit. If a snap-in setting in the folder is disabled or not configured, the snap-in is prohibited. -- If you disable this setting or do not configure it, all snap-ins are permitted, except those that you explicitly prohibit. Use this setting if you plan to permit use of most snap-ins. +- If you disable this setting or don't configure it, all snap-ins are permitted, except those that you explicitly prohibit. Use this setting if you plan to permit use of most snap-ins. To explicitly prohibit a snap-in, open the Restricted/Permitted snap-ins setting folder and then disable the settings representing the snap-ins you want to prohibit. If a snap-in setting in the folder is enabled or not configured, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. > [!NOTE] -> If you enable this setting, and you do not enable any settings in the Restricted/Permitted snap-ins folder, users cannot use any MMC snap-ins. +> If you enable this setting, and you don't enable any settings in the Restricted/Permitted snap-ins folder, users can't use any MMC snap-ins. diff --git a/windows/client-management/mdm/policy-csp-admx-mmcsnapins.md b/windows/client-management/mdm/policy-csp-admx-mmcsnapins.md index 401e1cfe8d..b5fa5e65bd 100644 --- a/windows/client-management/mdm/policy-csp-admx-mmcsnapins.md +++ b/windows/client-management/mdm/policy-csp-admx-mmcsnapins.md @@ -43,17 +43,17 @@ This policy setting permits or prohibits the use of this snap-in. - If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -- If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +- If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -- If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +- If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. -- If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. +- If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. -- If this policy setting is not configured or enabled, the snap-in is permitted. +- If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -112,17 +112,17 @@ This policy setting permits or prohibits the use of this snap-in. - If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -- If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +- If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -- If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +- If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. -- If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. +- If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. -- If this policy setting is not configured or enabled, the snap-in is permitted. +- If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -181,17 +181,17 @@ This policy setting permits or prohibits the use of this snap-in. - If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -- If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +- If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -- If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +- If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. -- If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. +- If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. -- If this policy setting is not configured or enabled, the snap-in is permitted. +- If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -250,17 +250,17 @@ This policy setting permits or prohibits the use of this snap-in. - If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -- If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +- If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -- If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +- If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. -- If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. +- If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. -- If this policy setting is not configured or enabled, the snap-in is permitted. +- If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -319,17 +319,17 @@ This policy setting permits or prohibits the use of this snap-in. - If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -- If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +- If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -- If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +- If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. -- If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. +- If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. -- If this policy setting is not configured or enabled, the snap-in is permitted. +- If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -388,17 +388,17 @@ This policy setting permits or prohibits the use of this snap-in. - If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -- If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +- If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -- If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +- If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. -- If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. +- If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. -- If this policy setting is not configured or enabled, the snap-in is permitted. +- If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -457,17 +457,17 @@ This policy setting permits or prohibits the use of this snap-in. - If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -- If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +- If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -- If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +- If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. -- If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. +- If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. -- If this policy setting is not configured or enabled, the snap-in is permitted. +- If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -526,17 +526,17 @@ This policy setting permits or prohibits the use of this snap-in. - If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -- If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +- If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -- If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +- If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. -- If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. +- If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. -- If this policy setting is not configured or enabled, the snap-in is permitted. +- If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -595,17 +595,17 @@ This policy setting permits or prohibits the use of this snap-in. - If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -- If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +- If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -- If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +- If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. -- If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. +- If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. -- If this policy setting is not configured or enabled, the snap-in is permitted. +- If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -664,17 +664,17 @@ This policy setting permits or prohibits the use of this snap-in. - If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -- If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +- If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -- If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +- If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. -- If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. +- If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. -- If this policy setting is not configured or enabled, the snap-in is permitted. +- If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -733,17 +733,17 @@ This policy setting permits or prohibits the use of this snap-in. - If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -- If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +- If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -- If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +- If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. -- If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. +- If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. -- If this policy setting is not configured or enabled, the snap-in is permitted. +- If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -802,17 +802,17 @@ This policy setting permits or prohibits the use of this snap-in. - If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -- If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +- If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -- If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +- If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. -- If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. +- If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. -- If this policy setting is not configured or enabled, the snap-in is permitted. +- If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -871,17 +871,17 @@ This policy setting permits or prohibits the use of this snap-in. - If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -- If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +- If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -- If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +- If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. -- If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. +- If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. -- If this policy setting is not configured or enabled, the snap-in is permitted. +- If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -940,17 +940,17 @@ This policy setting permits or prohibits the use of this snap-in. - If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -- If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +- If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -- If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +- If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. -- If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. +- If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. -- If this policy setting is not configured or enabled, the snap-in is permitted. +- If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -1009,17 +1009,17 @@ This policy setting permits or prohibits the use of this snap-in. - If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -- If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +- If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -- If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +- If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. -- If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. +- If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. -- If this policy setting is not configured or enabled, the snap-in is permitted. +- If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -1078,17 +1078,17 @@ This policy setting permits or prohibits the use of this snap-in. - If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -- If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +- If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -- If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +- If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. -- If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. +- If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. -- If this policy setting is not configured or enabled, the snap-in is permitted. +- If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -1147,17 +1147,17 @@ This policy setting permits or prohibits the use of this snap-in. - If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -- If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +- If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -- If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +- If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. -- If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. +- If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. -- If this policy setting is not configured or enabled, the snap-in is permitted. +- If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -1216,17 +1216,17 @@ This policy setting permits or prohibits the use of this snap-in. - If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -- If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +- If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -- If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +- If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. -- If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. +- If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. -- If this policy setting is not configured or enabled, the snap-in is permitted. +- If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -1285,17 +1285,17 @@ This policy setting permits or prohibits the use of this snap-in. - If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -- If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +- If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -- If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +- If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. -- If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. +- If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. -- If this policy setting is not configured or enabled, the snap-in is permitted. +- If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -1354,17 +1354,17 @@ This policy setting permits or prohibits the use of this snap-in. - If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -- If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +- If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -- If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +- If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. -- If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. +- If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. -- If this policy setting is not configured or enabled, the snap-in is permitted. +- If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -1423,17 +1423,17 @@ This policy setting permits or prohibits the use of this snap-in. - If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -- If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +- If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -- If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +- If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. -- If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. +- If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. -- If this policy setting is not configured or enabled, the snap-in is permitted. +- If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -1492,17 +1492,17 @@ This policy setting permits or prohibits the use of this snap-in. - If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -- If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +- If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -- If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +- If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. -- If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. +- If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. -- If this policy setting is not configured or enabled, the snap-in is permitted. +- If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -1561,17 +1561,17 @@ This policy setting permits or prohibits the use of this snap-in. - If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -- If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +- If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -- If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +- If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. -- If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. +- If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. -- If this policy setting is not configured or enabled, the snap-in is permitted. +- If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -1630,17 +1630,17 @@ This policy setting permits or prohibits the use of this snap-in. - If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -- If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +- If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -- If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +- If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. -- If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. +- If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. -- If this policy setting is not configured or enabled, the snap-in is permitted. +- If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -1699,17 +1699,17 @@ This policy setting permits or prohibits the use of this snap-in. - If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -- If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +- If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -- If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +- If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. -- If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. +- If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. -- If this policy setting is not configured or enabled, the snap-in is permitted. +- If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -1768,17 +1768,17 @@ This policy setting permits or prohibits the use of this snap-in. - If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -- If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +- If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -- If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +- If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. -- If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. +- If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. -- If this policy setting is not configured or enabled, the snap-in is permitted. +- If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -1837,17 +1837,17 @@ This policy setting permits or prohibits the use of this snap-in. - If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -- If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +- If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -- If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +- If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. -- If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. +- If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. -- If this policy setting is not configured or enabled, the snap-in is permitted. +- If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -1906,17 +1906,17 @@ This policy setting permits or prohibits the use of this snap-in. - If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -- If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +- If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -- If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +- If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. -- If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. +- If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. -- If this policy setting is not configured or enabled, the snap-in is permitted. +- If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -1975,17 +1975,17 @@ This policy setting permits or prohibits the use of this snap-in. - If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -- If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +- If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -- If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +- If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. -- If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. +- If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. -- If this policy setting is not configured or enabled, the snap-in is permitted. +- If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -2044,17 +2044,17 @@ This policy setting permits or prohibits the use of this snap-in. - If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -- If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +- If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -- If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +- If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. -- If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. +- If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. -- If this policy setting is not configured or enabled, the snap-in is permitted. +- If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -2113,17 +2113,17 @@ This policy setting permits or prohibits the use of this snap-in. - If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -- If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +- If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -- If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +- If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. -- If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. +- If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. -- If this policy setting is not configured or enabled, the snap-in is permitted. +- If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -2182,17 +2182,17 @@ This policy setting permits or prohibits the use of this snap-in. - If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -- If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +- If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -- If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +- If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. -- If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. +- If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. -- If this policy setting is not configured or enabled, the snap-in is permitted. +- If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -2251,17 +2251,17 @@ This policy setting permits or prohibits the use of this snap-in. - If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -- If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +- If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -- If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +- If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. -- If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. +- If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. -- If this policy setting is not configured or enabled, the snap-in is permitted. +- If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -2320,17 +2320,17 @@ This policy setting permits or prohibits the use of this snap-in. - If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -- If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +- If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -- If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +- If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. -- If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. +- If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. -- If this policy setting is not configured or enabled, the snap-in is permitted. +- If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -2389,17 +2389,17 @@ This policy setting permits or prohibits the use of this snap-in. - If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -- If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +- If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -- If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +- If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. -- If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. +- If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. -- If this policy setting is not configured or enabled, the snap-in is permitted. +- If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -2458,17 +2458,17 @@ This policy setting permits or prohibits the use of this snap-in. - If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -- If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +- If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -- If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +- If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. -- If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. +- If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. -- If this policy setting is not configured or enabled, the snap-in is permitted. +- If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -2525,19 +2525,19 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo Permits or prohibits use of the Group Policy tab in property sheets for the Active Directory Users and Computers and Active Directory Sites and Services snap-ins. -If you enable this setting, the Group Policy tab is displayed in the property sheet for a site, domain, or organizational unit displayed by the Active Directory Users and Computers and Active Directory Sites and Services snap-ins. If you disable the setting, the Group Policy tab is not displayed in those snap-ins. +If you enable this setting, the Group Policy tab is displayed in the property sheet for a site, domain, or organizational unit displayed by the Active Directory Users and Computers and Active Directory Sites and Services snap-ins. If you disable the setting, the Group Policy tab isn't displayed in those snap-ins. -If this setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this tab is displayed. +If this setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this tab is displayed. -- If "Restrict users to the explicitly permitted list of snap-ins" is enabled, users will not have access to the Group Policy tab. +- If "Restrict users to the explicitly permitted list of snap-ins" is enabled, users won't have access to the Group Policy tab. -To explicitly permit use of the Group Policy tab, enable this setting. If this setting is not configured (or disabled), the Group Policy tab is inaccessible. +To explicitly permit use of the Group Policy tab, enable this setting. If this setting isn't configured (or disabled), the Group Policy tab is inaccessible. - If "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users will have access to the Group Policy tab. -To explicitly prohibit use of the Group Policy tab, disable this setting. If this setting is not configured (or enabled), the Group Policy tab is accessible. +To explicitly prohibit use of the Group Policy tab, disable this setting. If this setting isn't configured (or enabled), the Group Policy tab is accessible. -When the Group Policy tab is inaccessible, it does not appear in the site, domain, or organizational unit property sheets. +When the Group Policy tab is inaccessible, it doesn't appear in the site, domain, or organizational unit property sheets. @@ -2596,17 +2596,17 @@ This policy setting permits or prohibits the use of this snap-in. - If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -- If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +- If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -- If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +- If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. -- If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. +- If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. -- If this policy setting is not configured or enabled, the snap-in is permitted. +- If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -2665,17 +2665,17 @@ This policy setting permits or prohibits the use of this snap-in. - If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -- If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +- If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -- If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +- If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. -- If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. +- If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. -- If this policy setting is not configured or enabled, the snap-in is permitted. +- If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -2734,17 +2734,17 @@ This policy setting permits or prohibits the use of this snap-in. - If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -- If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +- If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -- If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +- If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. -- If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. +- If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. -- If this policy setting is not configured or enabled, the snap-in is permitted. +- If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -2803,17 +2803,17 @@ This policy setting permits or prohibits the use of this snap-in. - If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -- If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +- If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -- If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +- If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. -- If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. +- If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. -- If this policy setting is not configured or enabled, the snap-in is permitted. +- If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -2872,17 +2872,17 @@ This policy setting permits or prohibits the use of this snap-in. - If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -- If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +- If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -- If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +- If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. -- If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. +- If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. -- If this policy setting is not configured or enabled, the snap-in is permitted. +- If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -2941,17 +2941,17 @@ This policy setting permits or prohibits the use of this snap-in. - If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -- If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +- If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -- If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +- If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. -- If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. +- If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. -- If this policy setting is not configured or enabled, the snap-in is permitted. +- If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -3010,17 +3010,17 @@ This policy setting permits or prohibits the use of this snap-in. - If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -- If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +- If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -- If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +- If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. -- If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. +- If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. -- If this policy setting is not configured or enabled, the snap-in is permitted. +- If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -3079,17 +3079,17 @@ This policy setting permits or prohibits the use of this snap-in. - If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -- If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +- If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -- If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +- If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. -- If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. +- If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. -- If this policy setting is not configured or enabled, the snap-in is permitted. +- If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -3148,17 +3148,17 @@ This policy setting permits or prohibits the use of this snap-in. - If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -- If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +- If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -- If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +- If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. -- If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. +- If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. -- If this policy setting is not configured or enabled, the snap-in is permitted. +- If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -3217,17 +3217,17 @@ This policy setting permits or prohibits the use of this snap-in. - If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -- If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +- If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -- If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +- If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. -- If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. +- If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. -- If this policy setting is not configured or enabled, the snap-in is permitted. +- If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -3286,17 +3286,17 @@ This policy setting permits or prohibits the use of this snap-in. - If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -- If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +- If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -- If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +- If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. -- If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. +- If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. -- If this policy setting is not configured or enabled, the snap-in is permitted. +- If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -3355,17 +3355,17 @@ This policy setting permits or prohibits the use of this snap-in. - If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -- If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +- If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -- If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +- If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. -- If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. +- If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. -- If this policy setting is not configured or enabled, the snap-in is permitted. +- If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -3424,17 +3424,17 @@ This policy setting permits or prohibits the use of this snap-in. - If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -- If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +- If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -- If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +- If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. -- If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. +- If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. -- If this policy setting is not configured or enabled, the snap-in is permitted. +- If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -3493,17 +3493,17 @@ This policy setting permits or prohibits the use of this snap-in. - If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -- If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +- If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -- If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +- If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. -- If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. +- If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. -- If this policy setting is not configured or enabled, the snap-in is permitted. +- If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -3562,17 +3562,17 @@ This policy setting permits or prohibits the use of this snap-in. - If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -- If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +- If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -- If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +- If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. -- If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. +- If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. -- If this policy setting is not configured or enabled, the snap-in is permitted. +- If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -3631,17 +3631,17 @@ This policy setting permits or prohibits the use of this snap-in. - If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -- If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +- If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -- If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +- If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. -- If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. +- If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. -- If this policy setting is not configured or enabled, the snap-in is permitted. +- If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -3700,17 +3700,17 @@ This policy setting permits or prohibits the use of this snap-in. - If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -- If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +- If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -- If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +- If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. -- If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. +- If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. -- If this policy setting is not configured or enabled, the snap-in is permitted. +- If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -3769,17 +3769,17 @@ This policy setting permits or prohibits the use of this snap-in. - If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -- If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +- If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -- If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +- If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. -- If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. +- If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. -- If this policy setting is not configured or enabled, the snap-in is permitted. +- If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -3838,17 +3838,17 @@ This policy setting permits or prohibits the use of this snap-in. - If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -- If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +- If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -- If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +- If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. -- If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. +- If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. -- If this policy setting is not configured or enabled, the snap-in is permitted. +- If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -3907,17 +3907,17 @@ This policy setting permits or prohibits the use of this snap-in. - If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -- If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +- If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -- If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +- If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. -- If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. +- If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. -- If this policy setting is not configured or enabled, the snap-in is permitted. +- If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -3976,17 +3976,17 @@ This policy setting permits or prohibits the use of this snap-in. - If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -- If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +- If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -- If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +- If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. -- If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. +- If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. -- If this policy setting is not configured or enabled, the snap-in is permitted. +- If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -4045,17 +4045,17 @@ This policy setting permits or prohibits the use of this snap-in. - If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -- If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +- If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -- If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +- If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. -- If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. +- If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. -- If this policy setting is not configured or enabled, the snap-in is permitted. +- If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -4114,17 +4114,17 @@ This policy setting permits or prohibits the use of this snap-in. - If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -- If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +- If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -- If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +- If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. -- If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. +- If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. -- If this policy setting is not configured or enabled, the snap-in is permitted. +- If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -4183,17 +4183,17 @@ This policy setting permits or prohibits the use of this snap-in. - If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -- If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +- If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -- If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +- If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. -- If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. +- If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. -- If this policy setting is not configured or enabled, the snap-in is permitted. +- If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -4252,17 +4252,17 @@ This policy setting permits or prohibits the use of this snap-in. - If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -- If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +- If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -- If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +- If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. -- If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. +- If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. -- If this policy setting is not configured or enabled, the snap-in is permitted. +- If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -4321,17 +4321,17 @@ This policy setting permits or prohibits the use of this snap-in. - If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -- If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +- If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -- If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +- If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. -- If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. +- If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. -- If this policy setting is not configured or enabled, the snap-in is permitted. +- If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -4390,17 +4390,17 @@ This policy setting permits or prohibits the use of this snap-in. - If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -- If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +- If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -- If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +- If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. -- If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. +- If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. -- If this policy setting is not configured or enabled, the snap-in is permitted. +- If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -4459,17 +4459,17 @@ This policy setting permits or prohibits the use of this snap-in. - If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -- If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +- If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -- If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +- If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. -- If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. +- If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. -- If this policy setting is not configured or enabled, the snap-in is permitted. +- If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -4528,17 +4528,17 @@ This policy setting permits or prohibits the use of this snap-in. - If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -- If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +- If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -- If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +- If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. -- If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. +- If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. -- If this policy setting is not configured or enabled, the snap-in is permitted. +- If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -4597,17 +4597,17 @@ This policy setting permits or prohibits the use of this snap-in. - If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -- If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +- If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -- If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +- If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. -- If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. +- If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. -- If this policy setting is not configured or enabled, the snap-in is permitted. +- If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -4666,17 +4666,17 @@ This policy setting permits or prohibits the use of this snap-in. - If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -- If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +- If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -- If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +- If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. -- If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. +- If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. -- If this policy setting is not configured or enabled, the snap-in is permitted. +- If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -4735,17 +4735,17 @@ This policy setting permits or prohibits the use of this snap-in. - If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -- If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +- If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -- If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +- If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. -- If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. +- If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. -- If this policy setting is not configured or enabled, the snap-in is permitted. +- If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -4804,17 +4804,17 @@ This policy setting permits or prohibits the use of this snap-in. - If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -- If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +- If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -- If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +- If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. -- If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. +- If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. -- If this policy setting is not configured or enabled, the snap-in is permitted. +- If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -4873,17 +4873,17 @@ This policy setting permits or prohibits the use of this snap-in. - If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -- If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +- If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -- If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +- If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. -- If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. +- If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. -- If this policy setting is not configured or enabled, the snap-in is permitted. +- If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -4942,17 +4942,17 @@ This policy setting permits or prohibits the use of this snap-in. - If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -- If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +- If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -- If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +- If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. -- If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. +- If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. -- If this policy setting is not configured or enabled, the snap-in is permitted. +- If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -5011,17 +5011,17 @@ This policy setting permits or prohibits the use of this snap-in. - If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -- If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +- If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -- If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +- If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. -- If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. +- If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. -- If this policy setting is not configured or enabled, the snap-in is permitted. +- If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -5080,17 +5080,17 @@ This policy setting permits or prohibits the use of this snap-in. - If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -- If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +- If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -- If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +- If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. -- If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. +- If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. -- If this policy setting is not configured or enabled, the snap-in is permitted. +- If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -5149,17 +5149,17 @@ This policy setting permits or prohibits the use of this snap-in. - If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -- If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +- If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -- If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +- If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. -- If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. +- If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. -- If this policy setting is not configured or enabled, the snap-in is permitted. +- If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -5218,17 +5218,17 @@ This policy setting permits or prohibits the use of this snap-in. - If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -- If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +- If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -- If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +- If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. -- If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. +- If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. -- If this policy setting is not configured or enabled, the snap-in is permitted. +- If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -5287,17 +5287,17 @@ This policy setting permits or prohibits the use of this snap-in. - If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -- If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +- If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -- If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +- If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. -- If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. +- If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. -- If this policy setting is not configured or enabled, the snap-in is permitted. +- If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -5356,17 +5356,17 @@ This policy setting permits or prohibits the use of this snap-in. - If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -- If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +- If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -- If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +- If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. -- If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. +- If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. -- If this policy setting is not configured or enabled, the snap-in is permitted. +- If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -5425,17 +5425,17 @@ This policy setting permits or prohibits the use of this snap-in. - If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -- If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +- If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -- If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +- If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. -- If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. +- If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. -- If this policy setting is not configured or enabled, the snap-in is permitted. +- If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -5494,17 +5494,17 @@ This policy setting permits or prohibits the use of this snap-in. - If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -- If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +- If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -- If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +- If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. -- If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. +- If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. -- If this policy setting is not configured or enabled, the snap-in is permitted. +- If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -5563,17 +5563,17 @@ This policy setting permits or prohibits the use of this snap-in. - If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -- If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +- If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -- If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +- If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. -- If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. +- If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. -- If this policy setting is not configured or enabled, the snap-in is permitted. +- If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -5632,17 +5632,17 @@ This policy setting permits or prohibits the use of this snap-in. - If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -- If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +- If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -- If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +- If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. -- If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. +- If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. -- If this policy setting is not configured or enabled, the snap-in is permitted. +- If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -5701,17 +5701,17 @@ This policy setting permits or prohibits the use of this snap-in. - If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -- If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +- If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -- If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +- If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. -- If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. +- If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. -- If this policy setting is not configured or enabled, the snap-in is permitted. +- If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -5770,17 +5770,17 @@ This policy setting permits or prohibits the use of this snap-in. - If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -- If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +- If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -- If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +- If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. -- If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. +- If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. -- If this policy setting is not configured or enabled, the snap-in is permitted. +- If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -5839,17 +5839,17 @@ This policy setting permits or prohibits the use of this snap-in. - If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -- If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +- If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -- If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +- If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. -- If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. +- If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. -- If this policy setting is not configured or enabled, the snap-in is permitted. +- If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -5908,17 +5908,17 @@ This policy setting permits or prohibits the use of this snap-in. - If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -- If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +- If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -- If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +- If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. -- If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. +- If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. -- If this policy setting is not configured or enabled, the snap-in is permitted. +- If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -5977,17 +5977,17 @@ This policy setting permits or prohibits the use of this snap-in. - If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -- If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +- If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -- If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +- If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. -- If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. +- If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. -- If this policy setting is not configured or enabled, the snap-in is permitted. +- If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -6046,17 +6046,17 @@ This policy setting permits or prohibits the use of this snap-in. - If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -- If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +- If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -- If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +- If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. -- If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. +- If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. -- If this policy setting is not configured or enabled, the snap-in is permitted. +- If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -6115,17 +6115,17 @@ This policy setting permits or prohibits the use of this snap-in. - If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -- If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +- If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -- If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +- If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. -- If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. +- If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. -- If this policy setting is not configured or enabled, the snap-in is permitted. +- If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -6184,17 +6184,17 @@ This policy setting permits or prohibits the use of this snap-in. - If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -- If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +- If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -- If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +- If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. -- If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. +- If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. -- If this policy setting is not configured or enabled, the snap-in is permitted. +- If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -6253,17 +6253,17 @@ This policy setting permits or prohibits the use of this snap-in. - If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -- If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +- If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -- If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +- If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. -- If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. +- If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. -- If this policy setting is not configured or enabled, the snap-in is permitted. +- If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -6322,17 +6322,17 @@ This policy setting permits or prohibits the use of this snap-in. - If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -- If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +- If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -- If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +- If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. -- If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. +- If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. -- If this policy setting is not configured or enabled, the snap-in is permitted. +- If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -6391,17 +6391,17 @@ This policy setting permits or prohibits the use of this snap-in. - If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -- If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +- If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -- If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +- If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. -- If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. +- If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. -- If this policy setting is not configured or enabled, the snap-in is permitted. +- If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -6460,17 +6460,17 @@ This policy setting permits or prohibits the use of this snap-in. - If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -- If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +- If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -- If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +- If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. -- If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. +- If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. -- If this policy setting is not configured or enabled, the snap-in is permitted. +- If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -6529,17 +6529,17 @@ This policy setting permits or prohibits the use of this snap-in. - If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -- If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +- If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -- If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +- If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. -- If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. +- If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. -- If this policy setting is not configured or enabled, the snap-in is permitted. +- If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -6598,17 +6598,17 @@ This policy setting permits or prohibits the use of this snap-in. - If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -- If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +- If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -- If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +- If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. -- If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. +- If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. -- If this policy setting is not configured or enabled, the snap-in is permitted. +- If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -6667,17 +6667,17 @@ This policy setting permits or prohibits the use of this snap-in. - If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -- If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +- If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -- If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +- If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. -- If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. +- If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. -- If this policy setting is not configured or enabled, the snap-in is permitted. +- If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -6736,17 +6736,17 @@ This policy setting permits or prohibits the use of this snap-in. - If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -- If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +- If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -- If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +- If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. -- If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. +- If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. -- If this policy setting is not configured or enabled, the snap-in is permitted. +- If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -6805,17 +6805,17 @@ This policy setting permits or prohibits the use of this snap-in. - If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -- If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +- If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -- If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +- If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. -- If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. +- If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. -- If this policy setting is not configured or enabled, the snap-in is permitted. +- If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -6874,17 +6874,17 @@ This policy setting permits or prohibits the use of this snap-in. - If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -- If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +- If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -- If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +- If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. -- If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. +- If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. -- If this policy setting is not configured or enabled, the snap-in is permitted. +- If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -6943,17 +6943,17 @@ This policy setting permits or prohibits the use of this snap-in. - If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -- If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +- If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -- If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +- If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. -- If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. +- If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. -- If this policy setting is not configured or enabled, the snap-in is permitted. +- If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -7012,17 +7012,17 @@ This policy setting permits or prohibits the use of this snap-in. - If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -- If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +- If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -- If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +- If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. -- If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. +- If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. -- If this policy setting is not configured or enabled, the snap-in is permitted. +- If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -7081,17 +7081,17 @@ This policy setting permits or prohibits the use of this snap-in. - If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -- If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +- If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -- If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +- If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. -- If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. +- If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. -- If this policy setting is not configured or enabled, the snap-in is permitted. +- If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -7150,17 +7150,17 @@ This policy setting permits or prohibits the use of this snap-in. - If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -- If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +- If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -- If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +- If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. -- If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. +- If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. -- If this policy setting is not configured or enabled, the snap-in is permitted. +- If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. diff --git a/windows/client-management/mdm/policy-csp-admx-mobilepcmobilitycenter.md b/windows/client-management/mdm/policy-csp-admx-mobilepcmobilitycenter.md index 5ca5caf29f..2ae1fe9ece 100644 --- a/windows/client-management/mdm/policy-csp-admx-mobilepcmobilitycenter.md +++ b/windows/client-management/mdm/policy-csp-admx-mobilepcmobilitycenter.md @@ -41,11 +41,11 @@ ms.topic: reference This policy setting turns off Windows Mobility Center. -- If you enable this policy setting, the user is unable to invoke Windows Mobility Center. The Windows Mobility Center UI is removed from all shell entry points and the .exe file does not launch it. +- If you enable this policy setting, the user is unable to invoke Windows Mobility Center. The Windows Mobility Center UI is removed from all shell entry points and the .exe file doesn't launch it. - If you disable this policy setting, the user is able to invoke Windows Mobility Center and the .exe file launches it. -- If you do not configure this policy setting, Windows Mobility Center is on by default. +- If you don't configure this policy setting, Windows Mobility Center is on by default. @@ -102,11 +102,11 @@ This policy setting turns off Windows Mobility Center. This policy setting turns off Windows Mobility Center. -- If you enable this policy setting, the user is unable to invoke Windows Mobility Center. The Windows Mobility Center UI is removed from all shell entry points and the .exe file does not launch it. +- If you enable this policy setting, the user is unable to invoke Windows Mobility Center. The Windows Mobility Center UI is removed from all shell entry points and the .exe file doesn't launch it. - If you disable this policy setting, the user is able to invoke Windows Mobility Center and the .exe file launches it. -- If you do not configure this policy setting, Windows Mobility Center is on by default. +- If you don't configure this policy setting, Windows Mobility Center is on by default. diff --git a/windows/client-management/mdm/policy-csp-admx-mobilepcpresentationsettings.md b/windows/client-management/mdm/policy-csp-admx-mobilepcpresentationsettings.md index 0d04549df1..1ddbf7a393 100644 --- a/windows/client-management/mdm/policy-csp-admx-mobilepcpresentationsettings.md +++ b/windows/client-management/mdm/policy-csp-admx-mobilepcpresentationsettings.md @@ -41,14 +41,14 @@ ms.topic: reference This policy setting turns off Windows presentation settings. -- If you enable this policy setting, Windows presentation settings cannot be invoked. +- If you enable this policy setting, Windows presentation settings can't be invoked. - If you disable this policy setting, Windows presentation settings can be invoked. The presentation settings icon will be displayed in the notification area. This will give users a quick and easy way to configure their system settings before a presentation to block system notifications and screen blanking, adjust speaker volume, and apply a custom background image. > [!NOTE] > Users will be able to customize their system settings for presentations in Windows Mobility Center. -- If you do not configure this policy setting, Windows presentation settings can be invoked. +- If you don't configure this policy setting, Windows presentation settings can be invoked. @@ -105,14 +105,14 @@ This policy setting turns off Windows presentation settings. This policy setting turns off Windows presentation settings. -- If you enable this policy setting, Windows presentation settings cannot be invoked. +- If you enable this policy setting, Windows presentation settings can't be invoked. - If you disable this policy setting, Windows presentation settings can be invoked. The presentation settings icon will be displayed in the notification area. This will give users a quick and easy way to configure their system settings before a presentation to block system notifications and screen blanking, adjust speaker volume, and apply a custom background image. > [!NOTE] > Users will be able to customize their system settings for presentations in Windows Mobility Center. -- If you do not configure this policy setting, Windows presentation settings can be invoked. +- If you don't configure this policy setting, Windows presentation settings can be invoked. diff --git a/windows/client-management/mdm/policy-csp-admx-msapolicy.md b/windows/client-management/mdm/policy-csp-admx-msapolicy.md index bc85af259e..9de24482ba 100644 --- a/windows/client-management/mdm/policy-csp-admx-msapolicy.md +++ b/windows/client-management/mdm/policy-csp-admx-msapolicy.md @@ -42,10 +42,10 @@ ms.topic: reference This setting controls whether users can provide Microsoft accounts for authentication for applications or services. - If this setting is enabled, all applications and services on the device are prevented from using Microsoft accounts for authentication. -This applies both to existing users of a device and new users who may be added. However, any application or service that has already authenticated a user will not be affected by enabling this setting until the authentication cache expires. -It is recommended to enable this setting before any user signs in to a device to prevent cached tokens from being present. +This applies both to existing users of a device and new users who may be added. However, any application or service that has already authenticated a user won't be affected by enabling this setting until the authentication cache expires. +It's recommended to enable this setting before any user signs in to a device to prevent cached tokens from being present. - If this setting is disabled or not configured, applications and services can use Microsoft accounts for authentication. -By default, this setting is Disabled. This setting does not affect whether users can sign in to devices by using Microsoft accounts, or the ability for users to provide Microsoft accounts via the browser for authentication with web-based applications. +By default, this setting is Disabled. This setting doesn't affect whether users can sign in to devices by using Microsoft accounts, or the ability for users to provide Microsoft accounts via the browser for authentication with web-based applications. diff --git a/windows/client-management/mdm/policy-csp-admx-msched.md b/windows/client-management/mdm/policy-csp-admx-msched.md index 2c02c6f548..f0e2bda261 100644 --- a/windows/client-management/mdm/policy-csp-admx-msched.md +++ b/windows/client-management/mdm/policy-csp-admx-msched.md @@ -45,7 +45,7 @@ The maintenance activation boundary is the daily schduled time at which Automati - If you enable this policy setting, this will override the default daily scheduled time as specified in Security and Maintenance/Automatic Maintenance Control Panel. -- If you disable or do not configure this policy setting, the daily scheduled time as specified in Security and Maintenance/Automatic Maintenance Control Panel will apply. +- If you disable or don't configure this policy setting, the daily scheduled time as specified in Security and Maintenance/Automatic Maintenance Control Panel will apply. @@ -105,7 +105,7 @@ The maintenance random delay is the amount of time up to which Automatic Mainten - If you enable this policy setting, Automatic Maintenance will delay starting from its Activation Boundary, by upto this time. -- If you do not configure this policy setting, 4 hour random delay will be applied to Automatic Maintenance. +- If you don't configure this policy setting, 4 hour random delay will be applied to Automatic Maintenance. - If you disable this policy setting, no random delay will be applied to Automatic Maintenance. diff --git a/windows/client-management/mdm/policy-csp-admx-msdt.md b/windows/client-management/mdm/policy-csp-admx-msdt.md index 1a68161d76..76b49c1861 100644 --- a/windows/client-management/mdm/policy-csp-admx-msdt.md +++ b/windows/client-management/mdm/policy-csp-admx-msdt.md @@ -45,9 +45,9 @@ This policy setting configures Microsoft Support Diagnostic Tool (MSDT) interact By default, the support provider is set to Microsoft Corporation. -- If you disable this policy setting, MSDT cannot run in support mode, and no data can be collected or sent to the support provider. +- If you disable this policy setting, MSDT can't run in support mode, and no data can be collected or sent to the support provider. -- If you do not configure this policy setting, MSDT support mode is enabled by default. +- If you don't configure this policy setting, MSDT support mode is enabled by default. No reboots or service restarts are required for this policy setting to take effect. Changes take effect immediately. @@ -116,13 +116,13 @@ These tools are required to completely troubleshoot the problem. If tool downloa - If you disable this policy setting, MSDT never downloads tools, and is unable to diagnose problems on remote computers. -- If you do not configure this policy setting, MSDT prompts the user before downloading any additional tools. +- If you don't configure this policy setting, MSDT prompts the user before downloading any additional tools. No reboots or service restarts are required for this policy setting to take effect. Changes take effect immediately. This policy setting will take effect only when MSDT is enabled. -This policy setting will only take effect when the Diagnostic Policy Service (DPS) is in the running state. When the service is stopped or disabled, diagnostic scenarios are not executed. The DPS can be configured with the Services snap-in to the Microsoft Management Console. +This policy setting will only take effect when the Diagnostic Policy Service (DPS) is in the running state. When the service is stopped or disabled, diagnostic scenarios aren't executed. The DPS can be configured with the Services snap-in to the Microsoft Management Console. @@ -183,15 +183,15 @@ Microsoft Support Diagnostic Tool (MSDT) gathers diagnostic data for analysis by - If you enable this policy setting, administrators can use MSDT to collect and send diagnostic data to a support professional to resolve a problem. -- If you disable this policy setting, MSDT cannot gather diagnostic data. +- If you disable this policy setting, MSDT can't gather diagnostic data. -- If you do not configure this policy setting, MSDT is turned on by default. +- If you don't configure this policy setting, MSDT is turned on by default. -This policy setting takes effect only if the diagnostics-wide scenario execution policy is not configured. +This policy setting takes effect only if the diagnostics-wide scenario execution policy isn't configured. No reboots or service restarts are required for this policy setting to take effect. Changes take effect immediately. -This policy setting will only take effect when the Diagnostic Policy Service (DPS) is in the running state. When the service is stopped or disabled, diagnostic scenarios will not be executed. The DPS can be configured with the Services snap-in to the Microsoft Management Console. +This policy setting will only take effect when the Diagnostic Policy Service (DPS) is in the running state. When the service is stopped or disabled, diagnostic scenarios won't be executed. The DPS can be configured with the Services snap-in to the Microsoft Management Console. diff --git a/windows/client-management/mdm/policy-csp-admx-msi.md b/windows/client-management/mdm/policy-csp-admx-msi.md index 815a68978c..f59500cda3 100644 --- a/windows/client-management/mdm/policy-csp-admx-msi.md +++ b/windows/client-management/mdm/policy-csp-admx-msi.md @@ -43,11 +43,11 @@ This policy setting allows users to search for installation files during privile - If you enable this policy setting, the Browse button in the "Use feature from" dialog box is enabled. As a result, users can search for installation files even when the installation program is running with elevated system privileges. -Because the installation is running with elevated system privileges, users can browse through directories that their own permissions would not allow. +Because the installation is running with elevated system privileges, users can browse through directories that their own permissions wouldn't allow. -This policy setting does not affect installations that run in the user's security context. Also, see the "Remove browse dialog box for new source" policy setting. +This policy setting doesn't affect installations that run in the user's security context. Also, see the "Remove browse dialog box for new source" policy setting. -- If you disable or do not configure this policy setting, by default, only system administrators can browse during installations with elevated privileges, such as installations offered on the desktop or displayed in Add or Remove Programs. +- If you disable or don't configure this policy setting, by default, only system administrators can browse during installations with elevated privileges, such as installations offered on the desktop or displayed in Add or Remove Programs. @@ -106,9 +106,9 @@ This policy setting allows users to install programs from removable media during - If you enable this policy setting, all users are permitted to install programs from removable media, such as floppy disks and CD-ROMs, even when the installation program is running with elevated system privileges. -This policy setting does not affect installations that run in the user's security context. By default, users can install from removable media when the installation runs in their own security context. +This policy setting doesn't affect installations that run in the user's security context. By default, users can install from removable media when the installation runs in their own security context. -- If you disable or do not configure this policy setting, by default, users can install programs from removable media only when the installation runs in the user's security context. During privileged installations, such as those offered on the desktop or displayed in Add or Remove Programs, only system administrators can install from removable media. +- If you disable or don't configure this policy setting, by default, users can install programs from removable media only when the installation runs in the user's security context. During privileged installations, such as those offered on the desktop or displayed in Add or Remove Programs, only system administrators can install from removable media. Also, see the "Prevent removable media source for any install" policy setting. @@ -169,9 +169,9 @@ This policy setting allows users to patch elevated products. - If you enable this policy setting, all users are permitted to install patches, even when the installation program is running with elevated system privileges. Patches are updates or upgrades that replace only those program files that have changed. Because patches can easily be vehicles for malicious programs, some installations prohibit their use. -- If you disable or do not configure this policy setting, by default, only system administrators can apply patches during installations with elevated privileges, such as installations offered on the desktop or displayed in Add or Remove Programs. +- If you disable or don't configure this policy setting, by default, only system administrators can apply patches during installations with elevated privileges, such as installations offered on the desktop or displayed in Add or Remove Programs. -This policy setting does not affect installations that run in the user's security context. By default, users can install patches to programs that run in their own security context. Also, see the "Prohibit patching" policy setting. +This policy setting doesn't affect installations that run in the user's security context. By default, users can install patches to programs that run in their own security context. Also, see the "Prohibit patching" policy setting. @@ -236,7 +236,7 @@ This policy setting controls Windows Installer's interaction with the Restart Ma - The "Restart Manager Off for Legacy App Setup" option applies to packages that were created for Windows Installer versions lesser than 4.0. This option lets those packages display the legacy files in use UI while still using Restart Manager for detection. -- If you disable or do not configure this policy setting, Windows Installer will use Restart Manager to detect files in use and mitigate a system restart, when possible. +- If you disable or don't configure this policy setting, Windows Installer will use Restart Manager to detect files in use and mitigate a system restart, when possible. @@ -296,9 +296,9 @@ This policy setting prevents users from searching for installation files when th This policy setting applies even when the installation is running in the user's security context. -- If you disable or do not configure this policy setting, the Browse button is enabled when an installation is running in the user's security context. But only system administrators can browse when an installation is running with elevated system privileges, such as installations offered on the desktop or in Add or Remove Programs. +- If you disable or don't configure this policy setting, the Browse button is enabled when an installation is running in the user's security context. But only system administrators can browse when an installation is running with elevated system privileges, such as installations offered on the desktop or in Add or Remove Programs. -This policy setting affects Windows Installer only. It does not prevent users from selecting other browsers, such as File Explorer or Network Locations, to search for installation files. +This policy setting affects Windows Installer only. It doesn't prevent users from selecting other browsers, such as File Explorer or Network Locations, to search for installation files. Also, see the "Enable user to browse for source while elevated" policy setting. @@ -359,7 +359,7 @@ This policy setting controls the ability to turn off all patch optimizations. - If you enable this policy setting, all Patch Optimization options are turned off during the installation. -- If you disable or do not configure this policy setting, it enables faster application of patches by removing execution of unnecessary actions. The flyweight patching mode is primarily designed for patches that just update a few files or registry values. The Installer will analyze the patch for specific changes to determine if optimization is possible. If so, the patch will be applied using a minimal set of processing. +- If you disable or don't configure this policy setting, it enables faster application of patches by removing execution of unnecessary actions. The flyweight patching mode is primarily designed for patches that just update a few files or registry values. The Installer will analyze the patch for specific changes to determine if optimization is possible. If so, the patch will be applied using a minimal set of processing. @@ -421,7 +421,7 @@ This policy setting controls Windows Installer's processing of the MsiLogging pr - The "Logging via package settings off" option turns off the automatic logging behavior when specified via the MsiLogging policy. Log files can still be generated using the logging command line switch or the Logging policy. -- If you disable or do not configure this policy setting, Windows Installer will automatically generate log files for those packages that include the MsiLogging property. +- If you disable or don't configure this policy setting, Windows Installer will automatically generate log files for those packages that include the MsiLogging property. @@ -477,11 +477,11 @@ This policy setting controls Windows Installer's processing of the MsiLogging pr This policy setting prevents users from installing any programs from removable media. -- If you enable this policy setting, if a user tries to install a program from removable media, such as CD-ROMs, floppy disks, and DVDs, a message appears stating that the feature cannot be found. +- If you enable this policy setting, if a user tries to install a program from removable media, such as CD-ROMs, floppy disks, and DVDs, a message appears stating that the feature can't be found. This policy setting applies even when the installation is running in the user's security context. -- If you disable or do not configure this policy setting, users can install from removable media when the installation is running in their own security context, but only system administrators can use removable media when an installation is running with elevated system privileges, such as installations offered on the desktop or in Add or Remove Programs. +- If you disable or don't configure this policy setting, users can install from removable media when the installation is running in their own security context, but only system administrators can use removable media when an installation is running with elevated system privileges, such as installations offered on the desktop or in Add or Remove Programs. Also, see the "Enable user to use media source while elevated" and "Hide the 'Add a program from CD-ROM or floppy disk' option" policy settings. @@ -542,13 +542,13 @@ This policy setting restricts the use of Windows Installer. If you enable this policy setting, you can prevent users from installing software on their systems or permit users to install only those programs offered by a system administrator. You can use the options in the Disable Windows Installer box to establish an installation setting. -- The "Never" option indicates Windows Installer is fully enabled. Users can install and upgrade software. This is the default behavior for Windows Installer on Windows 2000 Professional, Windows XP Professional and Windows Vista when the policy is not configured. +- The "Never" option indicates Windows Installer is fully enabled. Users can install and upgrade software. This is the default behavior for Windows Installer on Windows 2000 Professional, Windows XP Professional and Windows Vista when the policy isn't configured. -- The "For non-managed applications only" option permits users to install only those programs that a system administrator assigns (offers on the desktop) or publishes (adds them to Add or Remove Programs). This is the default behavior of Windows Installer on Windows Server 2003 family when the policy is not configured. +- The "For non-managed applications only" option permits users to install only those programs that a system administrator assigns (offers on the desktop) or publishes (adds them to Add or Remove Programs). This is the default behavior of Windows Installer on Windows Server 2003 family when the policy isn't configured. - The "Always" option indicates that Windows Installer is disabled. -This policy setting affects Windows Installer only. It does not prevent users from using other methods to install and upgrade programs. +This policy setting affects Windows Installer only. It doesn't prevent users from using other methods to install and upgrade programs. @@ -609,7 +609,7 @@ This policy setting prevents users from using Windows Installer to install patch > [!NOTE] > This policy setting applies only to installations that run in the user's security context. -- If you disable or do not configure this policy setting, by default, users who are not system administrators cannot apply patches to installations that run with elevated system privileges, such as those offered on the desktop or in Add or Remove Programs. +- If you disable or don't configure this policy setting, by default, users who aren't system administrators can't apply patches to installations that run with elevated system privileges, such as those offered on the desktop or in Add or Remove Programs. Also, see the "Enable user to patch elevated products" policy setting. @@ -668,11 +668,11 @@ Also, see the "Enable user to patch elevated products" policy setting. This policy setting prohibits Windows Installer from generating and saving the files it needs to reverse an interrupted or unsuccessful installation. -If you enable this policy setting, Windows Installer is prevented from recording the original state of the system and sequence of changes it makes during installation. It also prevents Windows Installer from retaining files it intends to delete later. As a result, Windows Installer cannot restore the computer to its original state if the installation does not complete. +If you enable this policy setting, Windows Installer is prevented from recording the original state of the system and sequence of changes it makes during installation. It also prevents Windows Installer from retaining files it intends to delete later. As a result, Windows Installer can't restore the computer to its original state if the installation doesn't complete. -This policy setting is designed to reduce the amount of temporary disk space required to install programs. Also, it prevents malicious users from interrupting an installation to gather data about the internal state of the computer or to search secure system files. However, because an incomplete installation can render the system or a program inoperable, do not use this policy setting unless it is essential. +This policy setting is designed to reduce the amount of temporary disk space required to install programs. Also, it prevents malicious users from interrupting an installation to gather data about the internal state of the computer or to search secure system files. However, because an incomplete installation can render the system or a program inoperable, don't use this policy setting unless it's essential. -This policy setting appears in the Computer Configuration and User Configuration folders. If the policy setting is enabled in either folder, it is considered be enabled, even if it is explicitly disabled in the other folder. +This policy setting appears in the Computer Configuration and User Configuration folders. If the policy setting is enabled in either folder, it's considered be enabled, even if it's explicitly disabled in the other folder. @@ -729,11 +729,11 @@ This policy setting appears in the Computer Configuration and User Configuration This policy setting prohibits Windows Installer from generating and saving the files it needs to reverse an interrupted or unsuccessful installation. -If you enable this policy setting, Windows Installer is prevented from recording the original state of the system and sequence of changes it makes during installation. It also prevents Windows Installer from retaining files it intends to delete later. As a result, Windows Installer cannot restore the computer to its original state if the installation does not complete. +If you enable this policy setting, Windows Installer is prevented from recording the original state of the system and sequence of changes it makes during installation. It also prevents Windows Installer from retaining files it intends to delete later. As a result, Windows Installer can't restore the computer to its original state if the installation doesn't complete. -This policy setting is designed to reduce the amount of temporary disk space required to install programs. Also, it prevents malicious users from interrupting an installation to gather data about the internal state of the computer or to search secure system files. However, because an incomplete installation can render the system or a program inoperable, do not use this policy setting unless it is essential. +This policy setting is designed to reduce the amount of temporary disk space required to install programs. Also, it prevents malicious users from interrupting an installation to gather data about the internal state of the computer or to search secure system files. However, because an incomplete installation can render the system or a program inoperable, don't use this policy setting unless it's essential. -This policy setting appears in the Computer Configuration and User Configuration folders. If the policy setting is enabled in either folder, it is considered be enabled, even if it is explicitly disabled in the other folder. +This policy setting appears in the Computer Configuration and User Configuration folders. If the policy setting is enabled in either folder, it's considered be enabled, even if it's explicitly disabled in the other folder. @@ -792,7 +792,7 @@ This policy setting controls the ability to turn off shared components. - If you enable this policy setting, no packages on the system get the shared component functionality enabled by the msidbComponentAttributesShared attribute in the Component Table. -- If you disable or do not configure this policy setting, by default, the shared component functionality is allowed. +- If you disable or don't configure this policy setting, by default, the shared component functionality is allowed. @@ -853,7 +853,7 @@ Non-administrator updates provide a mechanism for the author of an application t - If you enable this policy setting, only administrators or users with administrative privileges can apply updates to Windows Installer based applications. -- If you disable or do not configure this policy setting, users without administrative privileges can install non-administrator updates. +- If you disable or don't configure this policy setting, users without administrative privileges can install non-administrator updates. @@ -910,11 +910,11 @@ Non-administrator updates provide a mechanism for the author of an application t This policy setting controls the ability for users or administrators to remove Windows Installer based updates. -This policy setting should be used if you need to maintain a tight control over updates. One example is a lockdown environment where you want to ensure that updates once installed cannot be removed by users or administrators. +This policy setting should be used if you need to maintain a tight control over updates. One example is a lockdown environment where you want to ensure that updates once installed can't be removed by users or administrators. -- If you enable this policy setting, updates cannot be removed from the computer by a user or an administrator. The Windows Installer can still remove an update that is no longer applicable to the product. +- If you enable this policy setting, updates can't be removed from the computer by a user or an administrator. The Windows Installer can still remove an update that's no longer applicable to the product. -- If you disable or do not configure this policy setting, a user can remove an update from the computer only if the user has been granted privileges to remove the update. This can depend on whether the user is an administrator, whether "Disable Windows Installer" and "Always install with elevated privileges" policy settings are set, and whether the update was installed in a per-user managed, per-user unmanaged, or per-machine context." +- If you disable or don't configure this policy setting, a user can remove an update from the computer only if the user has been granted privileges to remove the update. This can depend on whether the user is an administrator, whether "Disable Windows Installer" and "Always install with elevated privileges" policy settings are set, and whether the update was installed in a per-user managed, per-user unmanaged, or per-machine context." @@ -971,9 +971,9 @@ This policy setting should be used if you need to maintain a tight control over This policy setting prevents Windows Installer from creating a System Restore checkpoint each time an application is installed. System Restore enables users, in the event of a problem, to restore their computers to a previous state without losing personal data files. -- If you enable this policy setting, the Windows Installer does not generate System Restore checkpoints when installing applications. +- If you enable this policy setting, the Windows Installer doesn't generate System Restore checkpoints when installing applications. -- If you disable or do not configure this policy setting, by default, the Windows Installer automatically creates a System Restore checkpoint each time an application is installed, so that users can restore their computer to the state it was in before installing the application. +- If you disable or don't configure this policy setting, by default, the Windows Installer automatically creates a System Restore checkpoint each time an application is installed, so that users can restore their computer to the state it was in before installing the application. @@ -1030,7 +1030,7 @@ This policy setting prevents Windows Installer from creating a System Restore ch This policy setting allows you to configure user installs. To configure this policy setting, set it to enabled and use the drop-down list to select the behavior you want. -- If you do not configure this policy setting, or if the policy setting is enabled and "Allow User Installs" is selected, the installer allows and makes use of products that are installed per user, and products that are installed per computer. If the installer finds a per-user install of an application, this hides a per-computer installation of that same product. +- If you don't configure this policy setting, or if the policy setting is enabled and "Allow User Installs" is selected, the installer allows and makes use of products that are installed per user, and products that are installed per computer. If the installer finds a per-user install of an application, this hides a per-computer installation of that same product. - If you enable this policy setting and "Hide User Installs" is selected, the installer ignores per-user applications. This causes a per-computer installed application to be visible to users, even if those users have a per-user install of the product registered in their user profile. @@ -1096,7 +1096,7 @@ This can also occur if you change the GUID of a component. The component identif (2) Add a new feature to the top or middle of an existing feature tree. The new feature must be added as a new leaf feature to an existing feature tree. -- If you disable or do not configure this policy setting, the Windows Installer will use less restrictive rules for component upgrades. +- If you disable or don't configure this policy setting, the Windows Installer will use less restrictive rules for component upgrades. @@ -1161,7 +1161,7 @@ If you set the baseline cache size to 0, the Windows Installer will stop populat If you set the baseline cache to 100, the Windows Installer will use available free space for the baseline file cache. -- If you disable or do not configure this policy setting, the Windows Installer will uses a default value of 10 percent for the baseline file cache maximum size. +- If you disable or don't configure this policy setting, the Windows Installer will uses a default value of 10 percent for the baseline file cache maximum size. @@ -1219,7 +1219,7 @@ This policy setting controls the ability to prevent embedded UI. - If you enable this policy setting, no packages on the system can run embedded UI. -- If you disable or do not configure this policy setting, embedded UI is allowed to run. +- If you disable or don't configure this policy setting, embedded UI is allowed to run. @@ -1280,7 +1280,7 @@ When you enable this policy setting, you can specify the types of events you wan To disable logging, delete all of the letters from the box. -If you disable or do not configure this policy setting, Windows Installer logs the default event types, represented by the letters "iweap." +If you disable or don't configure this policy setting, Windows Installer logs the default event types, represented by the letters "iweap." @@ -1336,7 +1336,7 @@ If you disable or do not configure this policy setting, Windows Installer logs t This policy setting allows Web-based programs to install software on the computer without notifying the user. -- If you disable or do not configure this policy setting, by default, when a script hosted by an Internet browser tries to install a program on the system, the system warns users and allows them to select or refuse the installation. +- If you disable or don't configure this policy setting, by default, when a script hosted by an Internet browser tries to install a program on the system, the system warns users and allows them to select or refuse the installation. - If you enable this policy setting, the warning is suppressed and allows the installation to proceed. @@ -1397,7 +1397,7 @@ This policy setting is designed for enterprises that use Web-based tools to dist This policy setting specifies the order in which Windows Installer searches for installation files. -- If you disable or do not configure this policy setting, by default, the Windows Installer searches the network first, then removable media (floppy drive, CD-ROM, or DVD), and finally, the Internet (URL). +- If you disable or don't configure this policy setting, by default, the Windows Installer searches the network first, then removable media (floppy drive, CD-ROM, or DVD), and finally, the Internet (URL). - If you enable this policy setting, you can change the search order by specifying the letters representing each file source in the order that you want Windows Installer to search: @@ -1467,13 +1467,13 @@ Transform files consist of instructions to modify or customize a program during - If you enable this policy setting, the transform file is saved in a secure location on the user's computer. -- If you do not configure this policy setting on Windows Server 2003, Windows Installer requires the transform file in order to repeat an installation in which the transform file was used, therefore, the user must be using the same computer or be connected to the original or identical media to reinstall, remove, or repair the installation. +- If you don't configure this policy setting on Windows Server 2003, Windows Installer requires the transform file in order to repeat an installation in which the transform file was used, therefore, the user must be using the same computer or be connected to the original or identical media to reinstall, remove, or repair the installation. This policy setting is designed for enterprises to prevent unauthorized or malicious editing of transform files. - If you disable this policy setting, Windows Installer stores transform files in the Application Data directory in the user's profile. -- If you do not configure this policy setting on Windows 2000 Professional, Windows XP Professional and Windows Vista, when a user reinstalls, removes, or repairs an installation, the transform file is available, even if the user is on a different computer or is not connected to the network. +- If you don't configure this policy setting on Windows 2000 Professional, Windows XP Professional and Windows Vista, when a user reinstalls, removes, or repairs an installation, the transform file is available, even if the user is on a different computer or isn't connected to the network. diff --git a/windows/client-management/mdm/policy-csp-admx-msifilerecovery.md b/windows/client-management/mdm/policy-csp-admx-msifilerecovery.md index 4095627d3a..e7fead69d7 100644 --- a/windows/client-management/mdm/policy-csp-admx-msifilerecovery.md +++ b/windows/client-management/mdm/policy-csp-admx-msifilerecovery.md @@ -45,18 +45,18 @@ Prompt for Resolution: Detection, troubleshooting, and recovery of corrupted MSI Silent: Detection, troubleshooting, and notification of MSI application to reinstall will occur with no UI. Windows will log an event when corruption is determined and will suggest the application that should be re-installed. This behavior is recommended for headless operation and is the default recovery behavior on Windows server. -Troubleshooting Only: Detection and verification of file corruption will be performed without UI. Recovery is not attempted. +Troubleshooting Only: Detection and verification of file corruption will be performed without UI. Recovery isn't attempted. - If you enable this policy setting, the recovery behavior for corrupted files is set to either the Prompt For Resolution (default on Windows client), Silent (default on Windows server), or Troubleshooting Only. - If you disable this policy setting, the troubleshooting and recovery behavior for corrupted files will be disabled. No troubleshooting or resolution will be attempted. -- If you do not configure this policy setting, the recovery behavior for corrupted files will be set to the default recovery behavior. +- If you don't configure this policy setting, the recovery behavior for corrupted files will be set to the default recovery behavior. No system or service restarts are required for changes to this policy setting to take immediate effect after a Group Policy refresh. > [!NOTE] -> This policy setting will take effect only when the Diagnostic Policy Service (DPS) is in the running state. When the service is stopped or disabled, system file recovery will not be attempted. The DPS can be configured with the Services snap-in to the Microsoft Management Console. +> This policy setting will take effect only when the Diagnostic Policy Service (DPS) is in the running state. When the service is stopped or disabled, system file recovery won't be attempted. The DPS can be configured with the Services snap-in to the Microsoft Management Console. diff --git a/windows/client-management/mdm/policy-csp-admx-nca.md b/windows/client-management/mdm/policy-csp-admx-nca.md index fae30f7ced..be96a03888 100644 --- a/windows/client-management/mdm/policy-csp-admx-nca.md +++ b/windows/client-management/mdm/policy-csp-admx-nca.md @@ -53,9 +53,9 @@ Important At least one of the entries must be a PING: resource. -- A Uniform Resource Locator (URL) that NCA queries with a Hypertext Transfer Protocol (HTTP) request. The contents of the web page do not matter. The syntax is "HTTP:" followed by a URL. The host portion of the URL must resolve to an IPv6 address of a Web server or contain an IPv6 address. Examples: HTTP:https://myserver.corp.contoso.com/ or HTTP:https://2002:836b:1::1/. +- A Uniform Resource Locator (URL) that NCA queries with a Hypertext Transfer Protocol (HTTP) request. The contents of the web page don't matter. The syntax is "HTTP:" followed by a URL. The host portion of the URL must resolve to an IPv6 address of a Web server or contain an IPv6 address. Examples: HTTP:https://myserver.corp.contoso.com/ or HTTP:https://2002:836b:1::1/. -- A Universal Naming Convention (UNC) path to a file that NCA checks for existence. The contents of the file do not matter. The syntax is "FILE:" followed by a UNC path. The ComputerName portion of the UNC path must resolve to an IPv6 address or contain an IPv6 address. Examples: FILE:\\myserver\myshare\test.txt or FILE:\\2002:836b:1::1\myshare\test.txt. +- A Universal Naming Convention (UNC) path to a file that NCA checks for existence. The contents of the file don't matter. The syntax is "FILE:" followed by a UNC path. The ComputerName portion of the UNC path must resolve to an IPv6 address or contain an IPv6 address. Examples: FILE:\\myserver\myshare\test.txt or FILE:\\2002:836b:1::1\myshare\test.txt. You must configure this setting to have complete NCA functionality. @@ -227,7 +227,7 @@ You must configure this setting to have complete NCA functionality. Specifies the string that appears for DirectAccess connectivity when the user clicks the Networking notification area icon. For example, you can specify "Contoso Intranet Access" for the DirectAccess clients of the Contoso Corporation. -If this setting is not configured, the string that appears for DirectAccess connectivity is "Corporate Connection". +If this setting isn't configured, the string that appears for DirectAccess connectivity is "Corporate Connection". @@ -283,16 +283,16 @@ If this setting is not configured, the string that appears for DirectAccess conn Specifies whether the user has Connect and Disconnect options for the DirectAccess entry when the user clicks the Networking notification area icon. -If the user clicks the Disconnect option, NCA removes the DirectAccess rules from the [Name Resolution Policy Table](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn593632(v=ws.11)) (NRPT) and the DirectAccess client computer uses whatever normal name resolution is available to the client computer in its current network configuration, including sending all DNS queries to the local intranet or Internet DNS servers. Note that NCA does not remove the existing IPsec tunnels and users can still access intranet resources across the DirectAccess server by specifying IPv6 addresses rather than names. +If the user clicks the Disconnect option, NCA removes the DirectAccess rules from the [Name Resolution Policy Table](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn593632(v=ws.11)) (NRPT) and the DirectAccess client computer uses whatever normal name resolution is available to the client computer in its current network configuration, including sending all DNS queries to the local intranet or Internet DNS servers. Note that NCA doesn't remove the existing IPsec tunnels and users can still access intranet resources across the DirectAccess server by specifying IPv6 addresses rather than names. -The ability to disconnect allows users to specify single-label, unqualified names (such as "PRINTSVR") for local resources when connected to a different intranet and for temporary access to intranet resources when network location detection has not correctly determined that the DirectAccess client computer is connected to its own intranet. +The ability to disconnect allows users to specify single-label, unqualified names (such as "PRINTSVR") for local resources when connected to a different intranet and for temporary access to intranet resources when network location detection hasn't correctly determined that the DirectAccess client computer is connected to its own intranet. To restore the DirectAccess rules to the NRPT and resume normal DirectAccess functionality, the user clicks Connect. Note If the DirectAccess client computer is on the intranet and has correctly determined its network location, the Disconnect option has no effect because the rules for DirectAccess are already removed from the NRPT. -If this setting is not configured, users do not have Connect or Disconnect options. +If this setting isn't configured, users don't have Connect or Disconnect options. @@ -349,7 +349,7 @@ If this setting is not configured, users do not have Connect or Disconnect optio Specifies whether NCA service runs in Passive Mode or not. -Set this to Disabled to keep NCA probing actively all the time. If this setting is not configured, NCA probing is in active mode by default. +Set this to Disabled to keep NCA probing actively all the time. If this setting isn't configured, NCA probing is in active mode by default. @@ -408,7 +408,7 @@ Specifies whether an entry for DirectAccess connectivity appears when the user c Set this to Disabled to prevent user confusion when you are just using DirectAccess to remotely manage DirectAccess client computers from your intranet and not providing seamless intranet access. -If this setting is not configured, the entry for DirectAccess connectivity appears. +If this setting isn't configured, the entry for DirectAccess connectivity appears. diff --git a/windows/client-management/mdm/policy-csp-admx-ncsi.md b/windows/client-management/mdm/policy-csp-admx-ncsi.md index efd6152977..ccb12eb3e6 100644 --- a/windows/client-management/mdm/policy-csp-admx-ncsi.md +++ b/windows/client-management/mdm/policy-csp-admx-ncsi.md @@ -263,7 +263,7 @@ This policy setting enables you to specify the URL of the corporate website, aga -This policy setting enables you to specify the HTTPS URL of the corporate website that clients use to determine the current domain location (i.e. whether the computer is inside or outside the corporate network). Reachability of the URL destination indicates that the client location is inside corporate network; otherwise it is outside the network. +This policy setting enables you to specify the HTTPS URL of the corporate website that clients use to determine the current domain location (i.e. whether the computer is inside or outside the corporate network). Reachability of the URL destination indicates that the client location is inside corporate network; otherwise it's outside the network. @@ -319,7 +319,7 @@ This policy setting enables you to specify the HTTPS URL of the corporate websit -This policy setting enables you to specify DNS binding behavior. NCSI by default will restrict DNS lookups to the interface it is currently probing on. If you enable this setting, NCSI will allow the DNS lookups to happen on any interface. +This policy setting enables you to specify DNS binding behavior. NCSI by default will restrict DNS lookups to the interface it's currently probing on. If you enable this setting, NCSI will allow the DNS lookups to happen on any interface. diff --git a/windows/client-management/mdm/policy-csp-admx-netlogon.md b/windows/client-management/mdm/policy-csp-admx-netlogon.md index 023bb78ff6..4b36e599a7 100644 --- a/windows/client-management/mdm/policy-csp-admx-netlogon.md +++ b/windows/client-management/mdm/policy-csp-admx-netlogon.md @@ -39,7 +39,7 @@ ms.topic: reference -This policy setting configures how a domain controller (DC) behaves when responding to a client whose IP address does not map to any configured site. +This policy setting configures how a domain controller (DC) behaves when responding to a client whose IP address doesn't map to any configured site. Domain controllers use the client IP address during a DC locator ping request to compute which Active Directory site the client belongs to. If no site mapping can be computed, the DC may do an address lookup on the client network name to discover other IP addresses which may then be used to compute a matching site for the client. @@ -51,7 +51,7 @@ The allowable values for this setting result in the following behaviors: To specify this behavior in the DC Locator DNS SRV records, click Enabled, and then enter a value. The range of values is from 0 to 2. -If you do not configure this policy setting, it is not applied to any DCs, and DCs use their local configuration. +If you don't configure this policy setting, it isn't applied to any DCs, and DCs use their local configuration. @@ -105,7 +105,7 @@ If you do not configure this policy setting, it is not applied to any DCs, and D -This policy setting detremines the type of IP address that is returned for a domain controller. The DC Locator APIs return the IP address of the DC with the other parts of information. Before the support of IPv6, the returned DC IP address was IPv4. But with the support of IPv6, the DC Locator APIs can return IPv6 DC address. The returned IPv6 DC address may not be correctly handled by some of the existing applications. So this policy is provided to support such scenarios. +This policy setting detremines the type of IP address that's returned for a domain controller. The DC Locator APIs return the IP address of the DC with the other parts of information. Before the support of IPv6, the returned DC IP address was IPv4. But with the support of IPv6, the DC Locator APIs can return IPv6 DC address. The returned IPv6 DC address may not be correctly handled by some of the existing applications. So this policy is provided to support such scenarios. By default, DC Locator APIs can return IPv4/IPv6 DC address. But if some applications are broken due to the returned IPv6 DC address, this policy can be used to disable the default behavior and enforce to return only IPv4 DC address. Once applications are fixed, this policy can be used to enable the default behavior. @@ -113,7 +113,7 @@ By default, DC Locator APIs can return IPv4/IPv6 DC address. But if some applica - If you disable this policy setting, DC Locator APIs will ONLY return IPv4 DC address if any. So if the domain controller supports both IPv4 and IPv6 addresses, DC Locator APIs will return IPv4 address. But if the domain controller supports only IPv6 address, then DC Locator APIs will fail. -- If you do not configure this policy setting, DC Locator APIs can return IPv4/IPv6 DC address. This is the default behavior of the DC Locator. +- If you don't configure this policy setting, DC Locator APIs can return IPv4/IPv6 DC address. This is the default behavior of the DC Locator. @@ -168,13 +168,13 @@ By default, DC Locator APIs can return IPv4/IPv6 DC address. But if some applica -This policy setting specifies whether the computers to which this setting is applied attemps DNS name resolution of single-lablel domain names, by appending different registered DNS suffixes, and uses NetBIOS name resolution only if DNS name resolution fails. This policy, including the specified default behavior, is not used if the AllowSingleLabelDnsDomain policy setting is enabled. +This policy setting specifies whether the computers to which this setting is applied attemps DNS name resolution of single-lablel domain names, by appending different registered DNS suffixes, and uses NetBIOS name resolution only if DNS name resolution fails. This policy, including the specified default behavior, isn't used if the AllowSingleLabelDnsDomain policy setting is enabled. By default, when no setting is specified for this policy, the behavior is the same as explicitly enabling this policy, unless the AllowSingleLabelDnsDomain policy setting is enabled. -- If you enable this policy setting, when the AllowSingleLabelDnsDomain policy is not enabled, computers to which this policy is applied, will locate a domain controller hosting an Active Directory domain specified with a single-label name, by appending different registered DNS suffixes to perform DNS name resolution. The single-label name is not used without appending DNS suffixes unless the computer is joined to a domain that has a single-label DNS name in the Active Directory forest. NetBIOS name resolution is performed on the single-label name only, in the event that DNS resolution fails. +- If you enable this policy setting, when the AllowSingleLabelDnsDomain policy isn't enabled, computers to which this policy is applied, will locate a domain controller hosting an Active Directory domain specified with a single-label name, by appending different registered DNS suffixes to perform DNS name resolution. The single-label name isn't used without appending DNS suffixes unless the computer is joined to a domain that has a single-label DNS name in the Active Directory forest. NetBIOS name resolution is performed on the single-label name only, in the event that DNS resolution fails. -- If you disable this policy setting, when the AllowSingleLabelDnsDomain policy is not enabled, computers to which this policy is applied, will only use NetBIOS name resolution to attempt to locate a domain controller hosting an Active Directory domain specified with a single-label name. The computers will not attempt DNS name resolution in this case, unless the computer is searching for a domain with a single label DNS name to which this computer is joined, in the Active Directory forest. +- If you disable this policy setting, when the AllowSingleLabelDnsDomain policy isn't enabled, computers to which this policy is applied, will only use NetBIOS name resolution to attempt to locate a domain controller hosting an Active Directory domain specified with a single-label name. The computers won't attempt DNS name resolution in this case, unless the computer is searching for a domain with a single label DNS name to which this computer is joined, in the Active Directory forest. @@ -229,15 +229,15 @@ By default, when no setting is specified for this policy, the behavior is the sa -This policy setting controls whether the Net Logon service will allow the use of older cryptography algorithms that are used in Windows NT 4.0. The cryptography algorithms used in Windows NT 4.0 and earlier are not as secure as newer algorithms used in Windows 2000 or later, including this version of Windows. +This policy setting controls whether the Net Logon service will allow the use of older cryptography algorithms that are used in Windows NT 4.0. The cryptography algorithms used in Windows NT 4.0 and earlier aren't as secure as newer algorithms used in Windows 2000 or later, including this version of Windows. -By default, Net Logon will not allow the older cryptography algorithms to be used and will not include them in the negotiation of cryptography algorithms. Therefore, computers running Windows NT 4.0 will not be able to establish a connection to this domain controller. +By default, Net Logon won't allow the older cryptography algorithms to be used and won't include them in the negotiation of cryptography algorithms. Therefore, computers running Windows NT 4.0 won't be able to establish a connection to this domain controller. - If you enable this policy setting, Net Logon will allow the negotiation and use of older cryptography algorithms compatible with Windows NT 4.0. However, using the older algorithms represents a potential security risk. -- If you disable this policy setting, Net Logon will not allow the negotiation and use of older cryptography algorithms. +- If you disable this policy setting, Net Logon won't allow the negotiation and use of older cryptography algorithms. -- If you do not configure this policy setting, Net Logon will not allow the negotiation and use of older cryptography algorithms. +- If you don't configure this policy setting, Net Logon won't allow the negotiation and use of older cryptography algorithms. @@ -298,9 +298,9 @@ By default, the behavior specified in the AllowDnsSuffixSearch is used. If the A - If you enable this policy setting, computers to which this policy is applied will attempt to locate a domain controller hosting an Active Directory domain specified with a single-label name using DNS name resolution. -- If you disable this policy setting, computers to which this setting is applied will use the AllowDnsSuffixSearch policy, if it is not disabled or perform NetBIOS name resolution otherwise, to attempt to locate a domain controller that hosts an Active Directory domain specified with a single-label name. the computers will not the DNS name resolution in this case, unless the computer is searching for a domain with a single label DNS name that exists in the Active Directory forest to which this computer is joined. +- If you disable this policy setting, computers to which this setting is applied will use the AllowDnsSuffixSearch policy, if it isn't disabled or perform NetBIOS name resolution otherwise, to attempt to locate a domain controller that hosts an Active Directory domain specified with a single-label name. the computers won't the DNS name resolution in this case, unless the computer is searching for a domain with a single label DNS name that exists in the Active Directory forest to which this computer is joined. -- If you do not configure this policy setting, it is not applied to any computers, and computers use their local configuration. +- If you don't configure this policy setting, it isn't applied to any computers, and computers use their local configuration. @@ -355,13 +355,13 @@ By default, the behavior specified in the AllowDnsSuffixSearch is used. If the A -This policy setting determines whether domain controllers (DC) will dynamically register DC Locator site-specific SRV records for the closest sites where no DC for the same domain exists (or no Global Catalog for the same forest exists). These DNS records are dynamically registered by the Net Logon service, and they are used to locate the DC. +This policy setting determines whether domain controllers (DC) will dynamically register DC Locator site-specific SRV records for the closest sites where no DC for the same domain exists (or no Global Catalog for the same forest exists). These DNS records are dynamically registered by the Net Logon service, and they're used to locate the DC. - If you enable this policy setting, the DCs to which this setting is applied dynamically register DC Locator site-specific DNS SRV records for the closest sites where no DC for the same domain, or no Global Catalog for the same forest, exists. -- If you disable this policy setting, the DCs will not register site-specific DC Locator DNS SRV records for any other sites but their own. +- If you disable this policy setting, the DCs won't register site-specific DC Locator DNS SRV records for any other sites but their own. -- If you do not configure this policy setting, it is not applied to any DCs, and DCs use their local configuration. +- If you don't configure this policy setting, it isn't applied to any DCs, and DCs use their local configuration. @@ -418,11 +418,11 @@ This policy setting determines whether domain controllers (DC) will dynamically This policy setting allows you to control the domain controller (DC) location algorithm. By default, the DC location algorithm prefers DNS-based discovery if the DNS domain name is known. If DNS-based discovery fails and the NetBIOS domain name is known, the algorithm then uses NetBIOS-based discovery as a fallback mechanism. -NetBIOS-based discovery uses a WINS server and mailslot messages but does not use site information. Hence it does not ensure that clients will discover the closest DC. It also allows a hub-site client to discover a branch-site DC even if the branch-site DC only registers site-specific DNS records (as recommended). For these reasons, NetBIOS-based discovery is not recommended. +NetBIOS-based discovery uses a WINS server and mailslot messages but doesn't use site information. Hence it doesn't ensure that clients will discover the closest DC. It also allows a hub-site client to discover a branch-site DC even if the branch-site DC only registers site-specific DNS records (as recommended). For these reasons, NetBIOS-based discovery isn't recommended. -Note that this policy setting does not affect NetBIOS-based discovery for DC location if only the NetBIOS domain name is known. +Note that this policy setting doesn't affect NetBIOS-based discovery for DC location if only the NetBIOS domain name is known. -- If you enable or do not configure this policy setting, the DC location algorithm does not use NetBIOS-based discovery as a fallback mechanism when DNS-based discovery fails. This is the default behavior. +- If you enable or don't configure this policy setting, the DC location algorithm doesn't use NetBIOS-based discovery as a fallback mechanism when DNS-based discovery fails. This is the default behavior. - If you disable this policy setting, the DC location algorithm can use NetBIOS-based discovery as a fallback mechanism when DNS based discovery fails. @@ -481,13 +481,13 @@ Note that this policy setting does not affect NetBIOS-based discovery for DC loc This policy setting defines whether a domain controller (DC) should attempt to verify the password provided by a client with the PDC emulator if the DC failed to validate the password. -Contacting the PDC emulator is useful in case the client's password was recently changed and did not propagate to the DC yet. Users may want to disable this feature if the PDC emulator is located over a slow WAN connection. +Contacting the PDC emulator is useful in case the client's password was recently changed and didn't propagate to the DC yet. Users may want to disable this feature if the PDC emulator is located over a slow WAN connection. - If you enable this policy setting, the DCs to which this policy setting applies will attempt to verify a password with the PDC emulator if the DC fails to validate the password. -- If you disable this policy setting, the DCs will not attempt to verify any passwords with the PDC emulator. +- If you disable this policy setting, the DCs won't attempt to verify any passwords with the PDC emulator. -- If you do not configure this policy setting, it is not applied to any DCs. +- If you don't configure this policy setting, it isn't applied to any DCs. @@ -551,7 +551,7 @@ This setting is relevant only to those callers of DsGetDcName that have specifie If the value of this setting is less than the value specified in the NegativeCachePeriod subkey, the value in the NegativeCachePeriod subkey is used. > [!WARNING] -> If the value for this setting is too large, a client will not attempt to find any DCs that were initially unavailable. If the value set in this setting is very small and the DC is not available, the traffic caused by periodic DC discoveries may be excessive. +> If the value for this setting is too large, a client won't attempt to find any DCs that were initially unavailable. If the value set in this setting is very small and the DC isn't available, the traffic caused by periodic DC discoveries may be excessive. @@ -616,7 +616,7 @@ If the value for this setting is smaller than the value specified for the Initia > [!WARNING] > If the value for this setting is too large, a client may take very long periods to try to find a DC. -If the value for this setting is too small and the DC is not available, the frequent retries may produce excessive network traffic. +If the value for this setting is too small and the DC isn't available, the frequent retries may produce excessive network traffic. @@ -729,7 +729,7 @@ The default value for this setting is to not quit retrying (0). The maximum valu -This policy setting determines when a successful DC cache entry is refreshed. This policy setting is applied to caller programs that periodically attempt to locate DCs, and it is applied before returning the DC information to the caller program. The default value for this setting is infinite (4294967200). The maximum value for this setting is (4294967200), while the maximum that is not treated as infinity is 49 days (49*24*60*60=4233600). Any larger value is treated as infinity. The minimum value for this setting is to always refresh (0). +This policy setting determines when a successful DC cache entry is refreshed. This policy setting is applied to caller programs that periodically attempt to locate DCs, and it's applied before returning the DC information to the caller program. The default value for this setting is infinite (4294967200). The maximum value for this setting is (4294967200), while the maximum that isn't treated as infinity is 49 days (49*24*60*60=4233600). Any larger value is treated as infinity. The minimum value for this setting is to always refresh (0). @@ -791,7 +791,7 @@ The Net Logon service outputs debug information to the log file netlogon.log in If you specify zero for this policy setting, the default behavior occurs as described above. -- If you disable this policy setting or do not configure it, the default behavior occurs as described above. +- If you disable this policy setting or don't configure it, the default behavior occurs as described above. @@ -931,14 +931,14 @@ This policy setting determines which DC Locator DNS records aren't registered by This policy setting specifies the Refresh Interval of the DC Locator DNS resource records for DCs to which this setting is applied. These DNS records are dynamically registered by the Net Logon service and are used by the DC Locator algorithm to locate the DC. This setting may be applied only to DCs using dynamic update. -DCs configured to perform dynamic registration of the DC Locator DNS resource records periodically reregister their records with DNS servers, even if their records' data has not changed. If authoritative DNS servers are configured to perform scavenging of the stale records, this reregistration is required to instruct the DNS servers configured to automatically remove (scavenge) stale records that these records are current and should be preserved in the database. +DCs configured to perform dynamic registration of the DC Locator DNS resource records periodically reregister their records with DNS servers, even if their records' data hasn't changed. If authoritative DNS servers are configured to perform scavenging of the stale records, this reregistration is required to instruct the DNS servers configured to automatically remove (scavenge) stale records that these records are current and should be preserved in the database. > [!WARNING] > If the DNS resource records are registered in zones with scavenging enabled, the value of this setting should never be longer than the Refresh Interval configured for these zones. Setting the Refresh Interval of the DC Locator DNS records to longer than the Refresh Interval of the DNS zones may result in the undesired deletion of DNS resource records. To specify the Refresh Interval of the DC records, click Enabled, and then enter a value larger than 1800. This value specifies the Refresh Interval of the DC records in seconds (for example, the value 3600 is 60 minutes). -If you do not configure this policy setting, it is not applied to any DCs, and DCs use their local configuration. +If you don't configure this policy setting, it isn't applied to any DCs, and DCs use their local configuration. @@ -1002,7 +1002,7 @@ If not configured, domain controllers will default to using their local configur The default local configuration is enabled. -A reboot is not required for changes to this setting to take effect. +A reboot isn't required for changes to this setting to take effect. More information is available at @@ -1059,11 +1059,11 @@ More information is available at -This policy setting specifies the value for the Time-To-Live (TTL) field in SRV resource records that are registered by the Net Logon service. These DNS records are dynamically registered, and they are used to locate the domain controller (DC). +This policy setting specifies the value for the Time-To-Live (TTL) field in SRV resource records that are registered by the Net Logon service. These DNS records are dynamically registered, and they're used to locate the domain controller (DC). To specify the TTL for DC Locator DNS records, click Enabled, and then enter a value in seconds (for example, the value "900" is 15 minutes). -If you do not configure this policy setting, it is not applied to any DCs, and DCs use their local configuration. +If you don't configure this policy setting, it isn't applied to any DCs, and DCs use their local configuration. @@ -1121,7 +1121,7 @@ This policy setting specifies the additional time for the computer to wait for t To specify the expected dial-up delay at logon, click Enabled, and then enter the desired value in seconds (for example, the value "60" is 1 minute). -If you do not configure this policy setting, it is not applied to any computers, and computers use their local configuration. +If you don't configure this policy setting, it isn't applied to any computers, and computers use their local configuration. @@ -1183,7 +1183,7 @@ The Domain Controller Locator (DC Locator) service is used by clients to find do - If you disable this policy setting, Force Rediscovery will be used by default for the machine at every 12 hour interval. -- If you do not configure this policy setting, Force Rediscovery will be used by default for the machine at every 12 hour interval, unless the local machine setting in the registry is a different value. +- If you don't configure this policy setting, Force Rediscovery will be used by default for the machine at every 12 hour interval, unless the local machine setting in the registry is a different value. @@ -1239,11 +1239,11 @@ The Domain Controller Locator (DC Locator) service is used by clients to find do This policy setting specifies the sites for which the global catalogs (GC) should register site-specific GC locator DNS SRV resource records. These records are registered in addition to the site-specific SRV records registered for the site where the GC resides, and records registered by a GC configured to register GC Locator DNS SRV records for those sites without a GC that are closest to it. -The GC Locator DNS records and the site-specific SRV records are dynamically registered by the Net Logon service, and they are used to locate the GC. An Active Directory site is one or more well-connected TCP/IP subnets that allow administrators to configure Active Directory access and replication. A GC is a domain controller that contains a partial replica of every domain in Active Directory. +The GC Locator DNS records and the site-specific SRV records are dynamically registered by the Net Logon service, and they're used to locate the GC. An Active Directory site is one or more well-connected TCP/IP subnets that allow administrators to configure Active Directory access and replication. A GC is a domain controller that contains a partial replica of every domain in Active Directory. To specify the sites covered by the GC Locator DNS SRV records, click Enabled, and enter the sites' names in a space-delimited format. -If you do not configure this policy setting, it is not applied to any GCs, and GCs use their local configuration. +If you don't configure this policy setting, it isn't applied to any GCs, and GCs use their local configuration. @@ -1300,13 +1300,13 @@ If you do not configure this policy setting, it is not applied to any GCs, and G This policy setting allows you to control the processing of incoming mailslot messages by a local domain controller (DC). > [!NOTE] -> To locate a remote DC based on its NetBIOS (single-label) domain name, DC Locator first gets the list of DCs from a WINS server that is configured in its local client settings. DC Locator then sends a mailslot message to each remote DC to get more information. DC location succeeds only if a remote DC responds to the mailslot message. +> To locate a remote DC based on its NetBIOS (single-label) domain name, DC Locator first gets the list of DCs from a WINS server that's configured in its local client settings. DC Locator then sends a mailslot message to each remote DC to get more information. DC location succeeds only if a remote DC responds to the mailslot message. -This policy setting is recommended to reduce the attack surface on a DC, and can be used in an environment without WINS, in an IPv6-only environment, and whenever DC location based on a NetBIOS domain name is not required. This policy setting does not affect DC location based on DNS names. +This policy setting is recommended to reduce the attack surface on a DC, and can be used in an environment without WINS, in an IPv6-only environment, and whenever DC location based on a NetBIOS domain name isn't required. This policy setting doesn't affect DC location based on DNS names. -- If you enable this policy setting, this DC does not process incoming mailslot messages that are used for NetBIOS domain name based DC location. +- If you enable this policy setting, this DC doesn't process incoming mailslot messages that are used for NetBIOS domain name based DC location. -- If you disable or do not configure this policy setting, this DC processes incoming mailslot messages. This is the default behavior of DC Locator. +- If you disable or don't configure this policy setting, this DC processes incoming mailslot messages. This is the default behavior of DC Locator. @@ -1367,7 +1367,7 @@ The Priority field in the SRV record sets the preference for target hosts (speci To specify the Priority in the DC Locator DNS SRV resource records, click Enabled, and then enter a value. The range of values is from 0 to 65535. -If you do not configure this policy setting, it is not applied to any DCs, and DCs use their local configuration. +If you don't configure this policy setting, it isn't applied to any DCs, and DCs use their local configuration. @@ -1421,13 +1421,13 @@ If you do not configure this policy setting, it is not applied to any DCs, and D -This policy setting specifies the Weight field in the SRV resource records registered by the domain controllers (DC) to which this setting is applied. These DNS records are dynamically registered by the Net Logon service, and they are used to locate the DC. +This policy setting specifies the Weight field in the SRV resource records registered by the domain controllers (DC) to which this setting is applied. These DNS records are dynamically registered by the Net Logon service, and they're used to locate the DC. The Weight field in the SRV record can be used in addition to the Priority value to provide a load-balancing mechanism where multiple servers are specified in the SRV records Target field and are all set to the same priority. The probability with which the DNS client randomly selects the target host to be contacted is proportional to the Weight field value in the SRV record. To specify the Weight in the DC Locator DNS SRV records, click Enabled, and then enter a value. The range of values is from 0 to 65535. -If you do not configure this policy setting, it is not applied to any DCs, and DCs use their local configuration. +If you don't configure this policy setting, it isn't applied to any DCs, and DCs use their local configuration. @@ -1487,7 +1487,7 @@ By default, the maximum size of the log file is 20MB. - If you enable this policy setting, the maximum size of the log file is set to the specified size. Once this size is reached the log file is saved to netlogon.bak and netlogon.log is truncated. A reasonable value based on available storage should be specified. -- If you disable or do not configure this policy setting, the default behavior occurs as indicated above. +- If you disable or don't configure this policy setting, the default behavior occurs as indicated above. @@ -1543,11 +1543,11 @@ By default, the maximum size of the log file is 20MB. This policy setting specifies the sites for which the domain controllers (DC) that host the application directory partition should register the site-specific, application directory partition-specific DC Locator DNS SRV resource records. These records are registered in addition to the site-specific SRV records registered for the site where the DC resides, and records registered by a DC configured to register DC Locator DNS SRV records for those sites without a DC that are closest to it. -The application directory partition DC Locator DNS records and the site-specific SRV records are dynamically registered by the Net Logon service, and they are used to locate the application directory partition-specific DC. An Active Directory site is one or more well-connected TCP/IP subnets that allow administrators to configure Active Directory access and replication. +The application directory partition DC Locator DNS records and the site-specific SRV records are dynamically registered by the Net Logon service, and they're used to locate the application directory partition-specific DC. An Active Directory site is one or more well-connected TCP/IP subnets that allow administrators to configure Active Directory access and replication. To specify the sites covered by the DC Locator application directory partition-specific DNS SRV records, click Enabled, and then enter the site names in a space-delimited format. -If you do not configure this policy setting, it is not applied to any DCs, and DCs use their local configuration. +If you don't configure this policy setting, it isn't applied to any DCs, and DCs use their local configuration. @@ -1601,12 +1601,12 @@ If you do not configure this policy setting, it is not applied to any DCs, and D -This policy setting specifies the amount of time (in seconds) the DC locator remembers that a domain controller (DC) could not be found in a domain. When a subsequent attempt to locate the DC occurs within the time set in this setting, DC Discovery immediately fails, without attempting to find the DC. +This policy setting specifies the amount of time (in seconds) the DC locator remembers that a domain controller (DC) couldn't be found in a domain. When a subsequent attempt to locate the DC occurs within the time set in this setting, DC Discovery immediately fails, without attempting to find the DC. The default value for this setting is 45 seconds. The maximum value for this setting is 7 days (7*24*60*60). The minimum value for this setting is 0. > [!WARNING] -> If the value for this setting is too large, a client will not attempt to find any DCs that were initially unavailable. If the value for this setting is too small, clients will attempt to find DCs even when none are available. +> If the value for this setting is too large, a client won't attempt to find any DCs that were initially unavailable. If the value for this setting is too small, clients will attempt to find DCs even when none are available. @@ -1664,7 +1664,7 @@ This policy setting controls whether or not the Netlogon share created by the Ne - If you enable this policy setting, the Netlogon share will honor file sharing semantics that grant requests for exclusive read access to files on the share even when the caller has only read permission. -- If you disable or do not configure this policy setting, the Netlogon share will grant shared read access to files on the share when exclusive access is requested and the caller has only read permission. +- If you disable or don't configure this policy setting, the Netlogon share will grant shared read access to files on the share when exclusive access is requested and the caller has only read permission. By default, the Netlogon share will grant shared read access to files on the share when exclusive access is requested. @@ -1726,9 +1726,9 @@ By default, the Netlogon share will grant shared read access to files on the sha -This policy setting determines when a successful DC cache entry is refreshed. This policy setting is applied to caller programs that do not periodically attempt to locate DCs, and it is applied before the returning the DC information to the caller program. This policy setting is relevant to only those callers of DsGetDcName that have not specified the DS_BACKGROUND_ONLY flag. +This policy setting determines when a successful DC cache entry is refreshed. This policy setting is applied to caller programs that don't periodically attempt to locate DCs, and it's applied before the returning the DC information to the caller program. This policy setting is relevant to only those callers of DsGetDcName that haven't specified the DS_BACKGROUND_ONLY flag. -The default value for this setting is 30 minutes (1800). The maximum value for this setting is (4294967200), while the maximum that is not treated as infinity is 49 days (49*24*60*60=4233600). Any larger value will be treated as infinity. The minimum value for this setting is to always refresh (0). +The default value for this setting is 30 minutes (1800). The maximum value for this setting is (4294967200), while the maximum that isn't treated as infinity is 49 days (49*24*60*60=4233600). Any larger value will be treated as infinity. The minimum value for this setting is to always refresh (0). @@ -1793,7 +1793,7 @@ The allowable values for this setting result in the following behaviors: To specify this behavior, click Enabled and then enter a value. The range of values is from 1 to 2. -If you do not configure this policy setting, it is not applied to any computers, and computers use their local configuration. +If you don't configure this policy setting, it isn't applied to any computers, and computers use their local configuration. @@ -1851,7 +1851,7 @@ This policy setting determines the interval at which Netlogon performs the follo - Checks if a password on a secure channel needs to be modified, and modifies it if necessary. -- On the domain controllers (DC), discovers a DC that has not been discovered. +- On the domain controllers (DC), discovers a DC that hasn't been discovered. - On the PDC, attempts to add the ``[1B] NetBIOS name if it hasn't already been successfully added. @@ -1913,11 +1913,11 @@ To enable the setting, click Enabled, and then specify the interval in seconds. This policy setting specifies the sites for which the domain controllers (DC) register the site-specific DC Locator DNS SRV resource records. These records are registered in addition to the site-specific SRV records registered for the site where the DC resides, and records registered by a DC configured to register DC Locator DNS SRV records for those sites without a DC that are closest to it. -The DC Locator DNS records are dynamically registered by the Net Logon service, and they are used to locate the DC. An Active Directory site is one or more well-connected TCP/IP subnets that allow administrators to configure Active Directory access and replication. +The DC Locator DNS records are dynamically registered by the Net Logon service, and they're used to locate the DC. An Active Directory site is one or more well-connected TCP/IP subnets that allow administrators to configure Active Directory access and replication. To specify the sites covered by the DC Locator DNS SRV records, click Enabled, and then enter the sites names in a space-delimited format. -If you do not configure this policy setting, it is not applied to any DCs, and DCs use their local configuration. +If you don't configure this policy setting, it isn't applied to any DCs, and DCs use their local configuration. @@ -1975,9 +1975,9 @@ This policy setting specifies the Active Directory site to which computers belon An Active Directory site is one or more well-connected TCP/IP subnets that allow administrators to configure Active Directory access and replication. -To specify the site name for this setting, click Enabled, and then enter the site name. When the site to which a computer belongs is not specified, the computer automatically discovers its site from Active Directory. +To specify the site name for this setting, click Enabled, and then enter the site name. When the site to which a computer belongs isn't specified, the computer automatically discovers its site from Active Directory. -If you do not configure this policy setting, it is not applied to any computers, and computers use their local configuration. +If you don't configure this policy setting, it isn't applied to any computers, and computers use their local configuration. @@ -2097,15 +2097,15 @@ If you enable this policy setting, domain administrators should ensure that the -This policy setting enables DC Locator to attempt to locate a DC in the nearest site based on the site link cost if a DC in same the site is not found. In scenarios with multiple sites, failing over to the try next closest site during DC Location streamlines network traffic more effectively. +This policy setting enables DC Locator to attempt to locate a DC in the nearest site based on the site link cost if a DC in same the site isn't found. In scenarios with multiple sites, failing over to the try next closest site during DC Location streamlines network traffic more effectively. The DC Locator service is used by clients to find domain controllers for their Active Directory domain. The default behavior for DC Locator is to find a DC in the same site. If none are found in the same site, a DC in another site, which might be several site-hops away, could be returned by DC Locator. Site proximity between two sites is determined by the total site-link cost between them. A site is closer if it has a lower site link cost than another site with a higher site link cost. - If you enable this policy setting, Try Next Closest Site DC Location will be turned on for the computer. -- If you disable this policy setting, Try Next Closest Site DC Location will not be used by default for the computer. However, if a DC Locator call is made using the DS_TRY_NEXTCLOSEST_SITE flag explicitly, the Try Next Closest Site behavior is honored. +- If you disable this policy setting, Try Next Closest Site DC Location won't be used by default for the computer. However, if a DC Locator call is made using the DS_TRY_NEXTCLOSEST_SITE flag explicitly, the Try Next Closest Site behavior is honored. -- If you do not configure this policy setting, Try Next Closest Site DC Location will not be used by default for the machine. If the DS_TRY_NEXTCLOSEST_SITE flag is used explicitly, the Next Closest Site behavior will be used. +- If you don't configure this policy setting, Try Next Closest Site DC Location won't be used by default for the machine. If the DS_TRY_NEXTCLOSEST_SITE flag is used explicitly, the Next Closest Site behavior will be used. @@ -2164,9 +2164,9 @@ This policy setting determines if dynamic registration of the domain controller - If you enable this policy setting, DCs to which this setting is applied dynamically register DC Locator DNS resource records through dynamic DNS update-enabled network connections. -- If you disable this policy setting, DCs will not register DC Locator DNS resource records. +- If you disable this policy setting, DCs won't register DC Locator DNS resource records. -- If you do not configure this policy setting, it is not applied to any DCs, and DCs use their local configuration. +- If you don't configure this policy setting, it isn't applied to any DCs, and DCs use their local configuration. diff --git a/windows/client-management/mdm/policy-csp-admx-networkconnections.md b/windows/client-management/mdm/policy-csp-admx-networkconnections.md index fe84c32ea0..74731224b1 100644 --- a/windows/client-management/mdm/policy-csp-admx-networkconnections.md +++ b/windows/client-management/mdm/policy-csp-admx-networkconnections.md @@ -41,12 +41,12 @@ ms.topic: reference Determines whether administrators can add and remove network components for a LAN or remote access connection. This setting has no effect on nonadministrators. -- If you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting), the Install and Uninstall buttons for components of connections are disabled, and administrators are not permitted to access network components in the Windows Components Wizard. +- If you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting), the Install and Uninstall buttons for components of connections are disabled, and administrators aren't permitted to access network components in the Windows Components Wizard. > [!IMPORTANT] -> If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 computers. +> If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting won't apply to administrators on post-Windows 2000 computers. -- If you disable this setting or do not configure it, the Install and Uninstall buttons for components of connections in the Network Connections folder are enabled. Also, administrators can gain access to network components in the Windows Components Wizard. +- If you disable this setting or don't configure it, the Install and Uninstall buttons for components of connections in the Network Connections folder are enabled. Also, administrators can gain access to network components in the Windows Components Wizard. The Install button opens the dialog boxes used to add network components. Clicking the Uninstall button removes the selected component in the components list (above the button). @@ -118,9 +118,9 @@ The Advanced Settings item lets users view and change bindings and view and chan - If you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting), the Advanced Settings item is disabled for administrators. > [!IMPORTANT] -> If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 computers. +> If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting won't apply to administrators on post-Windows 2000 computers. -- If you disable this setting or do not configure it, the Advanced Settings item is enabled for administrators. +- If you disable this setting or don't configure it, the Advanced Settings item is enabled for administrators. > [!NOTE] > Nonadministrators are already prohibited from accessing the Advanced Settings dialog box, regardless of this setting. @@ -180,24 +180,24 @@ The Advanced Settings item lets users view and change bindings and view and chan Determines whether users can configure advanced TCP/IP settings. -- If you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting), the Advanced button on the Internet Protocol (TCP/IP) Properties dialog box is disabled for all users (including administrators). As a result, users cannot open the Advanced TCP/IP Settings Properties page and modify IP settings, such as DNS and WINS server information. +- If you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting), the Advanced button on the Internet Protocol (TCP/IP) Properties dialog box is disabled for all users (including administrators). As a result, users can't open the Advanced TCP/IP Settings Properties page and modify IP settings, such as DNS and WINS server information. > [!IMPORTANT] -> If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 computers. +> If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting won't apply to administrators on post-Windows 2000 computers. - If you disable this setting, the Advanced button is enabled, and all users can open the Advanced TCP/IP Setting dialog box. > [!NOTE] -> This setting is superseded by settings that prohibit access to properties of connections or connection components. When these policies are set to deny access to the connection properties dialog box or Properties button for connection components, users cannot gain access to the Advanced button for TCP/IP configuration. +> This setting is superseded by settings that prohibit access to properties of connections or connection components. When these policies are set to deny access to the connection properties dialog box or Properties button for connection components, users can't gain access to the Advanced button for TCP/IP configuration. > [!NOTE] -> Nonadministrators (excluding Network Configuration Operators) do not have permission to access TCP/IP advanced configuration for a LAN connection, regardless of this setting. +> Nonadministrators (excluding Network Configuration Operators) don't have permission to access TCP/IP advanced configuration for a LAN connection, regardless of this setting. > [!TIP] > To open the Advanced TCP/IP Setting dialog box, in the Network Connections folder, right-click a connection icon, and click Properties. For remote access connections, click the Networking tab. In the "Components checked are used by this connection" box, click Internet Protocol (TCP/IP), click the Properties button, and then click the Advanced button. > [!NOTE] -> Changing this setting from Enabled to Not Configured does not enable the Advanced button until the user logs off. +> Changing this setting from Enabled to Not Configured doesn't enable the Advanced button until the user logs off. @@ -254,12 +254,12 @@ Determines whether users can configure advanced TCP/IP settings. Determines whether administrators can enable and disable the components used by LAN connections. -- If you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting), the check boxes for enabling and disabling components are disabled. As a result, administrators cannot enable or disable the components that a connection uses. +- If you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting), the check boxes for enabling and disabling components are disabled. As a result, administrators can't enable or disable the components that a connection uses. > [!IMPORTANT] -> If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 computers. +> If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting won't apply to administrators on post-Windows 2000 computers. -- If you disable this setting or do not configure it, the Properties dialog box for a connection includes a check box beside the name of each component that the connection uses. Selecting the check box enables the component, and clearing the check box disables the component. +- If you disable this setting or don't configure it, the Properties dialog box for a connection includes a check box beside the name of each component that the connection uses. Selecting the check box enables the component, and clearing the check box disables the component. > [!NOTE] > When the "Prohibit access to properties of a LAN connection" setting is enabled, users are blocked from accessing the check boxes for enabling and disabling the components of a LAN connection. @@ -326,21 +326,21 @@ To create an all-user remote access connection, on the Connection Availability p - If you enable this setting, all users can delete shared remote access connections. In addition, if your file system is NTFS, users need to have Write access to Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Pbk to delete a shared remote access connection. -- If you disable this setting (and enable the "Enable Network Connections settings for Administrators" setting), users (including administrators) cannot delete all-user remote access connections. (By default, users can still delete their private connections, but you can change the default by using the "Prohibit deletion of remote access connections" setting.) +- If you disable this setting (and enable the "Enable Network Connections settings for Administrators" setting), users (including administrators) can't delete all-user remote access connections. (By default, users can still delete their private connections, but you can change the default by using the "Prohibit deletion of remote access connections" setting.) > [!IMPORTANT] -> If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 computers. +> If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting won't apply to administrators on post-Windows 2000 computers. -- If you do not configure this setting, only Administrators and Network Configuration Operators can delete all user remote access connections. +- If you don't configure this setting, only Administrators and Network Configuration Operators can delete all user remote access connections. > [!IMPORTANT] -> When enabled, the "Prohibit deletion of remote access connections" setting takes precedence over this setting. Users (including administrators) cannot delete any remote access connections, and this setting is ignored. +> When enabled, the "Prohibit deletion of remote access connections" setting takes precedence over this setting. Users (including administrators) can't delete any remote access connections, and this setting is ignored. > [!NOTE] -> LAN connections are created and deleted automatically by the system when a LAN adapter is installed or removed. You cannot use the Network Connections folder to create or delete a LAN connection. +> LAN connections are created and deleted automatically by the system when a LAN adapter is installed or removed. You can't use the Network Connections folder to create or delete a LAN connection. > [!NOTE] -> This setting does not prevent users from using other programs, such as Internet Explorer, to bypass this setting. +> This setting doesn't prevent users from using other programs, such as Internet Explorer, to bypass this setting. @@ -397,21 +397,21 @@ To create an all-user remote access connection, on the Connection Availability p Determines whether users can delete remote access connections. -- If you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting), users (including administrators) cannot delete any remote access connections. This setting also disables the Delete option on the context menu for a remote access connection and on the File menu in the Network Connections folder. +- If you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting), users (including administrators) can't delete any remote access connections. This setting also disables the Delete option on the context menu for a remote access connection and on the File menu in the Network Connections folder. > [!IMPORTANT] -> If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 computers. +> If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting won't apply to administrators on post-Windows 2000 computers. -- If you disable this setting or do not configure it, all users can delete their private remote access connections. Private connections are those that are available only to one user. (By default, only Administrators and Network Configuration Operators can delete connections available to all users, but you can change the default by using the "Ability to delete all user remote access connections" setting.) +- If you disable this setting or don't configure it, all users can delete their private remote access connections. Private connections are those that are available only to one user. (By default, only Administrators and Network Configuration Operators can delete connections available to all users, but you can change the default by using the "Ability to delete all user remote access connections" setting.) > [!IMPORTANT] -> When enabled, this setting takes precedence over the "Ability to delete all user remote access connections" setting. Users cannot delete any remote access connections, and the "Ability to delete all user remote access connections" setting is ignored. +> When enabled, this setting takes precedence over the "Ability to delete all user remote access connections" setting. Users can't delete any remote access connections, and the "Ability to delete all user remote access connections" setting is ignored. > [!NOTE] -> LAN connections are created and deleted automatically when a LAN adapter is installed or removed. You cannot use the Network Connections folder to create or delete a LAN connection. +> LAN connections are created and deleted automatically when a LAN adapter is installed or removed. You can't use the Network Connections folder to create or delete a LAN connection. > [!NOTE] -> This setting does not prevent users from using other programs, such as Internet Explorer, to bypass this setting. +> This setting doesn't prevent users from using other programs, such as Internet Explorer, to bypass this setting. @@ -473,9 +473,9 @@ The Remote Access Preferences item lets users create and change connections befo - If you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting), the Remote Access Preferences item is disabled for all users (including administrators). > [!IMPORTANT] -> If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 computers. +> If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting won't apply to administrators on post-Windows 2000 computers. -- If you disable this setting or do not configure it, the Remote Access Preferences item is enabled for all users. +- If you disable this setting or don't configure it, the Remote Access Preferences item is enabled for all users. @@ -534,7 +534,7 @@ Specifies whether or not the "local access only" network icon will be shown. When enabled, the icon for Internet access will be shown in the system tray even when a user is connected to a network with local access only. -If you disable this setting or do not configure it, the "local access only" icon will be used when a user is connected to a network with local access only. +If you disable this setting or don't configure it, the "local access only" icon will be used when a user is connected to a network with local access only. @@ -593,11 +593,11 @@ Determines whether settings that existed in Windows 2000 Server family will appl The set of Network Connections group settings that existed in Windows 2000 Professional also exists in Windows XP Professional. In Windows 2000 Professional, all of these settings had the ability to prohibit the use of certain features from Administrators. -By default, Network Connections group settings in Windows XP Professional do not have the ability to prohibit the use of features from Administrators. +By default, Network Connections group settings in Windows XP Professional don't have the ability to prohibit the use of features from Administrators. - If you enable this setting, the Windows XP settings that existed in Windows 2000 Professional will have the ability to prohibit Administrators from using certain features. These settings are "Ability to rename LAN connections or remote access connections available to all users", "Prohibit access to properties of components of a LAN connection", "Prohibit access to properties of components of a remote access connection", "Ability to access TCP/IP advanced configuration", "Prohibit access to the Advanced Settings Item on the Advanced Menu", "Prohibit adding and removing components for a LAN or remote access connection", "Prohibit access to properties of a LAN connection", "Prohibit Enabling/Disabling components of a LAN connection", "Ability to change properties of an all user remote access connection", "Prohibit changing properties of a private remote access connection", "Prohibit deletion of remote access connections", "Ability to delete all user remote access connections", "Prohibit connecting and disconnecting a remote access connection", "Ability to Enable/Disable a LAN connection", "Prohibit access to the New Connection Wizard", "Prohibit renaming private remote access connections", "Prohibit access to the Remote Access Preferences item on the Advanced menu", "Prohibit viewing of status for an active connection". When this setting is enabled, settings that exist in both Windows 2000 Professional and Windows XP Professional behave the same for administrators. -- If you disable this setting or do not configure it, Windows XP settings that existed in Windows 2000 will not apply to administrators. +- If you disable this setting or don't configure it, Windows XP settings that existed in Windows 2000 won't apply to administrators. > [!NOTE] > This setting is intended to be used in a situation in which the Group Policy object that these settings are being applied to contains both Windows 2000 Professional and Windows XP Professional computers, and identical Network Connections policy behavior is required between all Windows 2000 Professional and Windows XP Professional computers. @@ -661,9 +661,9 @@ When a remote client computer connects to an internal network using DirectAccess - If you enable this policy setting, all traffic between a remote client computer running DirectAccess and the Internet is routed through the internal network. -- If you disable this policy setting, traffic between remote client computers running DirectAccess and the Internet is not routed through the internal network. +- If you disable this policy setting, traffic between remote client computers running DirectAccess and the Internet isn't routed through the internal network. -- If you do not configure this policy setting, traffic between remote client computers running DirectAccess and the Internet is not routed through the internal network. +- If you don't configure this policy setting, traffic between remote client computers running DirectAccess and the Internet isn't routed through the internal network. @@ -717,11 +717,11 @@ When a remote client computer connects to an internal network using DirectAccess -This policy setting allows you to manage whether notifications are shown to the user when a DHCP-configured connection is unable to retrieve an IP address from a DHCP server. This is often signified by the assignment of an automatic private IP address"(i.e. an IP address in the range 169.254.*.*). This indicates that a DHCP server could not be reached or the DHCP server was reached but unable to respond to the request with a valid IP address. By default, a notification is displayed providing the user with information on how the problem can be resolved. +This policy setting allows you to manage whether notifications are shown to the user when a DHCP-configured connection is unable to retrieve an IP address from a DHCP server. This is often signified by the assignment of an automatic private IP address"(i.e. an IP address in the range 169.254.*.*). This indicates that a DHCP server couldn't be reached or the DHCP server was reached but unable to respond to the request with a valid IP address. By default, a notification is displayed providing the user with information on how the problem can be resolved. -- If you enable this policy setting, this condition will not be reported as an error to the user. +- If you enable this policy setting, this condition won't be reported as an error to the user. -- If you disable or do not configure this policy setting, a DHCP-configured connection that has not been assigned an IP address will be reported via a notification, providing the user with information as to how the problem can be resolved. +- If you disable or don't configure this policy setting, a DHCP-configured connection that hasn't been assigned an IP address will be reported via a notification, providing the user with information as to how the problem can be resolved. @@ -783,14 +783,14 @@ This setting determines whether the Properties button for components of a LAN co - If you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting), the Properties button is disabled for Administrators. Network Configuration Operators are prohibited from accessing connection components, regardless of the "Enable Network Connections settings for Administrators" setting. > [!IMPORTANT] -> If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting does not apply to administrators on post-Windows 2000 computers. +> If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting doesn't apply to administrators on post-Windows 2000 computers. -- If you disable this setting or do not configure it, the Properties button is enabled for administrators and Network Configuration Operators. +- If you disable this setting or don't configure it, the Properties button is enabled for administrators and Network Configuration Operators. The Local Area Connection Properties dialog box includes a list of the network components that the connection uses. To view or change the properties of a component, click the name of the component, and then click the Properties button beneath the component list. > [!NOTE] -> Not all network components have configurable properties. For components that are not configurable, the Properties button is always disabled. +> Not all network components have configurable properties. For components that aren't configurable, the Properties button is always disabled. > [!NOTE] > When the "Prohibit access to properties of a LAN connection" setting is enabled, users are blocked from accessing the Properties button for LAN connection components. @@ -861,9 +861,9 @@ Determines whether users can enable/disable LAN connections. - If you disable this setting (and enable the "Enable Network Connections settings for Administrators" setting), double-clicking the icon has no effect, and the Enable and Disable menu items are disabled for all users (including administrators). > [!IMPORTANT] -> If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 computers. +> If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting won't apply to administrators on post-Windows 2000 computers. -- If you do not configure this setting, only Administrators and Network Configuration Operators can enable/disable LAN connections. +- If you don't configure this setting, only Administrators and Network Configuration Operators can enable/disable LAN connections. > [!NOTE] > Administrators can still enable/disable LAN connections from Device Manager when this setting is disabled. @@ -925,12 +925,12 @@ Determines whether users can change the properties of a LAN connection. This setting determines whether the Properties menu item is enabled, and thus, whether the Local Area Connection Properties dialog box is available to users. -- If you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting), the Properties menu items are disabled for all users, and users cannot open the Local Area Connection Properties dialog box. +- If you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting), the Properties menu items are disabled for all users, and users can't open the Local Area Connection Properties dialog box. > [!IMPORTANT] -> If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 computers. +> If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting won't apply to administrators on post-Windows 2000 computers. -- If you disable this setting or do not configure it, a Properties menu item appears when users right-click the icon representing a LAN connection. Also, when users select the connection, Properties is enabled on the File menu. +- If you disable this setting or don't configure it, a Properties menu item appears when users right-click the icon representing a LAN connection. Also, when users select the connection, Properties is enabled on the File menu. > [!NOTE] > This setting takes precedence over settings that manipulate the availability of features inside the Local Area Connection Properties dialog box. @@ -995,18 +995,18 @@ This setting determines whether the Properties menu item is enabled, and thus, w Determines whether users can use the New Connection Wizard, which creates new network connections. -- If you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting), the Make New Connection icon does not appear in the Start Menu on in the Network Connections folder. As a result, users (including administrators) cannot start the New Connection Wizard. +- If you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting), the Make New Connection icon doesn't appear in the Start Menu on in the Network Connections folder. As a result, users (including administrators) can't start the New Connection Wizard. > [!IMPORTANT] -> If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 computers. +> If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting won't apply to administrators on post-Windows 2000 computers. -- If you disable this setting or do not configure it, the Make New Connection icon appears in the Start menu and in the Network Connections folder for all users. Clicking the Make New Connection icon starts the New Connection Wizard. +- If you disable this setting or don't configure it, the Make New Connection icon appears in the Start menu and in the Network Connections folder for all users. Clicking the Make New Connection icon starts the New Connection Wizard. > [!NOTE] -> Changing this setting from Enabled to Not Configured does not restore the Make New Connection icon until the user logs off or on. When other changes to this setting are applied, the icon does not appear or disappear in the Network Connections folder until the folder is refreshed. +> Changing this setting from Enabled to Not Configured doesn't restore the Make New Connection icon until the user logs off or on. When other changes to this setting are applied, the icon doesn't appear or disappear in the Network Connections folder until the folder is refreshed. > [!NOTE] -> This setting does not prevent users from using other programs, such as Internet Explorer, to bypass this setting. +> This setting doesn't prevent users from using other programs, such as Internet Explorer, to bypass this setting. @@ -1066,16 +1066,16 @@ Prohibits use of Internet Connection Firewall on your DNS domain network. Determines whether users can enable the Internet Connection Firewall feature on a connection, and if the Internet Connection Firewall service can run on a computer. > [!IMPORTANT] -> This setting is location aware. It only applies when a computer is connected to the same DNS domain network it was connected to when the setting was refreshed on that computer. If a computer is connected to a DNS domain network other than the one it was connected to when the setting was refreshed, this setting does not apply. +> This setting is location aware. It only applies when a computer is connected to the same DNS domain network it was connected to when the setting was refreshed on that computer. If a computer is connected to a DNS domain network other than the one it was connected to when the setting was refreshed, this setting doesn't apply. The Internet Connection Firewall is a stateful packet filter for home and small office users to protect them from Internet network security threats. -- If you enable this setting, Internet Connection Firewall cannot be enabled or configured by users (including administrators), and the Internet Connection Firewall service cannot run on the computer. The option to enable the Internet Connection Firewall through the Advanced tab is removed. In addition, the Internet Connection Firewall is not enabled for remote access connections created through the Make New Connection Wizard. The Network Setup Wizard is disabled. +- If you enable this setting, Internet Connection Firewall can't be enabled or configured by users (including administrators), and the Internet Connection Firewall service can't run on the computer. The option to enable the Internet Connection Firewall through the Advanced tab is removed. In addition, the Internet Connection Firewall isn't enabled for remote access connections created through the Make New Connection Wizard. The Network Setup Wizard is disabled. > [!NOTE] > If you enable the "Windows Firewall: Protect all network connections" policy setting, the "Prohibit use of Internet Connection Firewall on your DNS domain network" policy setting has no effect on computers that are running Windows Firewall, which replaces Internet Connection Firewall when you install Windows XP Service Pack 2. -- If you disable this setting or do not configure it, the Internet Connection Firewall is disabled when a LAN Connection or VPN connection is created, but users can use the Advanced tab in the connection properties to enable it. The Internet Connection Firewall is enabled by default on the connection for which Internet Connection Sharing is enabled. In addition, remote access connections created through the Make New Connection Wizard have the Internet Connection Firewall enabled. +- If you disable this setting or don't configure it, the Internet Connection Firewall is disabled when a LAN Connection or VPN connection is created, but users can use the Advanced tab in the connection properties to enable it. The Internet Connection Firewall is enabled by default on the connection for which Internet Connection Sharing is enabled. In addition, remote access connections created through the Make New Connection Wizard have the Internet Connection Firewall enabled. @@ -1138,19 +1138,19 @@ This setting determines whether the Properties menu item is enabled, and thus, w - If you enable this setting, a Properties menu item appears when any user right-clicks the icon for a remote access connection. Also, when any user selects the connection, Properties appears on the File menu. -- If you disable this setting (and enable the "Enable Network Connections settings for Administrators" setting), the Properties menu items are disabled, and users (including administrators) cannot open the remote access connection properties dialog box. +- If you disable this setting (and enable the "Enable Network Connections settings for Administrators" setting), the Properties menu items are disabled, and users (including administrators) can't open the remote access connection properties dialog box. > [!IMPORTANT] -> If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 computers. +> If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting won't apply to administrators on post-Windows 2000 computers. -- If you do not configure this setting, only Administrators and Network Configuration Operators can change properties of all-user remote access connections. +- If you don't configure this setting, only Administrators and Network Configuration Operators can change properties of all-user remote access connections. > [!NOTE] > This setting takes precedence over settings that manipulate the availability of features inside the Remote Access Connection Properties dialog box. - If this setting is disabled, nothing within the properties dialog box for a remote access connection will be available to users. > [!NOTE] -> This setting does not prevent users from using other programs, such as Internet Explorer, to bypass this setting. +> This setting doesn't prevent users from using other programs, such as Internet Explorer, to bypass this setting. @@ -1212,20 +1212,20 @@ This setting determines whether the Properties button for components used by a p - If you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting), the Properties button is disabled for all users (including administrators). > [!IMPORTANT] -> If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting does not apply to administrators on post-Windows 2000 computers. +> If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting doesn't apply to administrators on post-Windows 2000 computers. -- If you disable this setting or do not configure it, the Properties button is enabled for all users. +- If you disable this setting or don't configure it, the Properties button is enabled for all users. The Networking tab of the Remote Access Connection Properties dialog box includes a list of the network components that the connection uses. To view or change the properties of a component, click the name of the component, and then click the Properties button beneath the component list. > [!NOTE] -> Not all network components have configurable properties. For components that are not configurable, the Properties button is always disabled. +> Not all network components have configurable properties. For components that aren't configurable, the Properties button is always disabled. > [!NOTE] > When the "Ability to change properties of an all user remote access connection" or "Prohibit changing properties of a private remote access connection" settings are set to deny access to the Remote Access Connection Properties dialog box, the Properties button for remote access connection components is blocked. > [!NOTE] -> This setting does not prevent users from using other programs, such as Internet Explorer, to bypass this setting. +> This setting doesn't prevent users from using other programs, such as Internet Explorer, to bypass this setting. @@ -1285,9 +1285,9 @@ Determines whether users can connect and disconnect remote access connections. - If you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting), double-clicking the icon has no effect, and the Connect and Disconnect menu items are disabled for all users (including administrators). > [!IMPORTANT] -> If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 computers. +> If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting won't apply to administrators on post-Windows 2000 computers. -- If you disable this setting or do not configure it, the Connect and Disconnect options for remote access connections are available to all users. Users can connect or disconnect a remote access connection by double-clicking the icon representing the connection, by right-clicking it, or by using the File menu. +- If you disable this setting or don't configure it, the Connect and Disconnect options for remote access connections are available to all users. Users can connect or disconnect a remote access connection by double-clicking the icon representing the connection, by right-clicking it, or by using the File menu. @@ -1351,9 +1351,9 @@ This setting determines whether the Properties menu item is enabled, and thus, w - If you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting), the Properties menu items are disabled, and no users (including administrators) can open the Remote Access Connection Properties dialog box for a private connection. > [!IMPORTANT] -> If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 computers. +> If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting won't apply to administrators on post-Windows 2000 computers. -- If you disable this setting or do not configure it, a Properties menu item appears when any user right-clicks the icon representing a private remote access connection. Also, when any user selects the connection, Properties appears on the File menu. +- If you disable this setting or don't configure it, a Properties menu item appears when any user right-clicks the icon representing a private remote access connection. Also, when any user selects the connection, Properties appears on the File menu. > [!NOTE] > This setting takes precedence over settings that manipulate the availability of features in the Remote Access Connection Properties dialog box. @@ -1361,7 +1361,7 @@ This setting determines whether the Properties menu item is enabled, and thus, w - If this setting is enabled, nothing within the properties dialog box for a remote access connection will be available to users. > [!NOTE] -> This setting does not prevent users from using other programs, such as Internet Explorer, to bypass this setting. +> This setting doesn't prevent users from using other programs, such as Internet Explorer, to bypass this setting. @@ -1424,16 +1424,16 @@ To create an all-user connection, on the Connection Availability page in the New - If you disable this setting, the Rename option is disabled for nonadministrators only. -- If you do not configure the setting, only Administrators and Network Configuration Operators can rename all-user remote access connections. +- If you don't configure the setting, only Administrators and Network Configuration Operators can rename all-user remote access connections. > [!NOTE] -> This setting does not apply to Administrators +> This setting doesn't apply to Administrators > [!NOTE] -> When the "Ability to rename LAN connections or remote access connections available to all users" setting is configured (set to either Enabled or Disabled), this setting does not apply. +> When the "Ability to rename LAN connections or remote access connections available to all users" setting is configured (set to either Enabled or Disabled), this setting doesn't apply. > [!NOTE] -> This setting does not prevent users from using other programs, such as Internet Explorer, to bypass this setting. +> This setting doesn't prevent users from using other programs, such as Internet Explorer, to bypass this setting. @@ -1495,15 +1495,15 @@ Determines whether users can rename LAN or all user remote access connections. - If you disable this setting (and enable the "Enable Network Connections settings for Administrators" setting), the Rename option for LAN and all user remote access connections is disabled for all users (including Administrators and Network Configuration Operators). > [!IMPORTANT] -> If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 computers. +> If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting won't apply to administrators on post-Windows 2000 computers. -If this setting is not configured, only Administrators and Network Configuration Operators have the right to rename LAN or all user remote access connections. +If this setting isn't configured, only Administrators and Network Configuration Operators have the right to rename LAN or all user remote access connections. > [!NOTE] > When configured, this setting always takes precedence over the "Ability to rename LAN connections" and "Ability to rename all user remote access connections" settings. > [!NOTE] -> This setting does not prevent users from using other programs, such as Internet Explorer, to rename remote access connections. +> This setting doesn't prevent users from using other programs, such as Internet Explorer, to rename remote access connections. @@ -1564,13 +1564,13 @@ Determines whether nonadministrators can rename a LAN connection. - If you disable this setting, the Rename option is disabled for nonadministrators only. -- If you do not configure this setting, only Administrators and Network Configuration Operators can rename LAN connections +- If you don't configure this setting, only Administrators and Network Configuration Operators can rename LAN connections > [!NOTE] -> This setting does not apply to Administrators. +> This setting doesn't apply to Administrators. > [!NOTE] -> When the "Ability to rename LAN connections or remote access connections available to all users" setting is configured (set to either enabled or disabled), this setting does not apply. +> When the "Ability to rename LAN connections or remote access connections available to all users" setting is configured (set to either enabled or disabled), this setting doesn't apply. @@ -1632,12 +1632,12 @@ Private connections are those that are available only to one user. To create a p - If you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting), the Rename option is disabled for all users (including administrators). > [!IMPORTANT] -> If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 computers. +> If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting won't apply to administrators on post-Windows 2000 computers. -- If you disable this setting or do not configure it, the Rename option is enabled for all users' private remote access connections. Users can rename their private connection by clicking an icon representing the connection or by using the File menu. +- If you disable this setting or don't configure it, the Rename option is enabled for all users' private remote access connections. Users can rename their private connection by clicking an icon representing the connection or by using the File menu. > [!NOTE] -> This setting does not prevent users from using other programs, such as Internet Explorer, to bypass this setting. +> This setting doesn't prevent users from using other programs, such as Internet Explorer, to bypass this setting. @@ -1696,9 +1696,9 @@ Determines whether administrators can enable and configure the Internet Connecti ICS lets administrators configure their system as an Internet gateway for a small network and provides network services, such as name resolution and addressing through DHCP, to the local private network. -- If you enable this setting, ICS cannot be enabled or configured by administrators, and the ICS service cannot run on the computer. The Advanced tab in the Properties dialog box for a LAN or remote access connection is removed. The Internet Connection Sharing page is removed from the New Connection Wizard. The Network Setup Wizard is disabled. +- If you enable this setting, ICS can't be enabled or configured by administrators, and the ICS service can't run on the computer. The Advanced tab in the Properties dialog box for a LAN or remote access connection is removed. The Internet Connection Sharing page is removed from the New Connection Wizard. The Network Setup Wizard is disabled. -- If you disable this setting or do not configure it and have two or more connections, administrators can enable ICS. The Advanced tab in the properties dialog box for a LAN or remote access connection is available. In addition, the user is presented with the option to enable Internet Connection Sharing in the Network Setup Wizard and Make New Connection Wizard. (The Network Setup Wizard is available only in Windows XP Professional.) +- If you disable this setting or don't configure it and have two or more connections, administrators can enable ICS. The Advanced tab in the properties dialog box for a LAN or remote access connection is available. In addition, the user is presented with the option to enable Internet Connection Sharing in the Network Setup Wizard and Make New Connection Wizard. (The Network Setup Wizard is available only in Windows XP Professional.) By default, ICS is disabled when you create a remote access connection, but administrators can use the Advanced tab to enable it. When running the New Connection Wizard or Network Setup Wizard, administrators can choose to enable ICS. @@ -1712,7 +1712,7 @@ By default, ICS is disabled when you create a remote access connection, but admi > Nonadministrators are already prohibited from configuring Internet Connection Sharing, regardless of this setting. > [!NOTE] -> Disabling this setting does not prevent Wireless Hosted Networking from using the ICS service for DHCP services. To prevent the ICS service from running, on the Network Permissions tab in the network's policy properties, select the "Do not use hosted networks" check box. +> Disabling this setting doesn't prevent Wireless Hosted Networking from using the ICS service for DHCP services. To prevent the ICS service from running, on the Network Permissions tab in the network's policy properties, select the "Do not use hosted networks" check box. @@ -1771,12 +1771,12 @@ Determines whether users can view the status for an active connection. Connection status is available from the connection status taskbar icon or from the Status dialog box. The Status dialog box displays information about the connection and its activity. It also provides buttons to disconnect and to configure the properties of the connection. -- If you enable this setting, the connection status taskbar icon and Status dialog box are not available to users (including administrators). The Status option is disabled in the context menu for the connection and on the File menu in the Network Connections folder. Users cannot choose to show the connection icon in the taskbar from the Connection Properties dialog box. +- If you enable this setting, the connection status taskbar icon and Status dialog box aren't available to users (including administrators). The Status option is disabled in the context menu for the connection and on the File menu in the Network Connections folder. Users can't choose to show the connection icon in the taskbar from the Connection Properties dialog box. > [!IMPORTANT] -> If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 computers. +> If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting won't apply to administrators on post-Windows 2000 computers. -- If you disable this setting or do not configure it, the connection status taskbar icon and Status dialog box are available to all users. +- If you disable this setting or don't configure it, the connection status taskbar icon and Status dialog box are available to all users. @@ -1835,7 +1835,7 @@ This policy setting determines whether to require domain users to elevate when s - If you enable this policy setting, domain users must elevate when setting a network's location. -- If you disable or do not configure this policy setting, domain users can set a network's location without elevating. +- If you disable or don't configure this policy setting, domain users can set a network's location without elevating. diff --git a/windows/client-management/mdm/policy-csp-admx-offlinefiles.md b/windows/client-management/mdm/policy-csp-admx-offlinefiles.md index e3f32a88f3..3bf4a9faf6 100644 --- a/windows/client-management/mdm/policy-csp-admx-offlinefiles.md +++ b/windows/client-management/mdm/policy-csp-admx-offlinefiles.md @@ -41,11 +41,11 @@ ms.topic: reference Makes subfolders available offline whenever their parent folder is made available offline. -This setting automatically extends the "make available offline" setting to all new and existing subfolders of a folder. Users do not have the option of excluding subfolders. +This setting automatically extends the "make available offline" setting to all new and existing subfolders of a folder. Users don't have the option of excluding subfolders. -- If you enable this setting, when you make a folder available offline, all folders within that folder are also made available offline. Also, new folders that you create within a folder that is available offline are made available offline when the parent folder is synchronized. +- If you enable this setting, when you make a folder available offline, all folders within that folder are also made available offline. Also, new folders that you create within a folder that's available offline are made available offline when the parent folder is synchronized. -- If you disable this setting or do not configure it, the system asks users whether they want subfolders to be made available offline when they make a parent folder available offline. +- If you disable this setting or don't configure it, the system asks users whether they want subfolders to be made available offline when they make a parent folder available offline. @@ -106,7 +106,7 @@ This policy setting lists network files and folders that are always available fo - If you disable this policy setting, the list of files or folders made always available offline (including those inherited from lower precedence GPOs) is deleted and no files or folders are made available for offline use by Group Policy (though users can still specify their own files and folders for offline use). -- If you do not configure this policy setting, no files or folders are made available for offline use by Group Policy. +- If you don't configure this policy setting, no files or folders are made available for offline use by Group Policy. > [!NOTE] > This setting appears in the Computer Configuration and User Configuration folders. If both policy settings are configured, the policy settings will be combined and all specified files will be available for offline use. @@ -169,7 +169,7 @@ This policy setting lists network files and folders that are always available fo - If you disable this policy setting, the list of files or folders made always available offline (including those inherited from lower precedence GPOs) is deleted and no files or folders are made available for offline use by Group Policy (though users can still specify their own files and folders for offline use). -- If you do not configure this policy setting, no files or folders are made available for offline use by Group Policy. +- If you don't configure this policy setting, no files or folders are made available for offline use by Group Policy. > [!NOTE] > This setting appears in the Computer Configuration and User Configuration folders. If both policy settings are configured, the policy settings will be combined and all specified files will be available for offline use. @@ -232,7 +232,7 @@ This policy setting controls when background synchronization occurs while operat You can also configure Background Sync for network shares that are in user selected Work Offline mode. This mode is in effect when a user selects the Work Offline button for a specific share. When selected, all configured settings will apply to shares in user selected Work Offline mode as well. -- If you disable or do not configure this policy setting, Windows performs a background sync of offline folders in the slow-link mode at a default interval with the start of the sync varying between 0 and 60 additional minutes. In Windows 7 and Windows Server 2008 R2, the default sync interval is 360 minutes. In Windows 8 and Windows Server 2012, the default sync interval is 120 minutes. +- If you disable or don't configure this policy setting, Windows performs a background sync of offline folders in the slow-link mode at a default interval with the start of the sync varying between 0 and 60 additional minutes. In Windows 7 and Windows Server 2008 R2, the default sync interval is 360 minutes. In Windows 8 and Windows Server 2012, the default sync interval is 120 minutes. @@ -295,13 +295,13 @@ This setting also disables the ability to adjust, through the Offline Files cont - If you disable this policy setting, the system limits the space that offline files occupy to 25 percent of the total space on the drive where the Offline Files cache is located. The limit for automatically cached files is 100 percent of the total disk space limit. -- If you do not configure this policy setting, the system limits the space that offline files occupy to 25 percent of the total space on the drive where the Offline Files cache is located. The limit for automatically cached files is 100 percent of the total disk space limit. However, the users can change these values using the Offline Files control applet. +- If you don't configure this policy setting, the system limits the space that offline files occupy to 25 percent of the total space on the drive where the Offline Files cache is located. The limit for automatically cached files is 100 percent of the total disk space limit. However, the users can change these values using the Offline Files control applet. -- If you enable this setting and specify a total size limit greater than the size of the drive hosting the Offline Files cache, and that drive is the system drive, the total size limit is automatically adjusted downward to 75 percent of the size of the drive. If the cache is located on a drive other than the system drive, the limit is automatically adjusted downward to 100 percent of the size of the drive. +- If you enable this setting and specify a total size limit greater than the size of the drive hosting the Offline Files cache, and that drive is the system drive, the total size limit's automatically adjusted downward to 75 percent of the size of the drive. If the cache is located on a drive other than the system drive, the limit's automatically adjusted downward to 100 percent of the size of the drive. -- If you enable this setting and specify a total size limit less than the amount of space currently used by the Offline Files cache, the total size limit is automatically adjusted upward to the amount of space currently used by offline files. The cache is then considered full. +- If you enable this setting and specify a total size limit less than the amount of space currently used by the Offline Files cache, the total size limit's automatically adjusted upward to the amount of space currently used by offline files. The cache is then considered full. -- If you enable this setting and specify an auto-cached space limit greater than the total size limit, the auto-cached limit is automatically adjusted downward to equal the total size limit. +- If you enable this setting and specify an auto-cached space limit greater than the total size limit, the auto-cached limit's automatically adjusted downward to equal the total size limit. This setting replaces the Default Cache Size setting used by pre-Windows Vista systems. @@ -357,11 +357,11 @@ This setting replaces the Default Cache Size setting used by pre-Windows Vista s -Determines how computers respond when they are disconnected from particular offline file servers. This setting overrides the default response, a user-specified response, and the response specified in the "Action on server disconnect" setting. +Determines how computers respond when they're disconnected from particular offline file servers. This setting overrides the default response, a user-specified response, and the response specified in the "Action on server disconnect" setting. -To use this setting, click Show. In the Show Contents dialog box in the Value Name column box, type the server's computer name. Then, in the Value column box, type "0" if users can work offline when they are disconnected from this server, or type "1" if they cannot. +To use this setting, click Show. In the Show Contents dialog box in the Value Name column box, type the server's computer name. Then, in the Value column box, type "0" if users can work offline when they're disconnected from this server, or type "1" if they cannot. -This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured for a particular server, the setting in Computer Configuration takes precedence over the setting in User Configuration. Both Computer and User configuration take precedence over a user's setting. This setting does not prevent users from setting custom actions through the Offline Files tab. However, users are unable to change any custom actions established via this setting. +This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured for a particular server, the setting in Computer Configuration takes precedence over the setting in User Configuration. Both Computer and User configuration take precedence over a user's setting. This setting doesn't prevent users from setting custom actions through the Offline Files tab. However, users are unable to change any custom actions established via this setting. > [!TIP] > To configure this setting without establishing a setting, in Windows Explorer, on the Tools menu, click Folder Options, click the Offline Files tab, and then click Advanced. This setting corresponds to the settings in the "Exception list" section. @@ -418,11 +418,11 @@ This setting appears in the Computer Configuration and User Configuration folder -Determines how computers respond when they are disconnected from particular offline file servers. This setting overrides the default response, a user-specified response, and the response specified in the "Action on server disconnect" setting. +Determines how computers respond when they're disconnected from particular offline file servers. This setting overrides the default response, a user-specified response, and the response specified in the "Action on server disconnect" setting. -To use this setting, click Show. In the Show Contents dialog box in the Value Name column box, type the server's computer name. Then, in the Value column box, type "0" if users can work offline when they are disconnected from this server, or type "1" if they cannot. +To use this setting, click Show. In the Show Contents dialog box in the Value Name column box, type the server's computer name. Then, in the Value column box, type "0" if users can work offline when they're disconnected from this server, or type "1" if they cannot. -This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured for a particular server, the setting in Computer Configuration takes precedence over the setting in User Configuration. Both Computer and User configuration take precedence over a user's setting. This setting does not prevent users from setting custom actions through the Offline Files tab. However, users are unable to change any custom actions established via this setting. +This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured for a particular server, the setting in Computer Configuration takes precedence over the setting in User Configuration. Both Computer and User configuration take precedence over a user's setting. This setting doesn't prevent users from setting custom actions through the Offline Files tab. However, users are unable to change any custom actions established via this setting. > [!TIP] > To configure this setting without establishing a setting, in Windows Explorer, on the Tools menu, click Folder Options, click the Offline Files tab, and then click Advanced. This setting corresponds to the settings in the "Exception list" section. @@ -485,13 +485,13 @@ This setting also disables the "Amount of disk space to use for temporary offlin Automatic caching can be set on any network share. When a user opens a file on the share, the system automatically stores a copy of the file on the user's computer. -This setting does not limit the disk space available for files that user's make available offline manually. +This setting doesn't limit the disk space available for files that user's make available offline manually. - If you enable this setting, you can specify an automatic-cache disk space limit. - If you disable this setting, the system limits the space that automatically cached files occupy to 10 percent of the space on the system drive. -- If you do not configure this setting, disk space for automatically cached files is limited to 10 percent of the system drive by default, but users can change it. +- If you don't configure this setting, disk space for automatically cached files is limited to 10 percent of the system drive by default, but users can change it. > [!TIP] > To change the amount of disk space used for automatic caching without specifying a setting, in Windows Explorer, on the Tools menu, click Folder Options, click the Offline Files tab, and then use the slider bar associated with the "Amount of disk space to use for temporary offline files" option. @@ -548,16 +548,16 @@ This setting does not limit the disk space available for files that user's make -This policy setting determines whether the Offline Files feature is enabled. Offline Files saves a copy of network files on the user's computer for use when the computer is not connected to the network. +This policy setting determines whether the Offline Files feature is enabled. Offline Files saves a copy of network files on the user's computer for use when the computer isn't connected to the network. -- If you enable this policy setting, Offline Files is enabled and users cannot disable it. +- If you enable this policy setting, Offline Files is enabled and users can't disable it. -- If you disable this policy setting, Offline Files is disabled and users cannot enable it. +- If you disable this policy setting, Offline Files is disabled and users can't enable it. -- If you do not configure this policy setting, Offline Files is enabled on Windows client computers, and disabled on computers running Windows Server, unless changed by the user. +- If you don't configure this policy setting, Offline Files is enabled on Windows client computers, and disabled on computers running Windows Server, unless changed by the user. > [!NOTE] -> Changes to this policy setting do not take effect until the affected computer is restarted. +> Changes to this policy setting don't take effect until the affected computer is restarted. @@ -616,11 +616,11 @@ This policy setting determines whether offline files are encrypted. Offline files are locally cached copies of files from a network share. Encrypting this cache reduces the likelihood that a user could access files from the Offline Files cache without proper permissions. -- If you enable this policy setting, all files in the Offline Files cache are encrypted. This includes existing files as well as files added later. The cached copy on the local computer is affected, but the associated network copy is not. The user cannot unencrypt Offline Files through the user interface. +- If you enable this policy setting, all files in the Offline Files cache are encrypted. This includes existing files as well as files added later. The cached copy on the local computer is affected, but the associated network copy is not. The user can't unencrypt Offline Files through the user interface. -- If you disable this policy setting, all files in the Offline Files cache are unencrypted. This includes existing files as well as files added later, even if the files were stored using NTFS encryption or BitLocker Drive Encryption while on the server. The cached copy on the local computer is affected, but the associated network copy is not. The user cannot encrypt Offline Files through the user interface. +- If you disable this policy setting, all files in the Offline Files cache are unencrypted. This includes existing files as well as files added later, even if the files were stored using NTFS encryption or BitLocker Drive Encryption while on the server. The cached copy on the local computer is affected, but the associated network copy is not. The user can't encrypt Offline Files through the user interface. -- If you do not configure this policy setting, encryption of the Offline Files cache is controlled by the user through the user interface. The current cache state is retained, and if the cache is only partially encrypted, the operation completes so that it is fully encrypted. The cache does not return to the unencrypted state. The user must be an administrator on the local computer to encrypt or decrypt the Offline Files cache. +- If you don't configure this policy setting, encryption of the Offline Files cache is controlled by the user through the user interface. The current cache state is retained, and if the cache is only partially encrypted, the operation completes so that it's fully encrypted. The cache doesn't return to the unencrypted state. The user must be an administrator on the local computer to encrypt or decrypt the Offline Files cache. > [!NOTE] > By default, this cache is protected on NTFS partitions by ACLs. @@ -822,7 +822,7 @@ This policy setting enables administrators to block certain file types from bein - If you enable this policy setting, a user will be unable to create files with the specified file extensions in any of the folders that have been made available offline. -- If you disable or do not configure this policy setting, a user can create a file of any type in the folders that have been made available offline. +- If you disable or don't configure this policy setting, a user can create a file of any type in the folders that have been made available offline. @@ -876,11 +876,11 @@ This policy setting enables administrators to block certain file types from bein -Lists types of files that cannot be used offline. +Lists types of files that can't be used offline. -This setting lets you exclude certain types of files from automatic and manual caching for offline use. The system does not cache files of the type specified in this setting even when they reside on a network share configured for automatic caching. Also, if users try to make a file of this type available offline, the operation will fail and the following message will be displayed in the Synchronization Manager progress dialog box: "Files of this type cannot be made available offline." +This setting lets you exclude certain types of files from automatic and manual caching for offline use. The system doesn't cache files of the type specified in this setting even when they reside on a network share configured for automatic caching. Also, if users try to make a file of this type available offline, the operation will fail and the following message will be displayed in the Synchronization Manager progress dialog box: "Files of this type can't be made available offline." -This setting is designed to protect files that cannot be separated, such as database components. +This setting is designed to protect files that can't be separated, such as database components. To use this setting, type the file name extension in the "Extensions" box. To type more than one extension, separate the extensions with a semicolon (;). @@ -947,11 +947,11 @@ This setting also disables the "When a network connection is lost" option on the - "Work offline" indicates that the computer can use local copies of network files while the server is inaccessible. -- "Never go offline" indicates that network files are not available while the server is inaccessible. +- "Never go offline" indicates that network files aren't available while the server is inaccessible. - If you disable this setting or select the "Work offline" option, users can work offline if disconnected. -- If you do not configure this setting, users can work offline by default, but they can change this option. +- If you don't configure this setting, users can work offline by default, but they can change this option. This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration. @@ -1020,11 +1020,11 @@ This setting also disables the "When a network connection is lost" option on the - "Work offline" indicates that the computer can use local copies of network files while the server is inaccessible. -- "Never go offline" indicates that network files are not available while the server is inaccessible. +- "Never go offline" indicates that network files aren't available while the server is inaccessible. - If you disable this setting or select the "Work offline" option, users can work offline if disconnected. -- If you do not configure this setting, users can work offline by default, but they can change this option. +- If you don't configure this setting, users can work offline by default, but they can change this option. This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration. @@ -1087,9 +1087,9 @@ Also, see the "Non-default server disconnect actions" setting. Disables the Offline Files folder. -This setting disables the "View Files" button on the Offline Files tab. As a result, users cannot use the Offline Files folder to view or open copies of network files stored on their computer. Also, they cannot use the folder to view characteristics of offline files, such as their server status, type, or location. +This setting disables the "View Files" button on the Offline Files tab. As a result, users can't use the Offline Files folder to view or open copies of network files stored on their computer. Also, they can't use the folder to view characteristics of offline files, such as their server status, type, or location. -This setting does not prevent users from working offline or from saving local copies of files available offline. Also, it does not prevent them from using other programs, such as Windows Explorer, to view their offline files. +This setting doesn't prevent users from working offline or from saving local copies of files available offline. Also, it doesn't prevent them from using other programs, such as Windows Explorer, to view their offline files. This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration. @@ -1151,9 +1151,9 @@ This setting appears in the Computer Configuration and User Configuration folder Disables the Offline Files folder. -This setting disables the "View Files" button on the Offline Files tab. As a result, users cannot use the Offline Files folder to view or open copies of network files stored on their computer. Also, they cannot use the folder to view characteristics of offline files, such as their server status, type, or location. +This setting disables the "View Files" button on the Offline Files tab. As a result, users can't use the Offline Files folder to view or open copies of network files stored on their computer. Also, they can't use the folder to view characteristics of offline files, such as their server status, type, or location. -This setting does not prevent users from working offline or from saving local copies of files available offline. Also, it does not prevent them from using other programs, such as Windows Explorer, to view their offline files. +This setting doesn't prevent users from working offline or from saving local copies of files available offline. Also, it doesn't prevent them from using other programs, such as Windows Explorer, to view their offline files. This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration. @@ -1215,14 +1215,14 @@ This setting appears in the Computer Configuration and User Configuration folder Prevents users from enabling, disabling, or changing the configuration of Offline Files. -This setting removes the Offline Files tab from the Folder Options dialog box. It also removes the Settings item from the Offline Files context menu and disables the Settings button on the Offline Files Status dialog box. As a result, users cannot view or change the options on the Offline Files tab or Offline Files dialog box. +This setting removes the Offline Files tab from the Folder Options dialog box. It also removes the Settings item from the Offline Files context menu and disables the Settings button on the Offline Files Status dialog box. As a result, users can't view or change the options on the Offline Files tab or Offline Files dialog box. This is a comprehensive setting that locks down the configuration you establish by using other settings in this folder. This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration. > [!TIP] -> This setting provides a quick method for locking down the default settings for Offline Files. To accept the defaults, just enable this setting. You do not have to disable any other settings in this folder. +> This setting provides a quick method for locking down the default settings for Offline Files. To accept the defaults, just enable this setting. You don't have to disable any other settings in this folder. @@ -1279,14 +1279,14 @@ This setting appears in the Computer Configuration and User Configuration folder Prevents users from enabling, disabling, or changing the configuration of Offline Files. -This setting removes the Offline Files tab from the Folder Options dialog box. It also removes the Settings item from the Offline Files context menu and disables the Settings button on the Offline Files Status dialog box. As a result, users cannot view or change the options on the Offline Files tab or Offline Files dialog box. +This setting removes the Offline Files tab from the Folder Options dialog box. It also removes the Settings item from the Offline Files context menu and disables the Settings button on the Offline Files Status dialog box. As a result, users can't view or change the options on the Offline Files tab or Offline Files dialog box. This is a comprehensive setting that locks down the configuration you establish by using other settings in this folder. This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration. > [!TIP] -> This setting provides a quick method for locking down the default settings for Offline Files. To accept the defaults, just enable this setting. You do not have to disable any other settings in this folder. +> This setting provides a quick method for locking down the default settings for Offline Files. To accept the defaults, just enable this setting. You don't have to disable any other settings in this folder. @@ -1343,9 +1343,9 @@ This setting appears in the Computer Configuration and User Configuration folder This policy setting prevents users from making network files and folders available offline. -- If you enable this policy setting, users cannot designate files to be saved on their computer for offline use. However, Windows will still cache local copies of files that reside on network shares designated for automatic caching. +- If you enable this policy setting, users can't designate files to be saved on their computer for offline use. However, Windows will still cache local copies of files that reside on network shares designated for automatic caching. -- If you disable or do not configure this policy setting, users can manually specify files and folders that they want to make available offline. +- If you disable or don't configure this policy setting, users can manually specify files and folders that they want to make available offline. Note: @@ -1408,9 +1408,9 @@ The "Make Available Offline" command is called "Always available offline" on com This policy setting prevents users from making network files and folders available offline. -- If you enable this policy setting, users cannot designate files to be saved on their computer for offline use. However, Windows will still cache local copies of files that reside on network shares designated for automatic caching. +- If you enable this policy setting, users can't designate files to be saved on their computer for offline use. However, Windows will still cache local copies of files that reside on network shares designated for automatic caching. -- If you disable or do not configure this policy setting, users can manually specify files and folders that they want to make available offline. +- If you disable or don't configure this policy setting, users can manually specify files and folders that they want to make available offline. Note: @@ -1473,11 +1473,11 @@ The "Make Available Offline" command is called "Always available offline" on com This policy setting allows you to manage a list of files and folders for which you want to block the "Make Available Offline" command. -- If you enable this policy setting, the "Make Available Offline" command is not available for the files and folders that you list. To specify these files and folders, click Show. In the Show Contents dialog box, in the Value Name column box, type the fully qualified UNC path to the file or folder. Leave the Value column field blank. +- If you enable this policy setting, the "Make Available Offline" command isn't available for the files and folders that you list. To specify these files and folders, click Show. In the Show Contents dialog box, in the Value Name column box, type the fully qualified UNC path to the file or folder. Leave the Value column field blank. - If you disable this policy setting, the list of files and folders is deleted, including any lists inherited from lower precedence GPOs, and the "Make Available Offline" command is displayed for all files and folders. -- If you do not configure this policy setting, the "Make Available Offline" command is available for all files and folders. +- If you don't configure this policy setting, the "Make Available Offline" command is available for all files and folders. Note: @@ -1485,7 +1485,7 @@ This policy setting appears in the Computer Configuration and User Configuration The "Make Available Offline" command is called "Always available offline" on computers running Windows Server 2012, Windows Server 2008 R2, Windows Server 2008, Windows 8, Windows 7, or Windows Vista. -This policy setting does not prevent files from being automatically cached if the network share is configured for "Automatic Caching." It only affects the display of the "Make Available Offline" command in File Explorer. +This policy setting doesn't prevent files from being automatically cached if the network share is configured for "Automatic Caching." It only affects the display of the "Make Available Offline" command in File Explorer. If the "Remove 'Make Available Offline' command" policy setting is enabled, this setting has no effect. @@ -1543,11 +1543,11 @@ If the "Remove 'Make Available Offline' command" policy setting is enabled, this This policy setting allows you to manage a list of files and folders for which you want to block the "Make Available Offline" command. -- If you enable this policy setting, the "Make Available Offline" command is not available for the files and folders that you list. To specify these files and folders, click Show. In the Show Contents dialog box, in the Value Name column box, type the fully qualified UNC path to the file or folder. Leave the Value column field blank. +- If you enable this policy setting, the "Make Available Offline" command isn't available for the files and folders that you list. To specify these files and folders, click Show. In the Show Contents dialog box, in the Value Name column box, type the fully qualified UNC path to the file or folder. Leave the Value column field blank. - If you disable this policy setting, the list of files and folders is deleted, including any lists inherited from lower precedence GPOs, and the "Make Available Offline" command is displayed for all files and folders. -- If you do not configure this policy setting, the "Make Available Offline" command is available for all files and folders. +- If you don't configure this policy setting, the "Make Available Offline" command is available for all files and folders. Note: @@ -1555,7 +1555,7 @@ This policy setting appears in the Computer Configuration and User Configuration The "Make Available Offline" command is called "Always available offline" on computers running Windows Server 2012, Windows Server 2008 R2, Windows Server 2008, Windows 8, Windows 7, or Windows Vista. -This policy setting does not prevent files from being automatically cached if the network share is configured for "Automatic Caching." It only affects the display of the "Make Available Offline" command in File Explorer. +This policy setting doesn't prevent files from being automatically cached if the network share is configured for "Automatic Caching." It only affects the display of the "Make Available Offline" command in File Explorer. If the "Remove 'Make Available Offline' command" policy setting is enabled, this setting has no effect. @@ -1613,13 +1613,13 @@ If the "Remove 'Make Available Offline' command" policy setting is enabled, this Hides or displays reminder balloons, and prevents users from changing the setting. -Reminder balloons appear above the Offline Files icon in the notification area to notify users when they have lost the connection to a networked file and are working on a local copy of the file. Users can then decide how to proceed. +Reminder balloons appear above the Offline Files icon in the notification area to notify users when they've lost the connection to a networked file and are working on a local copy of the file. Users can then decide how to proceed. If you enable this setting, the system hides the reminder balloons, and prevents users from displaying them. If you disable the setting, the system displays the reminder balloons and prevents users from hiding them. -If this setting is not configured, reminder balloons are displayed by default when you enable offline files, but users can change the setting. +If this setting isn't configured, reminder balloons are displayed by default when you enable offline files, but users can change the setting. To prevent users from changing the setting while a setting is in effect, the system disables the "Enable reminders" option on the Offline Files tab @@ -1683,13 +1683,13 @@ This setting appears in the Computer Configuration and User Configuration folder Hides or displays reminder balloons, and prevents users from changing the setting. -Reminder balloons appear above the Offline Files icon in the notification area to notify users when they have lost the connection to a networked file and are working on a local copy of the file. Users can then decide how to proceed. +Reminder balloons appear above the Offline Files icon in the notification area to notify users when they've lost the connection to a networked file and are working on a local copy of the file. Users can then decide how to proceed. If you enable this setting, the system hides the reminder balloons, and prevents users from displaying them. If you disable the setting, the system displays the reminder balloons and prevents users from hiding them. -If this setting is not configured, reminder balloons are displayed by default when you enable offline files, but users can change the setting. +If this setting isn't configured, reminder balloons are displayed by default when you enable offline files, but users can change the setting. To prevent users from changing the setting while a setting is in effect, the system disables the "Enable reminders" option on the Offline Files tab @@ -1753,13 +1753,13 @@ This setting appears in the Computer Configuration and User Configuration folder This policy setting controls whether files read from file shares over a slow network are transparently cached in the Offline Files cache for future reads. When a user tries to access a file that has been transparently cached, Windows reads from the cached copy after verifying its integrity. This improves end-user response times and decreases bandwidth consumption over WAN links. -The cached files are temporary and are not available to the user when offline. The cached files are not kept in sync with the version on the server, and the most current version from the server is always available for subsequent reads. +The cached files are temporary and aren't available to the user when offline. The cached files aren't kept in sync with the version on the server, and the most current version from the server is always available for subsequent reads. -This policy setting is triggered by the configured round trip network latency value. We recommend using this policy setting when the network connection to the server is slow. For example, you can configure a value of 60 ms as the round trip latency of the network above which files should be transparently cached in the Offline Files cache. If the round trip latency of the network is less than 60ms, reads to remote files will not be cached. +This policy setting is triggered by the configured round trip network latency value. We recommend using this policy setting when the network connection to the server is slow. For example, you can configure a value of 60 ms as the round trip latency of the network above which files should be transparently cached in the Offline Files cache. If the round trip latency of the network is less than 60ms, reads to remote files won't be cached. - If you enable this policy setting, transparent caching is enabled and configurable. -- If you disable or do not configure this policy setting, remote files will be not be transparently cached on client computers. +- If you disable or don't configure this policy setting, remote files will be not be transparently cached on client computers. @@ -1815,12 +1815,12 @@ This policy setting is triggered by the configured round trip network latency va Deletes local copies of the user's offline files when the user logs off. -This setting specifies that automatically and manually cached offline files are retained only while the user is logged on to the computer. When the user logs off, the system deletes all local copies of offline files. +This setting specifies that automatically and manually cached offline files are retained only while the user is logged-on to the computer. When the user logs off, the system deletes all local copies of offline files. -If you disable this setting or do not configure it, automatically and manually cached copies are retained on the user's computer for later offline use. +If you disable this setting or don't configure it, automatically and manually cached copies are retained on the user's computer for later offline use. > [!CAUTION] -> Files are not synchronized before they are deleted. Any changes to local files since the last synchronization are lost. +> Files aren't synchronized before they're deleted. Any changes to local files since the last synchronization are lost. @@ -1877,7 +1877,7 @@ If you disable this setting or do not configure it, automatically and manually c This policy setting allows you to turn on economical application of administratively assigned Offline Files. -- If you enable or do not configure this policy setting, only new files and folders in administratively assigned folders are synchronized at logon. Files and folders that are already available offline are skipped and are synchronized later. +- If you enable or don't configure this policy setting, only new files and folders in administratively assigned folders are synchronized at logon. Files and folders that are already available offline are skipped and are synchronized later. - If you disable this policy setting, all administratively assigned folders are synchronized at logon. @@ -1938,7 +1938,7 @@ Determines how often reminder balloon updates appear. If you enable this setting, you can select how often reminder balloons updates appear and also prevent users from changing this setting. -Reminder balloons appear when the user's connection to a network file is lost or reconnected, and they are updated periodically. By default, the first reminder for an event is displayed for 30 seconds. Then, updates appear every 60 minutes and are displayed for 15 seconds. You can use this setting to change the update interval. +Reminder balloons appear when the user's connection to a network file is lost or reconnected, and they're updated periodically. By default, the first reminder for an event is displayed for 30 seconds. Then, updates appear every 60 minutes and are displayed for 15 seconds. You can use this setting to change the update interval. This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration. @@ -2001,7 +2001,7 @@ Determines how often reminder balloon updates appear. If you enable this setting, you can select how often reminder balloons updates appear and also prevent users from changing this setting. -Reminder balloons appear when the user's connection to a network file is lost or reconnected, and they are updated periodically. By default, the first reminder for an event is displayed for 30 seconds. Then, updates appear every 60 minutes and are displayed for 15 seconds. You can use this setting to change the update interval. +Reminder balloons appear when the user's connection to a network file is lost or reconnected, and they're updated periodically. By default, the first reminder for an event is displayed for 30 seconds. Then, updates appear every 60 minutes and are displayed for 15 seconds. You can use this setting to change the update interval. This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration. @@ -2062,7 +2062,7 @@ This setting appears in the Computer Configuration and User Configuration folder Determines how long the first reminder balloon for a network status change is displayed. -Reminder balloons appear when the user's connection to a network file is lost or reconnected, and they are updated periodically. By default, the first reminder for an event is displayed for 30 seconds. Then, updates appear every 60 minutes and are displayed for 15 seconds. You can use this setting to change the duration of the first reminder. +Reminder balloons appear when the user's connection to a network file is lost or reconnected, and they're updated periodically. By default, the first reminder for an event is displayed for 30 seconds. Then, updates appear every 60 minutes and are displayed for 15 seconds. You can use this setting to change the duration of the first reminder. This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration. @@ -2120,7 +2120,7 @@ This setting appears in the Computer Configuration and User Configuration folder Determines how long the first reminder balloon for a network status change is displayed. -Reminder balloons appear when the user's connection to a network file is lost or reconnected, and they are updated periodically. By default, the first reminder for an event is displayed for 30 seconds. Then, updates appear every 60 minutes and are displayed for 15 seconds. You can use this setting to change the duration of the first reminder. +Reminder balloons appear when the user's connection to a network file is lost or reconnected, and they're updated periodically. By default, the first reminder for an event is displayed for 30 seconds. Then, updates appear every 60 minutes and are displayed for 15 seconds. You can use this setting to change the duration of the first reminder. This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration. @@ -2178,7 +2178,7 @@ This setting appears in the Computer Configuration and User Configuration folder Determines how long updated reminder balloons are displayed. -Reminder balloons appear when the user's connection to a network file is lost or reconnected, and they are updated periodically. By default, the first reminder for an event is displayed for 30 seconds. Then, updates appear every 60 minutes and are displayed for 15 seconds. You can use this setting to change the duration of the update reminder. +Reminder balloons appear when the user's connection to a network file is lost or reconnected, and they're updated periodically. By default, the first reminder for an event is displayed for 30 seconds. Then, updates appear every 60 minutes and are displayed for 15 seconds. You can use this setting to change the duration of the update reminder. This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration. @@ -2236,7 +2236,7 @@ This setting appears in the Computer Configuration and User Configuration folder Determines how long updated reminder balloons are displayed. -Reminder balloons appear when the user's connection to a network file is lost or reconnected, and they are updated periodically. By default, the first reminder for an event is displayed for 30 seconds. Then, updates appear every 60 minutes and are displayed for 15 seconds. You can use this setting to change the duration of the update reminder. +Reminder balloons appear when the user's connection to a network file is lost or reconnected, and they're updated periodically. By default, the first reminder for an event is displayed for 30 seconds. Then, updates appear every 60 minutes and are displayed for 15 seconds. You can use this setting to change the duration of the update reminder. This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration. @@ -2292,13 +2292,13 @@ This setting appears in the Computer Configuration and User Configuration folder -This policy setting controls the network latency and throughput thresholds that will cause a client computers to transition files and folders that are already available offline to the slow-link mode so that the user's access to this data is not degraded due to network slowness. When Offline Files is operating in the slow-link mode, all network file requests are satisfied from the Offline Files cache. This is similar to a user working offline. +This policy setting controls the network latency and throughput thresholds that will cause a client computers to transition files and folders that are already available offline to the slow-link mode so that the user's access to this data isn't degraded due to network slowness. When Offline Files is operating in the slow-link mode, all network file requests are satisfied from the Offline Files cache. This is similar to a user working offline. - If you enable this policy setting, Offline Files uses the slow-link mode if the network throughput between the client and the server is below (slower than) the Throughput threshold parameter, or if the round-trip network latency is above (slower than) the Latency threshold parameter. -You can configure the slow-link mode by specifying threshold values for Throughput (in bits per second) and/or Latency (in milliseconds) for specific UNC paths. We recommend that you always specify a value for Latency, since the round-trip network latency detection is faster. You can use wildcard characters (*) for specifying UNC paths. If you do not specify a Latency or Throughput value, computers running Windows Vista or Windows Server 2008 will not use the slow-link mode. +You can configure the slow-link mode by specifying threshold values for Throughput (in bits per second) and/or Latency (in milliseconds) for specific UNC paths. We recommend that you always specify a value for Latency, since the round-trip network latency detection is faster. You can use wildcard characters (*) for specifying UNC paths. If you don't specify a Latency or Throughput value, computers running Windows Vista or Windows Server 2008 won't use the slow-link mode. -- If you do not configure this policy setting, computers running Windows Vista or Windows Server 2008 will not transition a shared folder to the slow-link mode. Computers running Windows 7 or Windows Server 2008 R2 will use the default latency value of 80 milliseconds when transitioning a folder to the slow-link mode. Computers running Windows 8 or Windows Server 2012 will use the default latency value of 35 milliseconds when transitioning a folder to the slow-link mode. To avoid extra charges on cell phone or broadband plans, it may be necessary to configure the latency threshold to be lower than the round-trip network latency. +- If you don't configure this policy setting, computers running Windows Vista or Windows Server 2008 won't transition a shared folder to the slow-link mode. Computers running Windows 7 or Windows Server 2008 R2 will use the default latency value of 80 milliseconds when transitioning a folder to the slow-link mode. Computers running Windows 8 or Windows Server 2012 will use the default latency value of 35 milliseconds when transitioning a folder to the slow-link mode. To avoid extra charges on cell phone or broadband plans, it may be necessary to configure the latency threshold to be lower than the round-trip network latency. In Windows Vista or Windows Server 2008, once transitioned to slow-link mode, users will continue to operate in slow-link mode until the user clicks the Work Online button on the toolbar in Windows Explorer. Data will only be synchronized to the server if the user manually initiates synchronization by using Sync Center. @@ -2306,7 +2306,7 @@ In Windows 7, Windows Server 2008 R2, Windows 8 or Windows Server 2012, when ope In Windows 8 or Windows Server 2012, set the Latency threshold to 1ms to keep users always working offline in slow-link mode. -- If you disable this policy setting, computers will not use the slow-link mode. +- If you disable this policy setting, computers won't use the slow-link mode. @@ -2363,7 +2363,7 @@ In Windows 8 or Windows Server 2012, set the Latency threshold to 1ms to keep us Configures the threshold value at which Offline Files considers a network connection to be "slow". Any network speed below this value is considered to be slow. -When a connection is considered slow, Offline Files automatically adjust its behavior to avoid excessive synchronization traffic and will not automatically reconnect to a server when the presence of a server is detected. +When a connection is considered slow, Offline Files automatically adjust its behavior to avoid excessive synchronization traffic and won't automatically reconnect to a server when the presence of a server is detected. - If you enable this setting, you can configure the threshold value that will be used to determine a slow network connection. @@ -2430,9 +2430,9 @@ This setting also disables the "Synchronize all offline files before logging off - If you enable this setting, offline files are fully synchronized. Full synchronization ensures that offline files are complete and current. -- If you disable this setting, the system only performs a quick synchronization. Quick synchronization ensures that files are complete, but does not ensure that they are current. +- If you disable this setting, the system only performs a quick synchronization. Quick synchronization ensures that files are complete, but doesn't ensure that they're current. -- If you do not configure this setting, the system performs a quick synchronization by default, but users can change this option. +- If you don't configure this setting, the system performs a quick synchronization by default, but users can change this option. This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration. @@ -2498,9 +2498,9 @@ This setting also disables the "Synchronize all offline files before logging off - If you enable this setting, offline files are fully synchronized. Full synchronization ensures that offline files are complete and current. -- If you disable this setting, the system only performs a quick synchronization. Quick synchronization ensures that files are complete, but does not ensure that they are current. +- If you disable this setting, the system only performs a quick synchronization. Quick synchronization ensures that files are complete, but doesn't ensure that they're current. -- If you do not configure this setting, the system performs a quick synchronization by default, but users can change this option. +- If you don't configure this setting, the system performs a quick synchronization by default, but users can change this option. This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration. @@ -2566,9 +2566,9 @@ This setting also disables the "Synchronize all offline files before logging on" - If you enable this setting, offline files are fully synchronized at logon. Full synchronization ensures that offline files are complete and current. Enabling this setting automatically enables logon synchronization in Synchronization Manager. -- If this setting is disabled and Synchronization Manager is configured for logon synchronization, the system performs only a quick synchronization. Quick synchronization ensures that files are complete but does not ensure that they are current. +- If this setting is disabled and Synchronization Manager is configured for logon synchronization, the system performs only a quick synchronization. Quick synchronization ensures that files are complete but doesn't ensure that they're current. -- If you do not configure this setting and Synchronization Manager is configured for logon synchronization, the system performs a quick synchronization by default, but users can change this option. +- If you don't configure this setting and Synchronization Manager is configured for logon synchronization, the system performs a quick synchronization by default, but users can change this option. This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration. @@ -2634,9 +2634,9 @@ This setting also disables the "Synchronize all offline files before logging on" - If you enable this setting, offline files are fully synchronized at logon. Full synchronization ensures that offline files are complete and current. Enabling this setting automatically enables logon synchronization in Synchronization Manager. -- If this setting is disabled and Synchronization Manager is configured for logon synchronization, the system performs only a quick synchronization. Quick synchronization ensures that files are complete but does not ensure that they are current. +- If this setting is disabled and Synchronization Manager is configured for logon synchronization, the system performs only a quick synchronization. Quick synchronization ensures that files are complete but doesn't ensure that they're current. -- If you do not configure this setting and Synchronization Manager is configured for logon synchronization, the system performs a quick synchronization by default, but users can change this option. +- If you don't configure this setting and Synchronization Manager is configured for logon synchronization, the system performs a quick synchronization by default, but users can change this option. This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration. @@ -2700,10 +2700,10 @@ Determines whether offline files are synchonized before a computer is suspended. - If you enable this setting, offline files are synchronized whenever the computer is suspended. Setting the synchronization action to "Quick" ensures only that all files in the cache are complete. Setting the synchronization action to "Full" ensures that all cached files and folders are up-to-date with the most current version. -- If you disable or do not configuring this setting, files are not synchronized when the computer is suspended. +- If you disable or don't configuring this setting, files aren't synchronized when the computer is suspended. > [!NOTE] -> If the computer is suspended by closing the display on a portable computer, files are not synchronized. If multiple users are logged on to the computer at the time the computer is suspended, a synchronization is not performed. +> If the computer is suspended by closing the display on a portable computer, files aren't synchronized. If multiple users are logged-on to the computer at the time the computer is suspended, a synchronization isn't performed. @@ -2761,10 +2761,10 @@ Determines whether offline files are synchonized before a computer is suspended. - If you enable this setting, offline files are synchronized whenever the computer is suspended. Setting the synchronization action to "Quick" ensures only that all files in the cache are complete. Setting the synchronization action to "Full" ensures that all cached files and folders are up-to-date with the most current version. -- If you disable or do not configuring this setting, files are not synchronized when the computer is suspended. +- If you disable or don't configuring this setting, files aren't synchronized when the computer is suspended. > [!NOTE] -> If the computer is suspended by closing the display on a portable computer, files are not synchronized. If multiple users are logged on to the computer at the time the computer is suspended, a synchronization is not performed. +> If the computer is suspended by closing the display on a portable computer, files aren't synchronized. If multiple users are logged-on to the computer at the time the computer is suspended, a synchronization isn't performed. @@ -2822,7 +2822,7 @@ This policy setting determines whether offline files are synchronized in the bac - If you enable this setting, synchronization can occur in the background when the user's network is roaming, near, or over the plan's data limit. This may result in extra charges on cell phone or broadband plans. -- If this setting is disabled or not configured, synchronization will not run in the background on network folders when the user's network is roaming, near, or over the plan's data limit. The network folder must also be in "slow-link" mode, as specified by the "Configure slow-link mode" policy to avoid network usage. +- If this setting is disabled or not configured, synchronization won't run in the background on network folders when the user's network is roaming, near, or over the plan's data limit. The network folder must also be in "slow-link" mode, as specified by the "Configure slow-link mode" policy to avoid network usage. @@ -2879,9 +2879,9 @@ This policy setting determines whether offline files are synchronized in the bac This policy setting removes the "Work offline" command from Explorer, preventing users from manually changing whether Offline Files is in online mode or offline mode. -- If you enable this policy setting, the "Work offline" command is not displayed in File Explorer. +- If you enable this policy setting, the "Work offline" command isn't displayed in File Explorer. -- If you disable or do not configure this policy setting, the "Work offline" command is displayed in File Explorer. +- If you disable or don't configure this policy setting, the "Work offline" command is displayed in File Explorer. @@ -2938,9 +2938,9 @@ This policy setting removes the "Work offline" command from Explorer, preventing This policy setting removes the "Work offline" command from Explorer, preventing users from manually changing whether Offline Files is in online mode or offline mode. -- If you enable this policy setting, the "Work offline" command is not displayed in File Explorer. +- If you enable this policy setting, the "Work offline" command isn't displayed in File Explorer. -- If you disable or do not configure this policy setting, the "Work offline" command is displayed in File Explorer. +- If you disable or don't configure this policy setting, the "Work offline" command is displayed in File Explorer. diff --git a/windows/client-management/mdm/policy-csp-admx-pca.md b/windows/client-management/mdm/policy-csp-admx-pca.md index 99b3a2e0d2..8ab572b025 100644 --- a/windows/client-management/mdm/policy-csp-admx-pca.md +++ b/windows/client-management/mdm/policy-csp-admx-pca.md @@ -39,7 +39,7 @@ ms.topic: reference -This setting exists only for backward compatibility, and is not valid for this version of Windows. To configure the Program Compatibility Assistant, use the 'Turn off Program Compatibility Assistant' setting under Computer Configuration\Administrative Templates\Windows Components\Application Compatibility. +This setting exists only for backward compatibility, and isn't valid for this version of Windows. To configure the Program Compatibility Assistant, use the 'Turn off Program Compatibility Assistant' setting under Computer Configuration\Administrative Templates\Windows Components\Application Compatibility. @@ -93,7 +93,7 @@ This setting exists only for backward compatibility, and is not valid for this v -This setting exists only for backward compatibility, and is not valid for this version of Windows. To configure the Program Compatibility Assistant, use the 'Turn off Program Compatibility Assistant' setting under Computer Configuration\Administrative Templates\Windows Components\Application Compatibility. +This setting exists only for backward compatibility, and isn't valid for this version of Windows. To configure the Program Compatibility Assistant, use the 'Turn off Program Compatibility Assistant' setting under Computer Configuration\Administrative Templates\Windows Components\Application Compatibility. @@ -148,7 +148,7 @@ This setting exists only for backward compatibility, and is not valid for this v -This setting exists only for backward compatibility, and is not valid for this version of Windows. To configure the Program Compatibility Assistant, use the 'Turn off Program Compatibility Assistant' setting under Computer Configuration\Administrative Templates\Windows Components\Application Compatibility. +This setting exists only for backward compatibility, and isn't valid for this version of Windows. To configure the Program Compatibility Assistant, use the 'Turn off Program Compatibility Assistant' setting under Computer Configuration\Administrative Templates\Windows Components\Application Compatibility. @@ -203,7 +203,7 @@ This setting exists only for backward compatibility, and is not valid for this v -This setting exists only for backward compatibility, and is not valid for this version of Windows. To configure the Program Compatibility Assistant, use the 'Turn off Program Compatibility Assistant' setting under Computer Configuration\Administrative Templates\Windows Components\Application Compatibility. +This setting exists only for backward compatibility, and isn't valid for this version of Windows. To configure the Program Compatibility Assistant, use the 'Turn off Program Compatibility Assistant' setting under Computer Configuration\Administrative Templates\Windows Components\Application Compatibility. @@ -257,7 +257,7 @@ This setting exists only for backward compatibility, and is not valid for this v -This setting exists only for backward compatibility, and is not valid for this version of Windows. To configure the Program Compatibility Assistant, use the 'Turn off Program Compatibility Assistant' setting under Computer Configuration\Administrative Templates\Windows Components\Application Compatibility. +This setting exists only for backward compatibility, and isn't valid for this version of Windows. To configure the Program Compatibility Assistant, use the 'Turn off Program Compatibility Assistant' setting under Computer Configuration\Administrative Templates\Windows Components\Application Compatibility. @@ -312,7 +312,7 @@ This setting exists only for backward compatibility, and is not valid for this v -This setting exists only for backward compatibility, and is not valid for this version of Windows. To configure the Program Compatibility Assistant, use the 'Turn off Program Compatibility Assistant' setting under Computer Configuration\Administrative Templates\Windows Components\Application Compatibility. +This setting exists only for backward compatibility, and isn't valid for this version of Windows. To configure the Program Compatibility Assistant, use the 'Turn off Program Compatibility Assistant' setting under Computer Configuration\Administrative Templates\Windows Components\Application Compatibility. @@ -371,9 +371,9 @@ This policy setting configures the Program Compatibility Assistant (PCA) to diag - If you enable this policy setting, the PCA is configured to detect failures during application installation, failures during application runtime, and drivers blocked due to compatibility issues. When failures are detected, the PCA will provide options to run the application in a compatibility mode or get help online through a Microsoft website. -- If you disable this policy setting, the PCA does not detect compatibility issues for applications and drivers. +- If you disable this policy setting, the PCA doesn't detect compatibility issues for applications and drivers. -- If you do not configure this policy setting, the PCA is configured to detect failures during application installation, failures during application runtime, and drivers blocked due to compatibility issues. +- If you don't configure this policy setting, the PCA is configured to detect failures during application installation, failures during application runtime, and drivers blocked due to compatibility issues. > [!NOTE] > This policy setting has no effect if the "Turn off Program Compatibility Assistant" policy setting is enabled. The Diagnostic Policy Service (DPS) and Program Compatibility Assistant Service must be running for the PCA to run. These services can be configured by using the Services snap-in to the Microsoft Management Console. diff --git a/windows/client-management/mdm/policy-csp-admx-peertopeercaching.md b/windows/client-management/mdm/policy-csp-admx-peertopeercaching.md index f6c7dbe50e..bcc762bc18 100644 --- a/windows/client-management/mdm/policy-csp-admx-peertopeercaching.md +++ b/windows/client-management/mdm/policy-csp-admx-peertopeercaching.md @@ -51,7 +51,7 @@ Policy configuration Select one of the following: -- Not Configured. With this selection, BranchCache settings are not applied to client computers by this policy. In the circumstance where client computers are domain members but you do not want to enable BranchCache on all client computers, you can specify Not Configured for this domain Group Policy setting, and then configure local computer policy to enable BranchCache on individual client computers. Because the domain Group Policy setting is not configured, it will not over-write the enabled setting that you use on individual client computers where you want to enable BranchCache. +- Not Configured. With this selection, BranchCache settings aren't applied to client computers by this policy. In the circumstance where client computers are domain members but you don't want to enable BranchCache on all client computers, you can specify Not Configured for this domain Group Policy setting, and then configure local computer policy to enable BranchCache on individual client computers. Because the domain Group Policy setting isn't configured, it won't over-write the enabled setting that you use on individual client computers where you want to enable BranchCache. - Enabled. With this selection, BranchCache is turned on for all client computers where the policy is applied. For example, if this policy is enabled in domain Group Policy, BranchCache is turned on for all domain member client computers to which the policy is applied. @@ -120,7 +120,7 @@ Policy configuration Select one of the following: -- Not Configured. With this selection, BranchCache settings are not applied to client computers by this policy. In the circumstance where client computers are domain members but you do not want to enable BranchCache on all client computers, you can specify Not Configured for this domain Group Policy setting, and then configure local computer policy to enable BranchCache on individual client computers. Because the domain Group Policy setting is not configured, it will not over-write the enabled setting that you use on individual client computers where you want to enable BranchCache. +- Not Configured. With this selection, BranchCache settings aren't applied to client computers by this policy. In the circumstance where client computers are domain members but you don't want to enable BranchCache on all client computers, you can specify Not Configured for this domain Group Policy setting, and then configure local computer policy to enable BranchCache on individual client computers. Because the domain Group Policy setting isn't configured, it won't over-write the enabled setting that you use on individual client computers where you want to enable BranchCache. - Enabled. With this selection, BranchCache distributed cache mode is enabled for all client computers where the policy is applied. For example, if this policy is enabled in domain Group Policy, BranchCache distributed cache mode is turned on for all domain member client computers to which the policy is applied. @@ -183,13 +183,13 @@ Select one of the following: This policy setting specifies whether BranchCache hosted cache mode is enabled on client computers to which this policy is applied. In addition to this policy, you must use the policy "Turn on BranchCache" to enable BranchCache on client computers. -When a client computer is configured as a hosted cache mode client, it is able to download cached content from a hosted cache server that is located at the branch office. In addition, when the hosted cache client obtains content from a content server, the client can upload the content to the hosted cache server for access by other hosted cache clients at the branch office. +When a client computer is configured as a hosted cache mode client, it's able to download cached content from a hosted cache server that's located at the branch office. In addition, when the hosted cache client obtains content from a content server, the client can upload the content to the hosted cache server for access by other hosted cache clients at the branch office. Policy configuration Select one of the following: -- Not Configured. With this selection, BranchCache settings are not applied to client computers by this policy. In the circumstance where client computers are domain members but you do not want to enable BranchCache on all client computers, you can specify Not Configured for this domain Group Policy setting, and then configure local computer policy to enable BranchCache on individual client computers. Because the domain Group Policy setting is not configured, it will not over-write the enabled setting that you use on individual client computers where you want to enable BranchCache. +- Not Configured. With this selection, BranchCache settings aren't applied to client computers by this policy. In the circumstance where client computers are domain members but you don't want to enable BranchCache on all client computers, you can specify Not Configured for this domain Group Policy setting, and then configure local computer policy to enable BranchCache on individual client computers. Because the domain Group Policy setting isn't configured, it won't over-write the enabled setting that you use on individual client computers where you want to enable BranchCache. - Enabled. With this selection, BranchCache hosted cache mode is enabled for all client computers where the policy is applied. For example, if this policy is enabled in domain Group Policy, BranchCache hosted cache mode is turned on for all domain member client computers to which the policy is applied. @@ -197,9 +197,9 @@ Select one of the following: In circumstances where this setting is enabled, you can also select and configure the following option: -- Type the name of the hosted cache server. Specifies the computer name of the hosted cache server. Because the hosted cache server name is also specified in the certificate enrolled to the hosted cache server, the name that you enter here must match the name of the hosted cache server that is specified in the server certificate. +- Type the name of the hosted cache server. Specifies the computer name of the hosted cache server. Because the hosted cache server name is also specified in the certificate enrolled to the hosted cache server, the name that you enter here must match the name of the hosted cache server that's specified in the server certificate. -Hosted cache clients must trust the server certificate that is issued to the hosted cache server. Ensure that the issuing CA certificate is installed in the Trusted Root Certification Authorities certificate store on all hosted cache client computers. +Hosted cache clients must trust the server certificate that's issued to the hosted cache server. Ensure that the issuing CA certificate is installed in the Trusted Root Certification Authorities certificate store on all hosted cache client computers. * This policy setting is supported on computers that are running Windows Vista Business, Enterprise, and Ultimate editions with Background Intelligent Transfer Service (BITS) 4.0 installed. @@ -257,29 +257,29 @@ Hosted cache clients must trust the server certificate that is issued to the hos This policy setting specifies whether client computers should attempt the automatic configuration of hosted cache mode by searching for hosted cache servers publishing service connection points that are associated with the client's current Active Directory site. If you enable this policy setting, client computers to which the policy setting is applied search for hosted cache servers using Active Directory, and will prefer both these servers and hosted cache mode rather than manual BranchCache configuration or BranchCache configuration by other group policies. -If you enable this policy setting in addition to the "Turn on BranchCache" policy setting, BranchCache clients attempt to discover hosted cache servers in the local branch office. If client computers detect hosted cache servers, hosted cache mode is turned on. If they do not detect hosted cache servers, hosted cache mode is not turned on, and the client uses any other configuration that is specified manually or by Group Policy. +If you enable this policy setting in addition to the "Turn on BranchCache" policy setting, BranchCache clients attempt to discover hosted cache servers in the local branch office. If client computers detect hosted cache servers, hosted cache mode is turned on. If they don't detect hosted cache servers, hosted cache mode isn't turned on, and the client uses any other configuration that's specified manually or by Group Policy. -When this policy setting is applied, the client computer performs or does not perform automatic hosted cache server discovery under the following circumstances: +When this policy setting is applied, the client computer performs or doesn't perform automatic hosted cache server discovery under the following circumstances: If no other BranchCache mode-based policy settings are applied, the client computer performs automatic hosted cache server discovery. If one or more hosted cache servers is found, the client computer self-configures for hosted cache mode. If the policy setting "Set BranchCache Distributed Cache Mode" is applied in addition to this policy, the client computer performs automatic hosted cache server discovery. If one or more hosted cache servers are found, the client computer self-configures for hosted cache mode only. -If the policy setting "Set BranchCache Hosted Cache Mode" is applied, the client computer does not perform automatic hosted cache discovery. This is also true in cases where the policy setting "Configure Hosted Cache Servers" is applied. +If the policy setting "Set BranchCache Hosted Cache Mode" is applied, the client computer doesn't perform automatic hosted cache discovery. This is also true in cases where the policy setting "Configure Hosted Cache Servers" is applied. This policy setting can only be applied to client computers that are running at least Windows 8. This policy has no effect on computers that are running Windows 7 or Windows Vista. -If you disable, or do not configure this setting, a client will not attempt to discover hosted cache servers by service connection point. +If you disable, or don't configure this setting, a client won't attempt to discover hosted cache servers by service connection point. Policy configuration Select one of the following: -- Not Configured. With this selection, BranchCache settings are not applied to client computers by this policy setting, and client computers do not perform hosted cache server discovery. +- Not Configured. With this selection, BranchCache settings aren't applied to client computers by this policy setting, and client computers don't perform hosted cache server discovery. - Enabled. With this selection, the policy setting is applied to client computers, which perform automatic hosted cache server discovery and which are configured as hosted cache mode clients. -- Disabled. With this selection, this policy is not applied to client computers. +- Disabled. With this selection, this policy isn't applied to client computers. @@ -338,19 +338,19 @@ This policy setting specifies whether client computers are configured to use hos - If you enable this policy setting and specify valid computer names of hosted cache servers, hosted cache mode is enabled for all client computers to which the policy setting is applied. For this policy setting to take effect, you must also enable the "Turn on BranchCache" policy setting. -This policy setting can only be applied to client computers that are running at least Windows 8. This policy has no effect on computers that are running Windows 7 or Windows Vista. Client computers to which this policy setting is applied, in addition to the "Set BranchCache Hosted Cache mode" policy setting, use the hosted cache servers that are specified in this policy setting and do not use the hosted cache server that is configured in the policy setting "Set BranchCache Hosted Cache Mode." +This policy setting can only be applied to client computers that are running at least Windows 8. This policy has no effect on computers that are running Windows 7 or Windows Vista. Client computers to which this policy setting is applied, in addition to the "Set BranchCache Hosted Cache mode" policy setting, use the hosted cache servers that are specified in this policy setting and don't use the hosted cache server that's configured in the policy setting "Set BranchCache Hosted Cache Mode." -- If you do not configure this policy setting, or if you disable this policy setting, client computers that are configured with hosted cache mode still function correctly. +- If you don't configure this policy setting, or if you disable this policy setting, client computers that are configured with hosted cache mode still function correctly. Policy configuration Select one of the following: -- Not Configured. With this selection, BranchCache settings are not applied to client computers by this policy setting. +- Not Configured. With this selection, BranchCache settings aren't applied to client computers by this policy setting. - Enabled. With this selection, the policy setting is applied to client computers, which are configured as hosted cache mode clients that use the hosted cache servers that you specify in "Hosted cache servers." -- Disabled. With this selection, this policy is not applied to client computers. +- Disabled. With this selection, this policy isn't applied to client computers. In circumstances where this setting is enabled, you can also select and configure the following option: @@ -408,13 +408,13 @@ In circumstances where this setting is enabled, you can also select and configur -This policy setting is used only when you have deployed one or more BranchCache-enabled file servers at your main office. This policy setting specifies when client computers in branch offices start caching content from file servers based on the network latency - or delay - that occurs when the clients download content from the main office over a Wide Area Network (WAN) link. When you configure a value for this setting, which is the maximum round trip network latency allowed before caching begins, clients do not cache content until the network latency reaches the specified value; when network latency is greater than the value, clients begin caching content after they receive it from the file servers. +This policy setting is used only when you have deployed one or more BranchCache-enabled file servers at your main office. This policy setting specifies when client computers in branch offices start caching content from file servers based on the network latency - or delay - that occurs when the clients download content from the main office over a Wide Area Network (WAN) link. When you configure a value for this setting, which is the maximum round trip network latency allowed before caching begins, clients don't cache content until the network latency reaches the specified value; when network latency is greater than the value, clients begin caching content after they receive it from the file servers. Policy configuration Select one of the following: -- Not Configured. With this selection, BranchCache latency settings are not applied to client computers by this policy. In the circumstance where client computers are domain members but you do not want to configure a BranchCache latency setting on all client computers, you can specify Not Configured for this domain Group Policy setting, and then configure local computer policy to enable BranchCache latency settings on individual client computers. Because the domain Group Policy setting is not configured, it will not over-write the latency setting that you use on individual client computers. +- Not Configured. With this selection, BranchCache latency settings aren't applied to client computers by this policy. In the circumstance where client computers are domain members but you don't want to configure a BranchCache latency setting on all client computers, you can specify Not Configured for this domain Group Policy setting, and then configure local computer policy to enable BranchCache latency settings on individual client computers. Because the domain Group Policy setting isn't configured, it won't over-write the latency setting that you use on individual client computers. - Enabled. With this selection, the BranchCache maximum round trip latency setting is enabled for all client computers where the policy is applied. For example, if Configure BranchCache for network files is enabled in domain Group Policy, the BranchCache latency setting that you specify in the policy is turned on for all domain member client computers to which the policy is applied. @@ -476,17 +476,17 @@ In circumstances where this policy setting is enabled, you can also select and c -This policy setting specifies the default percentage of total disk space that is allocated for the BranchCache disk cache on client computers. +This policy setting specifies the default percentage of total disk space that's allocated for the BranchCache disk cache on client computers. - If you enable this policy setting, you can configure the percentage of total disk space to allocate for the cache. -- If you disable or do not configure this policy setting, the cache is set to 5 percent of the total disk space on the client computer. +- If you disable or don't configure this policy setting, the cache is set to 5 percent of the total disk space on the client computer. Policy configuration Select one of the following: -- Not Configured. With this selection, BranchCache client computer cache settings are not applied to client computers by this policy. In the circumstance where client computers are domain members but you do not want to configure a BranchCache client computer cache setting on all client computers, you can specify Not Configured for this domain Group Policy setting, and then configure local computer policy to enable BranchCache client computer cache settings on individual client computers. Because the domain Group Policy setting is not configured, it will not over-write the client computer cache setting that you use on individual client computers. +- Not Configured. With this selection, BranchCache client computer cache settings aren't applied to client computers by this policy. In the circumstance where client computers are domain members but you don't want to configure a BranchCache client computer cache setting on all client computers, you can specify Not Configured for this domain Group Policy setting, and then configure local computer policy to enable BranchCache client computer cache settings on individual client computers. Because the domain Group Policy setting isn't configured, it won't over-write the client computer cache setting that you use on individual client computers. - Enabled. With this selection, the BranchCache client computer cache setting is enabled for all client computers where the policy is applied. For example, if Set percentage of disk space used for client computer cache is enabled in domain Group Policy, the BranchCache client computer cache setting that you specify in the policy is turned on for all domain member client computers to which the policy is applied. @@ -494,7 +494,7 @@ Select one of the following: In circumstances where this setting is enabled, you can also select and configure the following option: -- Specify the percentage of total disk space allocated for the cache. Specifies an integer that is the percentage of total client computer disk space to use for the BranchCache client computer cache. +- Specify the percentage of total disk space allocated for the cache. Specifies an integer that's the percentage of total client computer disk space to use for the BranchCache client computer cache. * This policy setting is supported on computers that are running Windows Vista Business, Enterprise, and Ultimate editions with Background Intelligent Transfer Service (BITS) 4.0 installed. @@ -554,13 +554,13 @@ This policy setting specifies the default age in days for which segments are val - If you enable this policy setting, you can configure the age for segments in the data cache. -- If you disable or do not configure this policy setting, the age is set to 28 days. +- If you disable or don't configure this policy setting, the age is set to 28 days. Policy configuration Select one of the following: -- Not Configured. With this selection, BranchCache client computer cache age settings are not applied to client computers by this policy. In the circumstance where client computers are domain members but you do not want to configure a BranchCache client computer cache age setting on all client computers, you can specify Not Configured for this domain Group Policy setting, and then configure local computer policy to enable BranchCache client computer cache age settings on individual client computers. Because the domain Group Policy setting is not configured, it will not over-write the client computer cache age setting that you use on individual client computers. +- Not Configured. With this selection, BranchCache client computer cache age settings aren't applied to client computers by this policy. In the circumstance where client computers are domain members but you don't want to configure a BranchCache client computer cache age setting on all client computers, you can specify Not Configured for this domain Group Policy setting, and then configure local computer policy to enable BranchCache client computer cache age settings on individual client computers. Because the domain Group Policy setting isn't configured, it won't over-write the client computer cache age setting that you use on individual client computers. - Enabled. With this selection, the BranchCache client computer cache age setting is enabled for all client computers where the policy is applied. For example, if this policy setting is enabled in domain Group Policy, the BranchCache client computer cache age that you specify in the policy is turned on for all domain member client computers to which the policy is applied. @@ -622,29 +622,29 @@ In circumstances where this setting is enabled, you can also select and configur -This policy setting specifies whether BranchCache-capable client computers operate in a downgraded mode in order to maintain compatibility with previous versions of BranchCache. If client computers do not use the same BranchCache version, cache efficiency might be reduced because client computers that are using different versions of BranchCache might store cache data in incompatible formats. +This policy setting specifies whether BranchCache-capable client computers operate in a downgraded mode in order to maintain compatibility with previous versions of BranchCache. If client computers don't use the same BranchCache version, cache efficiency might be reduced because client computers that are using different versions of BranchCache might store cache data in incompatible formats. - If you enable this policy setting, all clients use the version of BranchCache that you specify in "Select from the following versions." -- If you do not configure this setting, all clients will use the version of BranchCache that matches their operating system. +- If you don't configure this setting, all clients will use the version of BranchCache that matches their operating system. Policy configuration Select one of the following: -- Not Configured. With this selection, this policy setting is not applied to client computers, and the clients run the version of BranchCache that is included with their operating system. +- Not Configured. With this selection, this policy setting isn't applied to client computers, and the clients run the version of BranchCache that's included with their operating system. - Enabled. With this selection, this policy setting is applied to client computers based on the value of the option setting "Select from the following versions" that you specify. -- Disabled. With this selection, this policy setting is not applied to client computers, and the clients run the version of BranchCache that is included with their operating system. +- Disabled. With this selection, this policy setting isn't applied to client computers, and the clients run the version of BranchCache that's included with their operating system. In circumstances where this setting is enabled, you can also select and configure the following option: Select from the following versions -- Windows Vista with BITS 4.0 installed, Windows 7, or Windows Server 2008 R2. If you select this version, later versions of Windows run the version of BranchCache that is included in these operating systems rather than later versions of BranchCache. +- Windows Vista with BITS 4.0 installed, Windows 7, or Windows Server 2008 R2. If you select this version, later versions of Windows run the version of BranchCache that's included in these operating systems rather than later versions of BranchCache. -- Windows 8. If you select this version, Windows 8 will run the version of BranchCache that is included in the operating system. +- Windows 8. If you select this version, Windows 8 will run the version of BranchCache that's included in the operating system. diff --git a/windows/client-management/mdm/policy-csp-admx-pentraining.md b/windows/client-management/mdm/policy-csp-admx-pentraining.md index 1cf7214812..71da7af9ca 100644 --- a/windows/client-management/mdm/policy-csp-admx-pentraining.md +++ b/windows/client-management/mdm/policy-csp-admx-pentraining.md @@ -41,9 +41,9 @@ ms.topic: reference Turns off Tablet PC Pen Training. -- If you enable this policy setting, users cannot open Tablet PC Pen Training. +- If you enable this policy setting, users can't open Tablet PC Pen Training. -- If you disable or do not configure this policy setting, users can open Tablet PC Pen Training. +- If you disable or don't configure this policy setting, users can open Tablet PC Pen Training. @@ -100,9 +100,9 @@ Turns off Tablet PC Pen Training. Turns off Tablet PC Pen Training. -- If you enable this policy setting, users cannot open Tablet PC Pen Training. +- If you enable this policy setting, users can't open Tablet PC Pen Training. -- If you disable or do not configure this policy setting, users can open Tablet PC Pen Training. +- If you disable or don't configure this policy setting, users can open Tablet PC Pen Training. diff --git a/windows/client-management/mdm/policy-csp-admx-performancediagnostics.md b/windows/client-management/mdm/policy-csp-admx-performancediagnostics.md index 61c64683a5..b303966a84 100644 --- a/windows/client-management/mdm/policy-csp-admx-performancediagnostics.md +++ b/windows/client-management/mdm/policy-csp-admx-performancediagnostics.md @@ -43,15 +43,15 @@ Determines the execution level for Windows Boot Performance Diagnostics. - If you enable this policy setting, you must select an execution level from the dropdown menu. If you select problem detection and troubleshooting only, the Diagnostic Policy Service (DPS) will detect Windows Boot Performance problems and attempt to determine their root causes. These root causes will be logged to the event log when detected, but no corrective action will be taken. If you select detection, troubleshooting and resolution, the DPS will detect Windows Boot Performance problems and indicate to the user that assisted resolution is available. -- If you disable this policy setting, Windows will not be able to detect, troubleshoot or resolve any Windows Boot Performance problems that are handled by the DPS. +- If you disable this policy setting, Windows won't be able to detect, troubleshoot or resolve any Windows Boot Performance problems that are handled by the DPS. -- If you do not configure this policy setting, the DPS will enable Windows Boot Performance for resolution by default. +- If you don't configure this policy setting, the DPS will enable Windows Boot Performance for resolution by default. -This policy setting takes effect only if the diagnostics-wide scenario execution policy is not configured. +This policy setting takes effect only if the diagnostics-wide scenario execution policy isn't configured. No system restart or service restart is required for this policy to take effect: changes take effect immediately. -This policy setting will only take effect when the Diagnostic Policy Service is in the running state. When the service is stopped or disabled, diagnostic scenarios will not be executed. The DPS can be configured with the Services snap-in to the Microsoft Management Console. +This policy setting will only take effect when the Diagnostic Policy Service is in the running state. When the service is stopped or disabled, diagnostic scenarios won't be executed. The DPS can be configured with the Services snap-in to the Microsoft Management Console. @@ -110,15 +110,15 @@ Determines the execution level for Windows System Responsiveness Diagnostics. - If you enable this policy setting, you must select an execution level from the dropdown menu. If you select problem detection and troubleshooting only, the Diagnostic Policy Service (DPS) will detect Windows System Responsiveness problems and attempt to determine their root causes. These root causes will be logged to the event log when detected, but no corrective action will be taken. If you select detection, troubleshooting and resolution, the DPS will detect Windows System Responsiveness problems and indicate to the user that assisted resolution is available. -- If you disable this policy setting, Windows will not be able to detect, troubleshoot or resolve any Windows System Responsiveness problems that are handled by the DPS. +- If you disable this policy setting, Windows won't be able to detect, troubleshoot or resolve any Windows System Responsiveness problems that are handled by the DPS. -- If you do not configure this policy setting, the DPS will enable Windows System Responsiveness for resolution by default. +- If you don't configure this policy setting, the DPS will enable Windows System Responsiveness for resolution by default. -This policy setting takes effect only if the diagnostics-wide scenario execution policy is not configured. +This policy setting takes effect only if the diagnostics-wide scenario execution policy isn't configured. No system restart or service restart is required for this policy to take effect: changes take effect immediately. -This policy setting will only take effect when the Diagnostic Policy Service is in the running state. When the service is stopped or disabled, diagnostic scenarios will not be executed. The DPS can be configured with the Services snap-in to the Microsoft Management Console. +This policy setting will only take effect when the Diagnostic Policy Service is in the running state. When the service is stopped or disabled, diagnostic scenarios won't be executed. The DPS can be configured with the Services snap-in to the Microsoft Management Console. @@ -177,15 +177,15 @@ Determines the execution level for Windows Shutdown Performance Diagnostics. - If you enable this policy setting, you must select an execution level from the dropdown menu. If you select problem detection and troubleshooting only, the Diagnostic Policy Service (DPS) will detect Windows Shutdown Performance problems and attempt to determine their root causes. These root causes will be logged to the event log when detected, but no corrective action will be taken. If you select detection, troubleshooting and resolution, the DPS will detect Windows Shutdown Performance problems and indicate to the user that assisted resolution is available. -- If you disable this policy setting, Windows will not be able to detect, troubleshoot or resolve any Windows Shutdown Performance problems that are handled by the DPS. +- If you disable this policy setting, Windows won't be able to detect, troubleshoot or resolve any Windows Shutdown Performance problems that are handled by the DPS. -- If you do not configure this policy setting, the DPS will enable Windows Shutdown Performance for resolution by default. +- If you don't configure this policy setting, the DPS will enable Windows Shutdown Performance for resolution by default. -This policy setting takes effect only if the diagnostics-wide scenario execution policy is not configured. +This policy setting takes effect only if the diagnostics-wide scenario execution policy isn't configured. No system restart or service restart is required for this policy to take effect: changes take effect immediately. -This policy setting will only take effect when the Diagnostic Policy Service is in the running state. When the service is stopped or disabled, diagnostic scenarios will not be executed. The DPS can be configured with the Services snap-in to the Microsoft Management Console. +This policy setting will only take effect when the Diagnostic Policy Service is in the running state. When the service is stopped or disabled, diagnostic scenarios won't be executed. The DPS can be configured with the Services snap-in to the Microsoft Management Console. @@ -244,15 +244,15 @@ Determines the execution level for Windows Standby/Resume Performance Diagnostic - If you enable this policy setting, you must select an execution level from the dropdown menu. If you select problem detection and troubleshooting only, the Diagnostic Policy Service (DPS) will detect Windows Standby/Resume Performance problems and attempt to determine their root causes. These root causes will be logged to the event log when detected, but no corrective action will be taken. If you select detection, troubleshooting and resolution, the DPS will detect Windows Standby/Resume Performance problems and indicate to the user that assisted resolution is available. -- If you disable this policy setting, Windows will not be able to detect, troubleshoot or resolve any Windows Standby/Resume Performance problems that are handled by the DPS. +- If you disable this policy setting, Windows won't be able to detect, troubleshoot or resolve any Windows Standby/Resume Performance problems that are handled by the DPS. -- If you do not configure this policy setting, the DPS will enable Windows Standby/Resume Performance for resolution by default. +- If you don't configure this policy setting, the DPS will enable Windows Standby/Resume Performance for resolution by default. -This policy setting takes effect only if the diagnostics-wide scenario execution policy is not configured. +This policy setting takes effect only if the diagnostics-wide scenario execution policy isn't configured. No system restart or service restart is required for this policy to take effect: changes take effect immediately. -This policy setting will only take effect when the Diagnostic Policy Service is in the running state. When the service is stopped or disabled, diagnostic scenarios will not be executed. The DPS can be configured with the Services snap-in to the Microsoft Management Console. +This policy setting will only take effect when the Diagnostic Policy Service is in the running state. When the service is stopped or disabled, diagnostic scenarios won't be executed. The DPS can be configured with the Services snap-in to the Microsoft Management Console. diff --git a/windows/client-management/mdm/policy-csp-admx-power.md b/windows/client-management/mdm/policy-csp-admx-power.md index ffb2af3fa0..1aed06c040 100644 --- a/windows/client-management/mdm/policy-csp-admx-power.md +++ b/windows/client-management/mdm/policy-csp-admx-power.md @@ -43,9 +43,9 @@ This policy setting allows you to control the network connectivity state in stan - If you enable this policy setting, network connectivity will be maintained in standby. -- If you disable this policy setting, network connectivity in standby is not guaranteed. This connectivity restriction currently applies to WLAN networks only, and is subject to change. +- If you disable this policy setting, network connectivity in standby isn't guaranteed. This connectivity restriction currently applies to WLAN networks only, and is subject to change. -- If you do not configure this policy setting, users control this setting. +- If you don't configure this policy setting, users control this setting. @@ -104,7 +104,7 @@ This policy setting allows you to turn on the ability for applications and servi - If you enable this policy setting, an application or service may prevent the system from sleeping (Hybrid Sleep, Stand By, or Hibernate). -- If you disable or do not configure this policy setting, users control this setting. +- If you disable or don't configure this policy setting, users control this setting. @@ -167,7 +167,7 @@ This policy setting specifies the action that Windows takes when a user presses -Hibernate -Shut down -- If you disable this policy or do not configure this policy setting, users control this setting. +- If you disable this policy or don't configure this policy setting, users control this setting. @@ -225,7 +225,7 @@ This policy setting allows applications and services to prevent automatic sleep. - If you enable this policy setting, any application, service, or device driver prevents Windows from automatically transitioning to sleep after a period of user inactivity. -- If you disable or do not configure this policy setting, applications, services, or drivers do not prevent Windows from automatically transitioning to sleep. Only user input is used to determine if Windows should automatically sleep. +- If you disable or don't configure this policy setting, applications, services, or drivers don't prevent Windows from automatically transitioning to sleep. Only user input is used to determine if Windows should automatically sleep. @@ -284,7 +284,7 @@ This policy setting allows applications and services to prevent automatic sleep. - If you enable this policy setting, any application, service, or device driver prevents Windows from automatically transitioning to sleep after a period of user inactivity. -- If you disable or do not configure this policy setting, applications, services, or drivers do not prevent Windows from automatically transitioning to sleep. Only user input is used to determine if Windows should automatically sleep. +- If you disable or don't configure this policy setting, applications, services, or drivers don't prevent Windows from automatically transitioning to sleep. Only user input is used to determine if Windows should automatically sleep. @@ -343,7 +343,7 @@ This policy setting allows you to manage automatic sleep with open network files - If you enable this policy setting, the computer automatically sleeps when network files are open. -- If you disable or do not configure this policy setting, the computer does not automatically sleep when network files are open. +- If you disable or don't configure this policy setting, the computer doesn't automatically sleep when network files are open. @@ -402,7 +402,7 @@ This policy setting allows you to manage automatic sleep with open network files - If you enable this policy setting, the computer automatically sleeps when network files are open. -- If you disable or do not configure this policy setting, the computer does not automatically sleep when network files are open. +- If you disable or don't configure this policy setting, the computer doesn't automatically sleep when network files are open. @@ -461,7 +461,7 @@ This policy setting specifies the active power plan from a specified power plan' - If you enable this policy setting, you must specify a power plan, specified as a GUID using the following format: XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX (For example, 103eea6e-9fcd-4544-a713-c282d8e50083), indicating the power plan to be active. -- If you disable or do not configure this policy setting, users can see and change this setting. +- If you disable or don't configure this policy setting, users can see and change this setting. @@ -524,7 +524,7 @@ This policy setting specifies the action that Windows takes when battery capacit -Hibernate -Shut down -- If you disable or do not configure this policy setting, users control this setting. +- If you disable or don't configure this policy setting, users control this setting. @@ -587,7 +587,7 @@ This policy setting specifies the action that Windows takes when battery capacit -Hibernate -Shut down -- If you disable or do not configure this policy setting, users control this setting. +- If you disable or don't configure this policy setting, users control this setting. @@ -645,9 +645,9 @@ This policy setting specifies the percentage of battery capacity remaining that - If you enable this policy setting, you must enter a numeric value (percentage) to set the battery level that triggers the critical notification. -To set the action that is triggered, see the "Critical Battery Notification Action" policy setting. +To set the action that's triggered, see the "Critical Battery Notification Action" policy setting. -- If you disable this policy setting or do not configure it, users control this setting. +- If you disable this policy setting or don't configure it, users control this setting. @@ -705,9 +705,9 @@ This policy setting specifies the percentage of battery capacity remaining that - If you enable this policy setting, you must enter a numeric value (percentage) to set the battery level that triggers the low notification. -To set the action that is triggered, see the "Low Battery Notification Action" policy setting. +To set the action that's triggered, see the "Low Battery Notification Action" policy setting. -- If you disable this policy setting or do not configure it, users control this setting. +- If you disable this policy setting or don't configure it, users control this setting. @@ -767,7 +767,7 @@ This policy setting turns off the user notification when the battery capacity re The notification will only be shown if the "Low Battery Notification Action" policy setting is configured to "No Action". -- If you disable or do not configure this policy setting, users can control this setting. +- If you disable or don't configure this policy setting, users can control this setting. @@ -826,9 +826,9 @@ This policy setting allows you to control the network connectivity state in stan - If you enable this policy setting, network connectivity will be maintained in standby. -- If you disable this policy setting, network connectivity in standby is not guaranteed. This connectivity restriction currently applies to WLAN networks only, and is subject to change. +- If you disable this policy setting, network connectivity in standby isn't guaranteed. This connectivity restriction currently applies to WLAN networks only, and is subject to change. -- If you do not configure this policy setting, users control this setting. +- If you don't configure this policy setting, users control this setting. @@ -887,7 +887,7 @@ This policy setting allows you to turn on the ability for applications and servi - If you enable this policy setting, an application or service may prevent the system from sleeping (Hybrid Sleep, Stand By, or Hibernate). -- If you disable or do not configure this policy setting, users control this setting. +- If you disable or don't configure this policy setting, users control this setting. @@ -950,7 +950,7 @@ This policy setting specifies the action that Windows takes when a user presses -Hibernate -Shut down -- If you disable this policy or do not configure this policy setting, users control this setting. +- If you disable this policy or don't configure this policy setting, users control this setting. @@ -1008,7 +1008,7 @@ This policy setting specifies the period of inactivity before Windows turns off - If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows turns off the hard disk. -- If you disable or do not configure this policy setting, users can see and change this setting. +- If you disable or don't configure this policy setting, users can see and change this setting. @@ -1066,7 +1066,7 @@ This policy setting specifies the period of inactivity before Windows turns off - If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows turns off the hard disk. -- If you disable or do not configure this policy setting, users can see and change this setting. +- If you disable or don't configure this policy setting, users can see and change this setting. @@ -1120,13 +1120,13 @@ This policy setting specifies the period of inactivity before Windows turns off -This policy setting allows you to configure whether power is automatically turned off when Windows shutdown completes. This setting does not affect Windows shutdown behavior when shutdown is manually selected using the Start menu or Task Manager user interfaces. Applications such as UPS software may rely on Windows shutdown behavior. +This policy setting allows you to configure whether power is automatically turned off when Windows shutdown completes. This setting doesn't affect Windows shutdown behavior when shutdown is manually selected using the Start menu or Task Manager user interfaces. Applications such as UPS software may rely on Windows shutdown behavior. This setting is only applicable when Windows shutdown is initiated by software programs invoking the Windows programming interfaces ExitWindowsEx() or InitiateSystemShutdown(). - If you enable this policy setting, the computer system safely shuts down and remains in a powered state, ready for power to be safely removed. -- If you disable or do not configure this policy setting, the computer system safely shuts down to a fully powered-off state. +- If you disable or don't configure this policy setting, the computer system safely shuts down to a fully powered-off state. @@ -1187,7 +1187,7 @@ This policy setting allows you to specify if Windows should enable the desktop b - If you disable this policy setting, the desktop background slideshow is disabled. -- If you disable or do not configure this policy setting, users control this setting. +- If you disable or don't configure this policy setting, users control this setting. @@ -1248,7 +1248,7 @@ This policy setting allows you to specify if Windows should enable the desktop b - If you disable this policy setting, the desktop background slideshow is disabled. -- If you disable or do not configure this policy setting, users control this setting. +- If you disable or don't configure this policy setting, users control this setting. @@ -1307,7 +1307,7 @@ This policy setting specifies the active power plan from a list of default Windo - If you enable this policy setting, specify a power plan from the Active Power Plan list. -- If you disable or do not configure this policy setting, users control this setting. +- If you disable or don't configure this policy setting, users control this setting. @@ -1365,7 +1365,7 @@ This policy setting allows you to turn off Power Throttling. - If you enable this policy setting, Power Throttling will be turned off. -- If you disable or do not configure this policy setting, users control this setting. +- If you disable or don't configure this policy setting, users control this setting. @@ -1422,9 +1422,9 @@ This policy setting allows you to turn off Power Throttling. This policy setting allows you to configure client computers to lock and prompt for a password when resuming from a hibernate or suspend state. -- If you enable this policy setting, the client computer is locked and prompted for a password when it is resumed from a suspend or hibernate state. +- If you enable this policy setting, the client computer is locked and prompted for a password when it's resumed from a suspend or hibernate state. -- If you disable or do not configure this policy setting, users control if their computer is automatically locked or not after performing a resume operation. +- If you disable or don't configure this policy setting, users control if their computer is automatically locked or not after performing a resume operation. @@ -1483,7 +1483,7 @@ This policy setting specifies the percentage of battery capacity remaining that - If you enable this policy setting, you must enter a numeric value (percentage) to set the battery level that triggers the reserve power notification. -- If you disable or do not configure this policy setting, users can see and change this setting. +- If you disable or don't configure this policy setting, users can see and change this setting. diff --git a/windows/client-management/mdm/policy-csp-admx-powershellexecutionpolicy.md b/windows/client-management/mdm/policy-csp-admx-powershellexecutionpolicy.md index 7b4628cf37..e251901957 100644 --- a/windows/client-management/mdm/policy-csp-admx-powershellexecutionpolicy.md +++ b/windows/client-management/mdm/policy-csp-admx-powershellexecutionpolicy.md @@ -49,7 +49,7 @@ This policy setting allows you to turn on logging for Windows PowerShell modules - If you disable this policy setting, logging of execution events is disabled for all Windows PowerShell modules. Disabling this policy setting for a module is equivalent to setting the LogPipelineExecutionDetails property of the module to False. -- If this policy setting is not configured, the LogPipelineExecutionDetails property of a module or snap-in determines whether the execution events of a module or snap-in are logged. By default, the LogPipelineExecutionDetails property of all modules and snap-ins is set to False. +- If this policy setting isn't configured, the LogPipelineExecutionDetails property of a module or snap-in determines whether the execution events of a module or snap-in are logged. By default, the LogPipelineExecutionDetails property of all modules and snap-ins is set to False. To add modules and snap-ins to the policy setting list, click Show, and then type the module names in the list. The modules and snap-ins in the list must be installed on the computer. @@ -117,7 +117,7 @@ This policy setting lets you configure the script execution policy, controlling - If you enable this policy setting, the scripts selected in the drop-down list are allowed to run. -The "Allow only signed scripts" policy setting allows scripts to execute only if they are signed by a trusted publisher. +The "Allow only signed scripts" policy setting allows scripts to execute only if they're signed by a trusted publisher. The "Allow local scripts and remote signed scripts" policy setting allows any local scrips to run; scripts that originate from the Internet must be signed by a trusted publisher. @@ -128,7 +128,7 @@ The "Allow all scripts" policy setting allows all scripts to run. > [!NOTE] > This policy setting exists under both "Computer Configuration" and "User Configuration" in the Local Group Policy Editor. The "Computer Configuration" has precedence over "User Configuration." -- If you disable or do not configure this policy setting, it reverts to a per-machine preference setting; the default if that is not configured is "No scripts allowed." +- If you disable or don't configure this policy setting, it reverts to a per-machine preference setting; the default if that isn't configured is "No scripts allowed." @@ -264,7 +264,7 @@ This policy setting allows you to set the default value of the SourcePath parame - If you enable this policy setting, the Update-Help cmdlet will use the specified value as the default value for the SourcePath parameter. This default value can be overridden by specifying a different value with the SourcePath parameter on the Update-Help cmdlet. -- If this policy setting is disabled or not configured, this policy setting does not set a default value for the SourcePath parameter of the Update-Help cmdlet. +- If this policy setting is disabled or not configured, this policy setting doesn't set a default value for the SourcePath parameter of the Update-Help cmdlet. > [!NOTE] > This policy setting exists under both Computer Configuration and User Configuration in the Group Policy Editor. The Computer Configuration policy setting takes precedence over the User Configuration policy setting. diff --git a/windows/client-management/mdm/policy-csp-admx-previousversions.md b/windows/client-management/mdm/policy-csp-admx-previousversions.md index cb28db20b2..8d21b28178 100644 --- a/windows/client-management/mdm/policy-csp-admx-previousversions.md +++ b/windows/client-management/mdm/policy-csp-admx-previousversions.md @@ -45,7 +45,7 @@ This policy setting lets you suppress the Restore button in the previous version - If you disable this policy setting, the Restore button remains active for a previous version corresponding to a backup. If the Restore button is clicked, Windows attempts to restore the file from the backup media. -- If you do not configure this policy setting, it is disabled by default. The Restore button is active when the previous version is of a local file and stored on the backup. +- If you don't configure this policy setting, it's disabled by default. The Restore button is active when the previous version is of a local file and stored on the backup. @@ -106,7 +106,7 @@ This policy setting lets you suppress the Restore button in the previous version - If you disable this policy setting, the Restore button remains active for a previous version corresponding to a backup. If the Restore button is clicked, Windows attempts to restore the file from the backup media. -- If you do not configure this policy setting, it is disabled by default. The Restore button is active when the previous version is of a local file and stored on the backup. +- If you don't configure this policy setting, it's disabled by default. The Restore button is active when the previous version is of a local file and stored on the backup. @@ -163,11 +163,11 @@ This policy setting lets you suppress the Restore button in the previous version This policy setting lets you hide the list of previous versions of files that are on local disks. The previous versions could come from the on-disk restore points or from backup media. -- If you enable this policy setting, users cannot list or restore previous versions of files on local disks. +- If you enable this policy setting, users can't list or restore previous versions of files on local disks. -- If you disable this policy setting, users cannot list and restore previous versions of files on local disks. +- If you disable this policy setting, users can't list and restore previous versions of files on local disks. -- If you do not configure this policy setting, it defaults to disabled. +- If you don't configure this policy setting, it defaults to disabled. @@ -224,11 +224,11 @@ This policy setting lets you hide the list of previous versions of files that ar This policy setting lets you hide the list of previous versions of files that are on local disks. The previous versions could come from the on-disk restore points or from backup media. -- If you enable this policy setting, users cannot list or restore previous versions of files on local disks. +- If you enable this policy setting, users can't list or restore previous versions of files on local disks. -- If you disable this policy setting, users cannot list and restore previous versions of files on local disks. +- If you disable this policy setting, users can't list and restore previous versions of files on local disks. -- If you do not configure this policy setting, it defaults to disabled. +- If you don't configure this policy setting, it defaults to disabled. @@ -289,7 +289,7 @@ This policy setting lets you suppress the Restore button in the previous version - If you disable this policy setting, the Restore button remains active for a previous version corresponding to a local file. If the user clicks the Restore button, Windows attempts to restore the file from the local disk. -- If you do not configure this policy setting, it is disabled by default. The Restore button is active when the previous version is of a local file. +- If you don't configure this policy setting, it's disabled by default. The Restore button is active when the previous version is of a local file. @@ -350,7 +350,7 @@ This policy setting lets you suppress the Restore button in the previous version - If you disable this policy setting, the Restore button remains active for a previous version corresponding to a local file. If the user clicks the Restore button, Windows attempts to restore the file from the local disk. -- If you do not configure this policy setting, it is disabled by default. The Restore button is active when the previous version is of a local file. +- If you don't configure this policy setting, it's disabled by default. The Restore button is active when the previous version is of a local file. @@ -407,11 +407,11 @@ This policy setting lets you suppress the Restore button in the previous version This policy setting lets you hide the list of previous versions of files that are on file shares. The previous versions come from the on-disk restore points on the file share. -- If you enable this policy setting, users cannot list or restore previous versions of files on file shares. +- If you enable this policy setting, users can't list or restore previous versions of files on file shares. - If you disable this policy setting, users can list and restore previous versions of files on file shares. -- If you do not configure this policy setting, it is disabled by default. +- If you don't configure this policy setting, it's disabled by default. @@ -468,11 +468,11 @@ This policy setting lets you hide the list of previous versions of files that ar This policy setting lets you hide the list of previous versions of files that are on file shares. The previous versions come from the on-disk restore points on the file share. -- If you enable this policy setting, users cannot list or restore previous versions of files on file shares. +- If you enable this policy setting, users can't list or restore previous versions of files on file shares. - If you disable this policy setting, users can list and restore previous versions of files on file shares. -- If you do not configure this policy setting, it is disabled by default. +- If you don't configure this policy setting, it's disabled by default. @@ -533,7 +533,7 @@ This setting lets you suppress the Restore button in the previous versions prope - If you disable this policy setting, the Restore button remains active for a previous version corresponding to a file on a file share. If the user clicks the Restore button, Windows attempts to restore the file from the file share. -- If you do not configure this policy setting, it is disabled by default. The Restore button is active when the previous version is of a file on a file share. +- If you don't configure this policy setting, it's disabled by default. The Restore button is active when the previous version is of a file on a file share. @@ -594,7 +594,7 @@ This setting lets you suppress the Restore button in the previous versions prope - If you disable this policy setting, the Restore button remains active for a previous version corresponding to a file on a file share. If the user clicks the Restore button, Windows attempts to restore the file from the file share. -- If you do not configure this policy setting, it is disabled by default. The Restore button is active when the previous version is of a file on a file share. +- If you don't configure this policy setting, it's disabled by default. The Restore button is active when the previous version is of a file on a file share. @@ -651,11 +651,11 @@ This setting lets you suppress the Restore button in the previous versions prope This policy setting lets you hide entries in the list of previous versions of a file in which the previous version is located on backup media. Previous versions can come from the on-disk restore points or the backup media. -- If you enable this policy setting, users cannot see any previous versions corresponding to backup copies, and can see only previous versions corresponding to on-disk restore points. +- If you enable this policy setting, users can't see any previous versions corresponding to backup copies, and can see only previous versions corresponding to on-disk restore points. - If you disable this policy setting, users can see previous versions corresponding to backup copies as well as previous versions corresponding to on-disk restore points. -- If you do not configure this policy setting, it is disabled by default. +- If you don't configure this policy setting, it's disabled by default. @@ -712,11 +712,11 @@ This policy setting lets you hide entries in the list of previous versions of a This policy setting lets you hide entries in the list of previous versions of a file in which the previous version is located on backup media. Previous versions can come from the on-disk restore points or the backup media. -- If you enable this policy setting, users cannot see any previous versions corresponding to backup copies, and can see only previous versions corresponding to on-disk restore points. +- If you enable this policy setting, users can't see any previous versions corresponding to backup copies, and can see only previous versions corresponding to on-disk restore points. - If you disable this policy setting, users can see previous versions corresponding to backup copies as well as previous versions corresponding to on-disk restore points. -- If you do not configure this policy setting, it is disabled by default. +- If you don't configure this policy setting, it's disabled by default. diff --git a/windows/client-management/mdm/policy-csp-admx-printing.md b/windows/client-management/mdm/policy-csp-admx-printing.md index 2ce6ccf27a..fee31ca2ce 100644 --- a/windows/client-management/mdm/policy-csp-admx-printing.md +++ b/windows/client-management/mdm/policy-csp-admx-printing.md @@ -43,12 +43,12 @@ Internet printing lets you display printers on Web pages so that printers can be - If you enable this policy setting, Internet printing is activated on this server. -- If you disable this policy setting or do not configure it, Internet printing is not activated. +- If you disable this policy setting or don't configure it, Internet printing isn't activated. Internet printing is an extension of Internet Information Services (IIS). To use Internet printing, IIS must be installed, and printing support and this setting must be enabled. > [!NOTE] -> This setting affects the server side of Internet printing only. It does not prevent the print client on the computer from printing across the Internet. +> This setting affects the server side of Internet printing only. It doesn't prevent the print client on the computer from printing across the Internet. Also, see the "Custom support URL in the Printers folder's left pane" setting in this folder and the "Browse a common Web site to find printers" setting in User Configuration\Administrative Templates\Control Panel\Printers. @@ -107,16 +107,16 @@ Also, see the "Custom support URL in the Printers folder's left pane" setting in Determines if print driver components are isolated from applications instead of normally loading them into applications. Isolating print drivers greatly reduces the risk of a print driver failure causing an application crash. -Not all applications support driver isolation. By default, Microsoft Excel 2007, Excel 2010, Word 2007, Word 2010 and certain other applications are configured to support it. Other applications may also be capable of isolating print drivers, depending on whether they are configured for it. +Not all applications support driver isolation. By default, Microsoft Excel 2007, Excel 2010, Word 2007, Word 2010 and certain other applications are configured to support it. Other applications may also be capable of isolating print drivers, depending on whether they're configured for it. -- If you enable or do not configure this policy setting, then applications that are configured to support driver isolation will be isolated. +- If you enable or don't configure this policy setting, then applications that are configured to support driver isolation will be isolated. - If you disable this policy setting, then print drivers will be loaded within all associated application processes. Note: -This policy setting applies only to applications opted into isolation. --This policy setting applies only to print drivers loaded by applications. Print drivers loaded by the print spooler are not affected. +-This policy setting applies only to print drivers loaded by applications. Print drivers loaded by the print spooler aren't affected. -This policy setting is only checked once during the lifetime of a process. After changing the policy, a running application must be relaunched before settings take effect. @@ -176,7 +176,7 @@ By default, the Printers folder includes a link to the Microsoft Support Web pag - If you enable this policy setting, you replace the "Get help with printing" default link with a link to a Web page customized for your enterprise. -- If you disable this setting or do not configure it, or if you do not enter an alternate Internet address, the default link will appear in the Printers folder. +- If you disable this setting or don't configure it, or if you don't enter an alternate Internet address, the default link will appear in the Printers folder. > [!NOTE] > Web pages links only appear in the Printers folder when Web view is enabled. If Web view is disabled, the setting has no effect. (To enable Web view, open the Printers folder, and, on the Tools menu, click Folder Options, click the General tab, and then click "Enable Web content in folders.") @@ -240,9 +240,9 @@ Web view is affected by the "Turn on Classic Shell" and "Do not allow Folder Opt - If you enable this policy setting, it sets the maximum number of printers (of each type) that the Add Printer wizard will display on a computer on a managed network (when the computer is able to reach a domain controller, e.g. a domain-joined laptop on a corporate network.) -- If this policy setting is disabled, the network scan page will not be displayed. +- If this policy setting is disabled, the network scan page won't be displayed. -- If this policy setting is not configured, the Add Printer wizard will display the default number of printers of each type: +- If this policy setting isn't configured, the Add Printer wizard will display the default number of printers of each type: Directory printers: 20 TCP/IP printers: 0 Web Services printers: 0 @@ -255,9 +255,9 @@ If you would like to not display printers of a certain type, enable this policy In Windows 10 and later, only TCP/IP printers can be shown in the wizard. -- If you enable this policy setting, only TCP/IP printer limits are applicable. On Windows 10 only, if you disable or do not configure this policy setting, the default limit is applied. +- If you enable this policy setting, only TCP/IP printer limits are applicable. On Windows 10 only, if you disable or don't configure this policy setting, the default limit's applied. -In Windows 8 and later, Bluetooth printers are not shown so its limit does not apply to those versions of Windows. +In Windows 8 and later, Bluetooth printers aren't shown so its limit doesn't apply to those versions of Windows. @@ -316,9 +316,9 @@ This policy setting allows you to manage where client computers search for Point - If you enable this policy setting, the client computer will continue to search for compatible Point and Print drivers from Windows Update after it fails to find the compatible driver from the local driver store and the server driver cache. -- If you disable this policy setting, the client computer will only search the local driver store and server driver cache for compatible Point and Print drivers. If it is unable to find a compatible driver, then the Point and Print connection will fail. +- If you disable this policy setting, the client computer will only search the local driver store and server driver cache for compatible Point and Print drivers. If it's unable to find a compatible driver, then the Point and Print connection will fail. -This policy setting is not configured by default, and the behavior depends on the version of Windows that you are using. +This policy setting isn't configured by default, and the behavior depends on the version of Windows that you are using. By default, Windows Ultimate, Professional and Home SKUs will continue to search for compatible Point and Print drivers from Windows Update, if needed. However, you must explicitly enable this policy setting for other versions of Windows (for example Windows Enterprise, and all versions of Windows Server 2008 R2 and later) to have the same behavior. @@ -376,12 +376,12 @@ By default, Windows Ultimate, Professional and Home SKUs will continue to search Allows users to use the Add Printer Wizard to search the network for shared printers. -- If you enable this setting or do not configure it, when users choose to add a network printer by selecting the "A network printer, or a printer attached to another computer" radio button on Add Printer Wizard's page 2, and also check the "Connect to this printer (or to browse for a printer, select this option and click Next)" radio button on Add Printer Wizard's page 3, and do not specify a printer name in the adjacent "Name" edit box, then Add Printer Wizard displays the list of shared printers on the network and invites to choose a printer from the shown list. +- If you enable this setting or don't configure it, when users choose to add a network printer by selecting the "A network printer, or a printer attached to another computer" radio button on Add Printer Wizard's page 2, and also check the "Connect to this printer (or to browse for a printer, select this option and click Next)" radio button on Add Printer Wizard's page 3, and don't specify a printer name in the adjacent "Name" edit box, then Add Printer Wizard displays the list of shared printers on the network and invites to choose a printer from the shown list. -- If you disable this setting, the network printer browse page is removed from within the Add Printer Wizard, and users cannot search the network but must type a printer name. +- If you disable this setting, the network printer browse page is removed from within the Add Printer Wizard, and users can't search the network but must type a printer name. > [!NOTE] -> This setting affects the Add Printer Wizard only. It does not prevent users from using other programs to search for shared printers or to connect to network printers. +> This setting affects the Add Printer Wizard only. It doesn't prevent users from using other programs to search for shared printers or to connect to network printers. @@ -440,20 +440,20 @@ When printing through a print server, determines whether the print spooler on th This policy setting only effects printing to a Windows print server. -- If you enable this policy setting on a client machine, the client spooler will not process print jobs before sending them to the print server. This decreases the workload on the client at the expense of increasing the load on the server. +- If you enable this policy setting on a client machine, the client spooler won't process print jobs before sending them to the print server. This decreases the workload on the client at the expense of increasing the load on the server. - If you disable this policy setting on a client machine, the client itself will process print jobs into printer device commands. These commands will then be sent to the print server, and the server will simply pass the commands to the printer. This increases the workload of the client while decreasing the load on the server. -If you do not enable this policy setting, the behavior is the same as disabling it. +If you don't enable this policy setting, the behavior is the same as disabling it. > [!NOTE] -> This policy does not determine whether offline printing will be available to the client. The client print spooler can always queue print jobs when not connected to the print server. Upon reconnecting to the server, the client will submit any pending print jobs. +> This policy doesn't determine whether offline printing will be available to the client. The client print spooler can always queue print jobs when not connected to the print server. Upon reconnecting to the server, the client will submit any pending print jobs. > [!NOTE] -> Some printer drivers require a custom print processor. In some cases the custom print processor may not be installed on the client machine, such as when the print server does not support transferring print processors during point-and-print. In the case of a print processor mismatch, the client spooler will always send jobs to the print server for rendering. Disabling the above policy setting does not override this behavior. +> Some printer drivers require a custom print processor. In some cases the custom print processor may not be installed on the client machine, such as when the print server doesn't support transferring print processors during point-and-print. In the case of a print processor mismatch, the client spooler will always send jobs to the print server for rendering. Disabling the above policy setting doesn't override this behavior. > [!NOTE] -> In cases where the client print driver does not match the server print driver (mismatched connection), the client will always process the print job, regardless of the setting of this policy. +> In cases where the client print driver doesn't match the server print driver (mismatched connection), the client will always process the print job, regardless of the setting of this policy. @@ -629,14 +629,14 @@ Also, see the "Custom support URL in the Printers folder's left pane" and "Activ Determines whether printers using kernel-mode drivers may be installed on the local computer. Kernel-mode drivers have access to system-wide memory, and therefore poorly-written kernel-mode drivers can cause stop errors. -- If you disable this setting, or do not configure it, then printers using a kernel-mode drivers may be installed on the local computer running Windows XP Home Edition and Windows XP Professional. +- If you disable this setting, or don't configure it, then printers using a kernel-mode drivers may be installed on the local computer running Windows XP Home Edition and Windows XP Professional. -- If you do not configure this setting on Windows Server 2003 family products, the installation of kernel-mode printer drivers will be blocked. +- If you don't configure this setting on Windows Server 2003 family products, the installation of kernel-mode printer drivers will be blocked. -- If you enable this setting, installation of a printer using a kernel-mode driver will not be allowed. +- If you enable this setting, installation of a printer using a kernel-mode driver won't be allowed. > [!NOTE] -> By applying this policy, existing kernel-mode drivers will be disabled upon installation of service packs or reinstallation of the Windows XP operating system. This policy does not apply to 64-bit kernel-mode printer drivers as they cannot be installed and associated with a print queue. +> By applying this policy, existing kernel-mode drivers will be disabled upon installation of service packs or reinstallation of the Windows XP operating system. This policy doesn't apply to 64-bit kernel-mode printer drivers as they can't be installed and associated with a print queue. @@ -693,11 +693,11 @@ Determines whether printers using kernel-mode drivers may be installed on the lo This preference allows you to change default printer management. -- If you enable this setting, Windows will not manage the default printer. +- If you enable this setting, Windows won't manage the default printer. - If you disable this setting, Windows will manage the default printer. -- If you do not configure this setting, default printer management will not change. +- If you don't configure this setting, default printer management won't change. @@ -756,7 +756,7 @@ Microsoft XPS Document Writer (MXDW) generates OpenXPS (*.oxps) files by default - If you enable this group policy setting, the default MXDW output format is the legacy Microsoft XPS (*.xps). -- If you disable or do not configure this policy setting, the default MXDW output format is OpenXPS (*.oxps). +- If you disable or don't configure this policy setting, the default MXDW output format is OpenXPS (*.oxps). @@ -816,7 +816,7 @@ Microsoft XPS Document Writer (MXDW) generates OpenXPS (*.oxps) files by default If a user tries to delete a printer, such as by using the Delete option in Printers in Control Panel, a message appears explaining that a setting prevents the action. -This setting does not prevent users from running other programs to delete a printer. +This setting doesn't prevent users from running other programs to delete a printer. - If this policy is disabled, or not configured, users can delete printers using the methods described above. @@ -873,11 +873,11 @@ This setting does not prevent users from running other programs to delete a prin -This policy sets the maximum number of printers (of each type) that the Add Printer wizard will display on a computer on an unmanaged network (when the computer is not able to reach a domain controller, e.g. a domain-joined laptop on a home network.) +This policy sets the maximum number of printers (of each type) that the Add Printer wizard will display on a computer on an unmanaged network (when the computer isn't able to reach a domain controller, e.g. a domain-joined laptop on a home network.) -- If this setting is disabled, the network scan page will not be displayed. +- If this setting is disabled, the network scan page won't be displayed. -If this setting is not configured, the Add Printer wizard will display the default number of printers of each type: +If this setting isn't configured, the Add Printer wizard will display the default number of printers of each type: TCP/IP printers: 50 Web Services printers: 50 Bluetooth printers: 10 @@ -887,9 +887,9 @@ If you would like to not display printers of a certain type, enable this policy In Windows 10 and later, only TCP/IP printers can be shown in the wizard. -- If you enable this policy setting, only TCP/IP printer limits are applicable. On Windows 10 only, if you disable or do not configure this policy setting, the default limit is applied. +- If you enable this policy setting, only TCP/IP printer limits are applicable. On Windows 10 only, if you disable or don't configure this policy setting, the default limit's applied. -In Windows 8 and later, Bluetooth printers are not shown so its limit does not apply to those versions of Windows. +In Windows 8 and later, Bluetooth printers aren't shown so its limit doesn't apply to those versions of Windows. @@ -948,7 +948,7 @@ This policy restricts clients computers to use package point and print only. - If this setting is enabled, users will only be able to point and print to printers that use package-aware drivers. When using package point and print, client computers will check the driver signature of all drivers that are downloaded from print servers. -- If this setting is disabled, or not configured, users will not be restricted to package-aware point and print only. +- If this setting is disabled, or not configured, users won't be restricted to package-aware point and print only. @@ -1007,7 +1007,7 @@ This policy restricts clients computers to use package point and print only. - If this setting is enabled, users will only be able to point and print to printers that use package-aware drivers. When using package point and print, client computers will check the driver signature of all drivers that are downloaded from print servers. -- If this setting is disabled, or not configured, users will not be restricted to package-aware point and print only. +- If this setting is disabled, or not configured, users won't be restricted to package-aware point and print only. @@ -1070,7 +1070,7 @@ Windows Vista and later clients will attempt to make a non-package point and pri - If this setting is enabled, users will only be able to package point and print to print servers approved by the network administrator. When using package point and print, client computers will check the driver signature of all drivers that are downloaded from print servers. -- If this setting is disabled, or not configured, package point and print will not be restricted to specific print servers. +- If this setting is disabled, or not configured, package point and print won't be restricted to specific print servers. @@ -1133,7 +1133,7 @@ Windows Vista and later clients will attempt to make a non-package point and pri - If this setting is enabled, users will only be able to package point and print to print servers approved by the network administrator. When using package point and print, client computers will check the driver signature of all drivers that are downloaded from print servers. -- If this setting is disabled, or not configured, package point and print will not be restricted to specific print servers. +- If this setting is disabled, or not configured, package point and print won't be restricted to specific print servers. @@ -1197,7 +1197,7 @@ When Location Tracking is enabled, the system uses the specified location as a c Type the location of the user's computer. When users search for printers, the system uses the specified location (and other search criteria) to find a printer nearby. You can also use this setting to direct users to a particular printer or group of printers that you want them to use. -- If you disable this setting or do not configure it, and the user does not type a location as a search criterion, the system searches for a nearby printer based on the IP address and subnet mask of the user's computer. +- If you disable this setting or don't configure it, and the user doesn't type a location as a search criterion, the system searches for a nearby printer based on the IP address and subnet mask of the user's computer. @@ -1257,7 +1257,7 @@ Use Location Tracking to design a location scheme for your enterprise and assign - If you enable this setting, users can browse for printers by location without knowing the printer's location or location naming scheme. Enabling Location Tracking adds a Browse button in the Add Printer wizard's Printer Name and Sharing Location screen and to the General tab in the Printer Properties dialog box. If you enable the Group Policy Computer location setting, the default location you entered appears in the Location field by default. -- If you disable this setting or do not configure it, Location Tracking is disabled. Printer proximity is estimated using the standard method (that is, based on IP address and subnet mask). +- If you disable this setting or don't configure it, Location Tracking is disabled. Printer proximity is estimated using the standard method (that is, based on IP address and subnet mask). @@ -1312,16 +1312,16 @@ Use Location Tracking to design a location scheme for your enterprise and assign -This policy setting determines whether the print spooler will execute print drivers in an isolated or separate process. When print drivers are loaded in an isolated process (or isolated processes), a print driver failure will not cause the print spooler service to fail. +This policy setting determines whether the print spooler will execute print drivers in an isolated or separate process. When print drivers are loaded in an isolated process (or isolated processes), a print driver failure won't cause the print spooler service to fail. -- If you enable or do not configure this policy setting, the print spooler will execute print drivers in an isolated process by default. +- If you enable or don't configure this policy setting, the print spooler will execute print drivers in an isolated process by default. - If you disable this policy setting, the print spooler will execute print drivers in the print spooler process. Note: -Other system or driver policy settings may alter the process in which a print driver is executed. --This policy setting applies only to print drivers loaded by the print spooler. Print drivers loaded by applications are not affected. +-This policy setting applies only to print drivers loaded by the print spooler. Print drivers loaded by applications aren't affected. -This policy setting takes effect without restarting the print spooler service. @@ -1377,16 +1377,16 @@ Note: -This policy setting determines whether the print spooler will override the Driver Isolation compatibility reported by the print driver. This enables executing print drivers in an isolated process, even if the driver does not report compatibility. +This policy setting determines whether the print spooler will override the Driver Isolation compatibility reported by the print driver. This enables executing print drivers in an isolated process, even if the driver doesn't report compatibility. -- If you enable this policy setting, the print spooler isolates all print drivers that do not explicitly opt out of Driver Isolation. +- If you enable this policy setting, the print spooler isolates all print drivers that don't explicitly opt out of Driver Isolation. -- If you disable or do not configure this policy setting, the print spooler uses the Driver Isolation compatibility flag value reported by the print driver. +- If you disable or don't configure this policy setting, the print spooler uses the Driver Isolation compatibility flag value reported by the print driver. Note: -Other system or driver policy settings may alter the process in which a print driver is executed. --This policy setting applies only to print drivers loaded by the print spooler. Print drivers loaded by applications are not affected. +-This policy setting applies only to print drivers loaded by the print spooler. Print drivers loaded by applications aren't affected. -This policy setting takes effect without restarting the print spooler service. @@ -1448,7 +1448,7 @@ The Add Printer Wizard gives users the option of searching Active Directory for If you enable this policy setting, these searches begin at the location you specify in the "Default Active Directory path" box. Otherwise, searches begin at the root of Active Directory. -This setting only provides a starting point for Active Directory searches for printers. It does not restrict user searches through Active Directory. +This setting only provides a starting point for Active Directory searches for printers. It doesn't restrict user searches through Active Directory. @@ -1504,13 +1504,13 @@ This setting only provides a starting point for Active Directory searches for pr Announces the presence of shared printers to print servers for the domain. -On domains with Active Directory, shared printer resources are available in Active Directory and are not announced. +On domains with Active Directory, shared printer resources are available in Active Directory and aren't announced. - If you enable this setting, the print spooler announces shared printers to the print servers. -- If you disable this setting, shared printers are not announced to print servers, even if Active Directory is not available. +- If you disable this setting, shared printers aren't announced to print servers, even if Active Directory isn't available. -- If you do not configure this setting, shared printers are announced to servers only when Active Directory is not available. +- If you don't configure this setting, shared printers are announced to servers only when Active Directory isn't available. > [!NOTE] > A client license is used each time a client computer announces a printer to a print browse master on the domain. @@ -1570,12 +1570,12 @@ On domains with Active Directory, shared printer resources are available in Acti This policy controls whether the print job name will be included in print event logs. -- If you disable or do not configure this policy setting, the print job name will not be included. +- If you disable or don't configure this policy setting, the print job name won't be included. - If you enable this policy setting, the print job name will be included in new log entries. > [!NOTE] -> This setting does not apply to Branch Office Direct Printing jobs. +> This setting doesn't apply to Branch Office Direct Printing jobs. @@ -1634,9 +1634,9 @@ This policy determines if v4 printer drivers are allowed to run printer extensio V4 printer drivers may include an optional, customized user interface known as a printer extension. These extensions may provide access to more device features, but this may not be appropriate for all enterprises. -- If you enable this policy setting, then all printer extensions will not be allowed to run. +- If you enable this policy setting, then all printer extensions won't be allowed to run. -- If you disable this policy setting or do not configure it, then all printer extensions that have been installed will be allowed to run. +- If you disable this policy setting or don't configure it, then all printer extensions that have been installed will be allowed to run. diff --git a/windows/client-management/mdm/policy-csp-admx-printing2.md b/windows/client-management/mdm/policy-csp-admx-printing2.md index 37c38c670c..f4e5a8d051 100644 --- a/windows/client-management/mdm/policy-csp-admx-printing2.md +++ b/windows/client-management/mdm/policy-csp-admx-printing2.md @@ -41,9 +41,9 @@ ms.topic: reference Determines whether the Add Printer Wizard automatically publishes the computer's shared printers in Active Directory. -- If you enable this setting or do not configure it, the Add Printer Wizard automatically publishes all shared printers. +- If you enable this setting or don't configure it, the Add Printer Wizard automatically publishes all shared printers. -- If you disable this setting, the Add Printer Wizard does not automatically publish printers. However, you can publish shared printers manually. +- If you disable this setting, the Add Printer Wizard doesn't automatically publish printers. However, you can publish shared printers manually. The default behavior is to automatically publish shared printers in Active Directory. @@ -105,11 +105,11 @@ The default behavior is to automatically publish shared printers in Active Direc Determines whether the domain controller can prune (delete from Active Directory) the printers published by this computer. -By default, the pruning service on the domain controller prunes printer objects from Active Directory if the computer that published them does not respond to contact requests. When the computer that published the printers restarts, it republishes any deleted printer objects. +By default, the pruning service on the domain controller prunes printer objects from Active Directory if the computer that published them doesn't respond to contact requests. When the computer that published the printers restarts, it republishes any deleted printer objects. -- If you enable this setting or do not configure it, the domain controller prunes this computer's printers when the computer does not respond. +- If you enable this setting or don't configure it, the domain controller prunes this computer's printers when the computer doesn't respond. -- If you disable this setting, the domain controller does not prune this computer's printers. This setting is designed to prevent printers from being pruned when the computer is temporarily disconnected from the network. +- If you disable this setting, the domain controller doesn't prune this computer's printers. This setting is designed to prevent printers from being pruned when the computer is temporarily disconnected from the network. > [!NOTE] > You can use the "Directory Pruning Interval" and "Directory Pruning Retry" settings to adjust the contact interval and number of contact attempts. @@ -167,20 +167,20 @@ By default, the pruning service on the domain controller prunes printer objects -Determines whether the pruning service on a domain controller prunes printer objects that are not automatically republished whenever the host computer does not respond,just as it does with Windows 2000 printers. This setting applies to printers running operating systems other than Windows 2000 and to Windows 2000 printers published outside their forest. +Determines whether the pruning service on a domain controller prunes printer objects that aren't automatically republished whenever the host computer doesn't respond,just as it does with Windows 2000 printers. This setting applies to printers running operating systems other than Windows 2000 and to Windows 2000 printers published outside their forest. -The Windows pruning service prunes printer objects from Active Directory when the computer that published them does not respond to contact requests. Computers running Windows 2000 Professional detect and republish deleted printer objects when they rejoin the network. However, because non-Windows 2000 computers and computers in other domains cannot republish printers in Active Directory automatically, by default, the system never prunes their printer objects. +The Windows pruning service prunes printer objects from Active Directory when the computer that published them doesn't respond to contact requests. Computers running Windows 2000 Professional detect and republish deleted printer objects when they rejoin the network. However, because non-Windows 2000 computers and computers in other domains can't republish printers in Active Directory automatically, by default, the system never prunes their printer objects. You can enable this setting to change the default behavior. To use this setting, select one of the following options from the "Prune non-republishing printers" box: -- "Never" specifies that printer objects that are not automatically republished are never pruned. "Never" is the default. +- "Never" specifies that printer objects that aren't automatically republished are never pruned. "Never" is the default. -- "Only if Print Server is found" prunes printer objects that are not automatically republished only when the print server responds, but the printer is unavailable. +- "Only if Print Server is found" prunes printer objects that aren't automatically republished only when the print server responds, but the printer is unavailable. -- "Whenever printer is not found" prunes printer objects that are not automatically republished whenever the host computer does not respond, just as it does with Windows 2000 printers. +- "Whenever printer isn't found" prunes printer objects that aren't automatically republished whenever the host computer doesn't respond, just as it does with Windows 2000 printers. > [!NOTE] -> This setting applies to printers published by using Active Directory Users and Computers or Pubprn.vbs. It does not apply to printers published by using Printers in Control Panel. +> This setting applies to printers published by using Active Directory Users and Computers or Pubprn.vbs. It doesn't apply to printers published by using Printers in Control Panel. > [!TIP] > If you disable automatic pruning, remember to delete printer objects manually whenever you remove a printer or print server. @@ -239,13 +239,13 @@ You can enable this setting to change the default behavior. To use this setting, Specifies how often the pruning service on a domain controller contacts computers to verify that their printers are operational. -The pruning service periodically contacts computers that have published printers. If a computer does not respond to the contact message (optionally, after repeated attempts), the pruning service "prunes" (deletes from Active Directory) printer objects the computer has published. +The pruning service periodically contacts computers that have published printers. If a computer doesn't respond to the contact message (optionally, after repeated attempts), the pruning service "prunes" (deletes from Active Directory) printer objects the computer has published. By default, the pruning service contacts computers every eight hours and allows two repeated contact attempts before deleting printers from Active Directory. - If you enable this setting, you can change the interval between contact attempts. -- If you do not configure or disable this setting the default values will be used. +- If you don't configure or disable this setting the default values will be used. > [!NOTE] > This setting is used only on domain controllers. @@ -304,9 +304,9 @@ By default, the pruning service contacts computers every eight hours and allows Sets the priority of the pruning thread. -The pruning thread, which runs only on domain controllers, deletes printer objects from Active Directory if the printer that published the object does not respond to contact attempts. This process keeps printer information in Active Directory current. +The pruning thread, which runs only on domain controllers, deletes printer objects from Active Directory if the printer that published the object doesn't respond to contact attempts. This process keeps printer information in Active Directory current. -The thread priority influences the order in which the thread receives processor time and determines how likely it is to be preempted by higher priority threads. +The thread priority influences the order in which the thread receives processor time and determines how likely it's to be preempted by higher priority threads. By default, the pruning thread runs at normal priority. However, you can adjust the priority to improve the performance of this service. @@ -367,13 +367,13 @@ By default, the pruning thread runs at normal priority. However, you can adjust Specifies how many times the pruning service on a domain controller repeats its attempt to contact a computer before pruning the computer's printers. -The pruning service periodically contacts computers that have published printers to verify that the printers are still available for use. If a computer does not respond to the contact message, the message is repeated for the specified number of times. If the computer still fails to respond, then the pruning service "prunes" (deletes from Active Directory) printer objects the computer has published. +The pruning service periodically contacts computers that have published printers to verify that the printers are still available for use. If a computer doesn't respond to the contact message, the message is repeated for the specified number of times. If the computer still fails to respond, then the pruning service "prunes" (deletes from Active Directory) printer objects the computer has published. By default, the pruning service contacts computers every eight hours and allows two retries before deleting printers from Active Directory. You can use this setting to change the number of retries. - If you enable this setting, you can change the interval between attempts. -- If you do not configure or disable this setting, the default values are used. +- If you don't configure or disable this setting, the default values are used. > [!NOTE] > This setting is used only on domain controllers. @@ -432,14 +432,14 @@ By default, the pruning service contacts computers every eight hours and allows Specifies whether or not to log events when the pruning service on a domain controller attempts to contact a computer before pruning the computer's printers. -The pruning service periodically contacts computers that have published printers to verify that the printers are still available for use. If a computer does not respond to the contact attempt, the attempt is retried a specified number of times, at a specified interval. The "Directory pruning retry" setting determines the number of times the attempt is retried; the default value is two retries. The "Directory Pruning Interval" setting determines the time interval between retries; the default value is every eight hours. If the computer has not responded by the last contact attempt, its printers are pruned from the directory. +The pruning service periodically contacts computers that have published printers to verify that the printers are still available for use. If a computer doesn't respond to the contact attempt, the attempt is retried a specified number of times, at a specified interval. The "Directory pruning retry" setting determines the number of times the attempt is retried; the default value is two retries. The "Directory Pruning Interval" setting determines the time interval between retries; the default value is every eight hours. If the computer hasn't responded by the last contact attempt, its printers are pruned from the directory. - If you enable this policy setting, the contact events are recorded in the event log. -- If you disable or do not configure this policy setting, the contact events are not recorded in the event log. +- If you disable or don't configure this policy setting, the contact events aren't recorded in the event log. > [!NOTE] -> This setting does not affect the logging of pruning events; the actual pruning of a printer is always logged. +> This setting doesn't affect the logging of pruning events; the actual pruning of a printer is always logged. > [!NOTE] > This setting is used only on domain controllers. @@ -501,7 +501,7 @@ This policy controls whether the print spooler will accept client connections. When the policy is unconfigured or enabled, the spooler will always accept client connections. -When the policy is disabled, the spooler will not accept client connections nor allow users to share printers. All printers currently shared will continue to be shared. +When the policy is disabled, the spooler won't accept client connections nor allow users to share printers. All printers currently shared will continue to be shared. The spooler must be restarted for changes to this policy to take effect. diff --git a/windows/client-management/mdm/policy-csp-admx-programs.md b/windows/client-management/mdm/policy-csp-admx-programs.md index 523f3226bf..3a614e7938 100644 --- a/windows/client-management/mdm/policy-csp-admx-programs.md +++ b/windows/client-management/mdm/policy-csp-admx-programs.md @@ -39,15 +39,15 @@ ms.topic: reference -This setting removes the Set Program Access and Defaults page from the Programs Control Panel. As a result, users cannot view or change the associated page. +This setting removes the Set Program Access and Defaults page from the Programs Control Panel. As a result, users can't view or change the associated page. The Set Program Access and Computer Defaults page allows administrators to specify default programs for certain activities, such as Web browsing or sending e-mail, as well as specify the programs that are accessible from the Start menu, desktop, and other locations. If this setting is disabled or not configured, the Set Program Access and Defaults button is available to all users. -This setting does not prevent users from using other tools and methods to change program access or defaults. +This setting doesn't prevent users from using other tools and methods to change program access or defaults. -This setting does not prevent the Default Programs icon from appearing on the Start menu. +This setting doesn't prevent the Default Programs icon from appearing on the Start menu. @@ -108,9 +108,9 @@ This setting prevents users from accessing the "Get Programs" page from the Prog Published programs are those programs that the system administrator has explicitly made available to the user with a tool such as Windows Installer. Typically, system administrators publish programs to notify users of their availability, to recommend their use, or to enable users to install them without having to search for installation files. -- If this setting is enabled, users cannot view the programs that have been published by the system administrator, and they cannot use the "Get Programs" page to install published programs. Enabling this feature does not prevent users from installing programs by using other methods. Users will still be able to view and installed assigned (partially installed) programs that are offered on the desktop or on the Start menu. +- If this setting is enabled, users can't view the programs that have been published by the system administrator, and they can't use the "Get Programs" page to install published programs. Enabling this feature doesn't prevent users from installing programs by using other methods. Users will still be able to view and installed assigned (partially installed) programs that are offered on the desktop or on the Start menu. -- If this setting is disabled or is not configured, the "Install a program from the network" task to the "Get Programs" page will be available to all users. +- If this setting is disabled or isn't configured, the "Install a program from the network" task to the "Get Programs" page will be available to all users. > [!NOTE] > If the "Hide Programs Control Panel" setting is enabled, this setting is ignored. @@ -174,7 +174,7 @@ This setting prevents users from accessing "Installed Updates" page from the "Vi If this setting is disabled or not configured, the "View installed updates" task and the "Installed Updates" page will be available to all users. -This setting does not prevent users from using other tools and methods to install or uninstall programs. +This setting doesn't prevent users from using other tools and methods to install or uninstall programs. @@ -233,7 +233,7 @@ This setting prevents users from accessing "Programs and Features" to view, unin If this setting is disabled or not configured, "Programs and Features" will be available to all users. -This setting does not prevent users from using other tools and methods to view or uninstall programs. It also does not prevent users from linking to related Programs Control Panel Features including Windows Features, Get Programs, or Windows Marketplace. +This setting doesn't prevent users from using other tools and methods to view or uninstall programs. It also doesn't prevent users from linking to related Programs Control Panel Features including Windows Features, Get Programs, or Windows Marketplace. @@ -296,7 +296,7 @@ If this setting is disabled or not configured, the Programs Control Panel in Cat When enabled, this setting takes precedence over the other settings in this folder. -This setting does not prevent users from using other tools and methods to install or uninstall programs. +This setting doesn't prevent users from using other tools and methods to install or uninstall programs. @@ -351,11 +351,11 @@ This setting does not prevent users from using other tools and methods to instal -This setting prevents users from accessing the "Turn Windows features on or off" task from the Programs Control Panel in Category View, Programs and Features in Classic View, and Get Programs. As a result, users cannot view, enable, or disable various Windows features and services. +This setting prevents users from accessing the "Turn Windows features on or off" task from the Programs Control Panel in Category View, Programs and Features in Classic View, and Get Programs. As a result, users can't view, enable, or disable various Windows features and services. -If this setting is disabled or is not configured, the "Turn Windows features on or off" task will be available to all users. +If this setting is disabled or isn't configured, the "Turn Windows features on or off" task will be available to all users. -This setting does not prevent users from using other tools and methods to configure services or enable or disable program components. +This setting doesn't prevent users from using other tools and methods to configure services or enable or disable program components. @@ -414,9 +414,9 @@ This setting prevents users from access the "Get new programs from Windows Marke Windows Marketplace allows users to purchase and/or download various programs to their computer for installation. -Enabling this feature does not prevent users from navigating to Windows Marketplace using other methods. +Enabling this feature doesn't prevent users from navigating to Windows Marketplace using other methods. -If this feature is disabled or is not configured, the "Get new programs from Windows Marketplace" task link will be available to all users. +If this feature is disabled or isn't configured, the "Get new programs from Windows Marketplace" task link will be available to all users. > [!NOTE] > If the "Hide Programs control Panel" setting is enabled, this setting is ignored. diff --git a/windows/client-management/mdm/policy-csp-admx-pushtoinstall.md b/windows/client-management/mdm/policy-csp-admx-pushtoinstall.md index 5cd2a73184..60a5e62d91 100644 --- a/windows/client-management/mdm/policy-csp-admx-pushtoinstall.md +++ b/windows/client-management/mdm/policy-csp-admx-pushtoinstall.md @@ -39,7 +39,7 @@ ms.topic: reference -If you enable this setting, users will not be able to push Apps to this device from the Microsoft Store running on other devices or the web. +If you enable this setting, users won't be able to push Apps to this device from the Microsoft Store running on other devices or the web. diff --git a/windows/client-management/mdm/policy-csp-admx-qos.md b/windows/client-management/mdm/policy-csp-admx-qos.md index ac02717da3..f9bd414d52 100644 --- a/windows/client-management/mdm/policy-csp-admx-qos.md +++ b/windows/client-management/mdm/policy-csp-admx-qos.md @@ -41,11 +41,11 @@ ms.topic: reference Specifies the maximum number of outstanding packets permitted on the system. When the number of outstanding packets reaches this limit, the Packet Scheduler postpones all submissions to network adapters until the number falls below this limit. -"Outstanding packets" are packets that the Packet Scheduler has submitted to a network adapter for transmission, but which have not yet been sent. +"Outstanding packets" are packets that the Packet Scheduler has submitted to a network adapter for transmission, but which haven't yet been sent. - If you enable this setting, you can limit the number of outstanding packets. -- If you disable this setting or do not configure it, then the setting has no effect on the system. +- If you disable this setting or don't configure it, then the setting has no effect on the system. > [!IMPORTANT] > If the maximum number of outstanding packets is specified in the registry for a particular network adapter, this setting is ignored when configuring that network adapter. @@ -108,10 +108,10 @@ By default, the Packet Scheduler limits the system to 80 percent of the bandwidt - If you enable this setting, you can use the "Bandwidth limit" box to adjust the amount of bandwidth the system can reserve. -- If you disable this setting or do not configure it, the system uses the default value of 80 percent of the connection. +- If you disable this setting or don't configure it, the system uses the default value of 80 percent of the connection. > [!IMPORTANT] -> If a bandwidth limit is set for a particular network adapter in the registry, this setting is ignored when configuring that network adapter. +> If a bandwidth limit's set for a particular network adapter in the registry, this setting is ignored when configuring that network adapter. @@ -230,7 +230,7 @@ This setting applies only to packets that conform to the flow specification. Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Best Effort service type (ServiceTypeBestEffort). The Packet Scheduler inserts the corresponding DSCP value in the IP header of the packets. -This setting applies only to packets that do not conform to the flow specification. +This setting applies only to packets that don't conform to the flow specification. - If you enable this setting, you can change the default DSCP value associated with the Best Effort service type. @@ -417,7 +417,7 @@ This setting applies only to packets that conform to the flow specification. Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Controlled Load service type (ServiceTypeControlledLoad). The Packet Scheduler inserts the corresponding DSCP value in the IP header of the packets. -This setting applies only to packets that do not conform to the flow specification. +This setting applies only to packets that don't conform to the flow specification. - If you enable this setting, you can change the default DSCP value associated with the Controlled Load service type. @@ -604,7 +604,7 @@ This setting applies only to packets that conform to the flow specification. Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Guaranteed service type (ServiceTypeGuaranteed). The Packet Scheduler inserts the corresponding DSCP value in the IP header of the packets. -This setting applies only to packets that do not conform to the flow specification. +This setting applies only to packets that don't conform to the flow specification. - If you enable this setting, you can change the default DSCP value associated with the Guaranteed service type. @@ -791,7 +791,7 @@ This setting applies only to packets that conform to the flow specification. Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Network Control service type (ServiceTypeNetworkControl). The Packet Scheduler inserts the corresponding DSCP value in the IP header of the packets. -This setting applies only to packets that do not conform to the flow specification. +This setting applies only to packets that don't conform to the flow specification. - If you enable this setting, you can change the default DSCP value associated with the Network Control service type. @@ -913,7 +913,7 @@ Specifies an alternate link layer (Layer-2) priority value for packets with the -Specifies an alternate link layer (Layer-2) priority value for packets that do not conform to the flow specification. The Packet Scheduler inserts the corresponding priority value in the Layer-2 header of the packets. +Specifies an alternate link layer (Layer-2) priority value for packets that don't conform to the flow specification. The Packet Scheduler inserts the corresponding priority value in the Layer-2 header of the packets. - If you enable this setting, you can change the default priority value associated with nonconforming packets. @@ -1039,7 +1039,7 @@ This setting applies only to packets that conform to the flow specification. Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Qualitative service type (ServiceTypeQualitative). The Packet Scheduler inserts the corresponding DSCP value in the IP header of the packets. -This setting applies only to packets that do not conform to the flow specification. +This setting applies only to packets that don't conform to the flow specification. - If you enable this setting, you can change the default DSCP value associated with the Qualitative service type. @@ -1161,11 +1161,11 @@ Specifies an alternate link layer (Layer-2) priority value for packets with the -Determines the smallest unit of time that the Packet Scheduler uses when scheduling packets for transmission. The Packet Scheduler cannot schedule packets for transmission more frequently than permitted by the value of this entry. +Determines the smallest unit of time that the Packet Scheduler uses when scheduling packets for transmission. The Packet Scheduler can't schedule packets for transmission more frequently than permitted by the value of this entry. - If you enable this setting, you can override the default timer resolution established for the system, usually units of 10 microseconds. -- If you disable this setting or do not configure it, the setting has no effect on the system. +- If you disable this setting or don't configure it, the setting has no effect on the system. > [!IMPORTANT] > If a timer resolution is specified in the registry for a particular network adapter, then this setting is ignored when configuring that network adapter. diff --git a/windows/client-management/mdm/policy-csp-admx-radar.md b/windows/client-management/mdm/policy-csp-admx-radar.md index e3938e973c..eb513d6580 100644 --- a/windows/client-management/mdm/policy-csp-admx-radar.md +++ b/windows/client-management/mdm/policy-csp-admx-radar.md @@ -43,15 +43,15 @@ Determines the execution level for Windows Resource Exhaustion Detection and Res - If you enable this policy setting, you must select an execution level from the dropdown menu. If you select problem detection and troubleshooting only, the Diagnostic Policy Service (DPS) will detect Windows Resource Exhaustion problems and attempt to determine their root causes. These root causes will be logged to the event log when detected, but no corrective action will be taken. If you select detection, troubleshooting and resolution, the DPS will detect Windows Resource Exhaustion problems and indicate to the user that assisted resolution is available. -- If you disable this policy setting, Windows will not be able to detect, troubleshoot or resolve any Windows Resource Exhaustion problems that are handled by the DPS. +- If you disable this policy setting, Windows won't be able to detect, troubleshoot or resolve any Windows Resource Exhaustion problems that are handled by the DPS. -- If you do not configure this policy setting, the DPS will enable Windows Resource Exhaustion for resolution by default. +- If you don't configure this policy setting, the DPS will enable Windows Resource Exhaustion for resolution by default. -This policy setting takes effect only if the diagnostics-wide scenario execution policy is not configured. +This policy setting takes effect only if the diagnostics-wide scenario execution policy isn't configured. No system restart or service restart is required for this policy to take effect: changes take effect immediately. -This policy setting will only take effect when the Diagnostic Policy Service is in the running state. When the service is stopped or disabled, diagnostic scenarios will not be executed. The DPS can be configured with the Services snap-in to the Microsoft Management Console. +This policy setting will only take effect when the Diagnostic Policy Service is in the running state. When the service is stopped or disabled, diagnostic scenarios won't be executed. The DPS can be configured with the Services snap-in to the Microsoft Management Console. diff --git a/windows/client-management/mdm/policy-csp-admx-reliability.md b/windows/client-management/mdm/policy-csp-admx-reliability.md index 703aa134af..18f786321f 100644 --- a/windows/client-management/mdm/policy-csp-admx-reliability.md +++ b/windows/client-management/mdm/policy-csp-admx-reliability.md @@ -43,9 +43,9 @@ This policy setting allows the system to detect the time of unexpected shutdowns - If you enable this policy setting, you are able to specify how often the Persistent System Timestamp is refreshed and subsequently written to the disk. You can specify the Timestamp Interval in seconds. -- If you disable this policy setting, the Persistent System Timestamp is turned off and the timing of unexpected shutdowns is not recorded. +- If you disable this policy setting, the Persistent System Timestamp is turned off and the timing of unexpected shutdowns isn't recorded. -- If you do not configure this policy setting, the Persistent System Timestamp is refreshed according the default, which is every 60 seconds beginning with Windows Server 2003. +- If you don't configure this policy setting, the Persistent System Timestamp is refreshed according the default, which is every 60 seconds beginning with Windows Server 2003. > [!NOTE] > This feature might interfere with power configuration settings that turn off hard disks after a period of inactivity. These power settings may be accessed in the Power Options Control Panel. @@ -107,9 +107,9 @@ This policy setting controls whether or not unplanned shutdown events can be rep - If you enable this policy setting, error reporting includes unplanned shutdown events. -- If you disable this policy setting, unplanned shutdown events are not included in error reporting. +- If you disable this policy setting, unplanned shutdown events aren't included in error reporting. -- If you do not configure this policy setting, users can adjust this setting using the control panel, which is set to "Upload unplanned shutdown events" by default. +- If you don't configure this policy setting, users can adjust this setting using the control panel, which is set to "Upload unplanned shutdown events" by default. Also see the "Configure Error Reporting" policy setting. @@ -174,7 +174,7 @@ The system state data file contains information about the basic system state as - If you disable this policy setting, the System State Data feature is never activated. -- If you do not configure this policy setting, the default behavior for the System State Data feature occurs. +- If you don't configure this policy setting, the default behavior for the System State Data feature occurs. > [!NOTE] > By default, the System State Data feature is always enabled on Windows Server 2003. See "Supported on" for all supported versions. @@ -232,7 +232,7 @@ The system state data file contains information about the basic system state as -The Shutdown Event Tracker can be displayed when you shut down a workstation or server. This is an extra set of questions that is displayed when you invoke a shutdown to collect information related to why you are shutting down the computer. +The Shutdown Event Tracker can be displayed when you shut down a workstation or server. This is an extra set of questions that's displayed when you invoke a shutdown to collect information related to why you are shutting down the computer. - If you enable this setting and choose "Always" from the drop-down menu list, the Shutdown Event Tracker is displayed when the computer shuts down. @@ -240,9 +240,9 @@ The Shutdown Event Tracker can be displayed when you shut down a workstation or - If you enable this policy setting and choose "Workstation Only" from the drop-down menu list, the Shutdown Event Tracker is displayed when you shut down a computer running a client version of Windows. (See "Supported on" for supported versions.) -- If you disable this policy setting, the Shutdown Event Tracker is not displayed when you shut down the computer. +- If you disable this policy setting, the Shutdown Event Tracker isn't displayed when you shut down the computer. -- If you do not configure this policy setting, the default behavior for the Shutdown Event Tracker occurs. +- If you don't configure this policy setting, the default behavior for the Shutdown Event Tracker occurs. > [!NOTE] > By default, the Shutdown Event Tracker is only displayed on computers running Windows Server. diff --git a/windows/client-management/mdm/policy-csp-admx-remoteassistance.md b/windows/client-management/mdm/policy-csp-admx-remoteassistance.md index 487a0bba4b..9fedc83d9d 100644 --- a/windows/client-management/mdm/policy-csp-admx-remoteassistance.md +++ b/windows/client-management/mdm/policy-csp-admx-remoteassistance.md @@ -39,13 +39,13 @@ ms.topic: reference -This policy setting enables Remote Assistance invitations to be generated with improved encryption so that only computers running this version (or later versions) of the operating system can connect. This policy setting does not affect Remote Assistance connections that are initiated by instant messaging contacts or the unsolicited Offer Remote Assistance. +This policy setting enables Remote Assistance invitations to be generated with improved encryption so that only computers running this version (or later versions) of the operating system can connect. This policy setting doesn't affect Remote Assistance connections that are initiated by instant messaging contacts or the unsolicited Offer Remote Assistance. - If you enable this policy setting, only computers running this version (or later versions) of the operating system can connect to this computer. - If you disable this policy setting, computers running this version and a previous version of the operating system can connect to this computer. -- If you do not configure this policy setting, users can configure the setting in System Properties in the Control Panel. +- If you don't configure this policy setting, users can configure the setting in System Properties in the Control Panel. @@ -122,7 +122,7 @@ For example: - If you disable this policy setting, application-based settings are used. -- If you do not configure this policy setting, application-based settings are used. +- If you don't configure this policy setting, application-based settings are used. diff --git a/windows/client-management/mdm/policy-csp-admx-removablestorage.md b/windows/client-management/mdm/policy-csp-admx-removablestorage.md index c0e9c1f8a1..d3d244b264 100644 --- a/windows/client-management/mdm/policy-csp-admx-removablestorage.md +++ b/windows/client-management/mdm/policy-csp-admx-removablestorage.md @@ -43,10 +43,10 @@ This policy setting configures the amount of time (in seconds) that the operatin - If you enable this policy setting, you can set the number of seconds you want the system to wait until a reboot. -- If you disable or do not configure this setting, the operating system does not force a reboot. +- If you disable or don't configure this setting, the operating system doesn't force a reboot. > [!NOTE] -> If no reboot is forced, the access right does not take effect until the operating system is restarted. +> If no reboot is forced, the access right doesn't take effect until the operating system is restarted. @@ -105,10 +105,10 @@ This policy setting configures the amount of time (in seconds) that the operatin - If you enable this policy setting, you can set the number of seconds you want the system to wait until a reboot. -- If you disable or do not configure this setting, the operating system does not force a reboot. +- If you disable or don't configure this setting, the operating system doesn't force a reboot. > [!NOTE] -> If no reboot is forced, the access right does not take effect until the operating system is restarted. +> If no reboot is forced, the access right doesn't take effect until the operating system is restarted. @@ -167,7 +167,7 @@ This policy setting denies execute access to the CD and DVD removable storage cl - If you enable this policy setting, execute access is denied to this removable storage class. -- If you disable or do not configure this policy setting, execute access is allowed to this removable storage class. +- If you disable or don't configure this policy setting, execute access is allowed to this removable storage class. @@ -226,7 +226,7 @@ This policy setting denies read access to the CD and DVD removable storage class - If you enable this policy setting, read access is denied to this removable storage class. -- If you disable or do not configure this policy setting, read access is allowed to this removable storage class. +- If you disable or don't configure this policy setting, read access is allowed to this removable storage class. @@ -285,7 +285,7 @@ This policy setting denies read access to the CD and DVD removable storage class - If you enable this policy setting, read access is denied to this removable storage class. -- If you disable or do not configure this policy setting, read access is allowed to this removable storage class. +- If you disable or don't configure this policy setting, read access is allowed to this removable storage class. @@ -344,7 +344,7 @@ This policy setting denies write access to the CD and DVD removable storage clas - If you enable this policy setting, write access is denied to this removable storage class. -- If you disable or do not configure this policy setting, write access is allowed to this removable storage class. +- If you disable or don't configure this policy setting, write access is allowed to this removable storage class. @@ -403,7 +403,7 @@ This policy setting denies write access to the CD and DVD removable storage clas - If you enable this policy setting, write access is denied to this removable storage class. -- If you disable or do not configure this policy setting, write access is allowed to this removable storage class. +- If you disable or don't configure this policy setting, write access is allowed to this removable storage class. @@ -462,7 +462,7 @@ This policy setting denies read access to custom removable storage classes. - If you enable this policy setting, read access is denied to these removable storage classes. -- If you disable or do not configure this policy setting, read access is allowed to these removable storage classes. +- If you disable or don't configure this policy setting, read access is allowed to these removable storage classes. @@ -521,7 +521,7 @@ This policy setting denies read access to custom removable storage classes. - If you enable this policy setting, read access is denied to these removable storage classes. -- If you disable or do not configure this policy setting, read access is allowed to these removable storage classes. +- If you disable or don't configure this policy setting, read access is allowed to these removable storage classes. @@ -580,7 +580,7 @@ This policy setting denies write access to custom removable storage classes. - If you enable this policy setting, write access is denied to these removable storage classes. -- If you disable or do not configure this policy setting, write access is allowed to these removable storage classes. +- If you disable or don't configure this policy setting, write access is allowed to these removable storage classes. @@ -639,7 +639,7 @@ This policy setting denies write access to custom removable storage classes. - If you enable this policy setting, write access is denied to these removable storage classes. -- If you disable or do not configure this policy setting, write access is allowed to these removable storage classes. +- If you disable or don't configure this policy setting, write access is allowed to these removable storage classes. @@ -698,7 +698,7 @@ This policy setting denies execute access to the Floppy Drives removable storage - If you enable this policy setting, execute access is denied to this removable storage class. -- If you disable or do not configure this policy setting, execute access is allowed to this removable storage class. +- If you disable or don't configure this policy setting, execute access is allowed to this removable storage class. @@ -757,7 +757,7 @@ This policy setting denies read access to the Floppy Drives removable storage cl - If you enable this policy setting, read access is denied to this removable storage class. -- If you disable or do not configure this policy setting, read access is allowed to this removable storage class. +- If you disable or don't configure this policy setting, read access is allowed to this removable storage class. @@ -816,7 +816,7 @@ This policy setting denies read access to the Floppy Drives removable storage cl - If you enable this policy setting, read access is denied to this removable storage class. -- If you disable or do not configure this policy setting, read access is allowed to this removable storage class. +- If you disable or don't configure this policy setting, read access is allowed to this removable storage class. @@ -875,7 +875,7 @@ This policy setting denies write access to the Floppy Drives removable storage c - If you enable this policy setting, write access is denied to this removable storage class. -- If you disable or do not configure this policy setting, write access is allowed to this removable storage class. +- If you disable or don't configure this policy setting, write access is allowed to this removable storage class. @@ -934,7 +934,7 @@ This policy setting denies write access to the Floppy Drives removable storage c - If you enable this policy setting, write access is denied to this removable storage class. -- If you disable or do not configure this policy setting, write access is allowed to this removable storage class. +- If you disable or don't configure this policy setting, write access is allowed to this removable storage class. @@ -993,7 +993,7 @@ This policy setting grants normal users direct access to removable storage devic - If you enable this policy setting, remote users can open direct handles to removable storage devices in remote sessions. -- If you disable or do not configure this policy setting, remote users cannot open direct handles to removable storage devices in remote sessions. +- If you disable or don't configure this policy setting, remote users can't open direct handles to removable storage devices in remote sessions. @@ -1052,7 +1052,7 @@ This policy setting denies execute access to removable disks. - If you enable this policy setting, execute access is denied to this removable storage class. -- If you disable or do not configure this policy setting, execute access is allowed to this removable storage class. +- If you disable or don't configure this policy setting, execute access is allowed to this removable storage class. @@ -1111,7 +1111,7 @@ This policy setting denies read access to removable disks. - If you enable this policy setting, read access is denied to this removable storage class. -- If you disable or do not configure this policy setting, read access is allowed to this removable storage class. +- If you disable or don't configure this policy setting, read access is allowed to this removable storage class. @@ -1170,7 +1170,7 @@ This policy setting denies read access to removable disks. - If you enable this policy setting, read access is denied to this removable storage class. -- If you disable or do not configure this policy setting, read access is allowed to this removable storage class. +- If you disable or don't configure this policy setting, read access is allowed to this removable storage class. @@ -1229,7 +1229,7 @@ This policy setting denies write access to removable disks. - If you enable this policy setting, write access is denied to this removable storage class. -- If you disable or do not configure this policy setting, write access is allowed to this removable storage class. +- If you disable or don't configure this policy setting, write access is allowed to this removable storage class. > [!NOTE] > To require that users write data to BitLocker-protected storage, enable the policy setting "Deny write access to drives not protected by BitLocker," which is located in "Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Removable Data Drives." @@ -1293,7 +1293,7 @@ This policy setting takes precedence over any individual removable storage polic - If you enable this policy setting, no access is allowed to any removable storage class. -- If you disable or do not configure this policy setting, write and read accesses are allowed to all removable storage classes. +- If you disable or don't configure this policy setting, write and read accesses are allowed to all removable storage classes. @@ -1354,7 +1354,7 @@ This policy setting takes precedence over any individual removable storage polic - If you enable this policy setting, no access is allowed to any removable storage class. -- If you disable or do not configure this policy setting, write and read accesses are allowed to all removable storage classes. +- If you disable or don't configure this policy setting, write and read accesses are allowed to all removable storage classes. @@ -1413,7 +1413,7 @@ This policy setting denies execute access to the Tape Drive removable storage cl - If you enable this policy setting, execute access is denied to this removable storage class. -- If you disable or do not configure this policy setting, execute access is allowed to this removable storage class. +- If you disable or don't configure this policy setting, execute access is allowed to this removable storage class. @@ -1472,7 +1472,7 @@ This policy setting denies read access to the Tape Drive removable storage class - If you enable this policy setting, read access is denied to this removable storage class. -- If you disable or do not configure this policy setting, read access is allowed to this removable storage class. +- If you disable or don't configure this policy setting, read access is allowed to this removable storage class. @@ -1531,7 +1531,7 @@ This policy setting denies read access to the Tape Drive removable storage class - If you enable this policy setting, read access is denied to this removable storage class. -- If you disable or do not configure this policy setting, read access is allowed to this removable storage class. +- If you disable or don't configure this policy setting, read access is allowed to this removable storage class. @@ -1590,7 +1590,7 @@ This policy setting denies write access to the Tape Drive removable storage clas - If you enable this policy setting, write access is denied to this removable storage class. -- If you disable or do not configure this policy setting, write access is allowed to this removable storage class. +- If you disable or don't configure this policy setting, write access is allowed to this removable storage class. @@ -1649,7 +1649,7 @@ This policy setting denies write access to the Tape Drive removable storage clas - If you enable this policy setting, write access is denied to this removable storage class. -- If you disable or do not configure this policy setting, write access is allowed to this removable storage class. +- If you disable or don't configure this policy setting, write access is allowed to this removable storage class. @@ -1708,7 +1708,7 @@ This policy setting denies read access to removable disks, which may include med - If you enable this policy setting, read access is denied to this removable storage class. -- If you disable or do not configure this policy setting, read access is allowed to this removable storage class. +- If you disable or don't configure this policy setting, read access is allowed to this removable storage class. @@ -1767,7 +1767,7 @@ This policy setting denies read access to removable disks, which may include med - If you enable this policy setting, read access is denied to this removable storage class. -- If you disable or do not configure this policy setting, read access is allowed to this removable storage class. +- If you disable or don't configure this policy setting, read access is allowed to this removable storage class. @@ -1826,7 +1826,7 @@ This policy setting denies write access to removable disks, which may include me - If you enable this policy setting, write access is denied to this removable storage class. -- If you disable or do not configure this policy setting, write access is allowed to this removable storage class. +- If you disable or don't configure this policy setting, write access is allowed to this removable storage class. @@ -1885,7 +1885,7 @@ This policy setting denies write access to removable disks, which may include me - If you enable this policy setting, write access is denied to this removable storage class. -- If you disable or do not configure this policy setting, write access is allowed to this removable storage class. +- If you disable or don't configure this policy setting, write access is allowed to this removable storage class. diff --git a/windows/client-management/mdm/policy-csp-admx-rpc.md b/windows/client-management/mdm/policy-csp-admx-rpc.md index e8f056ba93..4edfda6b8f 100644 --- a/windows/client-management/mdm/policy-csp-admx-rpc.md +++ b/windows/client-management/mdm/policy-csp-admx-rpc.md @@ -45,7 +45,7 @@ Extended error information includes the local time that the error occurred, the - If you disable this policy setting, the RPC Runtime only generates a status code to indicate an error condition. -- If you do not configure this policy setting, it remains disabled. It will only generate a status code to indicate an error condition. +- If you don't configure this policy setting, it remains disabled. It will only generate a status code to indicate an error condition. - If you enable this policy setting, the RPC runtime will generate extended error information. You must select an error response type in the drop-down box. @@ -64,10 +64,10 @@ Extended error information includes the local time that the error occurred, the > Extended error information is formatted to be compatible with other operating systems and older Microsoft operating systems, but only newer Microsoft operating systems can read and respond to the information. > [!NOTE] -> The default policy setting, "Off," is designed for systems where extended error information is considered to be sensitive, and it should not be made available remotely. +> The default policy setting, "Off," is designed for systems where extended error information is considered to be sensitive, and it shouldn't be made available remotely. > [!NOTE] -> This policy setting will not be applied until the system is rebooted. +> This policy setting won't be applied until the system is rebooted. @@ -123,20 +123,20 @@ Extended error information includes the local time that the error occurred, the This policy setting controls whether the RPC Runtime ignores delegation failures when delegation is requested. -The constrained delegation model, introduced in Windows Server 2003, does not report that delegation was enabled on a security context when a client connects to a server. Callers of RPC and COM are encouraged to use the RPC_C_QOS_CAPABILITIES_IGNORE_DELEGATE_FAILURE flag, but some applications written for the traditional delegation model prior to Windows Server 2003 may not use this flag and will encounter RPC_S_SEC_PKG_ERROR when connecting to a server that uses constrained delegation. +The constrained delegation model, introduced in Windows Server 2003, doesn't report that delegation was enabled on a security context when a client connects to a server. Callers of RPC and COM are encouraged to use the RPC_C_QOS_CAPABILITIES_IGNORE_DELEGATE_FAILURE flag, but some applications written for the traditional delegation model prior to Windows Server 2003 may not use this flag and will encounter RPC_S_SEC_PKG_ERROR when connecting to a server that uses constrained delegation. - If you disable this policy setting, the RPC Runtime will generate RPC_S_SEC_PKG_ERROR errors to applications that ask for delegation and connect to servers using constrained delegation. -- If you do not configure this policy setting, it remains disabled and will generate RPC_S_SEC_PKG_ERROR errors to applications that ask for delegation and connect to servers using constrained delegation. +- If you don't configure this policy setting, it remains disabled and will generate RPC_S_SEC_PKG_ERROR errors to applications that ask for delegation and connect to servers using constrained delegation. - If you enable this policy setting, then: -- "Off" directs the RPC Runtime to generate RPC_S_SEC_PKG_ERROR if the client asks for delegation, but the created security context does not support delegation. +- "Off" directs the RPC Runtime to generate RPC_S_SEC_PKG_ERROR if the client asks for delegation, but the created security context doesn't support delegation. -- "On" directs the RPC Runtime to accept security contexts that do not support delegation even if delegation was asked for. +- "On" directs the RPC Runtime to accept security contexts that don't support delegation even if delegation was asked for. > [!NOTE] -> This policy setting will not be applied until the system is rebooted. +> This policy setting won't be applied until the system is rebooted. @@ -200,12 +200,12 @@ The minimum allowed value for this policy setting is 90 seconds. The maximum is - If you disable this policy setting, the idle connection timeout on the IIS server running the RPC HTTP proxy will be used. -- If you do not configure this policy setting, it will remain disabled. The idle connection timeout on the IIS server running the RPC HTTP proxy will be used. +- If you don't configure this policy setting, it will remain disabled. The idle connection timeout on the IIS server running the RPC HTTP proxy will be used. - If you enable this policy setting, and the IIS server running the RPC HTTP proxy is configured with a lower idle connection timeout, the timeout on the IIS server is used. Otherwise, the provided timeout value is used. The timeout is given in seconds. > [!NOTE] -> This policy setting will not be applied until the system is rebooted. +> This policy setting won't be applied until the system is rebooted. @@ -263,14 +263,14 @@ This policy setting determines whether the RPC Runtime maintains RPC state infor - If you disable this policy setting, the RPC runtime defaults to "Auto2" level. -- If you do not configure this policy setting, the RPC defaults to "Auto2" level. +- If you don't configure this policy setting, the RPC defaults to "Auto2" level. - If you enable this policy setting, you can use the drop-down box to determine which systems maintain RPC state information. -- "None" indicates that the system does not maintain any RPC state information. +- "None" indicates that the system doesn't maintain any RPC state information. > [!NOTE] -> Because the basic state information required for troubleshooting has a negligible effect on performance and uses only about 4K of memory, this setting is not recommended for most installations. +> Because the basic state information required for troubleshooting has a negligible effect on performance and uses only about 4K of memory, this setting isn't recommended for most installations. - "Auto1" directs RPC to maintain basic state information only if the computer has at least 64 MB of memory. @@ -278,13 +278,13 @@ This policy setting determines whether the RPC Runtime maintains RPC state infor - "Server" directs RPC to maintain basic state information on the computer, regardless of its capacity. -- "Full" directs RPC to maintain complete RPC state information on the system, regardless of its capacity. Because this level can degrade performance, it is recommended for use only while you are investigating an RPC problem. +- "Full" directs RPC to maintain complete RPC state information on the system, regardless of its capacity. Because this level can degrade performance, it's recommended for use only while you are investigating an RPC problem. > [!NOTE] > To retrieve the RPC state information from a system that maintains it, you must use a debugging tool. > [!NOTE] -> This policy setting will not be applied until the system is rebooted. +> This policy setting won't be applied until the system is rebooted. diff --git a/windows/client-management/mdm/policy-csp-admx-sam.md b/windows/client-management/mdm/policy-csp-admx-sam.md index aad781080d..8f947117a1 100644 --- a/windows/client-management/mdm/policy-csp-admx-sam.md +++ b/windows/client-management/mdm/policy-csp-admx-sam.md @@ -49,7 +49,7 @@ For more information on the ROCA vulnerability, please see: If you enable this policy setting the following options are supported: -Ignore: during authentication the domain controller will not probe any WHfB keys for the ROCA vulnerability. +Ignore: during authentication the domain controller won't probe any WHfB keys for the ROCA vulnerability. Audit: during authentication the domain controller will emit audit events for WHfB keys that are subject to the ROCA vulnerability (authentications will still succeed). @@ -59,9 +59,9 @@ This setting only takes effect on domain controllers. If not configured, domain controllers will default to using their local configuration. The default local configuration is Audit. -A reboot is not required for changes to this setting to take effect. +A reboot isn't required for changes to this setting to take effect. -Note to avoid unexpected disruptions this setting should not be set to Block until appropriate mitigations have been performed, for example patching of vulnerable TPMs. +Note to avoid unexpected disruptions this setting shouldn't be set to Block until appropriate mitigations have been performed, for example patching of vulnerable TPMs. More information is available at< https://go.microsoft.com/fwlink/?linkid=2116430>. diff --git a/windows/client-management/mdm/policy-csp-admx-scripts.md b/windows/client-management/mdm/policy-csp-admx-scripts.md index 2a6b04c9b5..84a0dd295a 100644 --- a/windows/client-management/mdm/policy-csp-admx-scripts.md +++ b/windows/client-management/mdm/policy-csp-admx-scripts.md @@ -39,11 +39,11 @@ ms.topic: reference -This policy setting allows user logon scripts to run when the logon cross-forest, DNS suffixes are not configured, and NetBIOS or WINS is disabled. This policy setting affects all user accounts interactively logging on to the computer. +This policy setting allows user logon scripts to run when the logon cross-forest, DNS suffixes aren't configured, and NetBIOS or WINS is disabled. This policy setting affects all user accounts interactively logging on to the computer. - If you enable this policy setting, user logon scripts run if NetBIOS or WINS is disabled during cross-forest logons without the DNS suffixes being configured. -- If you disable or do not configure this policy setting, user account cross-forest, interactive logging cannot run logon scripts if NetBIOS or WINS is disabled, and the DNS suffixes are not configured. +- If you disable or don't configure this policy setting, user account cross-forest, interactive logging can't run logon scripts if NetBIOS or WINS is disabled, and the DNS suffixes aren't configured. @@ -100,7 +100,7 @@ This policy setting allows user logon scripts to run when the logon cross-forest This policy setting determines how long the system waits for scripts applied by Group Policy to run. -This setting limits the total time allowed for all logon, logoff, startup, and shutdown scripts applied by Group Policy to finish running. If the scripts have not finished running when the specified time expires, the system stops script processing and records an error event. +This setting limits the total time allowed for all logon, logoff, startup, and shutdown scripts applied by Group Policy to finish running. If the scripts haven't finished running when the specified time expires, the system stops script processing and records an error event. - If you enable this setting, then, in the Seconds box, you can type a number from 1 to 32,000 for the number of seconds you want the system to wait for the set of scripts to finish. To direct the system to wait until the scripts have finished, no matter how long they take, type 0. @@ -108,7 +108,7 @@ This interval is particularly important when other system tasks must wait while An excessively long interval can delay the system and inconvenience users. However, if the interval is too short, prerequisite tasks might not be done, and the system can appear to be ready prematurely. -- If you disable or do not configure this setting the system lets the combined set of scripts run for up to 600 seconds (10 minutes). This is the default. +- If you disable or don't configure this setting the system lets the combined set of scripts run for up to 600 seconds (10 minutes). This is the default. @@ -242,11 +242,11 @@ For DesktopSales, GPOs B and C are applied, but not GPO A. Therefore, the script This policy setting hides the instructions in logon scripts written for Windows NT 4.0 and earlier. -Logon scripts are batch files of instructions that run when the user logs on. By default, Windows 2000 displays the instructions in logon scripts written for Windows NT 4.0 and earlier in a command window as they run, although it does not display logon scripts written for Windows 2000. +Logon scripts are batch files of instructions that run when the user logs on. By default, Windows 2000 displays the instructions in logon scripts written for Windows NT 4.0 and earlier in a command window as they run, although it doesn't display logon scripts written for Windows 2000. -- If you enable this setting, Windows 2000 does not display logon scripts written for Windows NT 4.0 and earlier. +- If you enable this setting, Windows 2000 doesn't display logon scripts written for Windows NT 4.0 and earlier. -- If you disable or do not configure this policy setting, Windows 2000 displays login scripts written for Windows NT 4.0 and earlier. +- If you disable or don't configure this policy setting, Windows 2000 displays login scripts written for Windows NT 4.0 and earlier. Also, see the "Run Logon Scripts Visible" setting. @@ -305,11 +305,11 @@ Also, see the "Run Logon Scripts Visible" setting. This policy setting displays the instructions in logoff scripts as they run. -Logoff scripts are batch files of instructions that run when the user logs off. By default, the system does not display the instructions in the logoff script. +Logoff scripts are batch files of instructions that run when the user logs off. By default, the system doesn't display the instructions in the logoff script. - If you enable this policy setting, the system displays each instruction in the logoff script as it runs. The instructions appear in a command window. This policy setting is designed for advanced users. -- If you disable or do not configure this policy setting, the instructions are suppressed. +- If you disable or don't configure this policy setting, the instructions are suppressed. @@ -366,9 +366,9 @@ Logoff scripts are batch files of instructions that run when the user logs off. This policy setting directs the system to wait for logon scripts to finish running before it starts the File Explorer interface program and creates the desktop. -- If you enable this policy setting, File Explorer does not start until the logon scripts have finished running. This policy setting ensures that logon script processing is complete before the user starts working, but it can delay the appearance of the desktop. +- If you enable this policy setting, File Explorer doesn't start until the logon scripts have finished running. This policy setting ensures that logon script processing is complete before the user starts working, but it can delay the appearance of the desktop. -- If you disable or do not configure this policy setting, the logon scripts and File Explorer are not synchronized and can run simultaneously. +- If you disable or don't configure this policy setting, the logon scripts and File Explorer aren't synchronized and can run simultaneously. This policy setting appears in the Computer Configuration and User Configuration folders. The policy setting set in Computer Configuration takes precedence over the policy setting set in User Configuration. @@ -427,9 +427,9 @@ This policy setting appears in the Computer Configuration and User Configuration This policy setting directs the system to wait for logon scripts to finish running before it starts the File Explorer interface program and creates the desktop. -- If you enable this policy setting, File Explorer does not start until the logon scripts have finished running. This policy setting ensures that logon script processing is complete before the user starts working, but it can delay the appearance of the desktop. +- If you enable this policy setting, File Explorer doesn't start until the logon scripts have finished running. This policy setting ensures that logon script processing is complete before the user starts working, but it can delay the appearance of the desktop. -- If you disable or do not configure this policy setting, the logon scripts and File Explorer are not synchronized and can run simultaneously. +- If you disable or don't configure this policy setting, the logon scripts and File Explorer aren't synchronized and can run simultaneously. This policy setting appears in the Computer Configuration and User Configuration folders. The policy setting set in Computer Configuration takes precedence over the policy setting set in User Configuration. @@ -488,11 +488,11 @@ This policy setting appears in the Computer Configuration and User Configuration This policy setting displays the instructions in logon scripts as they run. -Logon scripts are batch files of instructions that run when the user logs on. By default, the system does not display the instructions in logon scripts. +Logon scripts are batch files of instructions that run when the user logs on. By default, the system doesn't display the instructions in logon scripts. - If you enable this policy setting, the system displays each instruction in the logon script as it runs. The instructions appear in a command window. This policy setting is designed for advanced users. -- If you disable or do not configure this policy setting, the instructions are suppressed. +- If you disable or don't configure this policy setting, the instructions are suppressed. @@ -549,11 +549,11 @@ Logon scripts are batch files of instructions that run when the user logs on. By This policy setting displays the instructions in shutdown scripts as they run. -Shutdown scripts are batch files of instructions that run when the user restarts the system or shuts it down. By default, the system does not display the instructions in the shutdown script. +Shutdown scripts are batch files of instructions that run when the user restarts the system or shuts it down. By default, the system doesn't display the instructions in the shutdown script. - If you enable this policy setting, the system displays each instruction in the shutdown script as it runs. The instructions appear in a command window. -- If you disable or do not configure this policy setting, the instructions are suppressed. +- If you disable or don't configure this policy setting, the instructions are suppressed. @@ -612,9 +612,9 @@ This policy setting lets the system run startup scripts simultaneously. Startup scripts are batch files that run before the user is invited to log on. By default, the system waits for each startup script to complete before it runs the next startup script. -- If you enable this policy setting, the system does not coordinate the running of startup scripts. As a result, startup scripts can run simultaneously. +- If you enable this policy setting, the system doesn't coordinate the running of startup scripts. As a result, startup scripts can run simultaneously. -- If you disable or do not configure this policy setting, a startup cannot run until the previous script is complete. +- If you disable or don't configure this policy setting, a startup can't run until the previous script is complete. > [!NOTE] > Starting with Windows Vista operating system, scripts that are configured to run asynchronously are no longer visible on startup, whether the "Run startup scripts visible" policy setting is enabled or not. @@ -674,11 +674,11 @@ Startup scripts are batch files that run before the user is invited to log on. B This policy setting displays the instructions in startup scripts as they run. -Startup scripts are batch files of instructions that run before the user is invited to log on. By default, the system does not display the instructions in the startup script. +Startup scripts are batch files of instructions that run before the user is invited to log on. By default, the system doesn't display the instructions in the startup script. - If you enable this policy setting, the system displays each instruction in the startup script as it runs. Instructions appear in a command window. This policy setting is designed for advanced users. -- If you disable or do not configure this policy setting, the instructions are suppressed. +- If you disable or don't configure this policy setting, the instructions are suppressed. > [!NOTE] > Starting with Windows Vista operating system, scripts that are configured to run asynchronously are no longer visible on startup, whether this policy setting is enabled or not. diff --git a/windows/client-management/mdm/policy-csp-admx-sdiageng.md b/windows/client-management/mdm/policy-csp-admx-sdiageng.md index 3ac645f7fb..659311557d 100644 --- a/windows/client-management/mdm/policy-csp-admx-sdiageng.md +++ b/windows/client-management/mdm/policy-csp-admx-sdiageng.md @@ -39,11 +39,11 @@ ms.topic: reference -This policy setting allows users who are connected to the Internet to access and search troubleshooting content that is hosted on Microsoft content servers. Users can access online troubleshooting content from within the Troubleshooting Control Panel UI by clicking "Yes" when they are prompted by a message that states, "Do you want the most up-to-date troubleshooting content?" +This policy setting allows users who are connected to the Internet to access and search troubleshooting content that's hosted on Microsoft content servers. Users can access online troubleshooting content from within the Troubleshooting Control Panel UI by clicking "Yes" when they're prompted by a message that states, "Do you want the most up-to-date troubleshooting content?" -- If you enable or do not configure this policy setting, users who are connected to the Internet can access and search troubleshooting content that is hosted on Microsoft content servers from within the Troubleshooting Control Panel user interface. +- If you enable or don't configure this policy setting, users who are connected to the Internet can access and search troubleshooting content that's hosted on Microsoft content servers from within the Troubleshooting Control Panel user interface. -- If you disable this policy setting, users can only access and search troubleshooting content that is available locally on their computers, even if they are connected to the Internet. They are prevented from connecting to the Microsoft servers that host the Windows Online Troubleshooting Service. +- If you disable this policy setting, users can only access and search troubleshooting content that's available locally on their computers, even if they're connected to the Internet. They are prevented from connecting to the Microsoft servers that host the Windows Online Troubleshooting Service. @@ -100,9 +100,9 @@ This policy setting allows users who are connected to the Internet to access and This policy setting allows users to access and run the troubleshooting tools that are available in the Troubleshooting Control Panel and to run the troubleshooting wizard to troubleshoot problems on their computers. -- If you enable or do not configure this policy setting, users can access and run the troubleshooting tools from the Troubleshooting Control Panel. +- If you enable or don't configure this policy setting, users can access and run the troubleshooting tools from the Troubleshooting Control Panel. -- If you disable this policy setting, users cannot access or run the troubleshooting tools from the Control Panel. +- If you disable this policy setting, users can't access or run the troubleshooting tools from the Control Panel. Note that this setting also controls a user's ability to launch standalone troubleshooting packs such as those found in .diagcab files. @@ -163,7 +163,7 @@ This policy setting determines whether scripted diagnostics will execute diagnos - If you enable this policy setting, the scripted diagnostics execution engine validates the signer of any diagnostic package and runs only those signed by trusted publishers. -- If you disable or do not configure this policy setting, the scripted diagnostics execution engine runs all digitally signed packages. +- If you disable or don't configure this policy setting, the scripted diagnostics execution engine runs all digitally signed packages. diff --git a/windows/client-management/mdm/policy-csp-admx-sdiagschd.md b/windows/client-management/mdm/policy-csp-admx-sdiagschd.md index 871a415e66..7370644c81 100644 --- a/windows/client-management/mdm/policy-csp-admx-sdiagschd.md +++ b/windows/client-management/mdm/policy-csp-admx-sdiagschd.md @@ -45,13 +45,13 @@ Determines whether scheduled diagnostics will run to proactively detect and reso If you choose detection, troubleshooting and resolution, Windows will resolve some of these problems silently without requiring user input. -- If you disable this policy setting, Windows will not be able to detect, troubleshoot or resolve problems on a scheduled basis. +- If you disable this policy setting, Windows won't be able to detect, troubleshoot or resolve problems on a scheduled basis. -- If you do not configure this policy setting, local troubleshooting preferences will take precedence, as configured in the control panel. If no local troubleshooting preference is configured, scheduled diagnostics are enabled for detection, troubleshooting and resolution by default. +- If you don't configure this policy setting, local troubleshooting preferences will take precedence, as configured in the control panel. If no local troubleshooting preference is configured, scheduled diagnostics are enabled for detection, troubleshooting and resolution by default. No reboots or service restarts are required for this policy to take effect: changes take effect immediately. -This policy setting will only take effect when the Task Scheduler service is in the running state. When the service is stopped or disabled, scheduled diagnostics will not be executed. The Task Scheduler service can be configured with the Services snap-in to the Microsoft Management Console. +This policy setting will only take effect when the Task Scheduler service is in the running state. When the service is stopped or disabled, scheduled diagnostics won't be executed. The Task Scheduler service can be configured with the Services snap-in to the Microsoft Management Console. diff --git a/windows/client-management/mdm/policy-csp-admx-securitycenter.md b/windows/client-management/mdm/policy-csp-admx-securitycenter.md index 68fc5cdbfc..3d37d8da13 100644 --- a/windows/client-management/mdm/policy-csp-admx-securitycenter.md +++ b/windows/client-management/mdm/policy-csp-admx-securitycenter.md @@ -39,11 +39,11 @@ ms.topic: reference -This policy setting specifies whether Security Center is turned on or off for computers that are joined to an Active Directory domain. When Security Center is turned on, it monitors essential security settings and notifies the user when the computer might be at risk. The Security Center Control Panel category view also contains a status section, where the user can get recommendations to help increase the computer's security. When Security Center is not enabled on the domain, neither the notifications nor the Security Center status section are displayed. +This policy setting specifies whether Security Center is turned on or off for computers that are joined to an Active Directory domain. When Security Center is turned on, it monitors essential security settings and notifies the user when the computer might be at risk. The Security Center Control Panel category view also contains a status section, where the user can get recommendations to help increase the computer's security. When Security Center isn't enabled on the domain, neither the notifications nor the Security Center status section are displayed. -Note that Security Center can only be turned off for computers that are joined to a Windows domain. When a computer is not joined to a Windows domain, the policy setting will have no effect. +Note that Security Center can only be turned off for computers that are joined to a Windows domain. When a computer isn't joined to a Windows domain, the policy setting will have no effect. -If you do not congifure this policy setting, the Security Center is turned off for domain members. +If you don't congifure this policy setting, the Security Center is turned off for domain members. - If you enable this policy setting, Security Center is turned on for all users. @@ -55,7 +55,7 @@ In Windows XP SP2, the essential security settings that are monitored by Securit Windows Vista --------------------- -In Windows Vista, this policy setting monitors essential security settings to include firewall, antivirus, antispyware, Internet security settings, User Account Control, and Automatic Updates. Windows Vista computers do not require a reboot for this policy setting to take effect. +In Windows Vista, this policy setting monitors essential security settings to include firewall, antivirus, antispyware, Internet security settings, User Account Control, and Automatic Updates. Windows Vista computers don't require a reboot for this policy setting to take effect. diff --git a/windows/client-management/mdm/policy-csp-admx-sensors.md b/windows/client-management/mdm/policy-csp-admx-sensors.md index b3c05e4c14..4a9cd48d2b 100644 --- a/windows/client-management/mdm/policy-csp-admx-sensors.md +++ b/windows/client-management/mdm/policy-csp-admx-sensors.md @@ -43,7 +43,7 @@ This policy setting turns off the location feature for this computer. - If you enable this policy setting, the location feature is turned off, and all programs on this computer are prevented from using location information from the location feature. -- If you disable or do not configure this policy setting, all programs on this computer will not be prevented from using location information from the location feature. +- If you disable or don't configure this policy setting, all programs on this computer won't be prevented from using location information from the location feature. @@ -100,9 +100,9 @@ This policy setting turns off the location feature for this computer. This policy setting turns off scripting for the location feature. -- If you enable this policy setting, scripts for the location feature will not run. +- If you enable this policy setting, scripts for the location feature won't run. -- If you disable or do not configure this policy setting, all location scripts will run. +- If you disable or don't configure this policy setting, all location scripts will run. @@ -159,9 +159,9 @@ This policy setting turns off scripting for the location feature. This policy setting turns off scripting for the location feature. -- If you enable this policy setting, scripts for the location feature will not run. +- If you enable this policy setting, scripts for the location feature won't run. -- If you disable or do not configure this policy setting, all location scripts will run. +- If you disable or don't configure this policy setting, all location scripts will run. @@ -218,9 +218,9 @@ This policy setting turns off scripting for the location feature. This policy setting turns off the sensor feature for this computer. -- If you enable this policy setting, the sensor feature is turned off, and all programs on this computer cannot use the sensor feature. +- If you enable this policy setting, the sensor feature is turned off, and all programs on this computer can't use the sensor feature. -- If you disable or do not configure this policy setting, all programs on this computer can use the sensor feature. +- If you disable or don't configure this policy setting, all programs on this computer can use the sensor feature. @@ -277,9 +277,9 @@ This policy setting turns off the sensor feature for this computer. This policy setting turns off the sensor feature for this computer. -- If you enable this policy setting, the sensor feature is turned off, and all programs on this computer cannot use the sensor feature. +- If you enable this policy setting, the sensor feature is turned off, and all programs on this computer can't use the sensor feature. -- If you disable or do not configure this policy setting, all programs on this computer can use the sensor feature. +- If you disable or don't configure this policy setting, all programs on this computer can use the sensor feature. diff --git a/windows/client-management/mdm/policy-csp-admx-servermanager.md b/windows/client-management/mdm/policy-csp-admx-servermanager.md index 962fdb7a31..8e864a9933 100644 --- a/windows/client-management/mdm/policy-csp-admx-servermanager.md +++ b/windows/client-management/mdm/policy-csp-admx-servermanager.md @@ -41,9 +41,9 @@ ms.topic: reference This policy setting allows you to turn off the automatic display of the Manage Your Server page. -- If you enable this policy setting, the Manage Your Server page is not displayed each time an administrator logs on to the server. +- If you enable this policy setting, the Manage Your Server page isn't displayed each time an administrator logs on to the server. -- If you disable or do not configure this policy setting, the Manage Your Server page is displayed each time an administrator logs on to the server. However, if the administrator has selected the "Do not display this page at logon" option at the bottom of the Manage Your Server page, the page is not displayed. +- If you disable or don't configure this policy setting, the Manage Your Server page is displayed each time an administrator logs on to the server. However, if the administrator has selected the "Do not display this page at logon" option at the bottom of the Manage Your Server page, the page isn't displayed. @@ -102,11 +102,11 @@ This policy setting allows you to turn off the automatic display of the Manage Y This policy setting allows you to turn off the automatic display of the Initial Configuration Tasks window at logon on Windows Server 2008 and Windows Server 2008 R2. -- If you enable this policy setting, the Initial Configuration Tasks window is not displayed when an administrator logs on to the server. +- If you enable this policy setting, the Initial Configuration Tasks window isn't displayed when an administrator logs on to the server. - If you disable this policy setting, the Initial Configuration Tasks window is displayed when an administrator logs on to the server. -- If you do not configure this policy setting, the Initial Configuration Tasks window is displayed when an administrator logs on to the server. However, if an administrator selects the "Do not show this window at logon" option, the window is not displayed on subsequent logons. +- If you don't configure this policy setting, the Initial Configuration Tasks window is displayed when an administrator logs on to the server. However, if an administrator selects the "Do not show this window at logon" option, the window isn't displayed on subsequent logons. @@ -163,11 +163,11 @@ This policy setting allows you to turn off the automatic display of the Initial This policy setting allows you to turn off the automatic display of Server Manager at logon. -- If you enable this policy setting, Server Manager is not displayed automatically when a user logs on to the server. +- If you enable this policy setting, Server Manager isn't displayed automatically when a user logs on to the server. - If you disable this policy setting, Server Manager is displayed automatically when a user logs on to the server. -- If you do not configure this policy setting, Server Manager is displayed when a user logs on to the server. However, if the "Do not show me this console at logon" (Windows Server 2008 and Windows Server 2008 R2) or "Do not start Server Manager automatically at logon" (Windows Server 2012) option is selected, the console is not displayed automatically at logon. +- If you don't configure this policy setting, Server Manager is displayed when a user logs on to the server. However, if the "Do not show me this console at logon" (Windows Server 2008 and Windows Server 2008 R2) or "Do not start Server Manager automatically at logon" (Windows Server 2012) option is selected, the console isn't displayed automatically at logon. > [!NOTE] > Regardless of the status of this policy setting, Server Manager is available from the Start menu or the Windows taskbar. @@ -227,10 +227,10 @@ This policy setting allows you to turn off the automatic display of Server Manag This policy setting allows you to set the refresh interval for Server Manager. Each refresh provides Server Manager with updated information about which roles and features are installed on servers that you are managing by using Server Manager. Server Manager also monitors the status of roles and features installed on managed servers. -- If you enable this policy setting, Server Manager uses the refresh interval specified in the policy setting instead of the "Configure Refresh Interval" setting (in Windows Server 2008 and Windows Server 2008 R2), or the "Refresh the data shown in Server Manager every [x] [minutes/hours/days]" setting (in Windows Server 2012) that is configured in the Server Manager console. +- If you enable this policy setting, Server Manager uses the refresh interval specified in the policy setting instead of the "Configure Refresh Interval" setting (in Windows Server 2008 and Windows Server 2008 R2), or the "Refresh the data shown in Server Manager every [x] [minutes/hours/days]" setting (in Windows Server 2012) that's configured in the Server Manager console. -- If you disable this policy setting, Server Manager does not refresh automatically. -- If you do not configure this policy setting, Server Manager uses the refresh interval settings that are specified in the Server Manager console. +- If you disable this policy setting, Server Manager doesn't refresh automatically. +- If you don't configure this policy setting, Server Manager uses the refresh interval settings that are specified in the Server Manager console. > [!NOTE] > The default refresh interval for Server Manager is two minutes in Windows Server 2008 and Windows Server 2008 R2, or 10 minutes in Windows Server 2012. diff --git a/windows/client-management/mdm/policy-csp-admx-servicing.md b/windows/client-management/mdm/policy-csp-admx-servicing.md index 25cfbbfe49..42f2718866 100644 --- a/windows/client-management/mdm/policy-csp-admx-servicing.md +++ b/windows/client-management/mdm/policy-csp-admx-servicing.md @@ -43,9 +43,9 @@ This policy setting specifies the network locations that will be used for the re - If you enable this policy setting and specify the new location, the files in that location will be used to repair operating system corruption and for enabling optional features that have had their payload files removed. You must enter the fully qualified path to the new location in the "Alternate source file path" text box. Multiple locations can be specified when each path is separated by a semicolon. -The network location can be either a folder, or a WIM file. If it is a WIM file, the location should be specified by prefixing the path with "wim:" and include the index of the image to use in the WIM file. For example "wim:\\server\share\install.wim:3". +The network location can be either a folder, or a WIM file. If it's a WIM file, the location should be specified by prefixing the path with "wim:" and include the index of the image to use in the WIM file. For example "wim:\\server\share\install.wim:3". -- If you disable or do not configure this policy setting, or if the required files cannot be found at the locations specified in this policy setting, the files will be downloaded from Windows Update, if that is allowed by the policy settings for the computer. +- If you disable or don't configure this policy setting, or if the required files can't be found at the locations specified in this policy setting, the files will be downloaded from Windows Update, if that's allowed by the policy settings for the computer. diff --git a/windows/client-management/mdm/policy-csp-admx-settingsync.md b/windows/client-management/mdm/policy-csp-admx-settingsync.md index 4bb765d516..de81e34abc 100644 --- a/windows/client-management/mdm/policy-csp-admx-settingsync.md +++ b/windows/client-management/mdm/policy-csp-admx-settingsync.md @@ -41,11 +41,11 @@ ms.topic: reference Prevent the "app settings" group from syncing to and from this PC. This turns off and disables the "app settings" group on the "sync your settings" page in PC settings. -If you enable this policy setting, the "app settings" group will not be synced. +If you enable this policy setting, the "app settings" group won't be synced. Use the option "Allow users to turn app settings syncing on" so that syncing it turned off by default but not disabled. -If you do not set or disable this setting, syncing of the "app settings" group is on by default and configurable by the user. +If you don't set or disable this setting, syncing of the "app settings" group is on by default and configurable by the user. @@ -102,11 +102,11 @@ If you do not set or disable this setting, syncing of the "app settings" group i Prevent the "AppSync" group from syncing to and from this PC. This turns off and disables the "AppSync" group on the "sync your settings" page in PC settings. -If you enable this policy setting, the "AppSync" group will not be synced. +If you enable this policy setting, the "AppSync" group won't be synced. Use the option "Allow users to turn app syncing on" so that syncing it turned off by default but not disabled. -If you do not set or disable this setting, syncing of the "AppSync" group is on by default and configurable by the user. +If you don't set or disable this setting, syncing of the "AppSync" group is on by default and configurable by the user. @@ -163,11 +163,11 @@ If you do not set or disable this setting, syncing of the "AppSync" group is on Prevent the "passwords" group from syncing to and from this PC. This turns off and disables the "passwords" group on the "sync your settings" page in PC settings. -If you enable this policy setting, the "passwords" group will not be synced. +If you enable this policy setting, the "passwords" group won't be synced. Use the option "Allow users to turn passwords syncing on" so that syncing it turned off by default but not disabled. -If you do not set or disable this setting, syncing of the "passwords" group is on by default and configurable by the user. +If you don't set or disable this setting, syncing of the "passwords" group is on by default and configurable by the user. @@ -224,11 +224,11 @@ If you do not set or disable this setting, syncing of the "passwords" group is o Prevent the "desktop personalization" group from syncing to and from this PC. This turns off and disables the "desktop personalization" group on the "sync your settings" page in PC settings. -If you enable this policy setting, the "desktop personalization" group will not be synced. +If you enable this policy setting, the "desktop personalization" group won't be synced. Use the option "Allow users to turn desktop personalization syncing on" so that syncing it turned off by default but not disabled. -If you do not set or disable this setting, syncing of the "desktop personalization" group is on by default and configurable by the user. +If you don't set or disable this setting, syncing of the "desktop personalization" group is on by default and configurable by the user. @@ -285,11 +285,11 @@ If you do not set or disable this setting, syncing of the "desktop personalizati Prevent the "personalize" group from syncing to and from this PC. This turns off and disables the "personalize" group on the "sync your settings" page in PC settings. -If you enable this policy setting, the "personalize" group will not be synced. +If you enable this policy setting, the "personalize" group won't be synced. Use the option "Allow users to turn personalize syncing on" so that syncing it turned off by default but not disabled. -If you do not set or disable this setting, syncing of the "personalize" group is on by default and configurable by the user. +If you don't set or disable this setting, syncing of the "personalize" group is on by default and configurable by the user. @@ -350,7 +350,7 @@ If you enable this policy setting, "sync your settings" will be turned off, and Use the option "Allow users to turn syncing on" so that syncing it turned off by default but not disabled. -If you do not set or disable this setting, "sync your settings" is on by default and configurable by the user. +If you don't set or disable this setting, "sync your settings" is on by default and configurable by the user. @@ -407,11 +407,11 @@ If you do not set or disable this setting, "sync your settings" is on by default Prevent the "Start layout" group from syncing to and from this PC. This turns off and disables the "Start layout" group on the "sync your settings" page in PC settings. -If you enable this policy setting, the "Start layout" group will not be synced. +If you enable this policy setting, the "Start layout" group won't be synced. Use the option "Allow users to turn start syncing on" so that syncing is turned off by default but not disabled. -If you do not set or disable this setting, syncing of the "Start layout" group is on by default and configurable by the user. +If you don't set or disable this setting, syncing of the "Start layout" group is on by default and configurable by the user. @@ -470,7 +470,7 @@ Prevent syncing to and from this PC when on metered Internet connections. This t If you enable this policy setting, syncing on metered connections will be turned off, and no syncing will take place when this PC is on a metered connection. -If you do not set or disable this setting, syncing on metered connections is configurable by the user. +If you don't set or disable this setting, syncing on metered connections is configurable by the user. @@ -527,11 +527,11 @@ If you do not set or disable this setting, syncing on metered connections is con Prevent the "Other Windows settings" group from syncing to and from this PC. This turns off and disables the "Other Windows settings" group on the "sync your settings" page in PC settings. -If you enable this policy setting, the "Other Windows settings" group will not be synced. +If you enable this policy setting, the "Other Windows settings" group won't be synced. Use the option "Allow users to turn other Windows settings syncing on" so that syncing it turned off by default but not disabled. -If you do not set or disable this setting, syncing of the "Other Windows settings" group is on by default and configurable by the user. +If you don't set or disable this setting, syncing of the "Other Windows settings" group is on by default and configurable by the user. diff --git a/windows/client-management/mdm/policy-csp-admx-sharedfolders.md b/windows/client-management/mdm/policy-csp-admx-sharedfolders.md index 7a2851ac66..316e955dd2 100644 --- a/windows/client-management/mdm/policy-csp-admx-sharedfolders.md +++ b/windows/client-management/mdm/policy-csp-admx-sharedfolders.md @@ -41,12 +41,12 @@ ms.topic: reference This policy setting determines whether the user can publish DFS roots in Active Directory Domain Services (AD DS). -- If you enable or do not configure this policy setting, users can use the "Publish in Active Directory" option to publish DFS roots as shared folders in AD DS . +- If you enable or don't configure this policy setting, users can use the "Publish in Active Directory" option to publish DFS roots as shared folders in AD DS . -- If you disable this policy setting, users cannot publish DFS roots in AD DS and the "Publish in Active Directory" option is disabled. +- If you disable this policy setting, users can't publish DFS roots in AD DS and the "Publish in Active Directory" option is disabled. > [!NOTE] -> The default is to allow shared folders to be published when this setting is not configured. +> The default is to allow shared folders to be published when this setting isn't configured. @@ -103,12 +103,12 @@ This policy setting determines whether the user can publish DFS roots in Active This policy setting determines whether the user can publish shared folders in Active Directory Domain Services (AD DS). -- If you enable or do not configure this policy setting, users can use the "Publish in Active Directory" option in the Shared Folders snap-in to publish shared folders in AD DS. +- If you enable or don't configure this policy setting, users can use the "Publish in Active Directory" option in the Shared Folders snap-in to publish shared folders in AD DS. -- If you disable this policy setting, users cannot publish shared folders in AD DS, and the "Publish in Active Directory" option is disabled. +- If you disable this policy setting, users can't publish shared folders in AD DS, and the "Publish in Active Directory" option is disabled. > [!NOTE] -> The default is to allow shared folders to be published when this setting is not configured. +> The default is to allow shared folders to be published when this setting isn't configured. diff --git a/windows/client-management/mdm/policy-csp-admx-sharing.md b/windows/client-management/mdm/policy-csp-admx-sharing.md index ec05b442eb..cf95b1984b 100644 --- a/windows/client-management/mdm/policy-csp-admx-sharing.md +++ b/windows/client-management/mdm/policy-csp-admx-sharing.md @@ -41,11 +41,11 @@ ms.topic: reference This policy setting specifies whether users can add computers to a homegroup. By default, users can add their computer to a homegroup on a private network. -- If you enable this policy setting, users cannot add computers to a homegroup. This policy setting does not affect other network sharing features. +- If you enable this policy setting, users can't add computers to a homegroup. This policy setting doesn't affect other network sharing features. -- If you disable or do not configure this policy setting, users can add computers to a homegroup. However, data on a domain-joined computer is not shared with the homegroup. +- If you disable or don't configure this policy setting, users can add computers to a homegroup. However, data on a domain-joined computer isn't shared with the homegroup. -This policy setting is not configured by default. +This policy setting isn't configured by default. You must restart the computer for this policy setting to take effect. @@ -104,7 +104,7 @@ You must restart the computer for this policy setting to take effect. This policy setting specifies whether users can share files within their profile. By default users are allowed to share files within their profile to other users on their network after an administrator opts in the computer. An administrator can opt in the computer by using the sharing wizard to share a file within their profile. -- If you enable this policy setting, users cannot share files within their profile using the sharing wizard. Also, the sharing wizard cannot create a share at %root%\users and can only be used to create SMB shares on folders. +- If you enable this policy setting, users can't share files within their profile using the sharing wizard. Also, the sharing wizard can't create a share at %root%\users and can only be used to create SMB shares on folders. - If you disable or don't configure this policy setting, users can share files out of their user profile after an administrator has opted in the computer. diff --git a/windows/client-management/mdm/policy-csp-admx-shellcommandpromptregedittools.md b/windows/client-management/mdm/policy-csp-admx-shellcommandpromptregedittools.md index f6a88eff78..9e2556c33d 100644 --- a/windows/client-management/mdm/policy-csp-admx-shellcommandpromptregedittools.md +++ b/windows/client-management/mdm/policy-csp-admx-shellcommandpromptregedittools.md @@ -43,10 +43,10 @@ This policy setting prevents users from running the interactive command prompt, - If you enable this policy setting and the user tries to open a command window, the system displays a message explaining that a setting prevents the action. -- If you disable this policy setting or do not configure it, users can run Cmd.exe and batch files normally. +- If you disable this policy setting or don't configure it, users can run Cmd.exe and batch files normally. > [!NOTE] -> Do not prevent the computer from running batch files if the computer uses logon, logoff, startup, or shutdown batch file scripts, or for users that use Remote Desktop Services. +> Don't prevent the computer from running batch files if the computer uses logon, logoff, startup, or shutdown batch file scripts, or for users that use Remote Desktop Services. @@ -104,7 +104,7 @@ Disables the Windows registry editor Regedit.exe. - If you enable this policy setting and the user tries to start Regedit.exe, a message appears explaining that a policy setting prevents the action. -- If you disable this policy setting or do not configure it, users can run Regedit.exe normally. +- If you disable this policy setting or don't configure it, users can run Regedit.exe normally. To prevent users from using other administrative tools, use the "Run only specified Windows applications" policy setting. @@ -162,11 +162,11 @@ To prevent users from using other administrative tools, use the "Run only specif Prevents Windows from running the programs you specify in this policy setting. -- If you enable this policy setting, users cannot run programs that you add to the list of disallowed applications. +- If you enable this policy setting, users can't run programs that you add to the list of disallowed applications. -- If you disable this policy setting or do not configure it, users can run any programs. +- If you disable this policy setting or don't configure it, users can run any programs. -This policy setting only prevents users from running programs that are started by the File Explorer process. It does not prevent users from running programs, such as Task Manager, which are started by the system process or by other processes. Also, if users have access to the command prompt (Cmd.exe), this policy setting does not prevent them from starting programs in the command window even though they would be prevented from doing so using File Explorer. +This policy setting only prevents users from running programs that are started by the File Explorer process. It doesn't prevent users from running programs, such as Task Manager, which are started by the system process or by other processes. Also, if users have access to the command prompt (Cmd.exe), this policy setting doesn't prevent them from starting programs in the command window even though they would be prevented from doing so using File Explorer. > [!NOTE] > Non-Microsoft applications with Windows 2000 or later certification are required to comply with this policy setting. @@ -231,9 +231,9 @@ Limits the Windows programs that users have permission to run on the computer. - If you enable this policy setting, users can only run programs that you add to the list of allowed applications. -- If you disable this policy setting or do not configure it, users can run all applications. +- If you disable this policy setting or don't configure it, users can run all applications. -This policy setting only prevents users from running programs that are started by the File Explorer process. It does not prevent users from running programs such as Task Manager, which are started by the system process or by other processes. Also, if users have access to the command prompt (Cmd.exe), this policy setting does not prevent them from starting programs in the command window even though they would be prevented from doing so using File Explorer. +This policy setting only prevents users from running programs that are started by the File Explorer process. It doesn't prevent users from running programs such as Task Manager, which are started by the system process or by other processes. Also, if users have access to the command prompt (Cmd.exe), this policy setting doesn't prevent them from starting programs in the command window even though they would be prevented from doing so using File Explorer. > [!NOTE] > Non-Microsoft applications with Windows 2000 or later certification are required to comply with this policy setting. diff --git a/windows/client-management/mdm/policy-csp-admx-smartcard.md b/windows/client-management/mdm/policy-csp-admx-smartcard.md index c74654191a..53fd4aca87 100644 --- a/windows/client-management/mdm/policy-csp-admx-smartcard.md +++ b/windows/client-management/mdm/policy-csp-admx-smartcard.md @@ -49,7 +49,7 @@ In versions of Windows prior to Windows Vista, smart card certificates that are - Certificates with an All Purpose EKU - Certificates with a Client Authentication EKU -- If you disable or do not configure this policy setting, only certificates that contain the smart card logon object identifier can be used to log on with a smart card. +- If you disable or don't configure this policy setting, only certificates that contain the smart card logon object identifier can be used to log on with a smart card. @@ -110,7 +110,7 @@ In order to use the integrated unblock feature your smart card must support this - If you enable this policy setting, the integrated unblock feature will be available. -- If you disable or do not configure this policy setting then the integrated unblock feature will not be available. +- If you disable or don't configure this policy setting then the integrated unblock feature won't be available. @@ -169,7 +169,7 @@ This policy setting lets you allow signature key-based certificates to be enumer - If you enable this policy setting then any certificates available on the smart card with a signature only key will be listed on the logon screen. -- If you disable or do not configure this policy setting, any available smart card signature key-based certificates will not be listed on the logon screen. +- If you disable or don't configure this policy setting, any available smart card signature key-based certificates won't be listed on the logon screen. @@ -228,9 +228,9 @@ This policy setting permits those certificates to be displayed for logon that ar Under previous versions of Microsoft Windows, certificates were required to contain a valid time and not be expired. The certificate must still be accepted by the domain controller in order to be used. This setting only controls the displaying of the certificate on the client machine. -- If you enable this policy setting certificates will be listed on the logon screen regardless of whether they have an invalid time or their time validity has expired. +- If you enable this policy setting certificates will be listed on the logon screen regardless of whether they've an invalid time or their time validity has expired. -- If you disable or do not configure this policy setting, certificates which are expired or not yet valid will not be listed on the logon screen. +- If you disable or don't configure this policy setting, certificates which are expired or not yet valid won't be listed on the logon screen. @@ -287,9 +287,9 @@ Under previous versions of Microsoft Windows, certificates were required to cont This policy setting allows you to manage the certificate propagation that occurs when a smart card is inserted. -- If you enable or do not configure this policy setting then certificate propagation will occur when you insert your smart card. +- If you enable or don't configure this policy setting then certificate propagation will occur when you insert your smart card. -- If you disable this policy setting, certificate propagation will not occur and the certificates will not be made available to applications such as Outlook. +- If you disable this policy setting, certificate propagation won't occur and the certificates won't be made available to applications such as Outlook. @@ -347,7 +347,7 @@ This policy setting allows you to manage the certificate propagation that occurs This policy setting allows you to manage the clean up behavior of root certificates. - If you enable this policy setting then root certificate cleanup will occur according to the option selected. -- If you disable or do not configure this setting then root certificate clean up will occur on log off. +- If you disable or don't configure this setting then root certificate clean up will occur on log off. @@ -403,12 +403,12 @@ This policy setting allows you to manage the clean up behavior of root certifica This policy setting allows you to manage the root certificate propagation that occurs when a smart card is inserted. -- If you enable or do not configure this policy setting then root certificate propagation will occur when you insert your smart card. +- If you enable or don't configure this policy setting then root certificate propagation will occur when you insert your smart card. > [!NOTE] > For this policy setting to work the following policy setting must also be enabled: Turn on certificate propagation from smart card. -- If you disable this policy setting then root certificates will not be propagated from the smart card. +- If you disable this policy setting then root certificates won't be propagated from the smart card. @@ -465,9 +465,9 @@ This policy setting allows you to manage the root certificate propagation that o This policy setting prevents plaintext PINs from being returned by Credential Manager. -- If you enable this policy setting, Credential Manager does not return a plaintext PIN. +- If you enable this policy setting, Credential Manager doesn't return a plaintext PIN. -- If you disable or do not configure this policy setting, plaintext PINs can be returned by Credential Manager. +- If you disable or don't configure this policy setting, plaintext PINs can be returned by Credential Manager. > [!NOTE] > Enabling this policy setting could prevent certain smart cards from working on Windows. Please consult your smart card manufacturer to find out whether you will be affected by this policy setting. @@ -529,13 +529,13 @@ This policy setting allows you to control whether elliptic curve cryptography (E - If you enable this policy setting, ECC certificates on a smart card can be used to log on to a domain. -- If you disable or do not configure this policy setting, ECC certificates on a smart card cannot be used to log on to a domain. +- If you disable or don't configure this policy setting, ECC certificates on a smart card can't be used to log on to a domain. > [!NOTE] -> This policy setting only affects a user's ability to log on to a domain. ECC certificates on a smart card that are used for other applications, such as document signing, are not affected by this policy setting. +> This policy setting only affects a user's ability to log on to a domain. ECC certificates on a smart card that are used for other applications, such as document signing, aren't affected by this policy setting. > [!NOTE] -> If you use an ECDSA key to log on, you must also have an associated ECDH key to permit logons when you are not connected to the network. +> If you use an ECDSA key to log on, you must also have an associated ECDH key to permit logons when you aren't connected to the network. @@ -592,14 +592,14 @@ This policy setting allows you to control whether elliptic curve cryptography (E This policy setting lets you configure if all your valid logon certificates are displayed. -During the certificate renewal period, a user can have multiple valid logon certificates issued from the same certificate template. This can cause confusion as to which certificate to select for logon. The common case for this behavior is when a certificate is renewed and the old one has not yet expired. Two certificates are determined to be the same if they are issued from the same template with the same major version and they are for the same user (determined by their UPN). +During the certificate renewal period, a user can have multiple valid logon certificates issued from the same certificate template. This can cause confusion as to which certificate to select for logon. The common case for this behavior is when a certificate is renewed and the old one hasn't yet expired. Two certificates are determined to be the same if they're issued from the same template with the same major version and they're for the same user (determined by their UPN). -If there are two or more of the "same" certificate on a smart card and this policy is enabled then the certificate that is used for logon on Windows 2000, Windows XP, and Windows 2003 Server will be shown, otherwise the certificate with the expiration time furthest in the future will be shown. +If there are two or more of the "same" certificate on a smart card and this policy is enabled then the certificate that's used for logon on Windows 2000, Windows XP, and Windows 2003 Server will be shown, otherwise the certificate with the expiration time furthest in the future will be shown. > [!NOTE] > This setting will be applied after the following policy: "Allow time invalid certificates" -- If you enable or do not configure this policy setting, filtering will take place. +- If you enable or don't configure this policy setting, filtering will take place. - If you disable this policy setting, no filtering will take place. @@ -662,7 +662,7 @@ During logon Windows will by default only read the default certificate from the - If you enable this setting, then Windows will attempt to read all certificates from the smart card regardless of the feature set of the CSP. -- If you disable or do not configure this setting, Windows will only attempt to read the default certificate from those cards that do not support retrieval of all certificates in a single call. Certificates other than the default will not be available for logon. +- If you disable or don't configure this setting, Windows will only attempt to read the default certificate from those cards that don't support retrieval of all certificates in a single call. Certificates other than the default won't be available for logon. @@ -724,7 +724,7 @@ This policy setting allows you to manage the displayed message when a smart card > [!NOTE] > The following policy setting must be enabled - Allow Integrated Unblock screen to be displayed at the time of logon. -- If you disable or do not configure this policy setting, the default message will be displayed to the user when the smart card is blocked, if the integrated unblock feature is enabled. +- If you disable or don't configure this policy setting, the default message will be displayed to the user when the smart card is blocked, if the integrated unblock feature is enabled. @@ -778,11 +778,11 @@ This policy setting allows you to manage the displayed message when a smart card -This policy setting lets you reverse the subject name from how it is stored in the certificate when displaying it during logon. +This policy setting lets you reverse the subject name from how it's stored in the certificate when displaying it during logon. -By default the user principal name (UPN) is displayed in addition to the common name to help users distinguish one certificate from another. For example, if the certificate subject was CN=User1, OU=Users, DN=example, DN=com and had an UPN of user1@example.com then "User1" will be displayed along with "user1@example.com." If the UPN is not present then the entire subject name will be displayed. This setting controls the appearance of that subject name and might need to be adjusted per organization. +By default the user principal name (UPN) is displayed in addition to the common name to help users distinguish one certificate from another. For example, if the certificate subject was CN=User1, OU=Users, DN=example, DN=com and had an UPN of user1@example.com then "User1" will be displayed along with "user1@example.com." If the UPN isn't present then the entire subject name will be displayed. This setting controls the appearance of that subject name and might need to be adjusted per organization. -If you enable this policy setting or do not configure this setting, then the subject name will be reversed. +If you enable this policy setting or don't configure this setting, then the subject name will be reversed. If you disable , the subject name will be displayed as it appears in the certificate. @@ -841,9 +841,9 @@ If you disable , the subject name will be displayed as it appears in the certifi This policy setting allows you to control whether Smart Card Plug and Play is enabled. -- If you enable or do not configure this policy setting, Smart Card Plug and Play will be enabled and the system will attempt to install a Smart Card device driver when a card is inserted in a Smart Card Reader for the first time. +- If you enable or don't configure this policy setting, Smart Card Plug and Play will be enabled and the system will attempt to install a Smart Card device driver when a card is inserted in a Smart Card Reader for the first time. -- If you disable this policy setting, Smart Card Plug and Play will be disabled and a device driver will not be installed when a card is inserted in a Smart Card Reader. +- If you disable this policy setting, Smart Card Plug and Play will be disabled and a device driver won't be installed when a card is inserted in a Smart Card Reader. > [!NOTE] > This policy setting is applied only for smart cards that have passed the Windows Hardware Quality Labs (WHQL) testing process. @@ -903,9 +903,9 @@ This policy setting allows you to control whether Smart Card Plug and Play is en This policy setting allows you to control whether a confirmation message is displayed when a smart card device driver is installed. -- If you enable or do not configure this policy setting, a confirmation message will be displayed when a smart card device driver is installed. +- If you enable or don't configure this policy setting, a confirmation message will be displayed when a smart card device driver is installed. -- If you disable this policy setting, a confirmation message will not be displayed when a smart card device driver is installed. +- If you disable this policy setting, a confirmation message won't be displayed when a smart card device driver is installed. > [!NOTE] > This policy setting is applied only for smart cards that have passed the Windows Hardware Quality Labs (WHQL) testing process. @@ -967,7 +967,7 @@ This policy setting lets you determine whether an optional field will be display - If you enable this policy setting then an optional field that allows a user to enter their user name or user name and domain will be displayed. -- If you disable or do not configure this policy setting, an optional field that allows users to enter their user name or user name and domain will not be displayed. +- If you disable or don't configure this policy setting, an optional field that allows users to enter their user name or user name and domain won't be displayed. diff --git a/windows/client-management/mdm/policy-csp-admx-snmp.md b/windows/client-management/mdm/policy-csp-admx-snmp.md index 7dfc3ca114..3e8c855e69 100644 --- a/windows/client-management/mdm/policy-csp-admx-snmp.md +++ b/windows/client-management/mdm/policy-csp-admx-snmp.md @@ -47,15 +47,15 @@ A valid community is a community recognized by the SNMP service, while a communi - If you enable this policy setting, the SNMP agent only accepts requests from management systems within the communities it recognizes, and only SNMP Read operation is allowed for the community. -- If you disable or do not configure this policy setting, the SNMP service takes the Valid Communities configured on the local computer instead. +- If you disable or don't configure this policy setting, the SNMP service takes the Valid Communities configured on the local computer instead. -Best practice: For security purposes, it is recommended to restrict the HKLM\SOFTWARE\Policies\SNMP\Parameters\ValidCommunities key to allow only the local admin group full control. +Best practice: For security purposes, it's recommended to restrict the HKLM\SOFTWARE\Policies\SNMP\Parameters\ValidCommunities key to allow only the local admin group full control. > [!NOTE] -> It is good practice to use a cryptic community name. +> It's good practice to use a cryptic community name. > [!NOTE] -> This policy setting has no effect if the SNMP agent is not installed on the client computer. +> This policy setting has no effect if the SNMP agent isn't installed on the client computer. Also, see the other two SNMP settings: "Specify permitted managers" and "Specify trap configuration". @@ -119,12 +119,12 @@ The manager is located on the host computer on the network. The manager's role i - If you enable this policy setting, the SNMP agent only accepts requests from the list of permitted managers that you configure using this setting. -- If you disable or do not configure this policy setting, SNMP service takes the permitted managers configured on the local computer instead. +- If you disable or don't configure this policy setting, SNMP service takes the permitted managers configured on the local computer instead. -Best practice: For security purposes, it is recommended to restrict the HKLM\SOFTWARE\Policies\SNMP\Parameters\PermittedManagers key to allow only the local admin group full control. +Best practice: For security purposes, it's recommended to restrict the HKLM\SOFTWARE\Policies\SNMP\Parameters\PermittedManagers key to allow only the local admin group full control. > [!NOTE] -> This policy setting has no effect if the SNMP agent is not installed on the client computer. +> This policy setting has no effect if the SNMP agent isn't installed on the client computer. Also, see the other two SNMP policy settings: "Specify trap configuration" and "Specify Community Name". @@ -188,10 +188,10 @@ This policy setting allows you to configure the name of the hosts that receive t - If you enable this policy setting, the SNMP service sends trap messages to the hosts within the "public" community. -- If you disable or do not configure this policy setting, the SNMP service takes the trap configuration configured on the local computer instead. +- If you disable or don't configure this policy setting, the SNMP service takes the trap configuration configured on the local computer instead. > [!NOTE] -> This setting has no effect if the SNMP agent is not installed on the client computer. +> This setting has no effect if the SNMP agent isn't installed on the client computer. Also, see the other two SNMP settings: "Specify permitted managers" and "Specify Community Name". diff --git a/windows/client-management/mdm/policy-csp-admx-soundrec.md b/windows/client-management/mdm/policy-csp-admx-soundrec.md index 146454ae98..1e445c4bdb 100644 --- a/windows/client-management/mdm/policy-csp-admx-soundrec.md +++ b/windows/client-management/mdm/policy-csp-admx-soundrec.md @@ -43,9 +43,9 @@ Specifies whether Sound Recorder can run. Sound Recorder is a feature of Microsoft Windows Vista that can be used to record sound from an audio input device where the recorded sound is encoded and saved as an audio file. -- If you enable this policy setting, Sound Recorder will not run. +- If you enable this policy setting, Sound Recorder won't run. -- If you disable or do not configure this policy setting, Sound Recorder can be run. +- If you disable or don't configure this policy setting, Sound Recorder can be run. @@ -104,9 +104,9 @@ Specifies whether Sound Recorder can run. Sound Recorder is a feature of Microsoft Windows Vista that can be used to record sound from an audio input device where the recorded sound is encoded and saved as an audio file. -- If you enable this policy setting, Sound Recorder will not run. +- If you enable this policy setting, Sound Recorder won't run. -- If you disable or do not configure this policy setting, Sound Recorder can be run. +- If you disable or don't configure this policy setting, Sound Recorder can be run. diff --git a/windows/client-management/mdm/policy-csp-admx-srmfci.md b/windows/client-management/mdm/policy-csp-admx-srmfci.md index dee841dccf..37859d9add 100644 --- a/windows/client-management/mdm/policy-csp-admx-srmfci.md +++ b/windows/client-management/mdm/policy-csp-admx-srmfci.md @@ -39,13 +39,13 @@ ms.topic: reference -This policy setting specifies the message that users see when they are denied access to a file or folder. You can customize the Access Denied message to include additional text and links. You can also provide users with the ability to send an email to request access to the file or folder to which they were denied access. +This policy setting specifies the message that users see when they're denied access to a file or folder. You can customize the Access Denied message to include additional text and links. You can also provide users with the ability to send an email to request access to the file or folder to which they were denied access. - If you enable this policy setting, users receive a customized Access Denied message from the file servers on which this policy setting is applied. - If you disable this policy setting, users see a standard Access Denied message that doesn't provide any of the functionality controlled by this policy setting, regardless of the file server configuration. -- If you do not configure this policy setting, users see a standard Access Denied message unless the file server is configured to display the customized Access Denied message. By default, users see the standard Access Denied message. +- If you don't configure this policy setting, users see a standard Access Denied message unless the file server is configured to display the customized Access Denied message. By default, users see the standard Access Denied message. @@ -106,7 +106,7 @@ Administrators can define the properties for the organization by using Active Di - If you enable this policy setting, you can select which list of properties is available for classification on the affected computers. -- If you disable or do not configure this policy setting, the Global Resource Property List in AD DS provides the default set of properties. +- If you disable or don't configure this policy setting, the Global Resource Property List in AD DS provides the default set of properties. @@ -166,7 +166,7 @@ The Classification tab enables users to manually classify files by selecting pro - If you enable this policy setting, the Classification tab is displayed. -- If you disable or do not configure this policy setting, the Classification tab is hidden. +- If you disable or don't configure this policy setting, the Classification tab is hidden. diff --git a/windows/client-management/mdm/policy-csp-admx-startmenu.md b/windows/client-management/mdm/policy-csp-admx-startmenu.md index 45c00eb5aa..3d6e41a3f1 100644 --- a/windows/client-management/mdm/policy-csp-admx-startmenu.md +++ b/windows/client-management/mdm/policy-csp-admx-startmenu.md @@ -42,9 +42,9 @@ ms.topic: reference - If you enable this policy, a "Search the Internet" link is shown when the user performs a search in the start menu search box. This button launches the default browser with the search terms. -- If you disable this policy, there will not be a "Search the Internet" link when the user performs a search in the start menu search box. +- If you disable this policy, there won't be a "Search the Internet" link when the user performs a search in the start menu search box. -- If you do not configure this policy (default), there will not be a "Search the Internet" link on the start menu. +- If you don't configure this policy (default), there won't be a "Search the Internet" link on the start menu. @@ -103,18 +103,18 @@ Clear history of recently opened documents on exit. - If you enable this setting, the system deletes shortcuts to recently used document files when the user logs off. As a result, the Recent Items menu on the Start menu is always empty when the user logs on. In addition, recently and frequently used items in the Jump Lists off of programs in the Start Menu and Taskbar will be cleared when the user logs off. -- If you disable or do not configure this setting, the system retains document shortcuts, and when a user logs on, the Recent Items menu and the Jump Lists appear just as it did when the user logged off. +- If you disable or don't configure this setting, the system retains document shortcuts, and when a user logs on, the Recent Items menu and the Jump Lists appear just as it did when the user logged off. > [!NOTE] > The system saves document shortcuts in the user profile in the System-drive\Users\User-name\Recent folder. Also, see the "Remove Recent Items menu from Start Menu" and "Do not keep history of recently opened documents" policies in this folder. The system only uses this setting when neither of these related settings are selected. -This setting does not clear the list of recent files that Windows programs display at the bottom of the File menu. See the "Do not keep history of recently opened documents" setting. +This setting doesn't clear the list of recent files that Windows programs display at the bottom of the File menu. See the "Do not keep history of recently opened documents" setting. -This policy setting also does not hide document shortcuts displayed in the Open dialog box. See the "Hide the dropdown list of recent files" setting. +This policy setting also doesn't hide document shortcuts displayed in the Open dialog box. See the "Hide the dropdown list of recent files" setting. -This policy also does not clear items that the user may have pinned to the Jump Lists, or Tasks that the application has provided for their menu. See the "Do not allow pinning items in Jump Lists" setting. +This policy also doesn't clear items that the user may have pinned to the Jump Lists, or Tasks that the application has provided for their menu. See the "Do not allow pinning items in Jump Lists" setting. @@ -172,7 +172,7 @@ This policy also does not clear items that the user may have pinned to the Jump - If you enable this policy setting, the recent programs list in the start menu will be blank for each new user. -- If you disable or do not configure this policy, the start menu recent programs list will be pre-populated with programs for each new user. +- If you disable or don't configure this policy, the start menu recent programs list will be pre-populated with programs for each new user. @@ -230,9 +230,9 @@ This policy also does not clear items that the user may have pinned to the Jump - If you enable this setting, the system deletes tile notifications when the user logs on. As a result, the Tiles in the start view will always show their default content when the user logs on. In addition, any cached versions of these notifications will be cleared when the user logs on. -- If you disable or do not configure this setting, the system retains notifications, and when a user logs on, the tiles appear just as they did when the user logged off, including the history of previous notifications for each tile. +- If you disable or don't configure this setting, the system retains notifications, and when a user logs on, the tiles appear just as they did when the user logged off, including the history of previous notifications for each tile. -This setting does not prevent new notifications from appearing. See the "Turn off Application Notifications" setting to prevent new notifications. +This setting doesn't prevent new notifications from appearing. See the "Turn off Application Notifications" setting to prevent new notifications. @@ -407,15 +407,15 @@ This policy setting is only applied when the Apps view is set as the default vie -This policy only applies to the classic version of the start menu and does not affect the new style start menu. +This policy only applies to the classic version of the start menu and doesn't affect the new style start menu. Adds the "Log Off ``" item to the Start menu and prevents users from removing it. -- If you enable this setting, the Log Off `` item appears in the Start menu. This setting also removes the Display Logoff item from Start Menu Options. As a result, users cannot remove the Log Off `` item from the Start Menu. +- If you enable this setting, the Log Off `` item appears in the Start menu. This setting also removes the Display Logoff item from Start Menu Options. As a result, users can't remove the Log Off `` item from the Start Menu. -- If you disable this setting or do not configure it, users can use the Display Logoff item to add and remove the Log Off item. +- If you disable this setting or don't configure it, users can use the Display Logoff item to add and remove the Log Off item. -This setting affects the Start menu only. It does not affect the Log Off item on the Windows Security dialog box that appears when you press Ctrl+Alt+Del. +This setting affects the Start menu only. It doesn't affect the Log Off item on the Windows Security dialog box that appears when you press Ctrl+Alt+Del. > [!NOTE] > To add or remove the Log Off item on a computer, click Start, click Settings, click Taskbar and Start Menu, click the Start Menu Options tab, and then, in the Start Menu Settings box, click Display Logoff. @@ -542,7 +542,7 @@ This setting makes it easier for users to distinguish between programs that are Partially installed programs include those that a system administrator assigns using Windows Installer and those that users have configured for full installation upon first use. -If you disable this setting or do not configure it, all Start menu shortcuts appear as black text. +If you disable this setting or don't configure it, all Start menu shortcuts appear as black text. > [!NOTE] > Enabling this setting can make the Start menu slow to open. @@ -600,11 +600,11 @@ If you disable this setting or do not configure it, all Start menu shortcuts app -This policy setting prevents users from performing the following commands from the Windows security screen, the logon screen, and the Start menu: Shut Down, Restart, Sleep, and Hibernate. This policy setting does not prevent users from running Windows-based programs that perform these functions. +This policy setting prevents users from performing the following commands from the Windows security screen, the logon screen, and the Start menu: Shut Down, Restart, Sleep, and Hibernate. This policy setting doesn't prevent users from running Windows-based programs that perform these functions. - If you enable this policy setting, the shutdown, restart, sleep, and hibernate commands are removed from the Start menu. The Power button is also removed from the Windows Security screen, which appears when you press CTRL+ALT+DELETE, and from the logon screen. -- If you disable or do not configure this policy setting, the Power button and the Shut Down, Restart, Sleep, and Hibernate commands are available on the Start menu. The Power button on the Windows Security and logon screens is also available. +- If you disable or don't configure this policy setting, the Power button and the Shut Down, Restart, Sleep, and Hibernate commands are available on the Start menu. The Power button on the Windows Security and logon screens is also available. @@ -661,9 +661,9 @@ This policy setting prevents users from performing the following commands from t Disables personalized menus. -Windows personalizes long menus by moving recently used items to the top of the menu and hiding items that have not been used recently. Users can display the hidden items by clicking an arrow to extend the menu. +Windows personalizes long menus by moving recently used items to the top of the menu and hiding items that haven't been used recently. Users can display the hidden items by clicking an arrow to extend the menu. -If you enable this setting, the system does not personalize menus. All menu items appear and remain in standard order. Also, this setting removes the "Use Personalized Menus" option so users do not try to change the setting while a setting is in effect. +If you enable this setting, the system doesn't personalize menus. All menu items appear and remain in standard order. Also, this setting removes the "Use Personalized Menus" option so users don't try to change the setting while a setting is in effect. > [!NOTE] > Personalized menus require user tracking. If you enable the "Turn off user tracking" setting, the system disables user tracking and personalized menus and ignores this setting. @@ -726,14 +726,14 @@ If you enable this setting, the system does not personalize menus. All menu item This setting affects the taskbar, which is used to switch between running applications. -The taskbar includes the Start button, list of currently running tasks, and the notification area. By default, the taskbar is located at the bottom of the screen, but it can be dragged to any side of the screen. When it is locked, it cannot be moved or resized. +The taskbar includes the Start button, list of currently running tasks, and the notification area. By default, the taskbar is located at the bottom of the screen, but it can be dragged to any side of the screen. When it's locked, it can't be moved or resized. - If you enable this setting, it prevents the user from moving or resizing the taskbar. While the taskbar is locked, auto-hide and other taskbar options are still available in Taskbar properties. -- If you disable this setting or do not configure it, the user can configure the taskbar position. +- If you disable this setting or don't configure it, the user can configure the taskbar position. > [!NOTE] -> Enabling this setting also locks the QuickLaunch bar and any other toolbars that the user has on their taskbar. The toolbar's position is locked, and the user cannot show and hide various toolbars using the taskbar context menu. +> Enabling this setting also locks the QuickLaunch bar and any other toolbars that the user has on their taskbar. The toolbar's position is locked, and the user can't show and hide various toolbars using the taskbar context menu. @@ -790,7 +790,7 @@ The taskbar includes the Start button, list of currently running tasks, and the Lets users run a 16-bit program in a dedicated (not shared) Virtual DOS Machine (VDM) process. -All DOS and 16-bit programs run on Windows 2000 Professional and Windows XP Professional in the Windows Virtual DOS Machine program. VDM simulates a 16-bit environment, complete with the DLLs required by 16-bit programs. By default, all 16-bit programs run as threads in a single, shared VDM process. As such, they share the memory space allocated to the VDM process and cannot run simultaneously. +All DOS and 16-bit programs run on Windows 2000 Professional and Windows XP Professional in the Windows Virtual DOS Machine program. VDM simulates a 16-bit environment, complete with the DLLs required by 16-bit programs. By default, all 16-bit programs run as threads in a single, shared VDM process. As such, they share the memory space allocated to the VDM process and can't run simultaneously. Enabling this setting adds a check box to the Run dialog box, giving users the option of running a 16-bit program in its own dedicated NTVDM process. The additional check box is enabled only when a user enters a 16-bit program in the Run dialog box. @@ -855,7 +855,7 @@ The notification area is located in the task bar, generally at the bottom of the - If you disable this setting, the system notification area will always collapse notifications. -- If you do not configure it, the user can choose if they want notifications collapsed. +- If you don't configure it, the user can choose if they want notifications collapsed. @@ -914,9 +914,9 @@ Hides pop-up text on the Start menu and in the notification area. When you hold the cursor over an item on the Start menu or in the notification area, the system displays pop-up text providing additional information about the object. -- If you enable this setting, some of this pop-up text is not displayed. The pop-up text affected by this setting includes "Click here to begin" on the Start button, "Where have all my programs gone" on the Start menu, and "Where have my icons gone" in the notification area. +- If you enable this setting, some of this pop-up text isn't displayed. The pop-up text affected by this setting includes "Click here to begin" on the Start button, "Where have all my programs gone" on the Start menu, and "Where have my icons gone" in the notification area. -- If you disable this setting or do not configure it, all pop-up text is displayed on the Start menu and in the notification area. +- If you disable this setting or don't configure it, all pop-up text is displayed on the Start menu and in the notification area. @@ -979,7 +979,7 @@ This policy setting allows you to prevent users from changing their Start screen - If you enable this setting, you will prevent a user from selecting an app, resizing a tile, pinning/unpinning a tile or a secondary tile, entering the customize mode and rearranging tiles within Start and Apps. -- If you disable or do not configure this setting, you will allow a user to select an app, resize a tile, pin/unpin a tile or a secondary tile, enter the customize mode and rearrange tiles within Start and Apps. +- If you disable or don't configure this setting, you will allow a user to select an app, resize a tile, pin/unpin a tile or a secondary tile, enter the customize mode and rearrange tiles within Start and Apps. @@ -1034,11 +1034,11 @@ This policy setting allows you to prevent users from changing their Start screen -This policy setting prevents users from performing the following commands from the Start menu or Windows Security screen: Shut Down, Restart, Sleep, and Hibernate. This policy setting does not prevent users from running Windows-based programs that perform these functions. +This policy setting prevents users from performing the following commands from the Start menu or Windows Security screen: Shut Down, Restart, Sleep, and Hibernate. This policy setting doesn't prevent users from running Windows-based programs that perform these functions. - If you enable this policy setting, the Power button and the Shut Down, Restart, Sleep, and Hibernate commands are removed from the Start menu. The Power button is also removed from the Windows Security screen, which appears when you press CTRL+ALT+DELETE. -- If you disable or do not configure this policy setting, the Power button and the Shut Down, Restart, Sleep, and Hibernate commands are available on the Start menu. The Power button on the Windows Security screen is also available. +- If you disable or don't configure this policy setting, the Power button and the Shut Down, Restart, Sleep, and Hibernate commands are available on the Start menu. The Power button on the Windows Security screen is also available. > [!NOTE] > Third-party programs certified as compatible with Microsoft Windows Vista, Windows XP SP2, Windows XP SP1, Windows XP, or Windows 2000 Professional are required to support this policy setting. @@ -1158,12 +1158,12 @@ By default, the Programs menu contains items from the All Users profile and item Prevents users from adding the Favorites menu to the Start menu or classic Start menu. -- If you enable this setting, the Display Favorites item does not appear in the Advanced Start menu options box. +- If you enable this setting, the Display Favorites item doesn't appear in the Advanced Start menu options box. -- If you disable or do not configure this setting, the Display Favorite item is available. +- If you disable or don't configure this setting, the Display Favorite item is available. > [!NOTE] -> The Favorites menu does not appear on the Start menu by default. To display the Favorites menu, right-click Start, click Properties, and then click Customize. If you are using Start menu, click the Advanced tab, and then, under Start menu items, click the Favorites menu. If you are using the classic Start menu, click Display Favorites under Advanced Start menu options. +> The Favorites menu doesn't appear on the Start menu by default. To display the Favorites menu, right-click Start, click Properties, and then click Customize. If you are using Start menu, click the Advanced tab, and then, under Start menu items, click the Favorites menu. If you are using the classic Start menu, click Display Favorites under Advanced Start menu options. > [!NOTE] > The items that appear in the Favorites menu when you install Windows are pre-configured by the system to appeal to most users. However, users can add and remove items from this menu, and system administrators can create a customized Favorites menu for a user group. @@ -1224,18 +1224,18 @@ Prevents users from adding the Favorites menu to the Start menu or classic Start -This policy setting allows you to remove the Search link from the Start menu, and disables some File Explorer search elements. Note that this does not remove the search box from the new style Start menu. +This policy setting allows you to remove the Search link from the Start menu, and disables some File Explorer search elements. Note that this doesn't remove the search box from the new style Start menu. -- If you enable this policy setting, the Search item is removed from the Start menu and from the context menu that appears when you right-click the Start menu. Also, the system does not respond when users press the Application key (the key with the Windows logo)+ F. +- If you enable this policy setting, the Search item is removed from the Start menu and from the context menu that appears when you right-click the Start menu. Also, the system doesn't respond when users press the Application key (the key with the Windows logo)+ F. > [!NOTE] > Enabling this policy setting also prevents the user from using the F3 key. -In File Explorer, the Search item still appears on the Standard buttons toolbar, but the system does not respond when the user presses Ctrl+F. Also, Search does not appear in the context menu when you right-click an icon representing a drive or a folder. +In File Explorer, the Search item still appears on the Standard buttons toolbar, but the system doesn't respond when the user presses Ctrl+F. Also, Search doesn't appear in the context menu when you right-click an icon representing a drive or a folder. -This policy setting affects the specified user interface elements only. It does not affect Internet Explorer and does not prevent the user from using other methods to search. +This policy setting affects the specified user interface elements only. It doesn't affect Internet Explorer and doesn't prevent the user from using other methods to search. -- If you disable or do not configure this policy setting, the Search link is available from the Start menu. +- If you disable or don't configure this policy setting, the Search link is available from the Start menu. @@ -1291,9 +1291,9 @@ This policy setting affects the specified user interface elements only. It does -- If you enable this policy the start menu will not show a link to the Games folder. +- If you enable this policy the start menu won't show a link to the Games folder. -- If you disable or do not configure this policy, the start menu will show a link to the Games folder, unless the user chooses to remove it in the start menu control panel. +- If you disable or don't configure this policy, the start menu will show a link to the Games folder, unless the user chooses to remove it in the start menu control panel. @@ -1352,9 +1352,9 @@ This policy setting allows you to remove the Help command from the Start menu. - If you enable this policy setting, the Help command is removed from the Start menu. -- If you disable or do not configure this policy setting, the Help command is available from the Start menu. +- If you disable or don't configure this policy setting, the Help command is available from the Start menu. -This policy setting only affects the Start menu. It does not remove the Help menu from File Explorer and does not prevent users from running Help. +This policy setting only affects the Start menu. It doesn't remove the Help menu from File Explorer and doesn't prevent users from running Help. @@ -1411,13 +1411,13 @@ This policy setting only affects the Start menu. It does not remove the Help men This policy setting allows you to turn off user tracking. -- If you enable this policy setting, the system does not track the programs that the user runs, and does not display frequently used programs in the Start Menu. +- If you enable this policy setting, the system doesn't track the programs that the user runs, and doesn't display frequently used programs in the Start Menu. -- If you disable or do not configure this policy setting, the system tracks the programs that the user runs. The system uses this information to customize Windows features, such as showing frequently used programs in the Start Menu. +- If you disable or don't configure this policy setting, the system tracks the programs that the user runs. The system uses this information to customize Windows features, such as showing frequently used programs in the Start Menu. Also, see these related policy settings: "Remove frequent programs liist from the Start Menu" and "Turn off personalized menus". -This policy setting does not prevent users from pinning programs to the Start Menu or Taskbar. See the "Remove pinned programs list from the Start Menu" and "Do not allow pinning programs to the Taskbar" policy settings. +This policy setting doesn't prevent users from pinning programs to the Start Menu or Taskbar. See the "Remove pinned programs list from the Start Menu" and "Do not allow pinning programs to the Taskbar" policy settings. @@ -1479,13 +1479,13 @@ This policy setting does not prevent users from pinning programs to the Start Me - If you enable this setting, the Start Menu will either collapse or remove the all apps list from the Start menu. -Selecting "Collapse" will not display the app list next to the pinned tiles in Start. An "All apps" button will be displayed on Start to open the all apps list. This is equivalent to setting the "Show app list in Start" in Settings to Off. +Selecting "Collapse" won't display the app list next to the pinned tiles in Start. An "All apps" button will be displayed on Start to open the all apps list. This is equivalent to setting the "Show app list in Start" in Settings to Off. -Selecting "Collapse and disable setting" will do the same as the collapse option and disable the "Show app list in Start menu" in Settings, so users cannot turn it to On. +Selecting "Collapse and disable setting" will do the same as the collapse option and disable the "Show app list in Start menu" in Settings, so users can't turn it to On. -Selecting "Remove and disable setting" will remove the all apps list from Start and disable the "Show app list in Start menu" in Settings, so users cannot turn it to On. Select this option for compatibility with earlier versions of Windows. +Selecting "Remove and disable setting" will remove the all apps list from Start and disable the "Show app list in Start menu" in Settings, so users can't turn it to On. Select this option for compatibility with earlier versions of Windows. -- If you disable or do not configure this setting, the all apps list will be visible by default, and the user can change "Show app list in Start" in Settings. +- If you disable or don't configure this setting, the all apps list will be visible by default, and the user can change "Show app list in Start" in Settings. @@ -1547,7 +1547,7 @@ Enabling this policy setting prevents the Network Connections folder from openin Network Connections still appears in Control Panel and in File Explorer, but if users try to start it, a message appears explaining that a setting prevents the action. -- If you disable or do not configure this policy setting, Network Connections is available from the Start Menu. +- If you disable or don't configure this policy setting, Network Connections is available from the Start Menu. Also, see the "Disable programs on Settings menu" and "Disable Control Panel" policy settings and the policy settings in the Network Connections folder (Computer Configuration and User Configuration\Administrative Templates\Network\Network Connections). @@ -1605,11 +1605,11 @@ Also, see the "Disable programs on Settings menu" and "Disable Control Panel" po -- If you enable this setting, the "Pinned Programs" list is removed from the Start menu. Users cannot pin programs to the Start menu. +- If you enable this setting, the "Pinned Programs" list is removed from the Start menu. Users can't pin programs to the Start menu. In Windows XP and Windows Vista, the Internet and email checkboxes are removed from the 'Customize Start Menu' dialog. -- If you disable this setting or do not configure it, the "Pinned Programs" list remains on the Start menu. Users can pin and unpin programs in the Start Menu. +- If you disable this setting or don't configure it, the "Pinned Programs" list remains on the Start menu. Users can pin and unpin programs in the Start Menu. @@ -1668,18 +1668,18 @@ Removes the Recent Items menu from the Start menu. Removes the Documents menu fr The Recent Items menu contains links to the non-program files that users have most recently opened. It appears so that users can easily reopen their documents. -If you enable this setting, the system saves document shortcuts but does not display the Recent Items menu in the Start Menu, and users cannot turn the menu on. +If you enable this setting, the system saves document shortcuts but doesn't display the Recent Items menu in the Start Menu, and users can't turn the menu on. If you later disable the setting, so that the Recent Items menu appears in the Start Menu, the document shortcuts saved before the setting was enabled and while it was in effect appear in the Recent Items menu. -When the setting is disabled, the Recent Items menu appears in the Start Menu, and users cannot remove it. +When the setting is disabled, the Recent Items menu appears in the Start Menu, and users can't remove it. -If the setting is not configured, users can turn the Recent Items menu on and off. +If the setting isn't configured, users can turn the Recent Items menu on and off. > [!NOTE] -> This setting does not prevent Windows programs from displaying shortcuts to recently opened documents. See the "Do not keep history of recently opened documents" setting. +> This setting doesn't prevent Windows programs from displaying shortcuts to recently opened documents. See the "Do not keep history of recently opened documents" setting. -This setting also does not hide document shortcuts displayed in the Open dialog box. See the "Hide the dropdown list of recent files" setting. +This setting also doesn't hide document shortcuts displayed in the Open dialog box. See the "Hide the dropdown list of recent files" setting. @@ -1736,12 +1736,12 @@ This setting also does not hide document shortcuts displayed in the Open dialog This policy setting prevents the system from conducting a comprehensive search of the target drive to resolve a shortcut. -- If you enable this policy setting, the system does not conduct the final drive search. It just displays a message explaining that the file is not found. +- If you enable this policy setting, the system doesn't conduct the final drive search. It just displays a message explaining that the file isn't found. -- If you disable or do not configure this policy setting, by default, when the system cannot find the target file for a shortcut (.lnk), it searches all paths associated with the shortcut. If the target file is located on an NTFS partition, the system then uses the target's file ID to find a path. If the resulting path is not correct, it conducts a comprehensive search of the target drive in an attempt to find the file. +- If you disable or don't configure this policy setting, by default, when the system can't find the target file for a shortcut (.lnk), it searches all paths associated with the shortcut. If the target file is located on an NTFS partition, the system then uses the target's file ID to find a path. If the resulting path isn't correct, it conducts a comprehensive search of the target drive in an attempt to find the file. > [!NOTE] -> This policy setting only applies to target files on NTFS partitions. FAT partitions do not have this ID tracking and search capability. +> This policy setting only applies to target files on NTFS partitions. FAT partitions don't have this ID tracking and search capability. Also, see the "Do not track Shell shortcuts during roaming" and the "Do not use the tracking-based method when resolving shell shortcuts" policy settings. @@ -1800,12 +1800,12 @@ Also, see the "Do not track Shell shortcuts during roaming" and the "Do not use This policy setting prevents the system from using NTFS tracking features to resolve a shortcut. -- If you enable this policy setting, the system does not try to locate the file by using its file ID. It skips this step and begins a comprehensive search of the drive specified in the target path. +- If you enable this policy setting, the system doesn't try to locate the file by using its file ID. It skips this step and begins a comprehensive search of the drive specified in the target path. -- If you disable or do not configure this policy setting, by default, when the system cannot find the target file for a shortcut (.lnk), it searches all paths associated with the shortcut. If the target file is located on an NTFS partition, the system then uses the target's file ID to find a path. If the resulting path is not correct, it conducts a comprehensive search of the target drive in an attempt to find the file. +- If you disable or don't configure this policy setting, by default, when the system can't find the target file for a shortcut (.lnk), it searches all paths associated with the shortcut. If the target file is located on an NTFS partition, the system then uses the target's file ID to find a path. If the resulting path isn't correct, it conducts a comprehensive search of the target drive in an attempt to find the file. > [!NOTE] -> This policy setting only applies to target files on NTFS partitions. FAT partitions do not have this ID tracking and search capability. +> This policy setting only applies to target files on NTFS partitions. FAT partitions don't have this ID tracking and search capability. Also, see the "Do not track Shell shortcuts during roaming" and the "Do not use the search-based method when resolving shell shortcuts" policy settings. @@ -1884,13 +1884,13 @@ Allows you to remove the Run command from the Start menu, Internet Explorer, and Also, users with extended keyboards will no longer be able to display the Run dialog box by pressing the Application key (the key with the Windows logo) + R. -- If you disable or do not configure this setting, users will be able to access the Run command in the Start menu and in Task Manager and use the Internet Explorer Address Bar. +- If you disable or don't configure this setting, users will be able to access the Run command in the Start menu and in Task Manager and use the Internet Explorer Address Bar. > [!NOTE] -> This setting affects the specified interface only. It does not prevent users from using other methods to run programs. +> This setting affects the specified interface only. It doesn't prevent users from using other methods to run programs. > [!NOTE] -> It is a requirement for third-party applications with Windows 2000 or later certification to adhere to this setting. +> It's a requirement for third-party applications with Windows 2000 or later certification to adhere to this setting. @@ -1946,9 +1946,9 @@ Also, users with extended keyboards will no longer be able to display the Run di -- If you enable this policy the start menu search box will not search for communications. +- If you enable this policy the start menu search box won't search for communications. -- If you disable or do not configure this policy, the start menu will search for communications, unless the user chooses not to in the start menu control panel. +- If you disable or don't configure this policy, the start menu will search for communications, unless the user chooses not to in the start menu control panel. @@ -2004,9 +2004,9 @@ Also, users with extended keyboards will no longer be able to display the Run di -- If you enable this policy, the "See all results" link will not be shown when the user performs a search in the start menu search box. +- If you enable this policy, the "See all results" link won't be shown when the user performs a search in the start menu search box. -- If you disable or do not configure this policy, the "See all results" link will be shown when the user performs a search in the start menu search box. +- If you disable or don't configure this policy, the "See all results" link will be shown when the user performs a search in the start menu search box. @@ -2062,9 +2062,9 @@ Also, users with extended keyboards will no longer be able to display the Run di -- If you enable this policy, a "See more results" / "Search Everywhere" link will not be shown when the user performs a search in the start menu search box. +- If you enable this policy, a "See more results" / "Search Everywhere" link won't be shown when the user performs a search in the start menu search box. -- If you disable or do not configure this policy, a "See more results" link will be shown when the user performs a search in the start menu search box. If a 3rd party protocol handler is installed, a "Search Everywhere" link will be shown instead of the "See more results" link. +- If you disable or don't configure this policy, a "See more results" link will be shown when the user performs a search in the start menu search box. If a 3rd party protocol handler is installed, a "Search Everywhere" link will be shown instead of the "See more results" link. @@ -2120,11 +2120,11 @@ Also, users with extended keyboards will no longer be able to display the Run di -- If you enable this policy setting the Start menu search box will not search for files. +- If you enable this policy setting the Start menu search box won't search for files. -- If you disable or do not configure this policy setting, the Start menu will search for files, unless the user chooses not to do so directly in Control Panel. +- If you disable or don't configure this policy setting, the Start menu will search for files, unless the user chooses not to do so directly in Control Panel. -- If you enable this policy, a "See more results" / "Search Everywhere" link will not be shown when the user performs a search in the start menu search box. +- If you enable this policy, a "See more results" / "Search Everywhere" link won't be shown when the user performs a search in the start menu search box. @@ -2180,9 +2180,9 @@ Also, users with extended keyboards will no longer be able to display the Run di -- If you enable this policy the start menu search box will not search for internet history or favorites. +- If you enable this policy the start menu search box won't search for internet history or favorites. -- If you disable or do not configure this policy, the start menu will search for for internet history or favorites, unless the user chooses not to in the start menu control panel. +- If you disable or don't configure this policy, the start menu will search for for internet history or favorites, unless the user chooses not to in the start menu control panel. @@ -2238,9 +2238,9 @@ Also, users with extended keyboards will no longer be able to display the Run di -- If you enable this policy setting the Start menu search box will not search for programs or Control Panel items. +- If you enable this policy setting the Start menu search box won't search for programs or Control Panel items. -- If you disable or do not configure this policy setting, the Start menu search box will search for programs and Control Panel items, unless the user chooses not to do so directly in Control Panel. +- If you disable or don't configure this policy setting, the Start menu search box will search for programs and Control Panel items, unless the user chooses not to do so directly in Control Panel. @@ -2301,7 +2301,7 @@ This policy setting allows you to remove programs on Settings menu. However, users can still start Control Panel items by using other methods, such as right-clicking the desktop to start Display or right-clicking Computer to start System. -- If you disable or do not configure this policy setting, the Control Panel, Printers, and Network and Connection folders from Settings are available on the Start menu, and from Computer and File Explorer. +- If you disable or don't configure this policy setting, the Control Panel, Printers, and Network and Connection folders from Settings are available on the Start menu, and from Computer and File Explorer. Also, see the "Disable Control Panel," "Disable Display in Control Panel," and "Remove Network Connections from Start Menu" policy settings. @@ -2368,7 +2368,7 @@ This policy setting allows you to prevent changes to Taskbar and Start Menu Sett If the user right-clicks the taskbar and then clicks Properties, a message appears explaining that a setting prevents the action. -- If you disable or do not configure this policy setting, the Taskbar and Start Menu items are available from Settings on the Start menu. +- If you disable or don't configure this policy setting, the Taskbar and Start Menu items are available from Settings on the Start menu. @@ -2429,10 +2429,10 @@ This policy setting allows you to remove the Default Programs link from the Star Clicking the Default Programs link from the Start menu opens the Default Programs control panel and provides administrators the ability to specify default programs for certain activities, such as Web browsing or sending e-mail, as well as which programs are accessible from the Start menu, desktop, and other locations. -- If you disable or do not configure this policy setting, the Default Programs link is available from the Start menu. +- If you disable or don't configure this policy setting, the Default Programs link is available from the Start menu. > [!NOTE] -> This policy setting does not prevent the Set Default Programs for This Computer option from appearing in the Default Programs control panel. +> This policy setting doesn't prevent the Set Default Programs for This Computer option from appearing in the Default Programs control panel. @@ -2489,12 +2489,12 @@ Clicking the Default Programs link from the Start menu opens the Default Program This policy setting allows you to remove the Documents icon from the Start menu and its submenus. -- If you enable this policy setting, the Documents icon is removed from the Start menu and its submenus. Enabling this policy setting only removes the icon. It does not prevent the user from using other methods to gain access to the contents of the Documents folder. +- If you enable this policy setting, the Documents icon is removed from the Start menu and its submenus. Enabling this policy setting only removes the icon. It doesn't prevent the user from using other methods to gain access to the contents of the Documents folder. > [!NOTE] > To make changes to this policy setting effective, you must log off and then log on. -- If you disable or do not configure this policy setting, he Documents icon is available from the Start menu. +- If you disable or don't configure this policy setting, he Documents icon is available from the Start menu. Also, see the "Remove Documents icon on the desktop" policy setting. @@ -2555,7 +2555,7 @@ This policy setting allows you to remove the Music icon from Start Menu. - If you enable this policy setting, the Music icon is no longer available from Start Menu. -- If you disable or do not configure this policy setting, the Music icon is available from Start Menu. +- If you disable or don't configure this policy setting, the Music icon is available from Start Menu. @@ -2614,7 +2614,7 @@ This policy setting allows you to remove the Network icon from Start Menu. - If you enable this policy setting, the Network icon is no longer available from Start Menu. -- If you disable or do not configure this policy setting, the Network icon is available from Start Menu. +- If you disable or don't configure this policy setting, the Network icon is available from Start Menu. @@ -2673,7 +2673,7 @@ This policy setting allows you to remove the Pictures icon from Start Menu. - If you enable this policy setting, the Pictures icon is no longer available from Start Menu. -- If you disable or do not configure this policy setting, the Pictures icon is available from Start Menu. +- If you disable or don't configure this policy setting, the Pictures icon is available from Start Menu. @@ -2730,9 +2730,9 @@ This policy setting allows you to remove the Pictures icon from Start Menu. This policy setting allows you to remove the Downloads link from the Start Menu. -- If you enable this policy setting, the Start Menu does not show a link to the Downloads folder. +- If you enable this policy setting, the Start Menu doesn't show a link to the Downloads folder. -- If you disable or do not configure this policy setting, the Downloads link is available from the Start Menu. +- If you disable or don't configure this policy setting, the Downloads link is available from the Start Menu. @@ -2788,9 +2788,9 @@ This policy setting allows you to remove the Downloads link from the Start Menu. -- If you enable this policy the Start menu will not show a link to Homegroup. It also removes the homegroup item from the Start Menu options. As a result, users cannot add the homegroup link to the Start Menu. +- If you enable this policy the Start menu won't show a link to Homegroup. It also removes the homegroup item from the Start Menu options. As a result, users can't add the homegroup link to the Start Menu. -- If you disable or do not configure this policy, users can use the Start Menu options to add or remove the homegroup link from the Start Menu. +- If you disable or don't configure this policy, users can use the Start Menu options to add or remove the homegroup link from the Start Menu. @@ -2847,9 +2847,9 @@ This policy setting allows you to remove the Downloads link from the Start Menu. This policy setting allows you to remove the Recorded TV link from the Start Menu. -- If you enable this policy setting, the Start Menu does not show a link to the Recorded TV library. +- If you enable this policy setting, the Start Menu doesn't show a link to the Recorded TV library. -- If you disable or do not configure this policy setting, the Recorded TV link is available from the Start Menu. +- If you disable or don't configure this policy setting, the Recorded TV link is available from the Start Menu. @@ -2912,7 +2912,7 @@ Note that this setting hides all user-specific folders, not just those associate - If you enable this setting, no folders appear on the top section of the Start menu. If users add folders to the Start Menu directory in their user profiles, the folders appear in the directory but not on the Start menu. -- If you disable this setting or do not configured it, Windows 2000 Professional and Windows XP Professional display folders on both sections of the Start menu. +- If you disable this setting or don't configured it, Windows 2000 Professional and Windows XP Professional display folders on both sections of the Start menu. @@ -2969,9 +2969,9 @@ Note that this setting hides all user-specific folders, not just those associate This policy setting allows you to remove the Videos link from the Start Menu. -- If you enable this policy setting, the Start Menu does not show a link to the Videos library. +- If you enable this policy setting, the Start Menu doesn't show a link to the Videos library. -- If you disable or do not configure this policy setting, the Videos link is available from the Start Menu. +- If you disable or don't configure this policy setting, the Videos link is available from the Start Menu. @@ -3034,7 +3034,7 @@ The classic Start menu in Windows 2000 Professional allows users to begin common - If you disable this setting, the Start menu only displays in the new style, meaning the desktop icons are now on the Start page. -- If you do not configure this setting, the default is the new style, and the user can change the view. +- If you don't configure this setting, the default is the new style, and the user can change the view. @@ -3091,9 +3091,9 @@ The classic Start menu in Windows 2000 Professional allows users to begin common Prevents the clock in the system notification area from being displayed. -- If you enable this setting, the clock will not be displayed in the system notification area. +- If you enable this setting, the clock won't be displayed in the system notification area. -- If you disable or do not configure this setting, the default behavior of the clock appearing in the notification area will occur. +- If you disable or don't configure this setting, the default behavior of the clock appearing in the notification area will occur. @@ -3154,7 +3154,7 @@ Taskbar grouping consolidates similar applications when there is no room on the - If you enable this setting, it prevents the taskbar from grouping items that share the same program name. By default, this setting is always enabled. -- If you disable or do not configure it, items on the taskbar that share the same program are grouped together. The users have the option to disable grouping if they choose. +- If you disable or don't configure it, items on the taskbar that share the same program are grouped together. The users have the option to disable grouping if they choose. @@ -3213,9 +3213,9 @@ This setting affects the taskbar. The taskbar includes the Start button, buttons for currently running tasks, custom toolbars, the notification area, and the system clock. Toolbars include Quick Launch, Address, Links, Desktop, and other custom toolbars created by the user or by an application. -- If this setting is enabled, the taskbar does not display any custom toolbars, and the user cannot add any custom toolbars to the taskbar. Moreover, the "Toolbars" menu command and submenu are removed from the context menu. The taskbar displays only the Start button, taskbar buttons, the notification area, and the system clock. +- If this setting is enabled, the taskbar doesn't display any custom toolbars, and the user can't add any custom toolbars to the taskbar. Moreover, the "Toolbars" menu command and submenu are removed from the context menu. The taskbar displays only the Start button, taskbar buttons, the notification area, and the system clock. -- If this setting is disabled or is not configured, the taskbar displays all toolbars. Users can add or remove custom toolbars, and the "Toolbars" command appears in the context menu. +- If this setting is disabled or isn't configured, the taskbar displays all toolbars. Users can add or remove custom toolbars, and the "Toolbars" command appears in the context menu. @@ -3278,9 +3278,9 @@ This policy setting allows you to remove access to the context menus for the tas - If you enable this policy setting, the menus that appear when you right-click the taskbar and items on the taskbar are hidden, such as the Start button, the clock, and the taskbar buttons. -- If you disable or do not configure this policy setting, the context menus for the taskbar are available. +- If you disable or don't configure this policy setting, the context menus for the taskbar are available. -This policy setting does not prevent users from using other methods to issue the commands that appear on these menus. +This policy setting doesn't prevent users from using other methods to issue the commands that appear on these menus. @@ -3341,7 +3341,7 @@ Description: The notification area is located at the far right end of the task b - If this setting is enabled, the user's entire notification area, including the notification icons, is hidden. The taskbar displays only the Start button, taskbar buttons, custom toolbars (if any), and the system clock. -- If this setting is disabled or is not configured, the notification area is shown in the user's taskbar. +- If this setting is disabled or isn't configured, the notification area is shown in the user's taskbar. > [!NOTE] > Enabling this setting overrides the "Turn off notification area cleanup" setting, because if the notification area is hidden, there is no need to clean up the icons. @@ -3404,9 +3404,9 @@ Description: The notification area is located at the far right end of the task b -- If you enable this setting, users cannot uninstall apps from Start. +- If you enable this setting, users can't uninstall apps from Start. -- If you disable this setting or do not configure it, users can access the uninstall command from Start. +- If you disable this setting or don't configure it, users can access the uninstall command from Start. @@ -3462,9 +3462,9 @@ Description: The notification area is located at the far right end of the task b -- If you enable this policy the start menu will not show a link to the user's storage folder. +- If you enable this policy the start menu won't show a link to the user's storage folder. -- If you disable or do not configure this policy, the start menu will display a link, unless the user chooses to remove it in the start menu control panel. +- If you disable or don't configure this policy, the start menu will display a link, unless the user chooses to remove it in the start menu control panel. @@ -3525,7 +3525,7 @@ This policy setting allows you to remove the user name label from the Start Menu To remove the user name folder on Windows Vista, set the "Remove user folder link from Start Menu" policy setting. -- If you disable or do not configure this policy setting, the user name label appears on the Start Menu in Windows XP and Windows Server 2003. +- If you disable or don't configure this policy setting, the user name label appears on the Start Menu in Windows XP and Windows Server 2003. @@ -3588,7 +3588,7 @@ Enabling this policy setting blocks user access to the Windows Update Web site a Windows Update, the online extension of Windows, offers software updates to keep a user's system up-to-date. The Windows Update Product Catalog determines any system files, security fixes, and Microsoft updates that users need and shows the newest versions available for download. -- If you disable or do not configure this policy setting, the Windows Update hyperlink is available from the Start menu and from the Tools menu in Internet Explorer. +- If you disable or don't configure this policy setting, the Windows Update hyperlink is available from the Start menu and from the Tools menu in Internet Explorer. Also, see the "Hide the "Add programs from Microsoft" option" policy setting. @@ -3649,9 +3649,9 @@ Set the default action of the power button on the Start menu. - If you enable this setting, the Start Menu will set the power button to the chosen action, and not let the user change this action. -If you set the button to either Sleep or Hibernate, and that state is not supported on a computer, then the button will fall back to Shut Down. +If you set the button to either Sleep or Hibernate, and that state isn't supported on a computer, then the button will fall back to Shut Down. -- If you disable or do not configure this setting, the Start Menu power button will be set to Shut Down by default, and the user can change this setting to another action. +- If you disable or don't configure this setting, the Start Menu power button will be set to Shut Down by default, and the user can change this setting to another action. @@ -3707,11 +3707,11 @@ If you set the button to either Sleep or Hibernate, and that state is not suppor This policy setting controls whether the QuickLaunch bar is displayed in the Taskbar. -- If you enable this policy setting, the QuickLaunch bar will be visible and cannot be turned off. +- If you enable this policy setting, the QuickLaunch bar will be visible and can't be turned off. -- If you disable this policy setting, the QuickLaunch bar will be hidden and cannot be turned on. +- If you disable this policy setting, the QuickLaunch bar will be hidden and can't be turned on. -- If you do not configure this policy setting, then users will be able to turn the QuickLaunch bar on and off. +- If you don't configure this policy setting, then users will be able to turn the QuickLaunch bar on and off. @@ -3767,9 +3767,9 @@ This policy setting controls whether the QuickLaunch bar is displayed in the Tas -- If you enable this setting, the "Undock PC" button is removed from the simple Start Menu, and your PC cannot be undocked. +- If you enable this setting, the "Undock PC" button is removed from the simple Start Menu, and your PC can't be undocked. -- If you disable this setting or do not configure it, the "Undock PC" button remains on the simple Start menu, and your PC can be undocked. +- If you disable this setting or don't configure it, the "Undock PC" button remains on the simple Start menu, and your PC can be undocked. @@ -3887,10 +3887,10 @@ This policy setting shows or hides the "Run as different user" command on the St - If you enable this setting, users can access the "Run as different user" command from Start for applications which support this functionality. -- If you disable this setting or do not configure it, users cannot access the "Run as different user" command from Start for any applications. +- If you disable this setting or don't configure it, users can't access the "Run as different user" command from Start for any applications. > [!NOTE] -> This setting does not prevent users from using other methods, such as the shift right-click menu on application's jumplists in the taskbar to issue the "Run as different user" command. +> This setting doesn't prevent users from using other methods, such as the shift right-click menu on application's jumplists in the taskbar to issue the "Run as different user" command. @@ -3947,7 +3947,7 @@ This policy setting shows or hides the "Run as different user" command on the St - If you enable this setting, the Run command is added to the Start menu. -- If you disable or do not configure this setting, the Run command is not visible on the Start menu by default, but it can be added from the Taskbar and Start menu properties. If the Remove Run link from Start Menu policy is set, the Add the Run command to the Start menu policy has no effect. +- If you disable or don't configure this setting, the Run command isn't visible on the Start menu by default, but it can be added from the Taskbar and Start menu properties. If the Remove Run link from Start Menu policy is set, the Add the Run command to the Start menu policy has no effect. @@ -4063,11 +4063,11 @@ This policy setting allows the Start screen to appear on the display the user is This policy setting allows you to removes the "Log Off ``" item from the Start menu and prevents users from restoring it. -- If you enable this policy setting, the Log Off `` item does not appear in the Start menu. This policy setting also removes the Display Logoff item from Start Menu Options. As a result, users cannot restore the Log Off `` item to the Start Menu. +- If you enable this policy setting, the Log Off `` item doesn't appear in the Start menu. This policy setting also removes the Display Logoff item from Start Menu Options. As a result, users can't restore the Log Off `` item to the Start Menu. -- If you disable or do not configure this policy setting, users can use the Display Logoff item to add and remove the Log Off item. +- If you disable or don't configure this policy setting, users can use the Display Logoff item to add and remove the Log Off item. -This policy setting affects the Start menu only. It does not affect the Log Off item on the Windows Security dialog box that appears when you press Ctrl+Alt+Del, and it does not prevent users from using other methods to log off. +This policy setting affects the Start menu only. It doesn't affect the Log Off item on the Windows Security dialog box that appears when you press Ctrl+Alt+Del, and it doesn't prevent users from using other methods to log off. > [!TIP] > To add or remove the Log Off item on a computer, click Start, click Settings, click Taskbar and Start Menu, click the Start Menu Options tab and, in the Start Menu Settings box, click Display Logoff. @@ -4131,7 +4131,7 @@ See also: "Remove Logoff" policy setting in User Configuration\Administrative Te -This policy setting allows pinning apps to Start by default, when they are included by AppID on the list. +This policy setting allows pinning apps to Start by default, when they're included by AppID on the list. diff --git a/windows/client-management/mdm/policy-csp-admx-systemrestore.md b/windows/client-management/mdm/policy-csp-admx-systemrestore.md index 6c5d9c2f06..1c5b268e45 100644 --- a/windows/client-management/mdm/policy-csp-admx-systemrestore.md +++ b/windows/client-management/mdm/policy-csp-admx-systemrestore.md @@ -47,7 +47,7 @@ System Restore enables users, in the event of a problem, to restore their comput - If you enable this policy setting, the option to configure System Restore through System Protection is disabled. -- If you disable or do not configure this policy setting, users can change the System Restore settings through System Protection. +- If you disable or don't configure this policy setting, users can change the System Restore settings through System Protection. Also, see the "Turn off System Restore" policy setting. If the "Turn off System Restore" policy setting is enabled, the "Turn off System Restore configuration" policy setting is overwritten. diff --git a/windows/client-management/mdm/policy-csp-admx-tabletpcinputpanel.md b/windows/client-management/mdm/policy-csp-admx-tabletpcinputpanel.md index 9c41ea1db3..730f255949 100644 --- a/windows/client-management/mdm/policy-csp-admx-tabletpcinputpanel.md +++ b/windows/client-management/mdm/policy-csp-admx-tabletpcinputpanel.md @@ -43,11 +43,11 @@ Turns off the integration of application auto complete lists with Tablet PC Inpu Tablet PC Input Panel is a Tablet PC accessory that enables you to use handwriting or an on-screen keyboard to enter text, symbols, numbers, or keyboard shortcuts. -- If you enable this policy, application auto complete lists will never appear next to Input Panel. Users will not be able to configure this setting in the Input Panel Options dialog box. +- If you enable this policy, application auto complete lists will never appear next to Input Panel. Users won't be able to configure this setting in the Input Panel Options dialog box. -- If you disable this policy, application auto complete lists will appear next to Input Panel in applications where the functionality is available. Users will not be able to configure this setting in the Input Panel Options dialog box. +- If you disable this policy, application auto complete lists will appear next to Input Panel in applications where the functionality is available. Users won't be able to configure this setting in the Input Panel Options dialog box. -- If you do not configure this policy, application auto complete lists will appear next to Input Panel in applications where the functionality is available. Users will be able to configure this setting on the Text completion tab in Input Panel Options. +- If you don't configure this policy, application auto complete lists will appear next to Input Panel in applications where the functionality is available. Users will be able to configure this setting on the Text completion tab in Input Panel Options. @@ -106,11 +106,11 @@ Turns off the integration of application auto complete lists with Tablet PC Inpu Tablet PC Input Panel is a Tablet PC accessory that enables you to use handwriting or an on-screen keyboard to enter text, symbols, numbers, or keyboard shortcuts. -- If you enable this policy, application auto complete lists will never appear next to Input Panel. Users will not be able to configure this setting in the Input Panel Options dialog box. +- If you enable this policy, application auto complete lists will never appear next to Input Panel. Users won't be able to configure this setting in the Input Panel Options dialog box. -- If you disable this policy, application auto complete lists will appear next to Input Panel in applications where the functionality is available. Users will not be able to configure this setting in the Input Panel Options dialog box. +- If you disable this policy, application auto complete lists will appear next to Input Panel in applications where the functionality is available. Users won't be able to configure this setting in the Input Panel Options dialog box. -- If you do not configure this policy, application auto complete lists will appear next to Input Panel in applications where the functionality is available. Users will be able to configure this setting on the Text completion tab in Input Panel Options. +- If you don't configure this policy, application auto complete lists will appear next to Input Panel in applications where the functionality is available. Users will be able to configure this setting on the Text completion tab in Input Panel Options. @@ -169,11 +169,11 @@ Prevents Input Panel tab from appearing on the edge of the Tablet PC screen. Tablet PC Input Panel is a Tablet PC accessory that enables you to use handwriting or an on-screen keyboard to enter text, symbols, numbers, or keyboard shortcuts. -- If you enable this policy, Input Panel tab will not appear on the edge of the Tablet PC screen. Users will not be able to configure this setting in the Input Panel Options dialog box. +- If you enable this policy, Input Panel tab won't appear on the edge of the Tablet PC screen. Users won't be able to configure this setting in the Input Panel Options dialog box. -- If you disable this policy, Input Panel tab will appear on the edge of the Tablet PC screen. Users will not be able to configure this setting in the Input Panel Options dialog box. +- If you disable this policy, Input Panel tab will appear on the edge of the Tablet PC screen. Users won't be able to configure this setting in the Input Panel Options dialog box. -- If you do not configure this policy, Input Panel tab will appear on the edge of the Tablet PC screen. Users will be able to configure this setting on the Opening tab in Input Panel Options. +- If you don't configure this policy, Input Panel tab will appear on the edge of the Tablet PC screen. Users will be able to configure this setting on the Opening tab in Input Panel Options. > [!CAUTION] > If you enable both the "Prevent Input Panel from appearing next to text entry areas" policy and the "Prevent Input Panel tab from appearing" policy, and disable the "Show Input Panel taskbar icon" policy, the user will then have no way to access Input Panel. @@ -235,11 +235,11 @@ Prevents Input Panel tab from appearing on the edge of the Tablet PC screen. Tablet PC Input Panel is a Tablet PC accessory that enables you to use handwriting or an on-screen keyboard to enter text, symbols, numbers, or keyboard shortcuts. -- If you enable this policy, Input Panel tab will not appear on the edge of the Tablet PC screen. Users will not be able to configure this setting in the Input Panel Options dialog box. +- If you enable this policy, Input Panel tab won't appear on the edge of the Tablet PC screen. Users won't be able to configure this setting in the Input Panel Options dialog box. -- If you disable this policy, Input Panel tab will appear on the edge of the Tablet PC screen. Users will not be able to configure this setting in the Input Panel Options dialog box. +- If you disable this policy, Input Panel tab will appear on the edge of the Tablet PC screen. Users won't be able to configure this setting in the Input Panel Options dialog box. -- If you do not configure this policy, Input Panel tab will appear on the edge of the Tablet PC screen. Users will be able to configure this setting on the Opening tab in Input Panel Options. +- If you don't configure this policy, Input Panel tab will appear on the edge of the Tablet PC screen. Users will be able to configure this setting on the Opening tab in Input Panel Options. > [!CAUTION] > If you enable both the "Prevent Input Panel from appearing next to text entry areas" policy and the "Prevent Input Panel tab from appearing" policy, and disable the "Show Input Panel taskbar icon" policy, the user will then have no way to access Input Panel. @@ -301,11 +301,11 @@ Prevents the Tablet PC Input Panel icon from appearing next to any text entry ar Tablet PC Input Panel is a Tablet PC accessory that enables you to use handwriting or an on-screen keyboard to enter text, symbols, numbers, or keyboard shortcuts. -- If you enable this policy, Input Panel will never appear next to text entry areas when using a tablet pen as an input device. Users will not be able to configure this setting in the Input Panel Options dialog box. +- If you enable this policy, Input Panel will never appear next to text entry areas when using a tablet pen as an input device. Users won't be able to configure this setting in the Input Panel Options dialog box. -- If you disable this policy, Input Panel will appear next to any text entry area in applications where this behavior is available. Users will not be able to configure this setting in the Input Panel Options dialog box. +- If you disable this policy, Input Panel will appear next to any text entry area in applications where this behavior is available. Users won't be able to configure this setting in the Input Panel Options dialog box. -- If you do not configure this policy, Input Panel will appear next to text entry areas in applications where this behavior is available. Users will be able to configure this setting on the Opening tab in Input Panel Options. +- If you don't configure this policy, Input Panel will appear next to text entry areas in applications where this behavior is available. Users will be able to configure this setting on the Opening tab in Input Panel Options. > [!CAUTION] > If you enable both the "Prevent Input Panel from appearing next to text entry areas" policy and the "Prevent Input Panel tab from appearing" policy, and disable the "Show Input Panel taskbar icon" policy, the user will then have no way to access Input Panel. @@ -367,11 +367,11 @@ Prevents the Tablet PC Input Panel icon from appearing next to any text entry ar Tablet PC Input Panel is a Tablet PC accessory that enables you to use handwriting or an on-screen keyboard to enter text, symbols, numbers, or keyboard shortcuts. -- If you enable this policy, Input Panel will never appear next to text entry areas when using a tablet pen as an input device. Users will not be able to configure this setting in the Input Panel Options dialog box. +- If you enable this policy, Input Panel will never appear next to text entry areas when using a tablet pen as an input device. Users won't be able to configure this setting in the Input Panel Options dialog box. -- If you disable this policy, Input Panel will appear next to any text entry area in applications where this behavior is available. Users will not be able to configure this setting in the Input Panel Options dialog box. +- If you disable this policy, Input Panel will appear next to any text entry area in applications where this behavior is available. Users won't be able to configure this setting in the Input Panel Options dialog box. -- If you do not configure this policy, Input Panel will appear next to text entry areas in applications where this behavior is available. Users will be able to configure this setting on the Opening tab in Input Panel Options. +- If you don't configure this policy, Input Panel will appear next to text entry areas in applications where this behavior is available. Users will be able to configure this setting on the Opening tab in Input Panel Options. > [!CAUTION] > If you enable both the "Prevent Input Panel from appearing next to text entry areas" policy and the "Prevent Input Panel tab from appearing" policy, and disable the "Show Input Panel taskbar icon" policy, the user will then have no way to access Input Panel. @@ -433,11 +433,11 @@ Prevents the Tablet PC Input Panel icon from appearing next to any text entry ar Tablet PC Input Panel is a Tablet PC accessory that enables you to use handwriting or an on-screen keyboard to enter text, symbols, numbers, or keyboard shortcuts. -- If you enable this policy, Input Panel will never appear next to any text entry area when a user is using touch input. Users will not be able to configure this setting in the Input Panel Options dialog box. +- If you enable this policy, Input Panel will never appear next to any text entry area when a user is using touch input. Users won't be able to configure this setting in the Input Panel Options dialog box. -- If you disable this policy, Input Panel will appear next to text entry areas in applications where this behavior is available. Users will not be able to configure this setting in the Input Panel Options dialog box. +- If you disable this policy, Input Panel will appear next to text entry areas in applications where this behavior is available. Users won't be able to configure this setting in the Input Panel Options dialog box. -- If you do not configure this policy, Input Panel will appear next to text entry areas in applications where this behavior is available. Users will be able to configure this setting on the Opening tab in Input Panel Options. +- If you don't configure this policy, Input Panel will appear next to text entry areas in applications where this behavior is available. Users will be able to configure this setting on the Opening tab in Input Panel Options. @@ -496,11 +496,11 @@ Prevents the Tablet PC Input Panel icon from appearing next to any text entry ar Tablet PC Input Panel is a Tablet PC accessory that enables you to use handwriting or an on-screen keyboard to enter text, symbols, numbers, or keyboard shortcuts. -- If you enable this policy, Input Panel will never appear next to any text entry area when a user is using touch input. Users will not be able to configure this setting in the Input Panel Options dialog box. +- If you enable this policy, Input Panel will never appear next to any text entry area when a user is using touch input. Users won't be able to configure this setting in the Input Panel Options dialog box. -- If you disable this policy, Input Panel will appear next to text entry areas in applications where this behavior is available. Users will not be able to configure this setting in the Input Panel Options dialog box. +- If you disable this policy, Input Panel will appear next to text entry areas in applications where this behavior is available. Users won't be able to configure this setting in the Input Panel Options dialog box. -- If you do not configure this policy, Input Panel will appear next to text entry areas in applications where this behavior is available. Users will be able to configure this setting on the Opening tab in Input Panel Options. +- If you don't configure this policy, Input Panel will appear next to text entry areas in applications where this behavior is available. Users will be able to configure this setting on the Opening tab in Input Panel Options. @@ -559,19 +559,19 @@ Adjusts password security settings in Touch Keyboard and Handwriting panel (a.k. Touch Keyboard and Handwriting panel enables you to use handwriting or an on-screen keyboard to enter text, symbols, numbers, or keyboard shortcuts. -- If you enable this policy and choose "Low" from the drop-down box, password security is set to "Low." At this setting, all password security settings are turned off. Users will not be able to configure this setting in the Input Panel Options dialog box. +- If you enable this policy and choose "Low" from the drop-down box, password security is set to "Low." At this setting, all password security settings are turned off. Users won't be able to configure this setting in the Input Panel Options dialog box. -- If you enable this policy and choose "Medium-Low" from the drop-down box, password security is set to "Medium-Low." At this setting, when users enter passwords from Input Panel they use the on-screen keyboard by default, skin switching is allowed, and Input Panel displays the cursor and which keys are tapped. Users will not be able to configure this setting in the Input Panel Options dialog box. +- If you enable this policy and choose "Medium-Low" from the drop-down box, password security is set to "Medium-Low." At this setting, when users enter passwords from Input Panel they use the on-screen keyboard by default, skin switching is allowed, and Input Panel displays the cursor and which keys are tapped. Users won't be able to configure this setting in the Input Panel Options dialog box. -- If you enable this policy and choose "Medium" from the drop-down box, password security is set to "Medium." At this setting, when users enter passwords from Input Panel they use the on-screen keyboard by default, skin switching is not allowed, and Input Panel displays the cursor and which keys are tapped. Users will not be able to configure this setting in the Input Panel Options dialog box. +- If you enable this policy and choose "Medium" from the drop-down box, password security is set to "Medium." At this setting, when users enter passwords from Input Panel they use the on-screen keyboard by default, skin switching isn't allowed, and Input Panel displays the cursor and which keys are tapped. Users won't be able to configure this setting in the Input Panel Options dialog box. -- If you enable this policy and choose to "Medium-High" from the drop-down box, password security is set to "Medium-High." At this setting, when users enter passwords from Input Panel they use the on-screen keyboard by default, skin switching is allowed, and Input Panel does not display the cursor or which keys are tapped. Users will not be able to configure this setting in the Input Panel Options dialog box. +- If you enable this policy and choose to "Medium-High" from the drop-down box, password security is set to "Medium-High." At this setting, when users enter passwords from Input Panel they use the on-screen keyboard by default, skin switching is allowed, and Input Panel doesn't display the cursor or which keys are tapped. Users won't be able to configure this setting in the Input Panel Options dialog box. -- If you enable this policy and choose "High" from the drop-down box, password security is set to "High." At this setting, when users enter passwords from Input Panel they use the on-screen keyboard by default, skin switching is not allowed, and Input Panel does not display the cursor or which keys are tapped. Users will not be able to configure this setting in the Input Panel Options dialog box. +- If you enable this policy and choose "High" from the drop-down box, password security is set to "High." At this setting, when users enter passwords from Input Panel they use the on-screen keyboard by default, skin switching isn't allowed, and Input Panel doesn't display the cursor or which keys are tapped. Users won't be able to configure this setting in the Input Panel Options dialog box. -- If you disable this policy, password security is set to "Medium-High." At this setting, when users enter passwords from Input Panel they use the on-screen keyboard by default, skin switching is allowed, and Input Panel does not display the cursor or which keys are tapped. Users will not be able to configure this setting in the Input Panel Options dialog box. +- If you disable this policy, password security is set to "Medium-High." At this setting, when users enter passwords from Input Panel they use the on-screen keyboard by default, skin switching is allowed, and Input Panel doesn't display the cursor or which keys are tapped. Users won't be able to configure this setting in the Input Panel Options dialog box. -- If you do not configure this policy, password security is set to "Medium-High" by default. At this setting, when users enter passwords from Input Panel they use the on-screen keyboard by default, skin switching is allowed, and Input Panel does not display the cursor or which keys are tapped. Users will be able to configure this setting on the Advanced tab in Input Panel Options in Windows 7 and Windows Vista. +- If you don't configure this policy, password security is set to "Medium-High" by default. At this setting, when users enter passwords from Input Panel they use the on-screen keyboard by default, skin switching is allowed, and Input Panel doesn't display the cursor or which keys are tapped. Users will be able to configure this setting on the Advanced tab in Input Panel Options in Windows 7 and Windows Vista. > [!CAUTION] > If you lower password security settings, people who can see the user's screen might be able to see their passwords. @@ -633,19 +633,19 @@ Adjusts password security settings in Touch Keyboard and Handwriting panel (a.k. Touch Keyboard and Handwriting panel enables you to use handwriting or an on-screen keyboard to enter text, symbols, numbers, or keyboard shortcuts. -- If you enable this policy and choose "Low" from the drop-down box, password security is set to "Low." At this setting, all password security settings are turned off. Users will not be able to configure this setting in the Input Panel Options dialog box. +- If you enable this policy and choose "Low" from the drop-down box, password security is set to "Low." At this setting, all password security settings are turned off. Users won't be able to configure this setting in the Input Panel Options dialog box. -- If you enable this policy and choose "Medium-Low" from the drop-down box, password security is set to "Medium-Low." At this setting, when users enter passwords from Input Panel they use the on-screen keyboard by default, skin switching is allowed, and Input Panel displays the cursor and which keys are tapped. Users will not be able to configure this setting in the Input Panel Options dialog box. +- If you enable this policy and choose "Medium-Low" from the drop-down box, password security is set to "Medium-Low." At this setting, when users enter passwords from Input Panel they use the on-screen keyboard by default, skin switching is allowed, and Input Panel displays the cursor and which keys are tapped. Users won't be able to configure this setting in the Input Panel Options dialog box. -- If you enable this policy and choose "Medium" from the drop-down box, password security is set to "Medium." At this setting, when users enter passwords from Input Panel they use the on-screen keyboard by default, skin switching is not allowed, and Input Panel displays the cursor and which keys are tapped. Users will not be able to configure this setting in the Input Panel Options dialog box. +- If you enable this policy and choose "Medium" from the drop-down box, password security is set to "Medium." At this setting, when users enter passwords from Input Panel they use the on-screen keyboard by default, skin switching isn't allowed, and Input Panel displays the cursor and which keys are tapped. Users won't be able to configure this setting in the Input Panel Options dialog box. -- If you enable this policy and choose to "Medium-High" from the drop-down box, password security is set to "Medium-High." At this setting, when users enter passwords from Input Panel they use the on-screen keyboard by default, skin switching is allowed, and Input Panel does not display the cursor or which keys are tapped. Users will not be able to configure this setting in the Input Panel Options dialog box. +- If you enable this policy and choose to "Medium-High" from the drop-down box, password security is set to "Medium-High." At this setting, when users enter passwords from Input Panel they use the on-screen keyboard by default, skin switching is allowed, and Input Panel doesn't display the cursor or which keys are tapped. Users won't be able to configure this setting in the Input Panel Options dialog box. -- If you enable this policy and choose "High" from the drop-down box, password security is set to "High." At this setting, when users enter passwords from Input Panel they use the on-screen keyboard by default, skin switching is not allowed, and Input Panel does not display the cursor or which keys are tapped. Users will not be able to configure this setting in the Input Panel Options dialog box. +- If you enable this policy and choose "High" from the drop-down box, password security is set to "High." At this setting, when users enter passwords from Input Panel they use the on-screen keyboard by default, skin switching isn't allowed, and Input Panel doesn't display the cursor or which keys are tapped. Users won't be able to configure this setting in the Input Panel Options dialog box. -- If you disable this policy, password security is set to "Medium-High." At this setting, when users enter passwords from Input Panel they use the on-screen keyboard by default, skin switching is allowed, and Input Panel does not display the cursor or which keys are tapped. Users will not be able to configure this setting in the Input Panel Options dialog box. +- If you disable this policy, password security is set to "Medium-High." At this setting, when users enter passwords from Input Panel they use the on-screen keyboard by default, skin switching is allowed, and Input Panel doesn't display the cursor or which keys are tapped. Users won't be able to configure this setting in the Input Panel Options dialog box. -- If you do not configure this policy, password security is set to "Medium-High" by default. At this setting, when users enter passwords from Input Panel they use the on-screen keyboard by default, skin switching is allowed, and Input Panel does not display the cursor or which keys are tapped. Users will be able to configure this setting on the Advanced tab in Input Panel Options in Windows 7 and Windows Vista. +- If you don't configure this policy, password security is set to "Medium-High" by default. At this setting, when users enter passwords from Input Panel they use the on-screen keyboard by default, skin switching is allowed, and Input Panel doesn't display the cursor or which keys are tapped. Users will be able to configure this setting on the Advanced tab in Input Panel Options in Windows 7 and Windows Vista. > [!CAUTION] > If you lower password security settings, people who can see the user's screen might be able to see their passwords. @@ -707,11 +707,11 @@ Prevents the Touch Keyboard and Handwriting panel (a.k.a. Tablet PC Input Panel Touch Keyboard and Handwriting panel enables you to use handwriting or an on-screen keyboard to enter text, symbols, numbers, or keyboard shortcuts. -- If you enable this policy, Input Panel will not provide text prediction suggestions. Users will not be able to configure this setting in the Input Panel Options dialog box. +- If you enable this policy, Input Panel won't provide text prediction suggestions. Users won't be able to configure this setting in the Input Panel Options dialog box. -- If you disable this policy, Input Panel will provide text prediction suggestions. Users will not be able to configure this setting in the Input Panel Options dialog box. +- If you disable this policy, Input Panel will provide text prediction suggestions. Users won't be able to configure this setting in the Input Panel Options dialog box. -- If you do not configure this policy, Input Panel will provide text prediction suggestions. Users will be able to configure this setting on the Text Completion tab in Input Panel Options in Windows 7 and Windows Vista. +- If you don't configure this policy, Input Panel will provide text prediction suggestions. Users will be able to configure this setting on the Text Completion tab in Input Panel Options in Windows 7 and Windows Vista. @@ -770,11 +770,11 @@ Prevents the Touch Keyboard and Handwriting panel (a.k.a. Tablet PC Input Panel Touch Keyboard and Handwriting panel enables you to use handwriting or an on-screen keyboard to enter text, symbols, numbers, or keyboard shortcuts. -- If you enable this policy, Input Panel will not provide text prediction suggestions. Users will not be able to configure this setting in the Input Panel Options dialog box. +- If you enable this policy, Input Panel won't provide text prediction suggestions. Users won't be able to configure this setting in the Input Panel Options dialog box. -- If you disable this policy, Input Panel will provide text prediction suggestions. Users will not be able to configure this setting in the Input Panel Options dialog box. +- If you disable this policy, Input Panel will provide text prediction suggestions. Users won't be able to configure this setting in the Input Panel Options dialog box. -- If you do not configure this policy, Input Panel will provide text prediction suggestions. Users will be able to configure this setting on the Text Completion tab in Input Panel Options in Windows 7 and Windows Vista. +- If you don't configure this policy, Input Panel will provide text prediction suggestions. Users will be able to configure this setting on the Text Completion tab in Input Panel Options in Windows 7 and Windows Vista. @@ -833,11 +833,11 @@ Includes rarely used Chinese, Kanji, and Hanja characters when handwriting is co Touch Keyboard and Handwriting panel (a.k.a. Tablet PC Input Panel in Windows 7 and Windows Vista) enables you to use handwriting or an on-screen keyboard to enter text, symbols, numbers, or keyboard shortcuts. -- If you enable this policy, rarely used Chinese, Kanji, and Hanja characters will be included in recognition results when handwriting is converted to typed text. Users will not be able to configure this setting in the Input Panel Options dialog box. +- If you enable this policy, rarely used Chinese, Kanji, and Hanja characters will be included in recognition results when handwriting is converted to typed text. Users won't be able to configure this setting in the Input Panel Options dialog box. -- If you disable this policy, rarely used Chinese, Kanji, and Hanja characters will not be included in recognition results when handwriting is converted to typed text. Users will not be able to configure this setting in the Input Panel Options dialog box. +- If you disable this policy, rarely used Chinese, Kanji, and Hanja characters won't be included in recognition results when handwriting is converted to typed text. Users won't be able to configure this setting in the Input Panel Options dialog box. -- If you do not configure this policy, rarely used Chinese, Kanji, and Hanja characters will not be included in recognition results when handwriting is converted to typed text. Users will be able to configure this setting on the Ink to text conversion tab in Input Panel Options (in Windows 7 and Windows Vista). +- If you don't configure this policy, rarely used Chinese, Kanji, and Hanja characters won't be included in recognition results when handwriting is converted to typed text. Users will be able to configure this setting on the Ink to text conversion tab in Input Panel Options (in Windows 7 and Windows Vista). @@ -896,11 +896,11 @@ Includes rarely used Chinese, Kanji, and Hanja characters when handwriting is co Touch Keyboard and Handwriting panel (a.k.a. Tablet PC Input Panel in Windows 7 and Windows Vista) enables you to use handwriting or an on-screen keyboard to enter text, symbols, numbers, or keyboard shortcuts. -- If you enable this policy, rarely used Chinese, Kanji, and Hanja characters will be included in recognition results when handwriting is converted to typed text. Users will not be able to configure this setting in the Input Panel Options dialog box. +- If you enable this policy, rarely used Chinese, Kanji, and Hanja characters will be included in recognition results when handwriting is converted to typed text. Users won't be able to configure this setting in the Input Panel Options dialog box. -- If you disable this policy, rarely used Chinese, Kanji, and Hanja characters will not be included in recognition results when handwriting is converted to typed text. Users will not be able to configure this setting in the Input Panel Options dialog box. +- If you disable this policy, rarely used Chinese, Kanji, and Hanja characters won't be included in recognition results when handwriting is converted to typed text. Users won't be able to configure this setting in the Input Panel Options dialog box. -- If you do not configure this policy, rarely used Chinese, Kanji, and Hanja characters will not be included in recognition results when handwriting is converted to typed text. Users will be able to configure this setting on the Ink to text conversion tab in Input Panel Options (in Windows 7 and Windows Vista). +- If you don't configure this policy, rarely used Chinese, Kanji, and Hanja characters won't be included in recognition results when handwriting is converted to typed text. Users will be able to configure this setting on the Ink to text conversion tab in Input Panel Options (in Windows 7 and Windows Vista). @@ -961,15 +961,15 @@ The tolerant gestures let users scratch out ink in Input Panel by using striketh Tablet PC Input Panel is a Tablet PC accessory that enables you to use handwriting or an on-screen keyboard to enter text, symbols, numbers, or keyboard shortcuts. -- If you enable this policy and choose "All" from the drop-down menu, no scratch-out gestures will be available in Input Panel. Users will not be able to configure this setting in the Input Panel Options dialog box. +- If you enable this policy and choose "All" from the drop-down menu, no scratch-out gestures will be available in Input Panel. Users won't be able to configure this setting in the Input Panel Options dialog box. -- If you enable this policy and choose "Tolerant," users will be able to use the Z-shaped scratch-out gesture that was available in Microsoft Windows XP Tablet PC Edition. Users will not be able to configure this setting in the Input Panel Options dialog box. +- If you enable this policy and choose "Tolerant," users will be able to use the Z-shaped scratch-out gesture that was available in Microsoft Windows XP Tablet PC Edition. Users won't be able to configure this setting in the Input Panel Options dialog box. -- If you enable this policy and choose "None," users will be able to use both the tolerant scratch-out gestures and the Z-shaped scratch-out gesture. Users will not be able to configure this setting in the Input Panel Options dialog box. +- If you enable this policy and choose "None," users will be able to use both the tolerant scratch-out gestures and the Z-shaped scratch-out gesture. Users won't be able to configure this setting in the Input Panel Options dialog box. -- If you disable this policy, users will be able to use both the tolerant scratch-out gestures and the Z-shaped scratch-out gesture. Users will not be able to configure this setting in the Input Panel Options dialog box. +- If you disable this policy, users will be able to use both the tolerant scratch-out gestures and the Z-shaped scratch-out gesture. Users won't be able to configure this setting in the Input Panel Options dialog box. -- If you do not configure this policy, users will be able to use both the tolerant scratch-out gestures and the Z-shaped scratch-out gesture. Users will be able to configure this setting on the Gestures tab in Input Panel Options. +- If you don't configure this policy, users will be able to use both the tolerant scratch-out gestures and the Z-shaped scratch-out gesture. Users will be able to configure this setting on the Gestures tab in Input Panel Options. @@ -1030,15 +1030,15 @@ The tolerant gestures let users scratch out ink in Input Panel by using striketh Tablet PC Input Panel is a Tablet PC accessory that enables you to use handwriting or an on-screen keyboard to enter text, symbols, numbers, or keyboard shortcuts. -- If you enable this policy and choose "All" from the drop-down menu, no scratch-out gestures will be available in Input Panel. Users will not be able to configure this setting in the Input Panel Options dialog box. +- If you enable this policy and choose "All" from the drop-down menu, no scratch-out gestures will be available in Input Panel. Users won't be able to configure this setting in the Input Panel Options dialog box. -- If you enable this policy and choose "Tolerant," users will be able to use the Z-shaped scratch-out gesture that was available in Microsoft Windows XP Tablet PC Edition. Users will not be able to configure this setting in the Input Panel Options dialog box. +- If you enable this policy and choose "Tolerant," users will be able to use the Z-shaped scratch-out gesture that was available in Microsoft Windows XP Tablet PC Edition. Users won't be able to configure this setting in the Input Panel Options dialog box. -- If you enable this policy and choose "None," users will be able to use both the tolerant scratch-out gestures and the Z-shaped scratch-out gesture. Users will not be able to configure this setting in the Input Panel Options dialog box. +- If you enable this policy and choose "None," users will be able to use both the tolerant scratch-out gestures and the Z-shaped scratch-out gesture. Users won't be able to configure this setting in the Input Panel Options dialog box. -- If you disable this policy, users will be able to use both the tolerant scratch-out gestures and the Z-shaped scratch-out gesture. Users will not be able to configure this setting in the Input Panel Options dialog box. +- If you disable this policy, users will be able to use both the tolerant scratch-out gestures and the Z-shaped scratch-out gesture. Users won't be able to configure this setting in the Input Panel Options dialog box. -- If you do not configure this policy, users will be able to use both the tolerant scratch-out gestures and the Z-shaped scratch-out gesture. Users will be able to configure this setting on the Gestures tab in Input Panel Options. +- If you don't configure this policy, users will be able to use both the tolerant scratch-out gestures and the Z-shaped scratch-out gesture. Users will be able to configure this setting on the Gestures tab in Input Panel Options. diff --git a/windows/client-management/mdm/policy-csp-admx-tabletshell.md b/windows/client-management/mdm/policy-csp-admx-tabletshell.md index 29755a3ef7..d54533ae26 100644 --- a/windows/client-management/mdm/policy-csp-admx-tabletshell.md +++ b/windows/client-management/mdm/policy-csp-admx-tabletshell.md @@ -41,11 +41,11 @@ ms.topic: reference Prevents start of InkBall game. -- If you enable this policy, the InkBall game will not run. +- If you enable this policy, the InkBall game won't run. - If you disable this policy, the InkBall game will run. -- If you do not configure this policy, the InkBall game will run. +- If you don't configure this policy, the InkBall game will run. @@ -102,11 +102,11 @@ Prevents start of InkBall game. Prevents start of InkBall game. -- If you enable this policy, the InkBall game will not run. +- If you enable this policy, the InkBall game won't run. - If you disable this policy, the InkBall game will run. -- If you do not configure this policy, the InkBall game will run. +- If you don't configure this policy, the InkBall game will run. @@ -163,11 +163,11 @@ Prevents start of InkBall game. Prevents start of Windows Journal. -- If you enable this policy, the Windows Journal accessory will not run. +- If you enable this policy, the Windows Journal accessory won't run. - If you disable this policy, the Windows Journal accessory will run. -- If you do not configure this policy, the Windows Journal accessory will run. +- If you don't configure this policy, the Windows Journal accessory will run. @@ -224,11 +224,11 @@ Prevents start of Windows Journal. Prevents start of Windows Journal. -- If you enable this policy, the Windows Journal accessory will not run. +- If you enable this policy, the Windows Journal accessory won't run. - If you disable this policy, the Windows Journal accessory will run. -- If you do not configure this policy, the Windows Journal accessory will run. +- If you don't configure this policy, the Windows Journal accessory will run. @@ -285,11 +285,11 @@ Prevents start of Windows Journal. Prevents printing to Journal Note Writer. -- If you enable this policy, the Journal Note Writer printer driver will not allow printing to it. It will remain displayed in the list of available printers, but attempts to print to it will fail. +- If you enable this policy, the Journal Note Writer printer driver won't allow printing to it. It will remain displayed in the list of available printers, but attempts to print to it will fail. - If you disable this policy, you will be able to use this feature to print to a Journal Note. -- If you do not configure this policy, users will be able to use this feature to print to a Journal Note. +- If you don't configure this policy, users will be able to use this feature to print to a Journal Note. @@ -346,11 +346,11 @@ Prevents printing to Journal Note Writer. Prevents printing to Journal Note Writer. -- If you enable this policy, the Journal Note Writer printer driver will not allow printing to it. It will remain displayed in the list of available printers, but attempts to print to it will fail. +- If you enable this policy, the Journal Note Writer printer driver won't allow printing to it. It will remain displayed in the list of available printers, but attempts to print to it will fail. - If you disable this policy, you will be able to use this feature to print to a Journal Note. -- If you do not configure this policy, users will be able to use this feature to print to a Journal Note. +- If you don't configure this policy, users will be able to use this feature to print to a Journal Note. @@ -407,11 +407,11 @@ Prevents printing to Journal Note Writer. Prevents the snipping tool from running. -- If you enable this policy setting, the Snipping Tool will not run. +- If you enable this policy setting, the Snipping Tool won't run. - If you disable this policy setting, the Snipping Tool will run. -- If you do not configure this policy setting, the Snipping Tool will run. +- If you don't configure this policy setting, the Snipping Tool will run. @@ -468,11 +468,11 @@ Prevents the snipping tool from running. Prevents the snipping tool from running. -- If you enable this policy setting, the Snipping Tool will not run. +- If you enable this policy setting, the Snipping Tool won't run. - If you disable this policy setting, the Snipping Tool will run. -- If you do not configure this policy setting, the Snipping Tool will run. +- If you don't configure this policy setting, the Snipping Tool will run. @@ -529,11 +529,11 @@ Prevents the snipping tool from running. Removes the Back->ESC mapping that normally occurs when menus are visible, and for applications that subscribe to this behavior. -- If you enable this policy, a button assigned to Back will not map to ESC. +- If you enable this policy, a button assigned to Back won't map to ESC. - If you disable this policy, Back->ESC mapping will occur. -- If you do not configure this policy, Back->ESC mapping will occur. +- If you don't configure this policy, Back->ESC mapping will occur. @@ -590,11 +590,11 @@ Removes the Back->ESC mapping that normally occurs when menus are visible, and f Removes the Back->ESC mapping that normally occurs when menus are visible, and for applications that subscribe to this behavior. -- If you enable this policy, a button assigned to Back will not map to ESC. +- If you enable this policy, a button assigned to Back won't map to ESC. - If you disable this policy, Back->ESC mapping will occur. -- If you do not configure this policy, Back->ESC mapping will occur. +- If you don't configure this policy, Back->ESC mapping will occur. @@ -653,7 +653,7 @@ Makes pen flicks and all related features unavailable. - If you enable this policy, pen flicks and all related features are unavailable. This includes: pen flicks themselves, pen flicks training, pen flicks training triggers in Internet Explorer, the pen flicks notification and the pen flicks tray icon. -- If you disable or do not configure this policy, pen flicks and related features are available. +- If you disable or don't configure this policy, pen flicks and related features are available. @@ -712,7 +712,7 @@ Makes pen flicks and all related features unavailable. - If you enable this policy, pen flicks and all related features are unavailable. This includes: pen flicks themselves, pen flicks training, pen flicks training triggers in Internet Explorer, the pen flicks notification and the pen flicks tray icon. -- If you disable or do not configure this policy, pen flicks and related features are available. +- If you disable or don't configure this policy, pen flicks and related features are available. @@ -769,9 +769,9 @@ Makes pen flicks and all related features unavailable. Makes pen flicks learning mode unavailable. -- If you enable this policy, pen flicks are still available but learning mode is not. Pen flicks are off by default and can be turned on system-wide, but cannot be restricted to learning mode applications. This means that the pen flicks training triggers in Internet Explorer are disabled and that the pen flicks notification will never be displayed. However, pen flicks, the pen flicks tray icon and pen flicks training (that can be accessed through CPL) are still available. Conceptually this policy is a subset of the Disable pen flicks policy. +- If you enable this policy, pen flicks are still available but learning mode is not. Pen flicks are off by default and can be turned on system-wide, but can't be restricted to learning mode applications. This means that the pen flicks training triggers in Internet Explorer are disabled and that the pen flicks notification will never be displayed. However, pen flicks, the pen flicks tray icon and pen flicks training (that can be accessed through CPL) are still available. Conceptually this policy is a subset of the Disable pen flicks policy. -- If you disable or do not configure this policy, all the features described above will be available. +- If you disable or don't configure this policy, all the features described above will be available. @@ -828,9 +828,9 @@ Makes pen flicks learning mode unavailable. Makes pen flicks learning mode unavailable. -- If you enable this policy, pen flicks are still available but learning mode is not. Pen flicks are off by default and can be turned on system-wide, but cannot be restricted to learning mode applications. This means that the pen flicks training triggers in Internet Explorer are disabled and that the pen flicks notification will never be displayed. However, pen flicks, the pen flicks tray icon and pen flicks training (that can be accessed through CPL) are still available. Conceptually this policy is a subset of the Disable pen flicks policy. +- If you enable this policy, pen flicks are still available but learning mode is not. Pen flicks are off by default and can be turned on system-wide, but can't be restricted to learning mode applications. This means that the pen flicks training triggers in Internet Explorer are disabled and that the pen flicks notification will never be displayed. However, pen flicks, the pen flicks tray icon and pen flicks training (that can be accessed through CPL) are still available. Conceptually this policy is a subset of the Disable pen flicks policy. -- If you disable or do not configure this policy, all the features described above will be available. +- If you disable or don't configure this policy, all the features described above will be available. @@ -887,11 +887,11 @@ Makes pen flicks learning mode unavailable. Prevents the user from launching an application from a Tablet PC hardware button. -- If you enable this policy, applications cannot be launched from a hardware button, and "Launch an application" is removed from the drop down menu for configuring button actions (in the Tablet PC Control Panel buttons tab). +- If you enable this policy, applications can't be launched from a hardware button, and "Launch an application" is removed from the drop down menu for configuring button actions (in the Tablet PC Control Panel buttons tab). - If you disable this policy, applications can be launched from a hardware button. -- If you do not configure this policy, applications can be launched from a hardware button. +- If you don't configure this policy, applications can be launched from a hardware button. @@ -948,11 +948,11 @@ Prevents the user from launching an application from a Tablet PC hardware button Prevents the user from launching an application from a Tablet PC hardware button. -- If you enable this policy, applications cannot be launched from a hardware button, and "Launch an application" is removed from the drop down menu for configuring button actions (in the Tablet PC Control Panel buttons tab). +- If you enable this policy, applications can't be launched from a hardware button, and "Launch an application" is removed from the drop down menu for configuring button actions (in the Tablet PC Control Panel buttons tab). - If you disable this policy, applications can be launched from a hardware button. -- If you do not configure this policy, applications can be launched from a hardware button. +- If you don't configure this policy, applications can be launched from a hardware button. @@ -1013,7 +1013,7 @@ Prevents press and hold actions on hardware buttons, so that only one action is - If you disable this policy, press and hold actions for buttons will be available. -- If you do not configure this policy, press and hold actions will be available. +- If you don't configure this policy, press and hold actions will be available. @@ -1074,7 +1074,7 @@ Prevents press and hold actions on hardware buttons, so that only one action is - If you disable this policy, press and hold actions for buttons will be available. -- If you do not configure this policy, press and hold actions will be available. +- If you don't configure this policy, press and hold actions will be available. @@ -1135,7 +1135,7 @@ Turns off Tablet PC hardware buttons. - If you disable this policy, user and OEM defined button actions will occur when the buttons are pressed. -- If you do not configure this policy, user and OEM defined button actions will occur when the buttons are pressed. +- If you don't configure this policy, user and OEM defined button actions will occur when the buttons are pressed. @@ -1196,7 +1196,7 @@ Turns off Tablet PC hardware buttons. - If you disable this policy, user and OEM defined button actions will occur when the buttons are pressed. -- If you do not configure this policy, user and OEM defined button actions will occur when the buttons are pressed. +- If you don't configure this policy, user and OEM defined button actions will occur when the buttons are pressed. @@ -1255,7 +1255,7 @@ Disables visual pen action feedback, except for press and hold feedback. - If you enable this policy, all visual pen action feedback is disabled except for press and hold feedback. Additionally, the mouse cursors are shown instead of the pen cursors. -- If you disable or do not configure this policy, visual feedback and pen cursors will be shown unless the user disables them in Control Panel. +- If you disable or don't configure this policy, visual feedback and pen cursors will be shown unless the user disables them in Control Panel. @@ -1314,7 +1314,7 @@ Disables visual pen action feedback, except for press and hold feedback. - If you enable this policy, all visual pen action feedback is disabled except for press and hold feedback. Additionally, the mouse cursors are shown instead of the pen cursors. -- If you disable or do not configure this policy, visual feedback and pen cursors will be shown unless the user disables them in Control Panel. +- If you disable or don't configure this policy, visual feedback and pen cursors will be shown unless the user disables them in Control Panel. diff --git a/windows/client-management/mdm/policy-csp-admx-taskbar.md b/windows/client-management/mdm/policy-csp-admx-taskbar.md index c8c237d4ee..0bb76d65e5 100644 --- a/windows/client-management/mdm/policy-csp-admx-taskbar.md +++ b/windows/client-management/mdm/policy-csp-admx-taskbar.md @@ -47,9 +47,9 @@ This policy setting removes Notifications and Action Center from the notificatio The notification area is located at the far right end of the taskbar and includes icons for current notifications and the system clock. -- If this setting is enabled, Notifications and Action Center is not displayed in the notification area. The user will be able to read notifications when they appear, but they won't be able to review any notifications they miss. +- If this setting is enabled, Notifications and Action Center isn't displayed in the notification area. The user will be able to read notifications when they appear, but they won't be able to review any notifications they miss. -- If you disable or do not configure this policy setting, Notification and Security and Maintenance will be displayed on the taskbar. +- If you disable or don't configure this policy setting, Notification and Security and Maintenance will be displayed on the taskbar. A reboot is required for this policy setting to take effect. @@ -171,9 +171,9 @@ A reboot is required for this policy setting to take effect. This policy setting allows you to remove Security and Maintenance from the system control area. -- If you enable this policy setting, the Security and Maintenance icon is not displayed in the system notification area. +- If you enable this policy setting, the Security and Maintenance icon isn't displayed in the system notification area. -- If you disable or do not configure this policy setting, the Security and Maintenance icon is displayed in the system notification area. +- If you disable or don't configure this policy setting, the Security and Maintenance icon is displayed in the system notification area. @@ -230,9 +230,9 @@ This policy setting allows you to remove Security and Maintenance from the syste This policy setting allows you to remove the networking icon from the system control area. -- If you enable this policy setting, the networking icon is not displayed in the system notification area. +- If you enable this policy setting, the networking icon isn't displayed in the system notification area. -- If you disable or do not configure this policy setting, the networking icon is displayed in the system notification area. +- If you disable or don't configure this policy setting, the networking icon is displayed in the system notification area. @@ -289,9 +289,9 @@ This policy setting allows you to remove the networking icon from the system con This policy setting allows you to remove the battery meter from the system control area. -- If you enable this policy setting, the battery meter is not displayed in the system notification area. +- If you enable this policy setting, the battery meter isn't displayed in the system notification area. -- If you disable or do not configure this policy setting, the battery meter is displayed in the system notification area. +- If you disable or don't configure this policy setting, the battery meter is displayed in the system notification area. @@ -348,9 +348,9 @@ This policy setting allows you to remove the battery meter from the system contr This policy setting allows you to remove the volume control icon from the system control area. -- If you enable this policy setting, the volume control icon is not displayed in the system notification area. +- If you enable this policy setting, the volume control icon isn't displayed in the system notification area. -- If you disable or do not configure this policy setting, the volume control icon is displayed in the system notification area. +- If you disable or don't configure this policy setting, the volume control icon is displayed in the system notification area. @@ -407,9 +407,9 @@ This policy setting allows you to remove the volume control icon from the system This policy setting allows you to turn off feature advertisement balloon notifications. -If you enable this policy setting, certain notification balloons that are marked as feature advertisements are not shown. +If you enable this policy setting, certain notification balloons that are marked as feature advertisements aren't shown. -If you disable do not configure this policy setting, feature advertisement balloons are shown. +If you disable don't configure this policy setting, feature advertisement balloons are shown. @@ -466,9 +466,9 @@ If you disable do not configure this policy setting, feature advertisement ballo This policy setting allows you to control pinning the Store app to the Taskbar. -- If you enable this policy setting, users cannot pin the Store app to the Taskbar. If the Store app is already pinned to the Taskbar, it will be removed from the Taskbar on next login. +- If you enable this policy setting, users can't pin the Store app to the Taskbar. If the Store app is already pinned to the Taskbar, it will be removed from the Taskbar on next login. -- If you disable or do not configure this policy setting, users can pin the Store app to the Taskbar. +- If you disable or don't configure this policy setting, users can pin the Store app to the Taskbar. @@ -525,9 +525,9 @@ This policy setting allows you to control pinning the Store app to the Taskbar. This policy setting allows you to control pinning items in Jump Lists. -- If you enable this policy setting, users cannot pin files, folders, websites, or other items to their Jump Lists in the Start Menu and Taskbar. Users also cannot unpin existing items pinned to their Jump Lists. Existing items already pinned to their Jump Lists will continue to show. +- If you enable this policy setting, users can't pin files, folders, websites, or other items to their Jump Lists in the Start Menu and Taskbar. Users also can't unpin existing items pinned to their Jump Lists. Existing items already pinned to their Jump Lists will continue to show. -- If you disable or do not configure this policy setting, users can pin files, folders, websites, and other items to a program's Jump List so that the items is always present in this menu. +- If you disable or don't configure this policy setting, users can pin files, folders, websites, and other items to a program's Jump List so that the items is always present in this menu. @@ -584,9 +584,9 @@ This policy setting allows you to control pinning items in Jump Lists. This policy setting allows you to control pinning programs to the Taskbar. -- If you enable this policy setting, users cannot change the programs currently pinned to the Taskbar. If any programs are already pinned to the Taskbar, these programs continue to show in the Taskbar. However, users cannot unpin these programs already pinned to the Taskbar, and they cannot pin new programs to the Taskbar. +- If you enable this policy setting, users can't change the programs currently pinned to the Taskbar. If any programs are already pinned to the Taskbar, these programs continue to show in the Taskbar. However, users can't unpin these programs already pinned to the Taskbar, and they can't pin new programs to the Taskbar. -- If you disable or do not configure this policy setting, users can change the programs currently pinned to the Taskbar. +- If you disable or don't configure this policy setting, users can change the programs currently pinned to the Taskbar. @@ -645,12 +645,12 @@ This policy setting allows you to control displaying or tracking items in Jump L The Start Menu and Taskbar display Jump Lists off of programs. These menus include files, folders, websites and other relevant items for that program. This helps users more easily reopen their most important documents and other tasks. -- If you enable this policy setting, the Start Menu and Taskbar only track the files that the user opens locally on this computer. Files that the user opens over the network from remote computers are not tracked or shown in the Jump Lists. Use this setting to reduce network traffic, particularly over slow network connections. +- If you enable this policy setting, the Start Menu and Taskbar only track the files that the user opens locally on this computer. Files that the user opens over the network from remote computers aren't tracked or shown in the Jump Lists. Use this setting to reduce network traffic, particularly over slow network connections. -- If you disable or do not configure this policy setting, all files that the user opens appear in the menus, including files located remotely on another computer. +- If you disable or don't configure this policy setting, all files that the user opens appear in the menus, including files located remotely on another computer. > [!NOTE] -> This setting does not prevent Windows from displaying remote files that the user has explicitly pinned to the Jump Lists. See the "Do not allow pinning items in Jump Lists" policy setting. +> This setting doesn't prevent Windows from displaying remote files that the user has explicitly pinned to the Jump Lists. See the "Do not allow pinning items in Jump Lists" policy setting. @@ -707,9 +707,9 @@ The Start Menu and Taskbar display Jump Lists off of programs. These menus inclu This policy setting allows you to turn off automatic promotion of notification icons to the taskbar. -- If you enable this policy setting, newly added notification icons are not temporarily promoted to the Taskbar. Users can still configure icons to be shown or hidden in the Notification Control Panel. +- If you enable this policy setting, newly added notification icons aren't temporarily promoted to the Taskbar. Users can still configure icons to be shown or hidden in the Notification Control Panel. -- If you disable or do not configure this policy setting, newly added notification icons are temporarily promoted to the Taskbar. +- If you disable or don't configure this policy setting, newly added notification icons are temporarily promoted to the Taskbar. @@ -827,9 +827,9 @@ This policy setting allows users to see Windows Store apps on the taskbar. This policy setting allows you to lock all taskbar settings. -- If you enable this policy setting, the user cannot access the taskbar control panel. The user is also unable to resize, move or rearrange toolbars on their taskbar. +- If you enable this policy setting, the user can't access the taskbar control panel. The user is also unable to resize, move or rearrange toolbars on their taskbar. -- If you disable or do not configure this policy setting, the user will be able to set any taskbar setting that is not prevented by another policy setting. +- If you disable or don't configure this policy setting, the user will be able to set any taskbar setting that isn't prevented by another policy setting. @@ -886,9 +886,9 @@ This policy setting allows you to lock all taskbar settings. This policy setting allows you to prevent users from adding or removing toolbars. -- If you enable this policy setting, the user is not allowed to add or remove any toolbars to the taskbar. Applications are not able to add toolbars either. +- If you enable this policy setting, the user isn't allowed to add or remove any toolbars to the taskbar. Applications aren't able to add toolbars either. -- If you disable or do not configure this policy setting, the users and applications are able to add toolbars to the taskbar. +- If you disable or don't configure this policy setting, the users and applications are able to add toolbars to the taskbar. @@ -945,9 +945,9 @@ This policy setting allows you to prevent users from adding or removing toolbars This policy setting allows you to prevent users from rearranging toolbars. -- If you enable this policy setting, users are not able to drag or drop toolbars to the taskbar. +- If you enable this policy setting, users aren't able to drag or drop toolbars to the taskbar. -- If you disable or do not configure this policy setting, users are able to rearrange the toolbars on the taskbar. +- If you disable or don't configure this policy setting, users are able to rearrange the toolbars on the taskbar. @@ -1004,9 +1004,9 @@ This policy setting allows you to prevent users from rearranging toolbars. This policy setting allows you to prevent taskbars from being displayed on more than one monitor. -- If you enable this policy setting, users are not able to show taskbars on more than one display. The multiple display section is not enabled in the taskbar properties dialog. +- If you enable this policy setting, users aren't able to show taskbars on more than one display. The multiple display section isn't enabled in the taskbar properties dialog. -- If you disable or do not configure this policy setting, users can show taskbars on more than one display. +- If you disable or don't configure this policy setting, users can show taskbars on more than one display. @@ -1065,7 +1065,7 @@ This policy setting allows you to turn off all notification balloons. - If you enable this policy setting, no notification balloons are shown to the user. -- If you disable or do not configure this policy setting, notification balloons are shown to the user. +- If you disable or don't configure this policy setting, notification balloons are shown to the user. @@ -1126,9 +1126,9 @@ This policy setting allows you to turn off all notification balloons. This policy setting allows you to remove pinned programs from the taskbar. -- If you enable this policy setting, pinned programs are prevented from being shown on the Taskbar. Users cannot pin programs to the Taskbar. +- If you enable this policy setting, pinned programs are prevented from being shown on the Taskbar. Users can't pin programs to the Taskbar. -- If you disable or do not configure this policy setting, users can pin programs so that the program shortcuts stay on the Taskbar. +- If you disable or don't configure this policy setting, users can pin programs so that the program shortcuts stay on the Taskbar. @@ -1185,9 +1185,9 @@ This policy setting allows you to remove pinned programs from the taskbar. This policy setting allows you to prevent users from moving taskbar to another screen dock location. -- If you enable this policy setting, users are not able to drag their taskbar to another area of the monitor(s). +- If you enable this policy setting, users aren't able to drag their taskbar to another area of the monitor(s). -- If you disable or do not configure this policy setting, users are able to drag their taskbar to another area of the monitor unless prevented by another policy setting. +- If you disable or don't configure this policy setting, users are able to drag their taskbar to another area of the monitor unless prevented by another policy setting. @@ -1244,9 +1244,9 @@ This policy setting allows you to prevent users from moving taskbar to another s This policy setting allows you to prevent users from resizing the taskbar. -- If you enable this policy setting, users are not be able to resize their taskbar. +- If you enable this policy setting, users aren't be able to resize their taskbar. -- If you disable or do not configure this policy setting, users are able to resize their taskbar unless prevented by another setting. +- If you disable or don't configure this policy setting, users are able to resize their taskbar unless prevented by another setting. @@ -1303,9 +1303,9 @@ This policy setting allows you to prevent users from resizing the taskbar. This policy setting allows you to turn off taskbar thumbnails. -- If you enable this policy setting, the taskbar thumbnails are not displayed and the system uses standard text for the tooltips. +- If you enable this policy setting, the taskbar thumbnails aren't displayed and the system uses standard text for the tooltips. -- If you disable or do not configure this policy setting, the taskbar thumbnails are displayed. +- If you disable or don't configure this policy setting, the taskbar thumbnails are displayed. diff --git a/windows/client-management/mdm/policy-csp-admx-tcpip.md b/windows/client-management/mdm/policy-csp-admx-tcpip.md index 947e1cf373..e4a26b95e9 100644 --- a/windows/client-management/mdm/policy-csp-admx-tcpip.md +++ b/windows/client-management/mdm/policy-csp-admx-tcpip.md @@ -39,11 +39,11 @@ ms.topic: reference -This policy setting allows you to specify a 6to4 relay name for a 6to4 host. A 6to4 relay is used as a default gateway for IPv6 network traffic sent by the 6to4 host. The 6to4 relay name setting has no effect if 6to4 connectivity is not available on the host. +This policy setting allows you to specify a 6to4 relay name for a 6to4 host. A 6to4 relay is used as a default gateway for IPv6 network traffic sent by the 6to4 host. The 6to4 relay name setting has no effect if 6to4 connectivity isn't available on the host. - If you enable this policy setting, you can specify a relay name for a 6to4 host. -- If you disable or do not configure this policy setting, the local host setting is used, and you cannot specify a relay name for a 6to4 host. +- If you disable or don't configure this policy setting, the local host setting is used, and you can't specify a relay name for a 6to4 host. @@ -97,11 +97,11 @@ This policy setting allows you to specify a 6to4 relay name for a 6to4 host. A 6 -This policy setting allows you to specify the interval at which the relay name is resolved. The 6to4 relay name resolution interval setting has no effect if 6to4 connectivity is not available on the host. +This policy setting allows you to specify the interval at which the relay name is resolved. The 6to4 relay name resolution interval setting has no effect if 6to4 connectivity isn't available on the host. - If you enable this policy setting, you can specify the value for the duration at which the relay name is resolved periodically. -- If you disable or do not configure this policy setting, the local host setting is used. +- If you disable or don't configure this policy setting, the local host setting is used. @@ -155,17 +155,17 @@ This policy setting allows you to specify the interval at which the relay name i -This policy setting allows you to configure 6to4, an address assignment and router-to-router automatic tunneling technology that is used to provide unicast IPv6 connectivity between IPv6 sites and hosts across the IPv4 Internet. 6to4 uses the global address prefix: 2002:WWXX:YYZZ::/48 in which the letters are a hexadecimal representation of the global IPv4 address (w.x.y.z) assigned to a site. +This policy setting allows you to configure 6to4, an address assignment and router-to-router automatic tunneling technology that's used to provide unicast IPv6 connectivity between IPv6 sites and hosts across the IPv4 Internet. 6to4 uses the global address prefix: 2002:WWXX:YYZZ::/48 in which the letters are a hexadecimal representation of the global IPv4 address (w.x.y.z) assigned to a site. -- If you disable or do not configure this policy setting, the local host setting is used. +- If you disable or don't configure this policy setting, the local host setting is used. - If you enable this policy setting, you can configure 6to4 with one of the following settings: -Policy Default State: 6to4 is turned off and connectivity with 6to4 will not be available. +Policy Default State: 6to4 is turned off and connectivity with 6to4 won't be available. -Policy Enabled State: If a global IPv4 address is present, the host will have a 6to4 interface. If no global IPv4 address is present, the host will not have a 6to4 interface. +Policy Enabled State: If a global IPv4 address is present, the host will have a 6to4 interface. If no global IPv4 address is present, the host won't have a 6to4 interface. -Policy Disabled State: 6to4 is turned off and connectivity with 6to4 will not be available. +Policy Disabled State: 6to4 is turned off and connectivity with 6to4 won't be available. @@ -221,9 +221,9 @@ Policy Disabled State: 6to4 is turned off and connectivity with 6to4 will not be This policy setting allows you to configure IP Stateless Autoconfiguration Limits. -- If you enable or do not configure this policy setting, IP Stateless Autoconfiguration Limits will be enabled and system will limit the number of autoconfigured addresses and routes. +- If you enable or don't configure this policy setting, IP Stateless Autoconfiguration Limits will be enabled and system will limit the number of autoconfigured addresses and routes. -- If you disable this policy setting, IP Stateless Autoconfiguration Limits will be disabled and system will not limit the number of autoconfigured addresses and routes. +- If you disable this policy setting, IP Stateless Autoconfiguration Limits will be disabled and system won't limit the number of autoconfigured addresses and routes. @@ -280,7 +280,7 @@ This policy setting allows you to configure IP Stateless Autoconfiguration Limit This policy setting allows you to configure IP-HTTPS, a tunneling technology that uses the HTTPS protocol to provide IP connectivity to a remote network. -- If you disable or do not configure this policy setting, the local host settings are used. +- If you disable or don't configure this policy setting, the local host settings are used. - If you enable this policy setting, you can specify an IP-HTTPS server URL. You will be able to configure IP-HTTPS with one of the following settings: @@ -344,9 +344,9 @@ Policy Disabled State: No IP-HTTPS interfaces are present on the host. This policy setting allows you to specify a router name or Internet Protocol version 4 (IPv4) address for an ISATAP router. -- If you enable this policy setting, you can specify a router name or IPv4 address for an ISATAP router. If you enter an IPv4 address of the ISATAP router in the text box, DNS services are not required. +- If you enable this policy setting, you can specify a router name or IPv4 address for an ISATAP router. If you enter an IPv4 address of the ISATAP router in the text box, DNS services aren't required. -- If you disable or do not configure this policy setting, the local host setting is used. +- If you disable or don't configure this policy setting, the local host setting is used. @@ -400,15 +400,15 @@ This policy setting allows you to specify a router name or Internet Protocol ver -This policy setting allows you to configure Intra-Site Automatic Tunnel Addressing Protocol (ISATAP), an address-to-router and host-to-host, host-to-router and router-to-host automatic tunneling technology that is used to provide unicast IPv6 connectivity between IPv6 hosts across an IPv4 intranet. +This policy setting allows you to configure Intra-Site Automatic Tunnel Addressing Protocol (ISATAP), an address-to-router and host-to-host, host-to-router and router-to-host automatic tunneling technology that's used to provide unicast IPv6 connectivity between IPv6 hosts across an IPv4 intranet. -- If you disable or do not configure this policy setting, the local host setting is used. +- If you disable or don't configure this policy setting, the local host setting is used. - If you enable this policy setting, you can configure ISATAP with one of the following settings: Policy Default State: No ISATAP interfaces are present on the host. -Policy Enabled State: If the ISATAP name is resolved successfully, the host will have ISATAP configured with a link-local address and an address for each prefix received from the ISATAP router through stateless address auto-configuration. If the ISATAP name is not resolved successfully, the host will have an ISATAP interface configured with a link-local address. +Policy Enabled State: If the ISATAP name is resolved successfully, the host will have ISATAP configured with a link-local address and an address for each prefix received from the ISATAP router through stateless address auto-configuration. If the ISATAP name isn't resolved successfully, the host will have an ISATAP interface configured with a link-local address. Policy Disabled State: No ISATAP interfaces are present on the host. @@ -464,11 +464,11 @@ Policy Disabled State: No ISATAP interfaces are present on the host. -This policy setting allows you to select the UDP port the Teredo client will use to send packets. If you leave the default of 0, the operating system will select a port (recommended). If you select a UDP port that is already in use by a system, the Teredo client will fail to initialize. +This policy setting allows you to select the UDP port the Teredo client will use to send packets. If you leave the default of 0, the operating system will select a port (recommended). If you select a UDP port that's already in use by a system, the Teredo client will fail to initialize. - If you enable this policy setting, you can customize a UDP port for the Teredo client. -- If you disable or do not configure this policy setting, the local host setting is used. +- If you disable or don't configure this policy setting, the local host setting is used. @@ -524,7 +524,7 @@ This policy setting allows you to select the UDP port the Teredo client will use This policy setting allows you to set Teredo to be ready to communicate, a process referred to as qualification. By default, Teredo enters a dormant state when not in use. The qualification process brings it out of a dormant state. -If you disable or do not configure this policy setting, the local host setting is used. +If you disable or don't configure this policy setting, the local host setting is used. This policy setting contains only one state: @@ -589,7 +589,7 @@ This policy setting allows you to configure the Teredo refresh rate. - If you enable this policy setting, you can specify the refresh rate. If you choose a refresh rate longer than the port mapping in the Teredo client's NAT device, Teredo might stop working or connectivity might be intermittent. -- If you disable or do not configure this policy setting, the refresh rate is configured using the local settings on the computer. The default refresh rate is 30 seconds. +- If you disable or don't configure this policy setting, the refresh rate is configured using the local settings on the computer. The default refresh rate is 30 seconds. @@ -647,7 +647,7 @@ This policy setting allows you to specify the name of the Teredo server. This se - If you enable this policy setting, you can specify a Teredo server name that applies to a Teredo client. -- If you disable or do not configure this policy setting, the local settings on the computer are used to determine the Teredo server name. +- If you disable or don't configure this policy setting, the local settings on the computer are used to determine the Teredo server name. @@ -703,7 +703,7 @@ This policy setting allows you to specify the name of the Teredo server. This se This policy setting allows you to configure Teredo, an address assignment and automatic tunneling technology that provides unicast IPv6 connectivity across the IPv4 Internet. -- If you disable or do not configure this policy setting, the local host settings are used. +- If you disable or don't configure this policy setting, the local host settings are used. - If you enable this policy setting, you can configure Teredo with one of the following settings: @@ -711,7 +711,7 @@ Default: The default state is "Client." Disabled: No Teredo interfaces are present on the host. -Client: The Teredo interface is present only when the host is not on a network that includes a domain controller. +Client: The Teredo interface is present only when the host isn't on a network that includes a domain controller. Enterprise Client: The Teredo interface is always present, even if the host is on a network that includes a domain controller. @@ -769,11 +769,11 @@ Enterprise Client: The Teredo interface is always present, even if the host is o This policy setting allows you to configure Window Scaling Heuristics. Window Scaling Heuristics is an algorithm to identify connectivity and throughput problems caused by many Firewalls and other middle boxes that don't interpret Window Scaling option correctly. -- If you do not configure this policy setting, the local host settings are used. +- If you don't configure this policy setting, the local host settings are used. - If you enable this policy setting, Window Scaling Heuristics will be enabled and system will try to identify connectivity and throughput problems and take appropriate measures. -- If you disable this policy setting, Window Scaling Heuristics will be disabled and system will not try to identify connectivity and throughput problems casued by Firewalls or other middle boxes. +- If you disable this policy setting, Window Scaling Heuristics will be disabled and system won't try to identify connectivity and throughput problems casued by Firewalls or other middle boxes. diff --git a/windows/client-management/mdm/policy-csp-admx-terminalserver.md b/windows/client-management/mdm/policy-csp-admx-terminalserver.md index a0d71af144..b62a8729ca 100644 --- a/windows/client-management/mdm/policy-csp-admx-terminalserver.md +++ b/windows/client-management/mdm/policy-csp-admx-terminalserver.md @@ -45,7 +45,7 @@ If the status is set to Enabled, automatic reconnection is attempted for all cli If the status is set to Disabled, automatic reconnection of clients is prohibited. -If the status is set to Not Configured, automatic reconnection is not specified at the Group Policy level. However, users can configure automatic reconnection using the "Reconnect if connection is dropped" checkbox on the Experience tab in Remote Desktop Connection. +If the status is set to Not Configured, automatic reconnection isn't specified at the Group Policy level. However, users can configure automatic reconnection using the "Reconnect if connection is dropped" checkbox on the Experience tab in Remote Desktop Connection. @@ -104,9 +104,9 @@ This policy setting lets you control the redirection of video capture devices to By default, Remote Desktop Services allows redirection of video capture devices. -- If you enable this policy setting, users cannot redirect their video capture devices to the remote computer. +- If you enable this policy setting, users can't redirect their video capture devices to the remote computer. -- If you disable or do not configure this policy setting, users can redirect their video capture devices to the remote computer. Users can use the More option on the Local Resources tab of Remote Desktop Connection to choose the video capture devices to redirect to the remote computer. +- If you disable or don't configure this policy setting, users can redirect their video capture devices to the remote computer. Users can use the More option on the Local Resources tab of Remote Desktop Connection to choose the video capture devices to redirect to the remote computer. @@ -165,11 +165,11 @@ This policy setting allows you to specify the name of the certificate template t A certificate is needed to authenticate an RD Session Host server when TLS 1.0, 1.1 or 1.2 is used to secure communication between a client and an RD Session Host server during RDP connections. -- If you enable this policy setting, you need to specify a certificate template name. Only certificates created by using the specified certificate template will be considered when a certificate to authenticate the RD Session Host server is automatically selected. Automatic certificate selection only occurs when a specific certificate has not been selected. +- If you enable this policy setting, you need to specify a certificate template name. Only certificates created by using the specified certificate template will be considered when a certificate to authenticate the RD Session Host server is automatically selected. Automatic certificate selection only occurs when a specific certificate hasn't been selected. If no certificate can be found that was created with the specified certificate template, the RD Session Host server will issue a certificate enrollment request and will use the current certificate until the request is completed. If more than one certificate is found that was created with the specified certificate template, the certificate that will expire latest and that matches the current name of the RD Session Host server will be selected. -- If you disable or do not configure this policy, the certificate template name is not specified at the Group Policy level. By default, a self-signed certificate is used to authenticate the RD Session Host server. +- If you disable or don't configure this policy, the certificate template name isn't specified at the Group Policy level. By default, a self-signed certificate is used to authenticate the RD Session Host server. > [!NOTE] > If you select a specific certificate to be used to authenticate the RD Session Host server, that certificate will take precedence over this policy setting. @@ -228,9 +228,9 @@ If no certificate can be found that was created with the specified certificate t This policy setting allows you to specify whether users can run Remote Desktop Protocol (.rdp) files from a publisher that signed the file with a valid certificate. A valid certificate is one issued by an authority recognized by the client, such as the issuers in the client's Third-Party Root Certification Authorities certificate store. This policy setting also controls whether the user can start an RDP session by using default .rdp settings (for example, when a user directly opens the Remote Desktop Connection [RDC] client without specifying an .rdp file). -- If you enable or do not configure this policy setting, users can run .rdp files that are signed with a valid certificate. Users can also start an RDP session with default .rdp settings by directly opening the RDC client. When a user starts an RDP session, the user is asked to confirm whether they want to connect. +- If you enable or don't configure this policy setting, users can run .rdp files that are signed with a valid certificate. Users can also start an RDP session with default .rdp settings by directly opening the RDC client. When a user starts an RDP session, the user is asked to confirm whether they want to connect. -- If you disable this policy setting, users cannot run .rdp files that are signed with a valid certificate. Additionally, users cannot start an RDP session by directly opening the RDC client and specifying the remote computer name. When a user tries to start an RDP session, the user receives a message that the publisher has been blocked. +- If you disable this policy setting, users can't run .rdp files that are signed with a valid certificate. Additionally, users can't start an RDP session by directly opening the RDC client and specifying the remote computer name. When a user tries to start an RDP session, the user receives a message that the publisher has been blocked. > [!NOTE] > You can define this policy setting in the Computer Configuration node or in the User Configuration node. @@ -289,11 +289,11 @@ This policy setting allows you to specify whether users can run Remote Desktop P -This policy setting allows you to specify whether users can run Remote Desktop Protocol (.rdp) files from a publisher that signed the file with a valid certificate. A valid certificate is one that is issued by an authority recognized by the client, such as the issuers in the client's Third-Party Root Certification Authorities certificate store. This policy setting also controls whether the user can start an RDP session by using default .rdp settings (for example, when a user directly opens the Remote Desktop Connection [RDC] client without specifying an .rdp file). +This policy setting allows you to specify whether users can run Remote Desktop Protocol (.rdp) files from a publisher that signed the file with a valid certificate. A valid certificate is one that's issued by an authority recognized by the client, such as the issuers in the client's Third-Party Root Certification Authorities certificate store. This policy setting also controls whether the user can start an RDP session by using default .rdp settings (for example, when a user directly opens the Remote Desktop Connection [RDC] client without specifying an .rdp file). -- If you enable or do not configure this policy setting, users can run .rdp files that are signed with a valid certificate. Users can also start an RDP session with default .rdp settings by directly opening the RDC client. When a user starts an RDP session, the user is asked to confirm whether they want to connect. +- If you enable or don't configure this policy setting, users can run .rdp files that are signed with a valid certificate. Users can also start an RDP session with default .rdp settings by directly opening the RDC client. When a user starts an RDP session, the user is asked to confirm whether they want to connect. -- If you disable this policy setting, users cannot run .rdp files that are signed with a valid certificate. Additionally, users cannot start an RDP session by directly opening the RDC client and specifying the remote computer name. When a user tries to start an RDP session, the user receives a message that the publisher has been blocked. +- If you disable this policy setting, users can't run .rdp files that are signed with a valid certificate. Additionally, users can't start an RDP session by directly opening the RDC client and specifying the remote computer name. When a user tries to start an RDP session, the user receives a message that the publisher has been blocked. > [!NOTE] > You can define this policy setting in the Computer Configuration node or in the User Configuration node. @@ -354,9 +354,9 @@ This policy setting allows you to specify whether users can run Remote Desktop P This policy setting allows you to specify whether users can run unsigned Remote Desktop Protocol (.rdp) files and .rdp files from unknown publishers on the client computer. -- If you enable or do not configure this policy setting, users can run unsigned .rdp files and .rdp files from unknown publishers on the client computer. Before a user starts an RDP session, the user receives a warning message and is asked to confirm whether they want to connect. +- If you enable or don't configure this policy setting, users can run unsigned .rdp files and .rdp files from unknown publishers on the client computer. Before a user starts an RDP session, the user receives a warning message and is asked to confirm whether they want to connect. -- If you disable this policy setting, users cannot run unsigned .rdp files and .rdp files from unknown publishers on the client computer. If the user tries to start an RDP session, the user receives a message that the publisher has been blocked. +- If you disable this policy setting, users can't run unsigned .rdp files and .rdp files from unknown publishers on the client computer. If the user tries to start an RDP session, the user receives a message that the publisher has been blocked. @@ -413,9 +413,9 @@ This policy setting allows you to specify whether users can run unsigned Remote This policy setting allows you to specify whether users can run unsigned Remote Desktop Protocol (.rdp) files and .rdp files from unknown publishers on the client computer. -- If you enable or do not configure this policy setting, users can run unsigned .rdp files and .rdp files from unknown publishers on the client computer. Before a user starts an RDP session, the user receives a warning message and is asked to confirm whether they want to connect. +- If you enable or don't configure this policy setting, users can run unsigned .rdp files and .rdp files from unknown publishers on the client computer. Before a user starts an RDP session, the user receives a warning message and is asked to confirm whether they want to connect. -- If you disable this policy setting, users cannot run unsigned .rdp files and .rdp files from unknown publishers on the client computer. If the user tries to start an RDP session, the user receives a message that the publisher has been blocked. +- If you disable this policy setting, users can't run unsigned .rdp files and .rdp files from unknown publishers on the client computer. If the user tries to start an RDP session, the user receives a message that the publisher has been blocked. @@ -473,13 +473,13 @@ This policy setting allows you to specify whether users can run unsigned Remote This policy setting allows you to specify whether users can redirect the remote computer's audio and video output in a Remote Desktop Services session. Users can specify where to play the remote computer's audio output by configuring the remote audio settings on the Local Resources tab in Remote Desktop Connection (RDC). Users can choose to play the remote audio on the remote computer or on the local computer. Users can also choose to not play the audio. Video playback can be configured by using the videoplayback setting in a Remote Desktop Protocol (.rdp) file. By default, video playback is enabled. -By default, audio and video playback redirection is not allowed when connecting to a computer running Windows Server 2008 R2, Windows Server 2008, or Windows Server 2003. Audio and video playback redirection is allowed by default when connecting to a computer running Windows 8, Windows Server 2012, Windows 7, Windows Vista, or Windows XP Professional. +By default, audio and video playback redirection isn't allowed when connecting to a computer running Windows Server 2008 R2, Windows Server 2008, or Windows Server 2003. Audio and video playback redirection is allowed by default when connecting to a computer running Windows 8, Windows Server 2012, Windows 7, Windows Vista, or Windows XP Professional. - If you enable this policy setting, audio and video playback redirection is allowed. -- If you disable this policy setting, audio and video playback redirection is not allowed, even if audio playback redirection is specified in RDC, or video playback is specified in the .rdp file. +- If you disable this policy setting, audio and video playback redirection isn't allowed, even if audio playback redirection is specified in RDC, or video playback is specified in the .rdp file. -- If you do not configure this policy setting audio and video playback redirection is not specified at the Group Policy level. +- If you don't configure this policy setting audio and video playback redirection isn't specified at the Group Policy level. @@ -537,13 +537,13 @@ By default, audio and video playback redirection is not allowed when connecting This policy setting allows you to specify whether users can record audio to the remote computer in a Remote Desktop Services session. Users can specify whether to record audio to the remote computer by configuring the remote audio settings on the Local Resources tab in Remote Desktop Connection (RDC). Users can record audio by using an audio input device on the local computer, such as a built-in microphone. -By default, audio recording redirection is not allowed when connecting to a computer running Windows Server 2008 R2. Audio recording redirection is allowed by default when connecting to a computer running at least Windows 7, or Windows Server 2008 R2. +By default, audio recording redirection isn't allowed when connecting to a computer running Windows Server 2008 R2. Audio recording redirection is allowed by default when connecting to a computer running at least Windows 7, or Windows Server 2008 R2. - If you enable this policy setting, audio recording redirection is allowed. -- If you disable this policy setting, audio recording redirection is not allowed, even if audio recording redirection is specified in RDC. +- If you disable this policy setting, audio recording redirection isn't allowed, even if audio recording redirection is specified in RDC. -- If you do not configure this policy setting, Audio recording redirection is not specified at the Group Policy level. +- If you don't configure this policy setting, Audio recording redirection isn't specified at the Group Policy level. @@ -600,13 +600,13 @@ By default, audio recording redirection is not allowed when connecting to a comp This policy setting allows you to limit the audio playback quality for a Remote Desktop Services session. Limiting the quality of audio playback can improve connection performance, particularly over slow links. -- If you enable this policy setting, you must select one of the following: High, Medium, or Dynamic. If you select High, the audio will be sent without any compression and with minimum latency. This requires a large amount of bandwidth. If you select Medium, the audio will be sent with some compression and with minimum latency as determined by the codec that is being used. If you select Dynamic, the audio will be sent with a level of compression that is determined by the bandwidth of the remote connection. +- If you enable this policy setting, you must select one of the following: High, Medium, or Dynamic. If you select High, the audio will be sent without any compression and with minimum latency. This requires a large amount of bandwidth. If you select Medium, the audio will be sent with some compression and with minimum latency as determined by the codec that's being used. If you select Dynamic, the audio will be sent with a level of compression that's determined by the bandwidth of the remote connection. The audio playback quality that you specify on the remote computer by using this policy setting is the maximum quality that can be used for a Remote Desktop Services session, regardless of the audio playback quality configured on the client computer. For example, if the audio playback quality configured on the client computer is higher than the audio playback quality configured on the remote computer, the lower level of audio playback quality will be used. Audio playback quality can be configured on the client computer by using the audioqualitymode setting in a Remote Desktop Protocol (.rdp) file. By default, audio playback quality is set to Dynamic. -- If you disable or do not configure this policy setting, audio playback quality will be set to Dynamic. +- If you disable or don't configure this policy setting, audio playback quality will be set to Dynamic. @@ -664,11 +664,11 @@ This policy setting specifies whether to prevent the sharing of Clipboard conten You can use this setting to prevent users from redirecting Clipboard data to and from the remote computer and the local computer. By default, Remote Desktop Services allows Clipboard redirection. -- If you enable this policy setting, users cannot redirect Clipboard data. +- If you enable this policy setting, users can't redirect Clipboard data. - If you disable this policy setting, Remote Desktop Services always allows Clipboard redirection. -- If you do not configure this policy setting, Clipboard redirection is not specified at the Group Policy level. +- If you don't configure this policy setting, Clipboard redirection isn't specified at the Group Policy level. @@ -725,13 +725,13 @@ You can use this setting to prevent users from redirecting Clipboard data to and This policy setting specifies whether to prevent the redirection of data to client COM ports from the remote computer in a Remote Desktop Services session. -You can use this setting to prevent users from redirecting data to COM port peripherals or mapping local COM ports while they are logged on to a Remote Desktop Services session. By default, Remote Desktop Services allows this COM port redirection. +You can use this setting to prevent users from redirecting data to COM port peripherals or mapping local COM ports while they're logged-on to a Remote Desktop Services session. By default, Remote Desktop Services allows this COM port redirection. -- If you enable this policy setting, users cannot redirect server data to the local COM port. +- If you enable this policy setting, users can't redirect server data to the local COM port. - If you disable this policy setting, Remote Desktop Services always allows COM port redirection. -- If you do not configure this policy setting, COM port redirection is not specified at the Group Policy level. +- If you don't configure this policy setting, COM port redirection isn't specified at the Group Policy level. @@ -794,7 +794,7 @@ By default, Remote Desktop Services automatically designates the client default - If you disable this policy setting, the RD Session Host server automatically maps the client default printer and sets it as the default printer upon connection. -- If you do not configure this policy setting, the default printer is not specified at the Group Policy level. +- If you don't configure this policy setting, the default printer isn't specified at the Group Policy level. @@ -967,11 +967,11 @@ This policy setting specifies whether to prevent the redirection of data to clie You can use this setting to prevent users from mapping local LPT ports and redirecting data from the remote computer to local LPT port peripherals. By default, Remote Desktop Services allows LPT port redirection. -- If you enable this policy setting, users in a Remote Desktop Services session cannot redirect server data to the local LPT port. +- If you enable this policy setting, users in a Remote Desktop Services session can't redirect server data to the local LPT port. - If you disable this policy setting, LPT port redirection is always allowed. -- If you do not configure this policy setting, LPT port redirection is not specified at the Group Policy level. +- If you don't configure this policy setting, LPT port redirection isn't specified at the Group Policy level. @@ -1028,12 +1028,12 @@ You can use this setting to prevent users from mapping local LPT ports and redir This policy setting lets you control the redirection of supported Plug and Play and RemoteFX USB devices, such as Windows Portable Devices, to the remote computer in a Remote Desktop Services session. -By default, Remote Desktop Services does not allow redirection of supported Plug and Play and RemoteFX USB devices. +By default, Remote Desktop Services doesn't allow redirection of supported Plug and Play and RemoteFX USB devices. - If you disable this policy setting, users can redirect their supported Plug and Play devices to the remote computer. Users can use the More option on the Local Resources tab of Remote Desktop Connection to choose the supported Plug and Play devices to redirect to the remote computer. -- If you enable this policy setting, users cannot redirect their supported Plug and Play devices to the remote computer. -- If you do not configure this policy setting, users can redirect their supported Plug and Play devices to the remote computer only if it is running Windows Server 2012 R2 and earlier versions. +- If you enable this policy setting, users can't redirect their supported Plug and Play devices to the remote computer. +- If you don't configure this policy setting, users can redirect their supported Plug and Play devices to the remote computer only if it's running Windows Server 2012 R2 and earlier versions. > [!NOTE] > You can disable redirection of specific types of supported Plug and Play devices by using Computer Configuration\Administrative Templates\System\Device Installation\Device Installation Restrictions policy settings. @@ -1095,11 +1095,11 @@ This policy setting allows you to specify whether to prevent the mapping of clie You can use this policy setting to prevent users from redirecting print jobs from the remote computer to a printer attached to their local (client) computer. By default, Remote Desktop Services allows this client printer mapping. -- If you enable this policy setting, users cannot redirect print jobs from the remote computer to a local client printer in Remote Desktop Services sessions. +- If you enable this policy setting, users can't redirect print jobs from the remote computer to a local client printer in Remote Desktop Services sessions. - If you disable this policy setting, users can redirect print jobs with client printer mapping. -- If you do not configure this policy setting, client printer mapping is not specified at the Group Policy level. +- If you don't configure this policy setting, client printer mapping isn't specified at the Group Policy level. @@ -1156,9 +1156,9 @@ You can use this policy setting to prevent users from redirecting print jobs fro This policy setting allows you to specify a list of Secure Hash Algorithm 1 (SHA1) certificate thumbprints that represent trusted Remote Desktop Protocol (.rdp) file publishers. -- If you enable this policy setting, any certificate with an SHA1 thumbprint that matches a thumbprint on the list is trusted. If a user tries to start an .rdp file that is signed by a trusted certificate, the user does not receive any warning messages when they start the file. To obtain the thumbprint, view the certificate details, and then click the Thumbprint field. +- If you enable this policy setting, any certificate with an SHA1 thumbprint that matches a thumbprint on the list is trusted. If a user tries to start an .rdp file that's signed by a trusted certificate, the user doesn't receive any warning messages when they start the file. To obtain the thumbprint, view the certificate details, and then click the Thumbprint field. -- If you disable or do not configure this policy setting, no publisher is treated as a trusted .rdp publisher. +- If you disable or don't configure this policy setting, no publisher is treated as a trusted .rdp publisher. Note: @@ -1167,7 +1167,7 @@ You can define this policy setting in the Computer Configuration node or in the This policy setting overrides the behavior of the "Allow .rdp files from valid publishers and user's default .rdp settings" policy setting. -If the list contains a string that is not a certificate thumbprint, it is ignored. +If the list contains a string that isn't a certificate thumbprint, it's ignored. @@ -1223,9 +1223,9 @@ If the list contains a string that is not a certificate thumbprint, it is ignore This policy setting allows you to specify a list of Secure Hash Algorithm 1 (SHA1) certificate thumbprints that represent trusted Remote Desktop Protocol (.rdp) file publishers. -- If you enable this policy setting, any certificate with an SHA1 thumbprint that matches a thumbprint on the list is trusted. If a user tries to start an .rdp file that is signed by a trusted certificate, the user does not receive any warning messages when they start the file. To obtain the thumbprint, view the certificate details, and then click the Thumbprint field. +- If you enable this policy setting, any certificate with an SHA1 thumbprint that matches a thumbprint on the list is trusted. If a user tries to start an .rdp file that's signed by a trusted certificate, the user doesn't receive any warning messages when they start the file. To obtain the thumbprint, view the certificate details, and then click the Thumbprint field. -- If you disable or do not configure this policy setting, no publisher is treated as a trusted .rdp publisher. +- If you disable or don't configure this policy setting, no publisher is treated as a trusted .rdp publisher. Note: @@ -1234,7 +1234,7 @@ You can define this policy setting in the Computer Configuration node or in the This policy setting overrides the behavior of the "Allow .rdp files from valid publishers and user's default .rdp settings" policy setting. -If the list contains a string that is not a certificate thumbprint, it is ignored. +If the list contains a string that isn't a certificate thumbprint, it's ignored. @@ -1292,7 +1292,7 @@ This policy setting specifies whether the UDP protocol will be used to access se - If you enable this policy setting, Remote Desktop Protocol traffic will only use the TCP protocol. -- If you disable or do not configure this policy setting, Remote Desktop Protocol traffic will attempt to use both TCP and UDP protocols. +- If you disable or don't configure this policy setting, Remote Desktop Protocol traffic will attempt to use both TCP and UDP protocols. @@ -1353,19 +1353,19 @@ You can use this policy setting to set a limit on the color depth of any connect - If you enable this policy setting, the color depth that you specify is the maximum color depth allowed for a user's RDP connection. The actual color depth for the connection is determined by the color support available on the client computer. If you select Client Compatible, the highest color depth supported by the client will be used. -- If you disable or do not configure this policy setting, the color depth for connections is not specified at the Group Policy level. +- If you disable or don't configure this policy setting, the color depth for connections isn't specified at the Group Policy level. Note: 1. Setting the color depth to 24 bits is only supported on Windows Server 2003 and Windows XP Professional. -2. The value specified in this policy setting is not applied to connections from client computers that are using at least Remote Desktop Protocol 8.0 (computers running at least Windows 8 or Windows Server 2012). The 32-bit color depth format is always used for these connections. +2. The value specified in this policy setting isn't applied to connections from client computers that are using at least Remote Desktop Protocol 8.0 (computers running at least Windows 8 or Windows Server 2012). The 32-bit color depth format is always used for these connections. 3. For connections from client computers that are using Remote Desktop Protocol 7.1 or earlier versions that are connecting to computers running at least Windows 8 or Windows Server 2012, the minimum of the following values is used as the color depth format: a. Value specified by this policy setting b. Maximum color depth supported by the client c. Value requested by the client -If the client does not support at least 16 bits, the connection is terminated. +If the client doesn't support at least 16 bits, the connection is terminated. @@ -1426,7 +1426,7 @@ This policy setting allows you to limit the size of the entire roaming user prof - If you enable this policy setting, you must specify a monitoring interval (in minutes) and a maximum size (in gigabytes) for the entire roaming user profile cache. The monitoring interval determines how often the size of the entire roaming user profile cache is checked. When the size of the entire roaming user profile cache exceeds the maximum size that you have specified, the oldest (least recently used) roaming user profiles will be deleted until the size of the entire roaming user profile cache is less than the maximum size specified. -- If you disable or do not configure this policy setting, no restriction is placed on the size of the entire roaming user profile cache on the local drive. +- If you disable or don't configure this policy setting, no restriction is placed on the size of the entire roaming user profile cache on the local drive. > [!NOTE] > This policy setting is ignored if the "Prevent Roaming Profile changes from propagating to the server" policy setting located in Computer Configuration\Policies\Administrative Templates\System\User Profiles is enabled. @@ -1486,7 +1486,7 @@ This policy setting allows you to limit the size of the entire roaming user prof Specifies whether desktop wallpaper is displayed to remote clients connecting via Remote Desktop Services. -You can use this setting to enforce the removal of wallpaper during a Remote Desktop Services session. By default, Windows XP Professional displays wallpaper to remote clients connecting through Remote Desktop, depending on the client configuration (see the Experience tab in the Remote Desktop Connection options for more information). Servers running Windows Server 2003 do not display wallpaper by default to Remote Desktop Services sessions. +You can use this setting to enforce the removal of wallpaper during a Remote Desktop Services session. By default, Windows XP Professional displays wallpaper to remote clients connecting through Remote Desktop, depending on the client configuration (see the Experience tab in the Remote Desktop Connection options for more information). Servers running Windows Server 2003 don't display wallpaper by default to Remote Desktop Services sessions. If the status is set to Enabled, wallpaper never appears in a Remote Desktop Services session. @@ -1553,10 +1553,10 @@ This policy setting enables system administrators to change the graphics renderi - If you disable this policy setting, all Remote Desktop Services sessions use the Microsoft Basic Render Driver as the default adapter. -- If you do not configure this policy setting, Remote Desktop Services sessions on the RD Session Host server use the Microsoft Basic Render Driver as the default adapter. In all other cases, Remote Desktop Services sessions use the hardware graphics renderer by default. +- If you don't configure this policy setting, Remote Desktop Services sessions on the RD Session Host server use the Microsoft Basic Render Driver as the default adapter. In all other cases, Remote Desktop Services sessions use the hardware graphics renderer by default. > [!NOTE] -> The policy setting enables load-balancing of graphics processing units (GPU) on a computer with more than one GPU installed. The GPU configuration of the local session is not affected by this policy setting. +> The policy setting enables load-balancing of graphics processing units (GPU) on a computer with more than one GPU installed. The GPU configuration of the local session isn't affected by this policy setting. @@ -1613,9 +1613,9 @@ This policy setting enables system administrators to change the graphics renderi This policy setting allows you to specify whether the Remote Desktop Easy Print printer driver is used first to install all client printers. -- If you enable or do not configure this policy setting, the RD Session Host server first tries to use the Remote Desktop Easy Print printer driver to install all client printers. If for any reason the Remote Desktop Easy Print printer driver cannot be used, a printer driver on the RD Session Host server that matches the client printer is used. If the RD Session Host server does not have a printer driver that matches the client printer, the client printer is not available for the Remote Desktop session. +- If you enable or don't configure this policy setting, the RD Session Host server first tries to use the Remote Desktop Easy Print printer driver to install all client printers. If for any reason the Remote Desktop Easy Print printer driver can't be used, a printer driver on the RD Session Host server that matches the client printer is used. If the RD Session Host server doesn't have a printer driver that matches the client printer, the client printer isn't available for the Remote Desktop session. -- If you disable this policy setting, the RD Session Host server tries to find a suitable printer driver to install the client printer. If the RD Session Host server does not have a printer driver that matches the client printer, the server tries to use the Remote Desktop Easy Print driver to install the client printer. If for any reason the Remote Desktop Easy Print printer driver cannot be used, the client printer is not available for the Remote Desktop Services session. +- If you disable this policy setting, the RD Session Host server tries to find a suitable printer driver to install the client printer. If the RD Session Host server doesn't have a printer driver that matches the client printer, the server tries to use the Remote Desktop Easy Print driver to install the client printer. If for any reason the Remote Desktop Easy Print printer driver can't be used, the client printer isn't available for the Remote Desktop Services session. > [!NOTE] > If the "Do not allow client printer redirection" policy setting is enabled, the "Use Remote Desktop Easy Print printer driver first" policy setting is ignored. @@ -1675,9 +1675,9 @@ This policy setting allows you to specify whether the Remote Desktop Easy Print This policy setting allows you to specify whether the Remote Desktop Easy Print printer driver is used first to install all client printers. -- If you enable or do not configure this policy setting, the RD Session Host server first tries to use the Remote Desktop Easy Print printer driver to install all client printers. If for any reason the Remote Desktop Easy Print printer driver cannot be used, a printer driver on the RD Session Host server that matches the client printer is used. If the RD Session Host server does not have a printer driver that matches the client printer, the client printer is not available for the Remote Desktop session. +- If you enable or don't configure this policy setting, the RD Session Host server first tries to use the Remote Desktop Easy Print printer driver to install all client printers. If for any reason the Remote Desktop Easy Print printer driver can't be used, a printer driver on the RD Session Host server that matches the client printer is used. If the RD Session Host server doesn't have a printer driver that matches the client printer, the client printer isn't available for the Remote Desktop session. -- If you disable this policy setting, the RD Session Host server tries to find a suitable printer driver to install the client printer. If the RD Session Host server does not have a printer driver that matches the client printer, the server tries to use the Remote Desktop Easy Print driver to install the client printer. If for any reason the Remote Desktop Easy Print printer driver cannot be used, the client printer is not available for the Remote Desktop Services session. +- If you disable this policy setting, the RD Session Host server tries to find a suitable printer driver to install the client printer. If the RD Session Host server doesn't have a printer driver that matches the client printer, the server tries to use the Remote Desktop Easy Print driver to install the client printer. If for any reason the Remote Desktop Easy Print printer driver can't be used, the client printer isn't available for the Remote Desktop Services session. > [!NOTE] > If the "Do not allow client printer redirection" policy setting is enabled, the "Use Remote Desktop Easy Print printer driver first" policy setting is ignored. @@ -1745,7 +1745,7 @@ When deployed on an RD Session Host server, RemoteFX delivers a rich user experi - If you disable this policy setting, RemoteFX will be disabled. -- If you do not configure this policy setting, the default behavior will be used. By default, RemoteFX for RD Virtualization Host is enabled and RemoteFX for RD Session Host is disabled. +- If you don't configure this policy setting, the default behavior will be used. By default, RemoteFX for RD Virtualization Host is enabled and RemoteFX for RD Session Host is disabled. @@ -1802,21 +1802,21 @@ When deployed on an RD Session Host server, RemoteFX delivers a rich user experi This policy setting allows you to specify the RD Session Host server fallback printer driver behavior. -By default, the RD Session Host server fallback printer driver is disabled. If the RD Session Host server does not have a printer driver that matches the client's printer, no printer will be available for the Remote Desktop Services session. +By default, the RD Session Host server fallback printer driver is disabled. If the RD Session Host server doesn't have a printer driver that matches the client's printer, no printer will be available for the Remote Desktop Services session. -- If you enable this policy setting, the fallback printer driver is enabled, and the default behavior is for the RD Session Host server to find a suitable printer driver. If one is not found, the client's printer is not available. You can choose to change this default behavior. The available options are: +- If you enable this policy setting, the fallback printer driver is enabled, and the default behavior is for the RD Session Host server to find a suitable printer driver. If one isn't found, the client's printer isn't available. You can choose to change this default behavior. The available options are: -"Do nothing if one is not found" - If there is a printer driver mismatch, the server will attempt to find a suitable driver. If one is not found, the client's printer is not available. This is the default behavior. +"Do nothing if one isn't found" - If there is a printer driver mismatch, the server will attempt to find a suitable driver. If one isn't found, the client's printer isn't available. This is the default behavior. -"Default to PCL if one is not found" - If no suitable printer driver can be found, default to the Printer Control Language (PCL) fallback printer driver. +"Default to PCL if one isn't found" - If no suitable printer driver can be found, default to the Printer Control Language (PCL) fallback printer driver. -"Default to PS if one is not found" - If no suitable printer driver can be found, default to the PostScript (PS) fallback printer driver. +"Default to PS if one isn't found" - If no suitable printer driver can be found, default to the PostScript (PS) fallback printer driver. -"Show both PCL and PS if one is not found" - If no suitable driver can be found, show both PS and PCL-based fallback printer drivers. +"Show both PCL and PS if one isn't found" - If no suitable driver can be found, show both PS and PCL-based fallback printer drivers. -- If you disable this policy setting, the RD Session Host server fallback driver is disabled and the RD Session Host server will not attempt to use the fallback printer driver. +- If you disable this policy setting, the RD Session Host server fallback driver is disabled and the RD Session Host server won't attempt to use the fallback printer driver. -- If you do not configure this policy setting, the fallback printer driver behavior is off by default. +- If you don't configure this policy setting, the fallback printer driver behavior is off by default. > [!NOTE] > If the "Do not allow client printer redirection" setting is enabled, this policy setting is ignored and the fallback printer driver is disabled. @@ -1874,13 +1874,13 @@ By default, the RD Session Host server fallback printer driver is disabled. If t -This policy setting determines whether an administrator attempting to connect remotely to the console of a server can log off an administrator currently logged on to the console. +This policy setting determines whether an administrator attempting to connect remotely to the console of a server can log off an administrator currently logged-on to the console. -This policy is useful when the currently connected administrator does not want to be logged off by another administrator. If the connected administrator is logged off, any data not previously saved is lost. +This policy is useful when the currently connected administrator doesn't want to be logged off by another administrator. If the connected administrator is logged off, any data not previously saved is lost. -- If you enable this policy setting, logging off the connected administrator is not allowed. +- If you enable this policy setting, logging off the connected administrator isn't allowed. -- If you disable or do not configure this policy setting, logging off the connected administrator is allowed. +- If you disable or don't configure this policy setting, logging off the connected administrator is allowed. > [!NOTE] > The console session is also known as Session 0. Console access can be obtained by using the /console switch from Remote Desktop Connection in the computer field name or from the command line. @@ -1938,11 +1938,11 @@ This policy is useful when the currently connected administrator does not want t -Specifies the authentication method that clients must use when attempting to connect to an RD Session Host server through an RD Gateway server. You can enforce this policy setting or you can allow users to overwrite this policy setting. By default, when you enable this policy setting, it is enforced. When this policy setting is enforced, users cannot override this setting, even if they select the "Use these RD Gateway server settings" option on the client. +Specifies the authentication method that clients must use when attempting to connect to an RD Session Host server through an RD Gateway server. You can enforce this policy setting or you can allow users to overwrite this policy setting. By default, when you enable this policy setting, it's enforced. When this policy setting is enforced, users can't override this setting, even if they select the "Use these RD Gateway server settings" option on the client. -To allow users to overwrite this policy setting, select the "Allow users to change this setting" check box. When you do this, users can specify an alternate authentication method by configuring settings on the client, using an RDP file, or using an HTML script. If users do not specify an alternate authentication method, the authentication method that you specify in this policy setting is used by default. +To allow users to overwrite this policy setting, select the "Allow users to change this setting" check box. When you do this, users can specify an alternate authentication method by configuring settings on the client, using an RDP file, or using an HTML script. If users don't specify an alternate authentication method, the authentication method that you specify in this policy setting is used by default. -If you disable or do not configure this policy setting, the authentication method that is specified by the user is used, if one is specified. If an authentication method is not specified, the Negotiate protocol that is enabled on the client or a smart card can be used for authentication. +If you disable or don't configure this policy setting, the authentication method that's specified by the user is used, if one is specified. If an authentication method isn't specified, the Negotiate protocol that's enabled on the client or a smart card can be used for authentication. @@ -1997,16 +1997,16 @@ If you disable or do not configure this policy setting, the authentication metho -- If you enable this policy setting, when Remote Desktop Connection cannot connect directly to a remote computer (an RD Session Host server or a computer with Remote Desktop enabled), the clients will attempt to connect to the remote computer through an RD Gateway server. In this case, the clients will attempt to connect to the RD Gateway server that is specified in the "Set RD Gateway server address" policy setting. +- If you enable this policy setting, when Remote Desktop Connection can't connect directly to a remote computer (an RD Session Host server or a computer with Remote Desktop enabled), the clients will attempt to connect to the remote computer through an RD Gateway server. In this case, the clients will attempt to connect to the RD Gateway server that's specified in the "Set RD Gateway server address" policy setting. -You can enforce this policy setting or you can allow users to overwrite this setting. By default, when you enable this policy setting, it is enforced. When this policy setting is enforced, users cannot override this setting, even if they select the "Use these RD Gateway server settings" option on the client. +You can enforce this policy setting or you can allow users to overwrite this setting. By default, when you enable this policy setting, it's enforced. When this policy setting is enforced, users can't override this setting, even if they select the "Use these RD Gateway server settings" option on the client. > [!NOTE] -> To enforce this policy setting, you must also specify the address of the RD Gateway server by using the "Set RD Gateway server address" policy setting, or client connection attempts to any remote computer will fail, if the client cannot connect directly to the remote computer. To enhance security, it is also highly recommended that you specify the authentication method by using the "Set RD Gateway authentication method" policy setting. If you do not specify an authentication method by using this policy setting, either the NTLM protocol that is enabled on the client or a smart card can be used. +> To enforce this policy setting, you must also specify the address of the RD Gateway server by using the "Set RD Gateway server address" policy setting, or client connection attempts to any remote computer will fail, if the client can't connect directly to the remote computer. To enhance security, it's also highly recommended that you specify the authentication method by using the "Set RD Gateway authentication method" policy setting. If you don't specify an authentication method by using this policy setting, either the NTLM protocol that's enabled on the client or a smart card can be used. -To allow users to overwrite this policy setting, select the "Allow users to change this setting" check box. When you do this, users on the client can choose not to connect through the RD Gateway server by selecting the "Do not use an RD Gateway server" option. Users can specify a connection method by configuring settings on the client, using an RDP file, or using an HTML script. If users do not specify a connection method, the connection method that you specify in this policy setting is used by default. +To allow users to overwrite this policy setting, select the "Allow users to change this setting" check box. When you do this, users on the client can choose not to connect through the RD Gateway server by selecting the "Do not use an RD Gateway server" option. Users can specify a connection method by configuring settings on the client, using an RDP file, or using an HTML script. If users don't specify a connection method, the connection method that you specify in this policy setting is used by default. -- If you disable or do not configure this policy setting, clients will not use the RD Gateway server address that is specified in the "Set RD Gateway server address" policy setting. If an RD Gateway server is specified by the user, a client connection attempt will be made through that RD Gateway server. +- If you disable or don't configure this policy setting, clients won't use the RD Gateway server address that's specified in the "Set RD Gateway server address" policy setting. If an RD Gateway server is specified by the user, a client connection attempt will be made through that RD Gateway server. @@ -2061,15 +2061,15 @@ To allow users to overwrite this policy setting, select the "Allow users to chan -Specifies the address of the RD Gateway server that clients must use when attempting to connect to an RD Session Host server. You can enforce this policy setting or you can allow users to overwrite this policy setting. By default, when you enable this policy setting, it is enforced. When this policy setting is enforced, users cannot override this setting, even if they select the "Use these RD Gateway server settings" option on the client. +Specifies the address of the RD Gateway server that clients must use when attempting to connect to an RD Session Host server. You can enforce this policy setting or you can allow users to overwrite this policy setting. By default, when you enable this policy setting, it's enforced. When this policy setting is enforced, users can't override this setting, even if they select the "Use these RD Gateway server settings" option on the client. > [!NOTE] -> It is highly recommended that you also specify the authentication method by using the "Set RD Gateway authentication method" policy setting. If you do not specify an authentication method by using this setting, either the NTLM protocol that is enabled on the client or a smart card can be used. +> It's highly recommended that you also specify the authentication method by using the "Set RD Gateway authentication method" policy setting. If you don't specify an authentication method by using this setting, either the NTLM protocol that's enabled on the client or a smart card can be used. -To allow users to overwrite the "Set RD Gateway server address" policy setting and connect to another RD Gateway server, you must select the "Allow users to change this setting" check box and users will be allowed to specify an alternate RD Gateway server. Users can specify an alternative RD Gateway server by configuring settings on the client, using an RDP file, or using an HTML script. If users do not specify an alternate RD Gateway server, the server that you specify in this policy setting is used by default. +To allow users to overwrite the "Set RD Gateway server address" policy setting and connect to another RD Gateway server, you must select the "Allow users to change this setting" check box and users will be allowed to specify an alternate RD Gateway server. Users can specify an alternative RD Gateway server by configuring settings on the client, using an RDP file, or using an HTML script. If users don't specify an alternate RD Gateway server, the server that you specify in this policy setting is used by default. > [!NOTE] -> If you disable or do not configure this policy setting, but enable the "Enable connections through RD Gateway" policy setting, client connection attempts to any remote computer will fail, if the client cannot connect directly to the remote computer. If an RD Gateway server is specified by the user, a client connection attempt will be made through that RD Gateway server. +> If you disable or don't configure this policy setting, but enable the "Enable connections through RD Gateway" policy setting, client connection attempts to any remote computer will fail, if the client can't connect directly to the remote computer. If an RD Gateway server is specified by the user, a client connection attempt will be made through that RD Gateway server. @@ -2125,11 +2125,11 @@ To allow users to overwrite the "Set RD Gateway server address" policy setting a This policy setting allows you to specify whether the RD Session Host server should join a farm in RD Connection Broker. RD Connection Broker tracks user sessions and allows a user to reconnect to their existing session in a load-balanced RD Session Host server farm. To participate in RD Connection Broker, the Remote Desktop Session Host role service must be installed on the server. -If the policy setting is enabled, the RD Session Host server joins the farm that is specified in the RD Connection Broker farm name policy setting. The farm exists on the RD Connection Broker server that is specified in the Configure RD Connection Broker server name policy setting. +If the policy setting is enabled, the RD Session Host server joins the farm that's specified in the RD Connection Broker farm name policy setting. The farm exists on the RD Connection Broker server that's specified in the Configure RD Connection Broker server name policy setting. -- If you disable this policy setting, the server does not join a farm in RD Connection Broker, and user session tracking is not performed. If the policy setting is disabled, you cannot use either the Remote Desktop Session Host Configuration tool or the Remote Desktop Services WMI Provider to join the server to RD Connection Broker. +- If you disable this policy setting, the server doesn't join a farm in RD Connection Broker, and user session tracking isn't performed. If the policy setting is disabled, you can't use either the Remote Desktop Session Host Configuration tool or the Remote Desktop Services WMI Provider to join the server to RD Connection Broker. -If the policy setting is not configured, the policy setting is not specified at the Group Policy level. +If the policy setting isn't configured, the policy setting isn't specified at the Group Policy level. Note: @@ -2198,7 +2198,7 @@ After an RD Session Host server client loses the connection to an RD Session Hos - If you enable this policy setting, you must enter a keep-alive interval. The keep-alive interval determines how often, in minutes, the server checks the session state. The range of values you can enter is 1 to 999,999. -- If you disable or do not configure this policy setting, a keep-alive interval is not set and the server will not check the session state. +- If you disable or don't configure this policy setting, a keep-alive interval isn't set and the server won't check the session state. @@ -2261,7 +2261,7 @@ You can use this policy setting to control which RD Session Host servers are iss By default, the RDS Endpoint Servers group is empty. -- If you disable or do not configure this policy setting, the Remote Desktop license server issues an RDS CAL to any RD Session Host server that requests one. The RDS Endpoint Servers group is not deleted or changed in any way by disabling or not configuring this policy setting. +- If you disable or don't configure this policy setting, the Remote Desktop license server issues an RDS CAL to any RD Session Host server that requests one. The RDS Endpoint Servers group isn't deleted or changed in any way by disabling or not configuring this policy setting. > [!NOTE] > You should only enable this policy setting when the license server is a member of a domain. You can only add computer accounts for RD Session Host servers to the RDS Endpoint Servers group when the license server is a member of a domain. @@ -2321,13 +2321,13 @@ By default, the RDS Endpoint Servers group is empty. This policy setting allows you to specify the order in which an RD Session Host server attempts to locate Remote Desktop license servers. -- If you enable this policy setting, an RD Session Host server first attempts to locate the specified license servers. If the specified license servers cannot be located, the RD Session Host server will attempt automatic license server discovery. In the automatic license server discovery process, an RD Session Host server in a Windows Server-based domain attempts to contact a license server in the following order: +- If you enable this policy setting, an RD Session Host server first attempts to locate the specified license servers. If the specified license servers can't be located, the RD Session Host server will attempt automatic license server discovery. In the automatic license server discovery process, an RD Session Host server in a Windows Server-based domain attempts to contact a license server in the following order: 1. Remote Desktop license servers that are published in Active Directory Domain Services. 2. Remote Desktop license servers that are installed on domain controllers in the same domain as the RD Session Host server. -- If you disable or do not configure this policy setting, the RD Session Host server does not specify a license server at the Group Policy level. +- If you disable or don't configure this policy setting, the RD Session Host server doesn't specify a license server at the Group Policy level. @@ -2385,9 +2385,9 @@ This policy setting determines whether notifications are displayed on an RD Sess By default, notifications are displayed on an RD Session Host server after you log on as a local administrator, if there are problems with RD Licensing that affect the RD Session Host server. If applicable, a notification will also be displayed that notes the number of days until the licensing grace period for the RD Session Host server will expire. -- If you enable this policy setting, these notifications will not be displayed on the RD Session Host server. +- If you enable this policy setting, these notifications won't be displayed on the RD Session Host server. -- If you disable or do not configure this policy setting, these notifications will be displayed on the RD Session Host server after you log on as a local administrator. +- If you disable or don't configure this policy setting, these notifications will be displayed on the RD Session Host server after you log on as a local administrator. @@ -2441,7 +2441,7 @@ By default, notifications are displayed on an RD Session Host server after you l -This policy setting allows you to specify the type of Remote Desktop Services client access license (RDS CAL) that is required to connect to this RD Session Host server. +This policy setting allows you to specify the type of Remote Desktop Services client access license (RDS CAL) that's required to connect to this RD Session Host server. You can use this policy setting to select one of two licensing modes: Per User or Per Device. @@ -2451,7 +2451,7 @@ Per Device licensing mode requires that each device connecting to this RD Sessio - If you enable this policy setting, the Remote Desktop licensing mode that you specify is honored by the Remote Desktop license server and RD Session Host. -- If you disable or do not configure this policy setting, the licensing mode is not specified at the Group Policy level. +- If you disable or don't configure this policy setting, the licensing mode isn't specified at the Group Policy level. @@ -2513,7 +2513,7 @@ To use this setting, enter the number of connections you want to specify as the If the status is set to Enabled, the maximum number of connections is limited to the specified number consistent with the version of Windows and the mode of Remote Desktop Services running on the server. -If the status is set to Disabled or Not Configured, limits to the number of connections are not enforced at the Group Policy level. +If the status is set to Disabled or Not Configured, limits to the number of connections aren't enforced at the Group Policy level. > [!NOTE] > This setting is designed to be used on RD Session Host servers (that is, on servers running Windows with Remote Desktop Session Host role service installed). @@ -2574,7 +2574,7 @@ This policy setting allows you to specify the maximum display resolution that ca - If you enable this policy setting, you must specify a resolution width and height. The resolution specified will be the maximum resolution that can be used by each monitor used to display a Remote Desktop Services session. -- If you disable or do not configure this policy setting, the maximum resolution that can be used by each monitor to display a Remote Desktop Services session will be determined by the values specified on the Display Settings tab in the Remote Desktop Session Host Configuration tool. +- If you disable or don't configure this policy setting, the maximum resolution that can be used by each monitor to display a Remote Desktop Services session will be determined by the values specified on the Display Settings tab in the Remote Desktop Session Host Configuration tool. @@ -2632,7 +2632,7 @@ This policy setting allows you to limit the number of monitors that a user can u - If you enable this policy setting, you can specify the number of monitors that can be used to display a Remote Desktop Services session. You can specify a number from 1 to 16. -- If you disable or do not configure this policy setting, the number of monitors that can be used to display a Remote Desktop Services session is not specified at the Group Policy level. +- If you disable or don't configure this policy setting, the number of monitors that can be used to display a Remote Desktop Services session isn't specified at the Group Policy level. @@ -2690,12 +2690,12 @@ This policy setting allows you to remove the "Disconnect" option from the Shut D You can use this policy setting to prevent users from using this familiar method to disconnect their client from an RD Session Host server. -- If you enable this policy setting, "Disconnect" does not appear as an option in the drop-down list in the Shut Down Windows dialog box. +- If you enable this policy setting, "Disconnect" doesn't appear as an option in the drop-down list in the Shut Down Windows dialog box. -- If you disable or do not configure this policy setting, "Disconnect" is not removed from the list in the Shut Down Windows dialog box. +- If you disable or don't configure this policy setting, "Disconnect" isn't removed from the list in the Shut Down Windows dialog box. > [!NOTE] -> This policy setting affects only the Shut Down Windows dialog box. It does not prevent users from using other methods to disconnect from a Remote Desktop Services session. This policy setting also does not prevent disconnected sessions at the server. You can control how long a disconnected session remains active on the server by configuring the "Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\RD Session Host\Session Time Limits\Set time limit for disconnected sessions" policy setting. +> This policy setting affects only the Shut Down Windows dialog box. It doesn't prevent users from using other methods to disconnect from a Remote Desktop Services session. This policy setting also doesn't prevent disconnected sessions at the server. You can control how long a disconnected session remains active on the server by configuring the "Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\RD Session Host\Session Time Limits\Set time limit for disconnected sessions" policy setting. @@ -2752,7 +2752,7 @@ You can use this policy setting to prevent users from using this familiar method Specifies whether to remove the Windows Security item from the Settings menu on Remote Desktop clients. You can use this setting to prevent inexperienced users from logging off from Remote Desktop Services inadvertently. -If the status is set to Enabled, Windows Security does not appear in Settings on the Start menu. As a result, users must type a security attention sequence, such as CTRL+ALT+END, to open the Windows Security dialog box on the client computer. +If the status is set to Enabled, Windows Security doesn't appear in Settings on the Start menu. As a result, users must type a security attention sequence, such as CTRL+ALT+END, to open the Windows Security dialog box on the client computer. If the status is set to Disabled or Not Configured, Windows Security remains in the Settings menu. @@ -2813,14 +2813,14 @@ This policy setting allows you to specify which version of Remote Desktop Servic A license server attempts to provide the most appropriate RDS or TS CAL for a connection. For example, a Windows Server 2008 license server will try to issue a Windows Server 2008 TS CAL for clients connecting to a terminal server running Windows Server 2008, and will try to issue a Windows Server 2003 TS CAL for clients connecting to a terminal server running Windows Server 2003. -By default, if the most appropriate RDS CAL is not available for a connection, a Windows Server 2008 license server will issue a Windows Server 2008 TS CAL, if available, to the following: +By default, if the most appropriate RDS CAL isn't available for a connection, a Windows Server 2008 license server will issue a Windows Server 2008 TS CAL, if available, to the following: * A client connecting to a Windows Server 2003 terminal server * A client connecting to a Windows 2000 terminal server -- If you enable this policy setting, the license server will only issue a temporary RDS CAL to the client if an appropriate RDS CAL for the RD Session Host server is not available. If the client has already been issued a temporary RDS CAL and the temporary RDS CAL has expired, the client will not be able to connect to the RD Session Host server unless the RD Licensing grace period for the RD Session Host server has not expired. +- If you enable this policy setting, the license server will only issue a temporary RDS CAL to the client if an appropriate RDS CAL for the RD Session Host server isn't available. If the client has already been issued a temporary RDS CAL and the temporary RDS CAL has expired, the client won't be able to connect to the RD Session Host server unless the RD Licensing grace period for the RD Session Host server hasn't expired. -- If you disable or do not configure this policy setting, the license server will exhibit the default behavior noted earlier. +- If you disable or don't configure this policy setting, the license server will exhibit the default behavior noted earlier. @@ -2877,12 +2877,12 @@ By default, if the most appropriate RDS CAL is not available for a connection, a This policy setting determines whether a user will be prompted on the client computer to provide credentials for a remote connection to an RD Session Host server. -- If you enable this policy setting, a user will be prompted on the client computer instead of on the RD Session Host server to provide credentials for a remote connection to an RD Session Host server. If saved credentials for the user are available on the client computer, the user will not be prompted to provide credentials. +- If you enable this policy setting, a user will be prompted on the client computer instead of on the RD Session Host server to provide credentials for a remote connection to an RD Session Host server. If saved credentials for the user are available on the client computer, the user won't be prompted to provide credentials. > [!NOTE] > If you enable this policy setting in releases of Windows Server 2008 R2 with SP1 or Windows Server 2008 R2, and a user is prompted on both the client computer and on the RD Session Host server to provide credentials, clear the Always prompt for password check box on the Log on Settings tab in Remote Desktop Session Host Configuration. -- If you disable or do not configure this policy setting, the version of the operating system on the RD Session Host server will determine when a user is prompted to provide credentials for a remote connection to an RD Session Host server. For Windows Server 2003 and Windows 2000 Server a user will be prompted on the terminal server to provide credentials for a remote connection. For Windows Server 2008 and Windows Server 2008 R2, a user will be prompted on the client computer to provide credentials for a remote connection. +- If you disable or don't configure this policy setting, the version of the operating system on the RD Session Host server will determine when a user is prompted to provide credentials for a remote connection to an RD Session Host server. For Windows Server 2003 and Windows 2000 Server a user will be prompted on the terminal server to provide credentials for a remote connection. For Windows Server 2008 and Windows Server 2008 R2, a user will be prompted on the client computer to provide credentials for a remote connection. @@ -2941,9 +2941,9 @@ This policy setting specifies the default connection URL for RemoteApp and Deskt The default connection URL must be configured in the form of< https://contoso.com/rdweb/Feed/webfeed.aspx>. -- If you enable this policy setting, the specified URL is configured as the default connection URL for the user and replaces any existing connection URL. The user cannot change the default connection URL. The user's default logon credentials are used when setting up the default connection URL. +- If you enable this policy setting, the specified URL is configured as the default connection URL for the user and replaces any existing connection URL. The user can't change the default connection URL. The user's default logon credentials are used when setting up the default connection URL. -- If you disable or do not configure this policy setting, the user has no default connection URL. +- If you disable or don't configure this policy setting, the user has no default connection URL. > [!NOTE] > RemoteApp programs that are installed through RemoteApp and Desktop Connections from an untrusted server can compromise the security of a user's account. @@ -3006,7 +3006,7 @@ By default, when a new user signs in to a computer, the Start screen is shown an - If you enable this policy setting, user sign-in is blocked for up to 6 minutes to complete the app registration. You can use this policy setting when customizing the Start screen on Remote Desktop Session Host servers. -- If you disable or do not configure this policy setting, the Start screen is shown and apps are registered in the background. +- If you disable or don't configure this policy setting, the Start screen is shown and apps are registered in the background. @@ -3191,13 +3191,13 @@ By default, when a new user signs in to a computer, the Start screen is shown an -This policy setting allows you to specify the visual experience that remote users will have in Remote Desktop Connection (RDC) connections that use RemoteFX. You can use this policy to balance the network bandwidth usage with the type of graphics experience that is delivered. +This policy setting allows you to specify the visual experience that remote users will have in Remote Desktop Connection (RDC) connections that use RemoteFX. You can use this policy to balance the network bandwidth usage with the type of graphics experience that's delivered. -Depending on the requirements of your users, you can reduce network bandwidth usage by reducing the screen capture rate. You can also reduce network bandwidth usage by reducing the image quality (increasing the amount of image compression that is performed). +Depending on the requirements of your users, you can reduce network bandwidth usage by reducing the screen capture rate. You can also reduce network bandwidth usage by reducing the image quality (increasing the amount of image compression that's performed). If you have a higher than average bandwidth network, you can maximize the utilization of bandwidth by selecting the highest setting for screen capture rate and the highest setting for image quality. -By default, Remote Desktop Connection sessions that use RemoteFX are optimized for a balanced experience over LAN conditions. If you disable or do not configure this policy setting, Remote Desktop Connection sessions that use RemoteFX will be the same as if the medium screen capture rate and the medium image compression settings were selected (the default behavior). +By default, Remote Desktop Connection sessions that use RemoteFX are optimized for a balanced experience over LAN conditions. If you disable or don't configure this policy setting, Remote Desktop Connection sessions that use RemoteFX will be the same as if the medium screen capture rate and the medium image compression settings were selected (the default behavior). @@ -3251,17 +3251,17 @@ By default, Remote Desktop Connection sessions that use RemoteFX are optimized f -This policy setting allows you to specify the name of a farm to join in RD Connection Broker. RD Connection Broker uses the farm name to determine which RD Session Host servers are in the same RD Session Host server farm. Therefore, you must use the same farm name for all RD Session Host servers in the same load-balanced farm. The farm name does not have to correspond to a name in Active Directory Domain Services. +This policy setting allows you to specify the name of a farm to join in RD Connection Broker. RD Connection Broker uses the farm name to determine which RD Session Host servers are in the same RD Session Host server farm. Therefore, you must use the same farm name for all RD Session Host servers in the same load-balanced farm. The farm name doesn't have to correspond to a name in Active Directory Domain Services. If you specify a new farm name, a new farm is created in RD Connection Broker. If you specify an existing farm name, the server joins that farm in RD Connection Broker. - If you enable this policy setting, you must specify the name of a farm in RD Connection Broker. -- If you disable or do not configure this policy setting, the farm name is not specified at the Group Policy level. +- If you disable or don't configure this policy setting, the farm name isn't specified at the Group Policy level. Note: -1. This policy setting is not effective unless both the Join RD Connection Broker and the Configure RD Connection Broker server name policy settings are enabled and configured by using Group Policy. +1. This policy setting isn't effective unless both the Join RD Connection Broker and the Configure RD Connection Broker server name policy settings are enabled and configured by using Group Policy. 2. For Windows Server 2008, this policy setting is supported on at least Windows Server 2008 Standard. @@ -3317,13 +3317,13 @@ Note: -This policy setting allows you to specify the redirection method to use when a client device reconnects to an existing Remote Desktop Services session in a load-balanced RD Session Host server farm. This setting applies to an RD Session Host server that is configured to use RD Connection Broker and not to the RD Connection Broker server. +This policy setting allows you to specify the redirection method to use when a client device reconnects to an existing Remote Desktop Services session in a load-balanced RD Session Host server farm. This setting applies to an RD Session Host server that's configured to use RD Connection Broker and not to the RD Connection Broker server. - If you enable this policy setting, a Remote Desktop Services client queries the RD Connection Broker server and is redirected to their existing session by using the IP address of the RD Session Host server where their session exists. To use this redirection method, client computers must be able to connect directly by IP address to RD Session Host servers in the farm. -- If you disable this policy setting, the IP address of the RD Session Host server is not sent to the client. Instead, the IP address is embedded in a token. When a client reconnects to the load balancer, the routing token is used to redirect the client to their existing session on the correct RD Session Host server in the farm. Only disable this setting when your network load-balancing solution supports the use of RD Connection Broker routing tokens and you do not want clients to directly connect by IP address to RD Session Host servers in the load-balanced farm. +- If you disable this policy setting, the IP address of the RD Session Host server isn't sent to the client. Instead, the IP address is embedded in a token. When a client reconnects to the load balancer, the routing token is used to redirect the client to their existing session on the correct RD Session Host server in the farm. Only disable this setting when your network load-balancing solution supports the use of RD Connection Broker routing tokens and you don't want clients to directly connect by IP address to RD Session Host servers in the load-balanced farm. -- If you do not configure this policy setting, the Use IP address redirection policy setting is not enforced at the group Group policy Policy level and the default will be used. This setting is enabled by default. +- If you don't configure this policy setting, the Use IP address redirection policy setting isn't enforced at the group Group policy Policy level and the default will be used. This setting is enabled by default. Note: @@ -3386,13 +3386,13 @@ This policy setting allows you to specify the RD Connection Broker server that t - If you enable this policy setting, you must specify the RD Connection Broker server by using its fully qualified domain name (FQDN). In Windows Server 2012, for a high availability setup with multiple RD Connection Broker servers, you must provide a semi-colon separated list of the FQDNs of all the RD Connection Broker servers. -- If you disable or do not configure this policy setting, the policy setting is not specified at the Group Policy level. +- If you disable or don't configure this policy setting, the policy setting isn't specified at the Group Policy level. Note: 1. For Windows Server 2008, this policy setting is supported on at least Windows Server 2008 Standard. -2. This policy setting is not effective unless the Join RD Connection Broker policy setting is enabled. +2. This policy setting isn't effective unless the Join RD Connection Broker policy setting is enabled. 3. To be an active member of an RD Session Host server farm, the computer account for each RD Session Host server in the farm must be a member of one of the following local groups on the RD Connection Broker server: Session Directory Computers, Session Broker Computers, or RDS Endpoint Servers. @@ -3452,13 +3452,13 @@ This policy setting specifies whether to require the use of a specific security - If you enable this policy setting, all communications between clients and RD Session Host servers during remote connections must use the security method specified in this setting. The following security methods are available: -* Negotiate: The Negotiate method enforces the most secure method that is supported by the client. If Transport Layer Security (TLS) version 1.0 is supported, it is used to authenticate the RD Session Host server. If TLS is not supported, native Remote Desktop Protocol (RDP) encryption is used to secure communications, but the RD Session Host server is not authenticated. Native RDP encryption (as opposed to SSL encryption) is not recommended. +* Negotiate: The Negotiate method enforces the most secure method that's supported by the client. If Transport Layer Security (TLS) version 1.0 is supported, it's used to authenticate the RD Session Host server. If TLS isn't supported, native Remote Desktop Protocol (RDP) encryption is used to secure communications, but the RD Session Host server isn't authenticated. Native RDP encryption (as opposed to SSL encryption) isn't recommended. -* RDP: The RDP method uses native RDP encryption to secure communications between the client and RD Session Host server. If you select this setting, the RD Session Host server is not authenticated. Native RDP encryption (as opposed to SSL encryption) is not recommended. +* RDP: The RDP method uses native RDP encryption to secure communications between the client and RD Session Host server. If you select this setting, the RD Session Host server isn't authenticated. Native RDP encryption (as opposed to SSL encryption) isn't recommended. -* SSL (TLS 1.0): The SSL method requires the use of TLS 1.0 to authenticate the RD Session Host server. If TLS is not supported, the connection fails. This is the recommended setting for this policy. +* SSL (TLS 1.0): The SSL method requires the use of TLS 1.0 to authenticate the RD Session Host server. If TLS isn't supported, the connection fails. This is the recommended setting for this policy. -- If you disable or do not configure this policy setting, the security method to be used for remote connections to RD Session Host servers is not specified at the Group Policy level. +- If you disable or don't configure this policy setting, the security method to be used for remote connections to RD Session Host servers isn't specified at the Group Policy level. @@ -3516,13 +3516,13 @@ This policy setting allows you to specify how the Remote Desktop Protocol will t You can choose to disable Connect Time Detect, Continuous Network Detect, or both Connect Time Detect and Continuous Network Detect. -If you disable Connect Time Detect, Remote Desktop Protocol will not determine the network quality at the connect time, and it will assume that all traffic to this server originates from a low-speed connection. +If you disable Connect Time Detect, Remote Desktop Protocol won't determine the network quality at the connect time, and it will assume that all traffic to this server originates from a low-speed connection. -If you disable Continuous Network Detect, Remote Desktop Protocol will not try to adapt the remote user experience to varying network quality. +If you disable Continuous Network Detect, Remote Desktop Protocol won't try to adapt the remote user experience to varying network quality. -If you disable Connect Time Detect and Continuous Network Detect, Remote Desktop Protocol will not try to determine the network quality at the connect time; instead it will assume that all traffic to this server originates from a low-speed connection, and it will not try to adapt the user experience to varying network quality. +If you disable Connect Time Detect and Continuous Network Detect, Remote Desktop Protocol won't try to determine the network quality at the connect time; instead it will assume that all traffic to this server originates from a low-speed connection, and it won't try to adapt the user experience to varying network quality. -If you disable or do not configure this policy setting, Remote Desktop Protocol will spend up to a few seconds trying to determine the network quality prior to the connection, and it will continuously try to adapt the user experience to varying network quality. +If you disable or don't configure this policy setting, Remote Desktop Protocol will spend up to a few seconds trying to determine the network quality prior to the connection, and it will continuously try to adapt the user experience to varying network quality. @@ -3584,9 +3584,9 @@ You can select one of the following options: "Use both UDP and TCP", "Use only T If you select "Use either UDP or TCP" and the UDP connection is successful, most of the RDP traffic will use UDP. -If the UDP connection is not successful or if you select "Use only TCP," all of the RDP traffic will use TCP. +If the UDP connection isn't successful or if you select "Use only TCP," all of the RDP traffic will use TCP. -- If you disable or do not configure this policy setting, RDP will choose the optimal protocols for delivering the best user experience. +- If you disable or don't configure this policy setting, RDP will choose the optimal protocols for delivering the best user experience. @@ -3640,11 +3640,11 @@ If the UDP connection is not successful or if you select "Use only TCP," all of -This policy setting allows you to enable RemoteApp programs to use advanced graphics, including support for transparency, live thumbnails, and seamless application moves. This policy setting applies only to RemoteApp programs and does not apply to remote desktop sessions. +This policy setting allows you to enable RemoteApp programs to use advanced graphics, including support for transparency, live thumbnails, and seamless application moves. This policy setting applies only to RemoteApp programs and doesn't apply to remote desktop sessions. -- If you enable or do not configure this policy setting, RemoteApp programs published from this RD Session Host server will use these advanced graphics. +- If you enable or don't configure this policy setting, RemoteApp programs published from this RD Session Host server will use these advanced graphics. -- If you disable this policy setting, RemoteApp programs published from this RD Session Host server will not use these advanced graphics. You may want to choose this option if you discover that applications published as RemoteApp programs do not support these advanced graphics. +- If you disable this policy setting, RemoteApp programs published from this RD Session Host server won't use these advanced graphics. You may want to choose this option if you discover that applications published as RemoteApp programs don't support these advanced graphics. @@ -3699,17 +3699,17 @@ This policy setting allows you to enable RemoteApp programs to use advanced grap -This policy setting allows you to specify whether the client will establish a connection to the RD Session Host server when the client cannot authenticate the RD Session Host server. +This policy setting allows you to specify whether the client will establish a connection to the RD Session Host server when the client can't authenticate the RD Session Host server. - If you enable this policy setting, you must specify one of the following settings: -Always connect, even if authentication fails: The client connects to the RD Session Host server even if the client cannot authenticate the RD Session Host server. +Always connect, even if authentication fails: The client connects to the RD Session Host server even if the client can't authenticate the RD Session Host server. -Warn me if authentication fails: The client attempts to authenticate the RD Session Host server. If the RD Session Host server can be authenticated, the client establishes a connection to the RD Session Host server. If the RD Session Host server cannot be authenticated, the user is prompted to choose whether to connect to the RD Session Host server without authenticating the RD Session Host server. +Warn me if authentication fails: The client attempts to authenticate the RD Session Host server. If the RD Session Host server can be authenticated, the client establishes a connection to the RD Session Host server. If the RD Session Host server can't be authenticated, the user is prompted to choose whether to connect to the RD Session Host server without authenticating the RD Session Host server. -Do not connect if authentication fails: The client establishes a connection to the RD Session Host server only if the RD Session Host server can be authenticated. +Don't connect if authentication fails: The client establishes a connection to the RD Session Host server only if the RD Session Host server can be authenticated. -- If you disable or do not configure this policy setting, the authentication setting that is specified in Remote Desktop Connection or in the .rdp file determines whether the client establishes a connection to the RD Session Host server when the client cannot authenticate the RD Session Host server. +- If you disable or don't configure this policy setting, the authentication setting that's specified in Remote Desktop Connection or in the .rdp file determines whether the client establishes a connection to the RD Session Host server when the client can't authenticate the RD Session Host server. @@ -3763,7 +3763,7 @@ Do not connect if authentication fails: The client establishes a connection to t -This policy setting lets you enable H.264/AVC hardware encoding support for Remote Desktop Connections. When you enable hardware encoding, if an error occurs, we will attempt to use software encoding. If you disable or do not configure this policy, we will always use software encoding. +This policy setting lets you enable H.264/AVC hardware encoding support for Remote Desktop Connections. When you enable hardware encoding, if an error occurs, we will attempt to use software encoding. If you disable or don't configure this policy, we will always use software encoding. @@ -3875,13 +3875,13 @@ This policy setting prioritizes the H.264/AVC 444 graphics mode for non-RemoteFX This policy setting allows you to specify which Remote Desktop Protocol (RDP) compression algorithm to use. -By default, servers use an RDP compression algorithm that is based on the server's hardware configuration. +By default, servers use an RDP compression algorithm that's based on the server's hardware configuration. -- If you enable this policy setting, you can specify which RDP compression algorithm to use. If you select the algorithm that is optimized to use less memory, this option is less memory-intensive, but uses more network bandwidth. If you select the algorithm that is optimized to use less network bandwidth, this option uses less network bandwidth, but is more memory-intensive. Additionally, a third option is available that balances memory usage and network bandwidth. In Windows 8 only the compression algorithm that balances memory usage and bandwidth is used. +- If you enable this policy setting, you can specify which RDP compression algorithm to use. If you select the algorithm that's optimized to use less memory, this option is less memory-intensive, but uses more network bandwidth. If you select the algorithm that's optimized to use less network bandwidth, this option uses less network bandwidth, but is more memory-intensive. Additionally, a third option is available that balances memory usage and network bandwidth. In Windows 8 only the compression algorithm that balances memory usage and bandwidth is used. -You can also choose not to use an RDP compression algorithm. Choosing not to use an RDP compression algorithm will use more network bandwidth and is only recommended if you are using a hardware device that is designed to optimize network traffic. Even if you choose not to use an RDP compression algorithm, some graphics data will still be compressed. +You can also choose not to use an RDP compression algorithm. Choosing not to use an RDP compression algorithm will use more network bandwidth and is only recommended if you are using a hardware device that's designed to optimize network traffic. Even if you choose not to use an RDP compression algorithm, some graphics data will still be compressed. -- If you disable or do not configure this policy setting, the default RDP compression algorithm will be used. +- If you disable or don't configure this policy setting, the default RDP compression algorithm will be used. @@ -3935,7 +3935,7 @@ You can also choose not to use an RDP compression algorithm. Choosing not to use -This policy setting allows you to specify the visual quality for remote users when connecting to this computer by using Remote Desktop Connection. You can use this policy setting to balance the network bandwidth usage with the visual quality that is delivered. +This policy setting allows you to specify the visual quality for remote users when connecting to this computer by using Remote Desktop Connection. You can use this policy setting to balance the network bandwidth usage with the visual quality that's delivered. - If you enable this policy setting and set quality to Low, RemoteFX Adaptive Graphics uses an encoding mechanism that results in low quality images. This mode consumes the lowest amount of network bandwidth of the quality modes. @@ -3943,8 +3943,8 @@ This policy setting allows you to specify the visual quality for remote users wh - If you enable this policy setting and set quality to High, RemoteFX Adaptive Graphics uses an encoding mechanism that results in high quality images and consumes moderate network bandwidth. -- If you enable this policy setting and set quality to Lossless, RemoteFX Adaptive Graphics uses lossless encoding. In this mode, the color integrity of the graphics data is not impacted. However, this setting results in a significant increase in network bandwidth consumption. We recommend that you set this for very specific cases only. -- If you disable or do not configure this policy setting, RemoteFX Adaptive Graphics uses an encoding mechanism that results in medium quality images. +- If you enable this policy setting and set quality to Lossless, RemoteFX Adaptive Graphics uses lossless encoding. In this mode, the color integrity of the graphics data isn't impacted. However, this setting results in a significant increase in network bandwidth consumption. We recommend that you set this for very specific cases only. +- If you disable or don't configure this policy setting, RemoteFX Adaptive Graphics uses an encoding mechanism that results in medium quality images. @@ -4001,7 +4001,7 @@ This policy setting allows you to specify the visual quality for remote users wh This policy setting allows you to configure graphics encoding to use the RemoteFX Codec on the Remote Desktop Session Host server so that the sessions are compatible with non-Windows thin client devices designed for Windows Server 2008 R2 SP1. These clients only support the Windows Server 2008 R2 SP1 RemoteFX Codec. - If you enable this policy setting, users' sessions on this server will only use the Windows Server 2008 R2 SP1 RemoteFX Codec for encoding. This mode is compatible with thin client devices that only support the Windows Server 2008 R2 SP1 RemoteFX Codec. -- If you disable or do not configure this policy setting, non-Windows thin clients that only support the Windows Server 2008 R2 SP1 RemoteFX Codec will not be able to connect to this server. This policy setting applies only to clients that are using Remote Desktop Protocol (RDP) 7.1, and does not affect clients that are using other RDP versions. +- If you disable or don't configure this policy setting, non-Windows thin clients that only support the Windows Server 2008 R2 SP1 RemoteFX Codec won't be able to connect to this server. This policy setting applies only to clients that are using Remote Desktop Protocol (RDP) 7.1, and doesn't affect clients that are using other RDP versions. @@ -4065,7 +4065,7 @@ This policy setting allows the administrator to configure the RemoteFX experienc 3. Optimize for minimum bandwidth usage -- If you disable or do not configure this policy setting, the RemoteFX experience will change dynamically based on the network condition." +- If you disable or don't configure this policy setting, the RemoteFX experience will change dynamically based on the network condition." @@ -4125,7 +4125,7 @@ By default, Remote Desktop Services sessions are optimized for rich multimedia, - If you enable this policy setting, you must select the visual experience for which you want to optimize Remote Desktop Services sessions. You can select either Rich multimedia or Text. -- If you disable or do not configure this policy setting, Remote Desktop Services sessions are optimized for rich multimedia. +- If you disable or don't configure this policy setting, Remote Desktop Services sessions are optimized for rich multimedia. @@ -4181,7 +4181,7 @@ By default, Remote Desktop Services sessions are optimized for rich multimedia, This policy setting lets you enable WDDM graphics display driver for Remote Desktop Connections. -- If you enable or do not configure this policy setting, Remote Desktop Connections will use WDDM graphics display driver. +- If you enable or don't configure this policy setting, Remote Desktop Connections will use WDDM graphics display driver. - If you disable this policy setting, Remote Desktop Connections will NOT use WDDM graphics display driver. In this case, the Remote Desktop Connections will use XDDM graphics display driver. @@ -4250,10 +4250,10 @@ Time limits are set locally by the server administrator or by using Group Policy - If you disable this policy setting, Remote Desktop Services always disconnects a timed-out session, even if specified otherwise by the server administrator. -- If you do not configure this policy setting, Remote Desktop Services disconnects a timed-out session, unless specified otherwise in local settings. +- If you don't configure this policy setting, Remote Desktop Services disconnects a timed-out session, unless specified otherwise in local settings. > [!NOTE] -> This policy setting only applies to time-out limits that are explicitly set by the administrator. This policy setting does not apply to time-out events that occur due to connectivity or network conditions. This setting appears in both Computer Configuration and User Configuration. If both settings are configured, the Computer Configuration setting takes precedence. +> This policy setting only applies to time-out limits that are explicitly set by the administrator. This policy setting doesn't apply to time-out events that occur due to connectivity or network conditions. This setting appears in both Computer Configuration and User Configuration. If both settings are configured, the Computer Configuration setting takes precedence. @@ -4318,10 +4318,10 @@ Time limits are set locally by the server administrator or by using Group Policy - If you disable this policy setting, Remote Desktop Services always disconnects a timed-out session, even if specified otherwise by the server administrator. -- If you do not configure this policy setting, Remote Desktop Services disconnects a timed-out session, unless specified otherwise in local settings. +- If you don't configure this policy setting, Remote Desktop Services disconnects a timed-out session, unless specified otherwise in local settings. > [!NOTE] -> This policy setting only applies to time-out limits that are explicitly set by the administrator. This policy setting does not apply to time-out events that occur due to connectivity or network conditions. This setting appears in both Computer Configuration and User Configuration. If both settings are configured, the Computer Configuration setting takes precedence. +> This policy setting only applies to time-out limits that are explicitly set by the administrator. This policy setting doesn't apply to time-out events that occur due to connectivity or network conditions. This setting appears in both Computer Configuration and User Configuration. If both settings are configured, the Computer Configuration setting takes precedence. @@ -4382,9 +4382,9 @@ You can use this policy setting to specify the maximum amount of time that a dis When a session is in a disconnected state, running programs are kept active even though the user is no longer actively connected. By default, these disconnected sessions are maintained for an unlimited time on the server. -- If you enable this policy setting, disconnected sessions are deleted from the server after the specified amount of time. To enforce the default behavior that disconnected sessions are maintained for an unlimited time, select Never. If you have a console session, disconnected session time limits do not apply. +- If you enable this policy setting, disconnected sessions are deleted from the server after the specified amount of time. To enforce the default behavior that disconnected sessions are maintained for an unlimited time, select Never. If you have a console session, disconnected session time limits don't apply. -- If you disable or do not configure this policy setting, this policy setting is not specified at the Group Policy level. Be y default, Remote Desktop Services disconnected sessions are maintained for an unlimited amount of time. +- If you disable or don't configure this policy setting, this policy setting isn't specified at the Group Policy level. Be y default, Remote Desktop Services disconnected sessions are maintained for an unlimited amount of time. > [!NOTE] > This policy setting appears in both Computer Configuration and User Configuration. If both policy settings are configured, the Computer Configuration policy setting takes precedence. @@ -4447,9 +4447,9 @@ You can use this policy setting to specify the maximum amount of time that a dis When a session is in a disconnected state, running programs are kept active even though the user is no longer actively connected. By default, these disconnected sessions are maintained for an unlimited time on the server. -- If you enable this policy setting, disconnected sessions are deleted from the server after the specified amount of time. To enforce the default behavior that disconnected sessions are maintained for an unlimited time, select Never. If you have a console session, disconnected session time limits do not apply. +- If you enable this policy setting, disconnected sessions are deleted from the server after the specified amount of time. To enforce the default behavior that disconnected sessions are maintained for an unlimited time, select Never. If you have a console session, disconnected session time limits don't apply. -- If you disable or do not configure this policy setting, this policy setting is not specified at the Group Policy level. Be y default, Remote Desktop Services disconnected sessions are maintained for an unlimited amount of time. +- If you disable or don't configure this policy setting, this policy setting isn't specified at the Group Policy level. Be y default, Remote Desktop Services disconnected sessions are maintained for an unlimited amount of time. > [!NOTE] > This policy setting appears in both Computer Configuration and User Configuration. If both policy settings are configured, the Computer Configuration policy setting takes precedence. @@ -4506,13 +4506,13 @@ When a session is in a disconnected state, running programs are kept active even -This policy setting allows you to specify the maximum amount of time that an active Remote Desktop Services session can be idle (without user input) before it is automatically disconnected. +This policy setting allows you to specify the maximum amount of time that an active Remote Desktop Services session can be idle (without user input) before it's automatically disconnected. -- If you enable this policy setting, you must select the desired time limit in the Idle session limit list. Remote Desktop Services will automatically disconnect active but idle sessions after the specified amount of time. The user receives a warning two minutes before the session disconnects, which allows the user to press a key or move the mouse to keep the session active. If you have a console session, idle session time limits do not apply. +- If you enable this policy setting, you must select the desired time limit in the Idle session limit list. Remote Desktop Services will automatically disconnect active but idle sessions after the specified amount of time. The user receives a warning two minutes before the session disconnects, which allows the user to press a key or move the mouse to keep the session active. If you have a console session, idle session time limits don't apply. -- If you disable or do not configure this policy setting, the time limit is not specified at the Group Policy level. By default, Remote Desktop Services allows sessions to remain active but idle for an unlimited amount of time. +- If you disable or don't configure this policy setting, the time limit isn't specified at the Group Policy level. By default, Remote Desktop Services allows sessions to remain active but idle for an unlimited amount of time. -If you want Remote Desktop Services to end instead of disconnect a session when the time limit is reached, you can configure the policy setting Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits\End session when time limits are reached. +If you want Remote Desktop Services to end instead of disconnect a session when the time limit's reached, you can configure the policy setting Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits\End session when time limits are reached. > [!NOTE] > This policy setting appears in both Computer Configuration and User Configuration. If both policy settings are configured, the Computer Configuration policy setting takes precedence. @@ -4569,13 +4569,13 @@ If you want Remote Desktop Services to end instead of disconnect a session when -This policy setting allows you to specify the maximum amount of time that an active Remote Desktop Services session can be idle (without user input) before it is automatically disconnected. +This policy setting allows you to specify the maximum amount of time that an active Remote Desktop Services session can be idle (without user input) before it's automatically disconnected. -- If you enable this policy setting, you must select the desired time limit in the Idle session limit list. Remote Desktop Services will automatically disconnect active but idle sessions after the specified amount of time. The user receives a warning two minutes before the session disconnects, which allows the user to press a key or move the mouse to keep the session active. If you have a console session, idle session time limits do not apply. +- If you enable this policy setting, you must select the desired time limit in the Idle session limit list. Remote Desktop Services will automatically disconnect active but idle sessions after the specified amount of time. The user receives a warning two minutes before the session disconnects, which allows the user to press a key or move the mouse to keep the session active. If you have a console session, idle session time limits don't apply. -- If you disable or do not configure this policy setting, the time limit is not specified at the Group Policy level. By default, Remote Desktop Services allows sessions to remain active but idle for an unlimited amount of time. +- If you disable or don't configure this policy setting, the time limit isn't specified at the Group Policy level. By default, Remote Desktop Services allows sessions to remain active but idle for an unlimited amount of time. -If you want Remote Desktop Services to end instead of disconnect a session when the time limit is reached, you can configure the policy setting Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits\End session when time limits are reached. +If you want Remote Desktop Services to end instead of disconnect a session when the time limit's reached, you can configure the policy setting Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits\End session when time limits are reached. > [!NOTE] > This policy setting appears in both Computer Configuration and User Configuration. If both policy settings are configured, the Computer Configuration policy setting takes precedence. @@ -4632,13 +4632,13 @@ If you want Remote Desktop Services to end instead of disconnect a session when -This policy setting allows you to specify the maximum amount of time that a Remote Desktop Services session can be active before it is automatically disconnected. +This policy setting allows you to specify the maximum amount of time that a Remote Desktop Services session can be active before it's automatically disconnected. -- If you enable this policy setting, you must select the desired time limit in the Active session limit list. Remote Desktop Services will automatically disconnect active sessions after the specified amount of time. The user receives a warning two minutes before the Remote Desktop Services session disconnects, which allows the user to save open files and close programs. If you have a console session, active session time limits do not apply. +- If you enable this policy setting, you must select the desired time limit in the Active session limit list. Remote Desktop Services will automatically disconnect active sessions after the specified amount of time. The user receives a warning two minutes before the Remote Desktop Services session disconnects, which allows the user to save open files and close programs. If you have a console session, active session time limits don't apply. -- If you disable or do not configure this policy setting, this policy setting is not specified at the Group Policy level. By default, Remote Desktop Services allows sessions to remain active for an unlimited amount of time. +- If you disable or don't configure this policy setting, this policy setting isn't specified at the Group Policy level. By default, Remote Desktop Services allows sessions to remain active for an unlimited amount of time. -If you want Remote Desktop Services to end instead of disconnect a session when the time limit is reached, you can configure the policy setting Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits\End session when time limits are reached. +If you want Remote Desktop Services to end instead of disconnect a session when the time limit's reached, you can configure the policy setting Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits\End session when time limits are reached. > [!NOTE] > This policy setting appears in both Computer Configuration and User Configuration. If both policy settings are configured, the Computer Configuration policy setting takes precedence. @@ -4695,13 +4695,13 @@ If you want Remote Desktop Services to end instead of disconnect a session when -This policy setting allows you to specify the maximum amount of time that a Remote Desktop Services session can be active before it is automatically disconnected. +This policy setting allows you to specify the maximum amount of time that a Remote Desktop Services session can be active before it's automatically disconnected. -- If you enable this policy setting, you must select the desired time limit in the Active session limit list. Remote Desktop Services will automatically disconnect active sessions after the specified amount of time. The user receives a warning two minutes before the Remote Desktop Services session disconnects, which allows the user to save open files and close programs. If you have a console session, active session time limits do not apply. +- If you enable this policy setting, you must select the desired time limit in the Active session limit list. Remote Desktop Services will automatically disconnect active sessions after the specified amount of time. The user receives a warning two minutes before the Remote Desktop Services session disconnects, which allows the user to save open files and close programs. If you have a console session, active session time limits don't apply. -- If you disable or do not configure this policy setting, this policy setting is not specified at the Group Policy level. By default, Remote Desktop Services allows sessions to remain active for an unlimited amount of time. +- If you disable or don't configure this policy setting, this policy setting isn't specified at the Group Policy level. By default, Remote Desktop Services allows sessions to remain active for an unlimited amount of time. -If you want Remote Desktop Services to end instead of disconnect a session when the time limit is reached, you can configure the policy setting Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits\End session when time limits are reached. +If you want Remote Desktop Services to end instead of disconnect a session when the time limit's reached, you can configure the policy setting Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits\End session when time limits are reached. > [!NOTE] > This policy setting appears in both Computer Configuration and User Configuration. If both policy settings are configured, the Computer Configuration policy setting takes precedence. @@ -4764,7 +4764,7 @@ This policy setting allows you to restrict users to a single Remote Desktop Serv - If you disable this policy setting, users are allowed to make unlimited simultaneous remote connections by using Remote Desktop Services. -- If you do not configure this policy setting, this policy setting is not specified at the Group Policy level. +- If you don't configure this policy setting, this policy setting isn't specified at the Group Policy level. @@ -4821,9 +4821,9 @@ This policy setting allows you to restrict users to a single Remote Desktop Serv This policy setting allows you to control the redirection of smart card devices in a Remote Desktop Services session. -- If you enable this policy setting, Remote Desktop Services users cannot use a smart card to log on to a Remote Desktop Services session. +- If you enable this policy setting, Remote Desktop Services users can't use a smart card to log on to a Remote Desktop Services session. -- If you disable or do not configure this policy setting, smart card device redirection is allowed. By default, Remote Desktop Services automatically redirects smart card devices on connection. +- If you disable or don't configure this policy setting, smart card device redirection is allowed. By default, Remote Desktop Services automatically redirects smart card devices on connection. > [!NOTE] > The client computer must be running at least Microsoft Windows 2000 Server or at least Microsoft Windows XP Professional and the target server must be joined to a domain. @@ -4885,11 +4885,11 @@ Configures Remote Desktop Services to run a specified program automatically upon You can use this setting to specify a program to run automatically when a user logs on to a remote computer. -By default, Remote Desktop Services sessions provide access to the full Windows desktop, unless otherwise specified with this setting, by the server administrator, or by the user in configuring the client connection. Enabling this setting overrides the "Start Program" settings set by the server administrator or user. The Start menu and Windows Desktop are not displayed, and when the user exits the program the session is automatically logged off. +By default, Remote Desktop Services sessions provide access to the full Windows desktop, unless otherwise specified with this setting, by the server administrator, or by the user in configuring the client connection. Enabling this setting overrides the "Start Program" settings set by the server administrator or user. The Start menu and Windows Desktop aren't displayed, and when the user exits the program the session is automatically logged off. -To use this setting, in Program path and file name, type the fully qualified path and file name of the executable file to be run when the user logs on. If necessary, in Working Directory, type the fully qualified path to the starting directory for the program. If you leave Working Directory blank, the program runs with its default working directory. If the specified program path, file name, or working directory is not the name of a valid directory, the RD Session Host server connection fails with an error message. +To use this setting, in Program path and file name, type the fully qualified path and file name of the executable file to be run when the user logs on. If necessary, in Working Directory, type the fully qualified path to the starting directory for the program. If you leave Working Directory blank, the program runs with its default working directory. If the specified program path, file name, or working directory isn't the name of a valid directory, the RD Session Host server connection fails with an error message. -If the status is set to Enabled, Remote Desktop Services sessions automatically run the specified program and use the specified Working Directory (or the program default directory, if Working Directory is not specified) as the working directory for the program. +If the status is set to Enabled, Remote Desktop Services sessions automatically run the specified program and use the specified Working Directory (or the program default directory, if Working Directory isn't specified) as the working directory for the program. If the status is set to Disabled or Not Configured, Remote Desktop Services sessions start with the full desktop, unless the server administrator or user specify otherwise. (See "Computer Configuration\Administrative Templates\System\Logon\Run these programs at user logon" setting.) @@ -4953,11 +4953,11 @@ Configures Remote Desktop Services to run a specified program automatically upon You can use this setting to specify a program to run automatically when a user logs on to a remote computer. -By default, Remote Desktop Services sessions provide access to the full Windows desktop, unless otherwise specified with this setting, by the server administrator, or by the user in configuring the client connection. Enabling this setting overrides the "Start Program" settings set by the server administrator or user. The Start menu and Windows Desktop are not displayed, and when the user exits the program the session is automatically logged off. +By default, Remote Desktop Services sessions provide access to the full Windows desktop, unless otherwise specified with this setting, by the server administrator, or by the user in configuring the client connection. Enabling this setting overrides the "Start Program" settings set by the server administrator or user. The Start menu and Windows Desktop aren't displayed, and when the user exits the program the session is automatically logged off. -To use this setting, in Program path and file name, type the fully qualified path and file name of the executable file to be run when the user logs on. If necessary, in Working Directory, type the fully qualified path to the starting directory for the program. If you leave Working Directory blank, the program runs with its default working directory. If the specified program path, file name, or working directory is not the name of a valid directory, the RD Session Host server connection fails with an error message. +To use this setting, in Program path and file name, type the fully qualified path and file name of the executable file to be run when the user logs on. If necessary, in Working Directory, type the fully qualified path to the starting directory for the program. If you leave Working Directory blank, the program runs with its default working directory. If the specified program path, file name, or working directory isn't the name of a valid directory, the RD Session Host server connection fails with an error message. -If the status is set to Enabled, Remote Desktop Services sessions automatically run the specified program and use the specified Working Directory (or the program default directory, if Working Directory is not specified) as the working directory for the program. +If the status is set to Enabled, Remote Desktop Services sessions automatically run the specified program and use the specified Working Directory (or the program default directory, if Working Directory isn't specified) as the working directory for the program. If the status is set to Disabled or Not Configured, Remote Desktop Services sessions start with the full desktop, unless the server administrator or user specify otherwise. (See "Computer Configuration\Administrative Templates\System\Logon\Run these programs at user logon" setting.) @@ -5024,10 +5024,10 @@ You can use this setting to maintain a user's session-specific temporary folders - If you disable this policy setting, temporary folders are deleted when a user logs off, even if the server administrator specifies otherwise. -- If you do not configure this policy setting, Remote Desktop Services deletes the temporary folders from the remote computer at logoff, unless specified otherwise by the server administrator. +- If you don't configure this policy setting, Remote Desktop Services deletes the temporary folders from the remote computer at logoff, unless specified otherwise by the server administrator. > [!NOTE] -> This setting only takes effect if per-session temporary folders are in use on the server. If you enable the Do not use temporary folders per session policy setting, this policy setting has no effect. +> This setting only takes effect if per-session temporary folders are in use on the server. If you enable the Don't use temporary folders per session policy setting, this policy setting has no effect. @@ -5086,11 +5086,11 @@ This policy setting allows you to prevent Remote Desktop Services from creating You can use this policy setting to disable the creation of separate temporary folders on a remote computer for each session. By default, Remote Desktop Services creates a separate temporary folder for each active session that a user maintains on a remote computer. These temporary folders are created on the remote computer in a Temp folder under the user's profile folder and are named with the sessionid. -- If you enable this policy setting, per-session temporary folders are not created. Instead, a user's temporary files for all sessions on the remote computer are stored in a common Temp folder under the user's profile folder on the remote computer. +- If you enable this policy setting, per-session temporary folders aren't created. Instead, a user's temporary files for all sessions on the remote computer are stored in a common Temp folder under the user's profile folder on the remote computer. - If you disable this policy setting, per-session temporary folders are always created, even if the server administrator specifies otherwise. -- If you do not configure this policy setting, per-session temporary folders are created unless the server administrator specifies otherwise. +- If you don't configure this policy setting, per-session temporary folders are created unless the server administrator specifies otherwise. @@ -5149,7 +5149,7 @@ This policy setting determines whether the client computer redirects its time zo - If you enable this policy setting, clients that are capable of time zone redirection send their time zone information to the server. The server base time is then used to calculate the current session time (current session time = server base time + client time zone). -- If you disable or do not configure this policy setting, the client computer does not redirect its time zone information and the session time zone is the same as the server time zone. +- If you disable or don't configure this policy setting, the client computer doesn't redirect its time zone information and the session time zone is the same as the server time zone. > [!NOTE] > Time zone redirection is possible only when connecting to at least a Microsoft Windows Server 2003 terminal server with a client using RDP 5.1 and later. @@ -5211,9 +5211,9 @@ This policy setting specifies whether to disable the administrator rights to cus You can use this setting to prevent administrators from making changes to the user groups allowed to connect remotely to the RD Session Host server. By default, administrators are able to make such changes. -- If you enable this policy setting the default security descriptors for existing groups on the RD Session Host server cannot be changed. All the security descriptors are read-only. +- If you enable this policy setting the default security descriptors for existing groups on the RD Session Host server can't be changed. All the security descriptors are read-only. -- If you disable or do not configure this policy setting, server administrators have full read/write permissions to the user security descriptors by using the Remote Desktop Session WMI Provider. +- If you disable or don't configure this policy setting, server administrators have full read/write permissions to the user security descriptors by using the Remote Desktop Session WMI Provider. > [!NOTE] > The preferred method of managing user access is by adding a user to the Remote Desktop Users group. @@ -5275,7 +5275,7 @@ This policy setting determines whether the desktop is always displayed after a c - If you enable this policy setting, the desktop is always displayed when a client connects to a remote computer. This policy setting overrides any initial program policy settings. -- If you disable or do not configure this policy setting, an initial program can be specified that runs on the remote computer after the client connects to the remote computer. If an initial program is not specified, the desktop is always displayed on the remote computer after the client connects to the remote computer. +- If you disable or don't configure this policy setting, an initial program can be specified that runs on the remote computer after the client connects to the remote computer. If an initial program isn't specified, the desktop is always displayed on the remote computer after the client connects to the remote computer. > [!NOTE] > If this policy setting is enabled, then the "Start a program on connection" policy setting is ignored. @@ -5396,11 +5396,11 @@ Remote Desktop sessions don't currently support UI Automation redirection. -This policy setting allows you to permit RDP redirection of other supported RemoteFX USB devices from this computer. Redirected RemoteFX USB devices will not be available for local usage on this computer. +This policy setting allows you to permit RDP redirection of other supported RemoteFX USB devices from this computer. Redirected RemoteFX USB devices won't be available for local usage on this computer. - If you enable this policy setting, you can choose to give the ability to redirect other supported RemoteFX USB devices over RDP to all users or only to users who are in the Administrators group on the computer. -- If you disable or do not configure this policy setting, other supported RemoteFX USB devices are not available for RDP redirection by using any user account. +- If you disable or don't configure this policy setting, other supported RemoteFX USB devices aren't available for RDP redirection by using any user account. For this change to take effect, you must restart Windows. @@ -5462,9 +5462,9 @@ This policy setting allows you to specify whether to require user authentication To determine whether a client computer supports Network Level Authentication, start Remote Desktop Connection on the client computer, click the icon in the upper-left corner of the Remote Desktop Connection dialog box, and then click About. In the About Remote Desktop Connection dialog box, look for the phrase Network Level Authentication supported. -- If you disable this policy setting, Network Level Authentication is not required for user authentication before allowing remote connections to the RD Session Host server. +- If you disable this policy setting, Network Level Authentication isn't required for user authentication before allowing remote connections to the RD Session Host server. -- If you do not configure this policy setting, the local setting on the target computer will be enforced. On Windows Server 2012 and Windows 8, Network Level Authentication is enforced by default. +- If you don't configure this policy setting, the local setting on the target computer will be enforced. On Windows Server 2012 and Windows 8, Network Level Authentication is enforced by default. > [!IMPORTANT] > Disabling this policy setting provides less security because user authentication will occur later in the remote connection process. @@ -5526,7 +5526,7 @@ Specifies whether Remote Desktop Services uses the specified network share or lo To use this setting, select the location for the home directory (network or local) from the Location drop-down list. If you choose to place the directory on a network share, type the Home Dir Root Path in the form \\Computername\Sharename, and then select the drive letter to which you want the network share to be mapped. -If you choose to keep the home directory on the local computer, type the Home Dir Root Path in the form "Drive:\Path" (without quotes), without environment variables or ellipses. Do not specify a placeholder for user alias, because Remote Desktop Services automatically appends this at logon. +If you choose to keep the home directory on the local computer, type the Home Dir Root Path in the form "Drive:\Path" (without quotes), without environment variables or ellipses. Don't specify a placeholder for user alias, because Remote Desktop Services automatically appends this at logon. > [!NOTE] > The Drive Letter field is ignored if you choose to specify a local path. If you choose to specify a local path but then type the name of a network share in Home Dir Root Path, Remote Desktop Services places user home directories in the network location. @@ -5591,7 +5591,7 @@ This policy setting allows you to specify whether Remote Desktop Services uses a - If you enable this policy setting, Remote Desktop Services uses the path specified in the "Set path for Remote Desktop Services Roaming User Profile" policy setting as the root folder for the mandatory user profile. All users connecting remotely to the RD Session Host server use the same user profile. -- If you disable or do not configure this policy setting, mandatory user profiles are not used by users connecting remotely to the RD Session Host server. +- If you disable or don't configure this policy setting, mandatory user profiles aren't used by users connecting remotely to the RD Session Host server. Note: @@ -5656,9 +5656,9 @@ By default, Remote Desktop Services stores all user profiles locally on the RD S - If you enable this policy setting, Remote Desktop Services uses the specified path as the root directory for all user profiles. The profiles are contained in subfolders named for the account name of each user. -To configure this policy setting, type the path to the network share in the form of \\Computername\Sharename. Do not specify a placeholder for the user account name, because Remote Desktop Services automatically adds this when the user logs on and the profile is created. If the specified network share does not exist, Remote Desktop Services displays an error message on the RD Session Host server and will store the user profiles locally on the RD Session Host server. +To configure this policy setting, type the path to the network share in the form of \\Computername\Sharename. Don't specify a placeholder for the user account name, because Remote Desktop Services automatically adds this when the user logs on and the profile is created. If the specified network share doesn't exist, Remote Desktop Services displays an error message on the RD Session Host server and will store the user profiles locally on the RD Session Host server. -- If you disable or do not configure this policy setting, user profiles are stored locally on the RD Session Host server. You can configure a user's profile path on the Remote Desktop Services Profile tab on the user's account Properties dialog box. +- If you disable or don't configure this policy setting, user profiles are stored locally on the RD Session Host server. You can configure a user's profile path on the Remote Desktop Services Profile tab on the user's account Properties dialog box. Note: diff --git a/windows/client-management/mdm/policy-csp-admx-thumbnails.md b/windows/client-management/mdm/policy-csp-admx-thumbnails.md index 7be9dcce4c..8bec5bef40 100644 --- a/windows/client-management/mdm/policy-csp-admx-thumbnails.md +++ b/windows/client-management/mdm/policy-csp-admx-thumbnails.md @@ -45,7 +45,7 @@ File Explorer displays thumbnail images by default. - If you enable this policy setting, File Explorer displays only icons and never displays thumbnail images. -- If you disable or do not configure this policy setting, File Explorer displays only thumbnail images. +- If you disable or don't configure this policy setting, File Explorer displays only thumbnail images. @@ -106,7 +106,7 @@ File Explorer displays thumbnail images on network folders by default. - If you enable this policy setting, File Explorer displays only icons and never displays thumbnail images on network folders. -- If you disable or do not configure this policy setting, File Explorer displays only thumbnail images on network folders. +- If you disable or don't configure this policy setting, File Explorer displays only thumbnail images on network folders. @@ -165,9 +165,9 @@ Turns off the caching of thumbnails in hidden thumbs.db files. This policy setting allows you to configure File Explorer to cache thumbnails of items residing in network folders in hidden thumbs.db files. -- If you enable this policy setting, File Explorer does not create, read from, or write to thumbs.db files. +- If you enable this policy setting, File Explorer doesn't create, read from, or write to thumbs.db files. -- If you disable or do not configure this policy setting, File Explorer creates, reads from, and writes to thumbs.db files. +- If you disable or don't configure this policy setting, File Explorer creates, reads from, and writes to thumbs.db files. diff --git a/windows/client-management/mdm/policy-csp-admx-touchinput.md b/windows/client-management/mdm/policy-csp-admx-touchinput.md index 6527737981..9c2c38224e 100644 --- a/windows/client-management/mdm/policy-csp-admx-touchinput.md +++ b/windows/client-management/mdm/policy-csp-admx-touchinput.md @@ -42,14 +42,14 @@ ms.topic: reference Turn off Panning Turns off touch panning, which allows users pan inside windows by touch. On a compatible PC with a touch digitizer, by default users are able to scroll or pan inside a scrolling area by dragging up or down directly on the scrolling content. -- If you enable this setting, the user will not be able to pan windows by touch. +- If you enable this setting, the user won't be able to pan windows by touch. - If you disable this setting, the user can pan windows by touch. -- If you do not configure this setting, Touch Panning is on by default. +- If you don't configure this setting, Touch Panning is on by default. > [!NOTE] -> Changes to this setting will not take effect until the user logs off. +> Changes to this setting won't take effect until the user logs off. @@ -107,14 +107,14 @@ Turns off touch panning, which allows users pan inside windows by touch. On a co Turn off Panning Turns off touch panning, which allows users pan inside windows by touch. On a compatible PC with a touch digitizer, by default users are able to scroll or pan inside a scrolling area by dragging up or down directly on the scrolling content. -- If you enable this setting, the user will not be able to pan windows by touch. +- If you enable this setting, the user won't be able to pan windows by touch. - If you disable this setting, the user can pan windows by touch. -- If you do not configure this setting, Touch Panning is on by default. +- If you don't configure this setting, Touch Panning is on by default. > [!NOTE] -> Changes to this setting will not take effect until the user logs off. +> Changes to this setting won't take effect until the user logs off. @@ -173,14 +173,14 @@ Turn off Tablet PC touch input Turns off touch input, which allows the user to interact with their computer using their finger. -- If you enable this setting, the user will not be able to produce input with touch. They will not be able to use touch input or touch gestures such as tap and double tap, the touch pointer, and other touch-specific features. +- If you enable this setting, the user won't be able to produce input with touch. They won't be able to use touch input or touch gestures such as tap and double tap, the touch pointer, and other touch-specific features. - If you disable this setting, the user can produce input with touch, by using gestures, the touch pointer, and other-touch specific features. -- If you do not configure this setting, touch input is on by default. +- If you don't configure this setting, touch input is on by default. > [!NOTE] -> Changes to this setting will not take effect until the user logs off. +> Changes to this setting won't take effect until the user logs off. @@ -239,14 +239,14 @@ Turn off Tablet PC touch input Turns off touch input, which allows the user to interact with their computer using their finger. -- If you enable this setting, the user will not be able to produce input with touch. They will not be able to use touch input or touch gestures such as tap and double tap, the touch pointer, and other touch-specific features. +- If you enable this setting, the user won't be able to produce input with touch. They won't be able to use touch input or touch gestures such as tap and double tap, the touch pointer, and other touch-specific features. - If you disable this setting, the user can produce input with touch, by using gestures, the touch pointer, and other-touch specific features. -- If you do not configure this setting, touch input is on by default. +- If you don't configure this setting, touch input is on by default. > [!NOTE] -> Changes to this setting will not take effect until the user logs off. +> Changes to this setting won't take effect until the user logs off. diff --git a/windows/client-management/mdm/policy-csp-admx-tpm.md b/windows/client-management/mdm/policy-csp-admx-tpm.md index ad2038ed2b..079119d22b 100644 --- a/windows/client-management/mdm/policy-csp-admx-tpm.md +++ b/windows/client-management/mdm/policy-csp-admx-tpm.md @@ -43,7 +43,7 @@ This policy setting allows you to manage the Group Policy list of Trusted Platfo - If you enable this policy setting, Windows will block the specified commands from being sent to the TPM on the computer. TPM commands are referenced by a command number. For example, command number 129 is TPM_OwnerReadInternalPub, and command number 170 is TPM_FieldUpgrade. To find the command number associated with each TPM command with TPM 1.2, run "tpm.msc" and navigate to the "Command Management" section. -- If you disable or do not configure this policy setting, only those TPM commands specified through the default or local lists may be blocked by Windows. The default list of blocked TPM commands is pre-configured by Windows. You can view the default list by running "tpm.msc", navigating to the "Command Management" section, and making visible the "On Default Block List" column. The local list of blocked TPM commands is configured outside of Group Policy by running "tpm.msc" or through scripting against the Win32_Tpm interface. See related policy settings to enforce or ignore the default and local lists of blocked TPM commands. +- If you disable or don't configure this policy setting, only those TPM commands specified through the default or local lists may be blocked by Windows. The default list of blocked TPM commands is pre-configured by Windows. You can view the default list by running "tpm.msc", navigating to the "Command Management" section, and making visible the "On Default Block List" column. The local list of blocked TPM commands is configured outside of Group Policy by running "tpm.msc" or through scripting against the Win32_Tpm interface. See related policy settings to enforce or ignore the default and local lists of blocked TPM commands. @@ -159,7 +159,7 @@ This policy setting allows you to enforce or ignore the computer's default list The default list of blocked TPM commands is pre-configured by Windows. You can view the default list by running "tpm.msc", navigating to the "Command Management" section, and making visible the "On Default Block List" column. The local list of blocked TPM commands is configured outside of Group Policy by running "tpm.msc" or through scripting against the Win32_Tpm interface. See the related policy setting to configure the Group Policy list of blocked TPM commands. -- If you disable or do not configure this policy setting, Windows will block the TPM commands in the default list, in addition to commands in the Group Policy and local lists of blocked TPM commands. +- If you disable or don't configure this policy setting, Windows will block the TPM commands in the default list, in addition to commands in the Group Policy and local lists of blocked TPM commands. @@ -220,7 +220,7 @@ This policy setting allows you to enforce or ignore the computer's local list of The local list of blocked TPM commands is configured outside of Group Policy by running "tpm.msc" or through scripting against the Win32_Tpm interface. The default list of blocked TPM commands is pre-configured by Windows. See the related policy setting to configure the Group Policy list of blocked TPM commands. -- If you disable or do not configure this policy setting, Windows will block the TPM commands found in the local list, in addition to commands in the Group Policy and default lists of blocked TPM commands. +- If you disable or don't configure this policy setting, Windows will block the TPM commands found in the local list, in addition to commands in the Group Policy and default lists of blocked TPM commands. @@ -275,7 +275,7 @@ The local list of blocked TPM commands is configured outside of Group Policy by -This group policy enables Device Health Attestation reporting (DHA-report) on supported devices. It enables supported devices to send Device Health Attestation related information (device boot logs, PCR values, TPM certificate, etc.) to Device Health Attestation Service (DHA-Service) every time a device starts. Device Health Attestation Service validates the security state and health of the devices, and makes the findings accessible to enterprise administrators via a cloud based reporting portal. This policy is independent of DHA reports that are initiated by device manageability solutions (like MDM or SCCM), and will not interfere with their workflows. +This group policy enables Device Health Attestation reporting (DHA-report) on supported devices. It enables supported devices to send Device Health Attestation related information (device boot logs, PCR values, TPM certificate, etc.) to Device Health Attestation Service (DHA-Service) every time a device starts. Device Health Attestation Service validates the security state and health of the devices, and makes the findings accessible to enterprise administrators via a cloud based reporting portal. This policy is independent of DHA reports that are initiated by device manageability solutions (like MDM or SCCM), and won't interfere with their workflows. @@ -336,7 +336,7 @@ You can choose to have the operating system store either the full TPM owner auth If you enable this policy setting, Windows will store the TPM owner authorization in the registry of the local computer according to the operating system managed TPM authentication setting you choose. -Choose the operating system managed TPM authentication setting of "Full" to store the full TPM owner authorization, the TPM administrative delegation blob and the TPM user delegation blob in the local registry. This setting allows use of the TPM without requiring remote or external storage of the TPM owner authorization value. This setting is appropriate for scenarios which do not depend on preventing reset of the TPM anti-hammering logic or changing the TPM owner authorization value. Some TPM-based applications may require this setting be changed before features which depend on the TPM anti-hammering logic can be used. +Choose the operating system managed TPM authentication setting of "Full" to store the full TPM owner authorization, the TPM administrative delegation blob and the TPM user delegation blob in the local registry. This setting allows use of the TPM without requiring remote or external storage of the TPM owner authorization value. This setting is appropriate for scenarios which don't depend on preventing reset of the TPM anti-hammering logic or changing the TPM owner authorization value. Some TPM-based applications may require this setting be changed before features which depend on the TPM anti-hammering logic can be used. Choose the operating system managed TPM authentication setting of "Delegated" to store only the TPM administrative delegation blob and the TPM user delegation blob in the local registry. This setting is appropriate for use with TPM-based applications that depend on the TPM anti-hammering logic. @@ -405,15 +405,15 @@ An authorization failure occurs each time a standard user sends a command to the For each standard user two thresholds apply. Exceeding either threshold will prevent the standard user from sending a command to the TPM that requires authorization. -The Standard User Lockout Threshold Individual value is the maximum number of authorization failures each standard user may have before the user is not allowed to send commands requiring authorization to the TPM. +The Standard User Lockout Threshold Individual value is the maximum number of authorization failures each standard user may have before the user isn't allowed to send commands requiring authorization to the TPM. -The Standard User Lockout Total Threshold value is the maximum total number of authorization failures all standard users may have before all standard users are not allowed to send commands requiring authorization to the TPM. +The Standard User Lockout Total Threshold value is the maximum total number of authorization failures all standard users may have before all standard users aren't allowed to send commands requiring authorization to the TPM. -The TPM is designed to protect itself against password guessing attacks by entering a hardware lockout mode when it receives too many commands with an incorrect authorization value. When the TPM enters a lockout mode it is global for all users including administrators and Windows features like BitLocker Drive Encryption. The number of authorization failures a TPM allows and how long it stays locked out vary by TPM manufacturer. Some TPMs may enter lockout mode for successively longer periods of time with fewer authorization failures depending on past failures. Some TPMs may require a system restart to exit the lockout mode. Other TPMs may require the system to be on so enough clock cycles elapse before the TPM exits the lockout mode. +The TPM is designed to protect itself against password guessing attacks by entering a hardware lockout mode when it receives too many commands with an incorrect authorization value. When the TPM enters a lockout mode it's global for all users including administrators and Windows features like BitLocker Drive Encryption. The number of authorization failures a TPM allows and how long it stays locked out vary by TPM manufacturer. Some TPMs may enter lockout mode for successively longer periods of time with fewer authorization failures depending on past failures. Some TPMs may require a system restart to exit the lockout mode. Other TPMs may require the system to be on so enough clock cycles elapse before the TPM exits the lockout mode. An administrator with the TPM owner password may fully reset the TPM's hardware lockout logic using the TPM Management Console (tpm.msc). Each time an administrator resets the TPM's hardware lockout logic all prior standard user TPM authorization failures are ignored; allowing standard users to use the TPM normally again immediately. -If this value is not configured, a default value of 480 minutes (8 hours) is used. +If this value isn't configured, a default value of 480 minutes (8 hours) is used. @@ -476,17 +476,17 @@ An authorization failure occurs each time a standard user sends a command to the For each standard user two thresholds apply. Exceeding either threshold will prevent the standard user from sending a command to the TPM that requires authorization. -This value is the maximum number of authorization failures each standard user may have before the user is not allowed to send commands requiring authorization to the TPM. +This value is the maximum number of authorization failures each standard user may have before the user isn't allowed to send commands requiring authorization to the TPM. -The Standard User Lockout Total Threshold value is the maximum total number of authorization failures all standard users may have before all standard users are not allowed to send commands requiring authorization to the TPM. +The Standard User Lockout Total Threshold value is the maximum total number of authorization failures all standard users may have before all standard users aren't allowed to send commands requiring authorization to the TPM. -The TPM is designed to protect itself against password guessing attacks by entering a hardware lockout mode when it receives too many commands with an incorrect authorization value. When the TPM enters a lockout mode it is global for all users including administrators and Windows features like BitLocker Drive Encryption. The number of authorization failures a TPM allows and how long it stays locked out vary by TPM manufacturer. Some TPMs may enter lockout mode for successively longer periods of time with fewer authorization failures depending on past failures. Some TPMs may require a system restart to exit the lockout mode. Other TPMs may require the system to be on so enough clock cycles elapse before the TPM exits the lockout mode. +The TPM is designed to protect itself against password guessing attacks by entering a hardware lockout mode when it receives too many commands with an incorrect authorization value. When the TPM enters a lockout mode it's global for all users including administrators and Windows features like BitLocker Drive Encryption. The number of authorization failures a TPM allows and how long it stays locked out vary by TPM manufacturer. Some TPMs may enter lockout mode for successively longer periods of time with fewer authorization failures depending on past failures. Some TPMs may require a system restart to exit the lockout mode. Other TPMs may require the system to be on so enough clock cycles elapse before the TPM exits the lockout mode. An administrator with the TPM owner password may fully reset the TPM's hardware lockout logic using the TPM Management Console (tpm.msc). Each time an administrator resets the TPM's hardware lockout logic all prior standard user TPM authorization failures are ignored; allowing standard users to use the TPM normally again immediately. -If this value is not configured, a default value of 4 is used. +If this value isn't configured, a default value of 4 is used. -A value of zero means the OS will not allow standard users to send commands to the TPM which may cause an authorization failure. +A value of zero means the OS won't allow standard users to send commands to the TPM which may cause an authorization failure. @@ -549,17 +549,17 @@ An authorization failure occurs each time a standard user sends a command to the For each standard user two thresholds apply. Exceeding either threshold will prevent the standard user from sending a command to the TPM that requires authorization. -The Standard User Individual Lockout value is the maximum number of authorization failures each standard user may have before the user is not allowed to send commands requiring authorization to the TPM. +The Standard User Individual Lockout value is the maximum number of authorization failures each standard user may have before the user isn't allowed to send commands requiring authorization to the TPM. -This value is the maximum total number of authorization failures all standard users may have before all standard users are not allowed to send commands requiring authorization to the TPM. +This value is the maximum total number of authorization failures all standard users may have before all standard users aren't allowed to send commands requiring authorization to the TPM. -The TPM is designed to protect itself against password guessing attacks by entering a hardware lockout mode when it receives too many commands with an incorrect authorization value. When the TPM enters a lockout mode it is global for all users including administrators and Windows features like BitLocker Drive Encryption. The number of authorization failures a TPM allows and how long it stays locked out vary by TPM manufacturer. Some TPMs may enter lockout mode for successively longer periods of time with fewer authorization failures depending on past failures. Some TPMs may require a system restart to exit the lockout mode. Other TPMs may require the system to be on so enough clock cycles elapse before the TPM exits the lockout mode. +The TPM is designed to protect itself against password guessing attacks by entering a hardware lockout mode when it receives too many commands with an incorrect authorization value. When the TPM enters a lockout mode it's global for all users including administrators and Windows features like BitLocker Drive Encryption. The number of authorization failures a TPM allows and how long it stays locked out vary by TPM manufacturer. Some TPMs may enter lockout mode for successively longer periods of time with fewer authorization failures depending on past failures. Some TPMs may require a system restart to exit the lockout mode. Other TPMs may require the system to be on so enough clock cycles elapse before the TPM exits the lockout mode. An administrator with the TPM owner password may fully reset the TPM's hardware lockout logic using the TPM Management Console (tpm.msc). Each time an administrator resets the TPM's hardware lockout logic all prior standard user TPM authorization failures are ignored; allowing standard users to use the TPM normally again immediately. -If this value is not configured, a default value of 9 is used. +If this value isn't configured, a default value of 9 is used. -A value of zero means the OS will not allow standard users to send commands to the TPM which may cause an authorization failure. +A value of zero means the OS won't allow standard users to send commands to the TPM which may cause an authorization failure. diff --git a/windows/client-management/mdm/policy-csp-admx-userexperiencevirtualization.md b/windows/client-management/mdm/policy-csp-admx-userexperiencevirtualization.md index 851fa37d1b..f0a248a97d 100644 --- a/windows/client-management/mdm/policy-csp-admx-userexperiencevirtualization.md +++ b/windows/client-management/mdm/policy-csp-admx-userexperiencevirtualization.md @@ -48,7 +48,7 @@ By default, the user settings of Calculator synchronize between computers. Use t - If you enable this policy setting, the Calculator user settings continue to synchronize. - If you disable this policy setting, Calculator user settings are excluded from the synchronization settings. -- If you do not configure this policy setting, any defined values will be deleted. +- If you don't configure this policy setting, any defined values will be deleted. @@ -112,7 +112,7 @@ When SyncMethod is set to "None," the UE-V Agent uses no sync provider. Settings Set SyncMethod to "External" when an external synchronization engine is being deployed for settings sync. This could use OneDrive, Work Folders, SharePoint or any other engine that uses a local folder to synchronize data between users' computers. In this mode, UE-V writes settings data to the local folder specified in the settings storage path. These settings are then synchronized to other computers by an external synchronization engine. UE-V has no control over this synchronization. It only reads and writes the settings data when the normal UE-V triggers take place. With notifications enabled, UE-V users receive a message when the settings sync is delayed. The notification delay policy setting defines the delay before a notification appears. - If you disable this policy setting, the sync provider is used to synchronize settings between computers and the settings storage location. -- If you do not configure this policy setting, any defined values will be deleted. +- If you don't configure this policy setting, any defined values will be deleted. @@ -174,7 +174,7 @@ This policy setting configures the synchronization of User Experience Virtualiza - If you enable this policy setting, the UE-V rollback state is copied to the settings storage location on logout and restored on login. - If you disable this policy setting, no UE-V rollback state is copied to the settings storage location. -- If you do not configure this policy, no UE-V rollback state is copied to the settings storage location. +- If you don't configure this policy, no UE-V rollback state is copied to the settings storage location. @@ -232,8 +232,8 @@ This policy setting configures the synchronization of User Experience Virtualiza This policy setting specifies the text of the Contact IT URL hyperlink in the Company Settings Center. - If you enable this policy setting, the Company Settings Center displays the specified text in the link to the Contact IT URL. -- If you disable this policy setting, the Company Settings Center does not display an IT Contact link. -- If you do not configure this policy setting, any defined values will be deleted. +- If you disable this policy setting, the Company Settings Center doesn't display an IT Contact link. +- If you don't configure this policy setting, any defined values will be deleted. @@ -290,8 +290,8 @@ This policy setting specifies the text of the Contact IT URL hyperlink in the Co This policy setting specifies the URL for the Contact IT link in the Company Settings Center. - If you enable this policy setting, the Company Settings Center Contact IT text links to the specified URL. The link can be of any standard protocol such as http or mailto. -- If you disable this policy setting, the Company Settings Center does not display an IT Contact link. -- If you do not configure this policy setting, any defined values will be deleted. +- If you disable this policy setting, the Company Settings Center doesn't display an IT Contact link. +- If you don't configure this policy setting, any defined values will be deleted. @@ -352,12 +352,12 @@ This policy setting specifies the URL for the Contact IT link in the Company Set This policy setting defines whether the User Experience Virtualization (UE-V) Agent synchronizes settings for Windows apps. By default, the UE-V Agent synchronizes settings for Windows apps between the computer and the settings storage location. -- If you enable this policy setting, the UE-V Agent will not synchronize settings for Windows apps. +- If you enable this policy setting, the UE-V Agent won't synchronize settings for Windows apps. - If you disable this policy setting, the UE-V Agent will synchronize settings for Windows apps. -- If you do not configure this policy setting, any defined values are deleted. +- If you don't configure this policy setting, any defined values are deleted. > [!NOTE] -> If the user connects their Microsoft account for their computer then the UE-V Agent will not synchronize Windows apps. The Windows apps will default to whatever settings are configured in the Sync your settings configuration in Windows. +> If the user connects their Microsoft account for their computer then the UE-V Agent won't synchronize Windows apps. The Windows apps will default to whatever settings are configured in the Sync your settings configuration in Windows. @@ -421,7 +421,7 @@ Certain Windows settings will synchronize between computers by default. These se - If you enable this policy setting, only the selected Windows settings synchronize. Unselected Windows settings are excluded from settings synchronization. - If you disable this policy setting, all Windows Settings are excluded from the settings synchronization. -- If you do not configure this policy setting, any defined values will be deleted. +- If you don't configure this policy setting, any defined values will be deleted. @@ -539,7 +539,7 @@ By default, the user settings of Finance sync between computers. Use the policy - If you enable this policy setting, Finance user settings continue to sync. - If you disable this policy setting, Finance user settings are excluded from synchronization. -- If you do not configure this policy setting, any defined values will be deleted. +- If you don't configure this policy setting, any defined values will be deleted. @@ -598,7 +598,7 @@ This policy setting enables a notification in the system tray that appears when By default, a notification informs users that Company Settings Center, the user-facing name for the UE-V Agent, now helps to synchronize settings between their work computers. With this setting enabled, the notification appears the first time that the UE-V Agent runs. With this setting disabled, no notification appears. -If you do not configure this policy setting, any defined values are deleted. +If you don't configure this policy setting, any defined values are deleted. @@ -662,7 +662,7 @@ By default, the user settings of Games sync between computers. Use the policy se - If you enable this policy setting, Games user settings continue to sync. - If you disable this policy setting, Games user settings are excluded from synchronization. -- If you do not configure this policy setting, any defined values will be deleted. +- If you don't configure this policy setting, any defined values will be deleted. @@ -726,7 +726,7 @@ By default, the user settings of Internet Explorer 10 synchronize between comput - If you enable this policy setting, the Internet Explorer 10 user settings continue to synchronize. - If you disable this policy setting, Internet Explorer 10 user settings are excluded from the synchronization settings. -- If you do not configure this policy setting, any defined values will be deleted. +- If you don't configure this policy setting, any defined values will be deleted. @@ -790,7 +790,7 @@ By default, the user settings of Internet Explorer 11 synchronize between comput - If you enable this policy setting, the Internet Explorer 11 user settings continue to synchronize. - If you disable this policy setting, Internet Explorer 11 user settings are excluded from the synchronization settings. -- If you do not configure this policy setting, any defined values will be deleted. +- If you don't configure this policy setting, any defined values will be deleted. @@ -854,7 +854,7 @@ By default, the user settings of Internet Explorer 8 synchronize between compute - If you enable this policy setting, the Internet Explorer 8 user settings continue to synchronize. - If you disable this policy setting, Internet Explorer 8 user settings are excluded from the synchronization settings. -- If you do not configure this policy setting, any defined values will be deleted. +- If you don't configure this policy setting, any defined values will be deleted. @@ -918,7 +918,7 @@ By default, the user settings of Internet Explorer 9 synchronize between compute - If you enable this policy setting, the Internet Explorer 9 user settings continue to synchronize. - If you disable this policy setting, Internet Explorer 9 user settings are excluded from the synchronization settings. -- If you do not configure this policy setting, any defined values will be deleted. +- If you don't configure this policy setting, any defined values will be deleted. @@ -981,8 +981,8 @@ This policy setting configures the synchronization of user settings which are co By default, the user settings which are common between the versions of Internet Explorer synchronize between computers. Use the policy setting to prevent the user settings of Internet Explorer from synchronization between computers. - If you enable this policy setting, the user settings which are common between the versions of Internet Explorer continue to synchronize. -- If you disable this policy setting, the user settings which are common between the versions of Internet Explorer are excluded from settings synchronization. If any version of the Internet Explorer settings are enabled this policy setting should not be disabled. -- If you do not configure this policy setting, any defined values will be deleted. +- If you disable this policy setting, the user settings which are common between the versions of Internet Explorer are excluded from settings synchronization. If any version of the Internet Explorer settings are enabled this policy setting shouldn't be disabled. +- If you don't configure this policy setting, any defined values will be deleted. @@ -1045,7 +1045,7 @@ By default, the user settings of Maps sync between computers. Use the policy set - If you enable this policy setting, Maps user settings continue to sync. - If you disable this policy setting, Maps user settings are excluded from synchronization. -- If you do not configure this policy setting, any defined values will be deleted. +- If you don't configure this policy setting, any defined values will be deleted. @@ -1104,10 +1104,10 @@ By default, the user settings of Maps sync between computers. Use the policy set -This policy setting allows you to configure the UE-V Agent to write a warning event to the event log when a settings package file size reaches a defined threshold. By default the UE-V Agent does not report information about package file size. +This policy setting allows you to configure the UE-V Agent to write a warning event to the event log when a settings package file size reaches a defined threshold. By default the UE-V Agent doesn't report information about package file size. - If you enable this policy setting, specify the threshold file size in bytes. When the settings package file exceeds this threshold the UE-V Agent will write a warning event to the event log. -- If you disable or do not configure this policy setting, no event is written to the event log to report settings package size. +- If you disable or don't configure this policy setting, no event is written to the event log to report settings package size. @@ -1170,7 +1170,7 @@ By default, the user settings of Microsoft Access 2010 synchronize between compu - If you enable this policy setting, Microsoft Access 2010 user settings continue to synchronize. - If you disable this policy setting, Microsoft Access 2010 user settings are excluded from the synchronization settings. -- If you do not configure this policy setting, any defined values will be deleted. +- If you don't configure this policy setting, any defined values will be deleted. @@ -1232,8 +1232,8 @@ This policy setting configures the synchronization of user settings which are co By default, the user settings which are common between the Microsoft Office Suite 2010 applications synchronize between computers. Use the policy setting to prevent the user settings which are common between the Microsoft Office Suite 2010 applications from synchronization between computers. - If you enable this policy setting, the user settings which are common between the Microsoft Office Suite 2010 applications continue to synchronize. -- If you disable this policy setting, the user settings which are common between the Microsoft Office Suite 2010 applications are excluded from the synchronization settings. If any of the Microsoft Office Suite 2010 applications are enabled, this policy setting should not be disabled -- If you do not configure this policy setting, any defined values will be deleted. +- If you disable this policy setting, the user settings which are common between the Microsoft Office Suite 2010 applications are excluded from the synchronization settings. If any of the Microsoft Office Suite 2010 applications are enabled, this policy setting shouldn't be disabled +- If you don't configure this policy setting, any defined values will be deleted. @@ -1296,7 +1296,7 @@ By default, the user settings of Microsoft Excel 2010 synchronize between comput - If you enable this policy setting, Microsoft Excel 2010 user settings continue to synchronize. - If you disable this policy setting, Microsoft Excel 2010 user settings are excluded from the synchronization settings. -- If you do not configure this policy setting, any defined values will be deleted. +- If you don't configure this policy setting, any defined values will be deleted. @@ -1359,7 +1359,7 @@ By default, the user settings of Microsoft InfoPath 2010 synchronize between com - If you enable this policy setting, Microsoft InfoPath 2010 user settings continue to synchronize. - If you disable this policy setting, Microsoft InfoPath 2010 user settings are excluded from the synchronization settings. -- If you do not configure this policy setting, any defined values will be deleted. +- If you don't configure this policy setting, any defined values will be deleted. @@ -1422,7 +1422,7 @@ By default, the user settings of Microsoft Lync 2010 synchronize between compute - If you enable this policy setting, Microsoft Lync 2010 user settings continue to synchronize. - If you disable this policy setting, Microsoft Lync 2010 user settings are excluded from the synchronization settings. -- If you do not configure this policy setting, any defined values will be deleted. +- If you don't configure this policy setting, any defined values will be deleted. @@ -1486,7 +1486,7 @@ By default, the user settings of Microsoft OneNote 2010 synchronize between comp - If you enable this policy setting, Microsoft OneNote 2010 user settings continue to synchronize. - If you disable this policy setting, Microsoft OneNote 2010 user settings are excluded from the synchronization settings. -- If you do not configure this policy setting, any defined values will be deleted. +- If you don't configure this policy setting, any defined values will be deleted. @@ -1549,7 +1549,7 @@ By default, the user settings of Microsoft Outlook 2010 synchronize between comp - If you enable this policy setting, Microsoft Outlook 2010 user settings continue to synchronize. - If you disable this policy setting, Microsoft Outlook 2010 user settings are excluded from the synchronization settings. -- If you do not configure this policy setting, any defined values will be deleted. +- If you don't configure this policy setting, any defined values will be deleted. @@ -1612,7 +1612,7 @@ By default, the user settings of Microsoft PowerPoint 2010 synchronize between c - If you enable this policy setting, Microsoft PowerPoint 2010 user settings continue to synchronize. - If you disable this policy setting, Microsoft PowerPoint 2010 user settings are excluded from the synchronization settings. -- If you do not configure this policy setting, any defined values will be deleted. +- If you don't configure this policy setting, any defined values will be deleted. @@ -1675,7 +1675,7 @@ By default, the user settings of Microsoft Project 2010 synchronize between comp - If you enable this policy setting, Microsoft Project 2010 user settings continue to synchronize. - If you disable this policy setting, Microsoft Project 2010 user settings are excluded from the synchronization settings. -- If you do not configure this policy setting, any defined values will be deleted. +- If you don't configure this policy setting, any defined values will be deleted. @@ -1738,7 +1738,7 @@ By default, the user settings of Microsoft Publisher 2010 synchronize between co - If you enable this policy setting, Microsoft Publisher 2010 user settings continue to synchronize. - If you disable this policy setting, Microsoft Publisher 2010 user settings are excluded from the synchronization settings. -- If you do not configure this policy setting, any defined values will be deleted. +- If you don't configure this policy setting, any defined values will be deleted. @@ -1801,7 +1801,7 @@ By default, the user settings of Microsoft SharePoint Designer 2010 synchronize - If you enable this policy setting, Microsoft SharePoint Designer 2010 user settings continue to synchronize. - If you disable this policy setting, Microsoft SharePoint Designer 2010 user settings are excluded from the synchronization settings. -- If you do not configure this policy setting, any defined values will be deleted. +- If you don't configure this policy setting, any defined values will be deleted. @@ -1864,7 +1864,7 @@ By default, the user settings of Microsoft SharePoint Workspace 2010 synchronize - If you enable this policy setting, Microsoft SharePoint Workspace 2010 user settings continue to synchronize. - If you disable this policy setting, Microsoft SharePoint Workspace 2010 user settings are excluded from the synchronization settings. -- If you do not configure this policy setting, any defined values will be deleted. +- If you don't configure this policy setting, any defined values will be deleted. @@ -1927,7 +1927,7 @@ By default, the user settings of Microsoft Visio 2010 synchronize between comput - If you enable this policy setting, Microsoft Visio 2010 user settings continue to synchronize. - If you disable this policy setting, Microsoft Visio 2010 user settings are excluded from the synchronization settings. -- If you do not configure this policy setting, any defined values will be deleted. +- If you don't configure this policy setting, any defined values will be deleted. @@ -1990,7 +1990,7 @@ By default, the user settings of Microsoft Word 2010 synchronize between compute - If you enable this policy setting, Microsoft Word 2010 user settings continue to synchronize. - If you disable this policy setting, Microsoft Word 2010 user settings are excluded from the synchronization settings. -- If you do not configure this policy setting, any defined values will be deleted. +- If you don't configure this policy setting, any defined values will be deleted. @@ -2053,7 +2053,7 @@ By default, the user settings of Microsoft Access 2013 synchronize between compu - If you enable this policy setting, Microsoft Access 2013 user settings continue to synchronize. - If you disable this policy setting, Microsoft Access 2013 user settings are excluded from the synchronization settings. -- If you do not configure this policy setting, any defined values will be deleted. +- If you don't configure this policy setting, any defined values will be deleted. @@ -2115,8 +2115,8 @@ This policy setting configures the backup of certain user settings for Microsoft Microsoft Access 2013 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Access 2013 settings. - If you enable this policy setting, certain user settings of Microsoft Access 2013 will continue to be backed up. -- If you disable this policy setting, certain user settings of Microsoft Access 2013 will not be backed up. -- If you do not configure this policy setting, any defined values will be deleted. +- If you disable this policy setting, certain user settings of Microsoft Access 2013 won't be backed up. +- If you don't configure this policy setting, any defined values will be deleted. @@ -2178,8 +2178,8 @@ This policy setting configures the synchronization of user settings which are co By default, the user settings which are common between the Microsoft Office Suite 2013 applications synchronize between computers. Use the policy setting to prevent the user settings which are common between the Microsoft Office Suite 2013 applications from synchronization between computers. - If you enable this policy setting, the user settings which are common between the Microsoft Office Suite 2013 applications continue to synchronize. -- If you disable this policy setting, the user settings which are common between the Microsoft Office Suite 2013 applications are excluded from the synchronization settings. If any of the Microsoft Office Suite 2013 applications are enabled, this policy setting should not be disabled. -- If you do not configure this policy setting, any defined values will be deleted. +- If you disable this policy setting, the user settings which are common between the Microsoft Office Suite 2013 applications are excluded from the synchronization settings. If any of the Microsoft Office Suite 2013 applications are enabled, this policy setting shouldn't be disabled. +- If you don't configure this policy setting, any defined values will be deleted. @@ -2241,8 +2241,8 @@ This policy setting configures the backup of certain user settings which are com Microsoft Office Suite 2013 has user settings which are common between applications and are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific common Microsoft Office Suite 2013 applications. - If you enable this policy setting, certain user settings which are common between the Microsoft Office Suite 2013 applications will continue to be backed up. -- If you disable this policy setting, certain user settings which are common between the Microsoft Office Suite 2013 applications will not be backed up. -- If you do not configure this policy setting, any defined values will be deleted. +- If you disable this policy setting, certain user settings which are common between the Microsoft Office Suite 2013 applications won't be backed up. +- If you don't configure this policy setting, any defined values will be deleted. @@ -2305,7 +2305,7 @@ By default, the user settings of Microsoft Excel 2013 synchronize between comput - If you enable this policy setting, Microsoft Excel 2013 user settings continue to synchronize. - If you disable this policy setting, Microsoft Excel 2013 user settings are excluded from the synchronization settings. -- If you do not configure this policy setting, any defined values will be deleted. +- If you don't configure this policy setting, any defined values will be deleted. @@ -2367,8 +2367,8 @@ This policy setting configures the backup of certain user settings for Microsoft Microsoft Excel 2013 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Excel 2013 settings. - If you enable this policy setting, certain user settings of Microsoft Excel 2013 will continue to be backed up. -- If you disable this policy setting, certain user settings of Microsoft Excel 2013 will not be backed up. -- If you do not configure this policy setting, any defined values will be deleted. +- If you disable this policy setting, certain user settings of Microsoft Excel 2013 won't be backed up. +- If you don't configure this policy setting, any defined values will be deleted. @@ -2431,7 +2431,7 @@ By default, the user settings of Microsoft InfoPath 2013 synchronize between com - If you enable this policy setting, Microsoft InfoPath 2013 user settings continue to synchronize. - If you disable this policy setting, Microsoft InfoPath 2013 user settings are excluded from the synchronization settings. -- If you do not configure this policy setting, any defined values will be deleted. +- If you don't configure this policy setting, any defined values will be deleted. @@ -2493,8 +2493,8 @@ This policy setting configures the backup of certain user settings for Microsoft Microsoft InfoPath 2013 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft InfoPath 2013 settings. - If you enable this policy setting, certain user settings of Microsoft InfoPath 2013 will continue to be backed up. -- If you disable this policy setting, certain user settings of Microsoft InfoPath 2013 will not be backed up. -- If you do not configure this policy setting, any defined values will be deleted. +- If you disable this policy setting, certain user settings of Microsoft InfoPath 2013 won't be backed up. +- If you don't configure this policy setting, any defined values will be deleted. @@ -2557,7 +2557,7 @@ By default, the user settings of Microsoft Lync 2013 synchronize between compute - If you enable this policy setting, Microsoft Lync 2013 user settings continue to synchronize. - If you disable this policy setting, Microsoft Lync 2013 user settings are excluded from the synchronization settings. -- If you do not configure this policy setting, any defined values will be deleted. +- If you don't configure this policy setting, any defined values will be deleted. @@ -2619,8 +2619,8 @@ This policy setting configures the backup of certain user settings for Microsoft Microsoft Lync 2013 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Lync 2013 settings. - If you enable this policy setting, certain user settings of Microsoft Lync 2013 will continue to be backed up. -- If you disable this policy setting, certain user settings of Microsoft Lync 2013 will not be backed up. -- If you do not configure this policy setting, any defined values will be deleted. +- If you disable this policy setting, certain user settings of Microsoft Lync 2013 won't be backed up. +- If you don't configure this policy setting, any defined values will be deleted. @@ -2683,7 +2683,7 @@ By default, the user settings of OneDrive for Business 2013 synchronize between - If you enable this policy setting, OneDrive for Business 2013 user settings continue to synchronize. - If you disable this policy setting, OneDrive for Business 2013 user settings are excluded from the synchronization settings. -- If you do not configure this policy setting, any defined values will be deleted. +- If you don't configure this policy setting, any defined values will be deleted. @@ -2746,7 +2746,7 @@ By default, the user settings of Microsoft OneNote 2013 synchronize between comp - If you enable this policy setting, Microsoft OneNote 2013 user settings continue to synchronize. - If you disable this policy setting, Microsoft OneNote 2013 user settings are excluded from the synchronization settings. -- If you do not configure this policy setting, any defined values will be deleted. +- If you don't configure this policy setting, any defined values will be deleted. @@ -2808,8 +2808,8 @@ This policy setting configures the backup of certain user settings for Microsoft Microsoft OneNote 2013 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft OneNote 2013 settings. - If you enable this policy setting, certain user settings of Microsoft OneNote 2013 will continue to be backed up. -- If you disable this policy setting, certain user settings of Microsoft OneNote 2013 will not be backed up. -- If you do not configure this policy setting, any defined values will be deleted. +- If you disable this policy setting, certain user settings of Microsoft OneNote 2013 won't be backed up. +- If you don't configure this policy setting, any defined values will be deleted. @@ -2872,7 +2872,7 @@ By default, the user settings of Microsoft Outlook 2013 synchronize between comp - If you enable this policy setting, Microsoft Outlook 2013 user settings continue to synchronize. - If you disable this policy setting, Microsoft Outlook 2013 user settings are excluded from the synchronization settings. -- If you do not configure this policy setting, any defined values will be deleted. +- If you don't configure this policy setting, any defined values will be deleted. @@ -2934,8 +2934,8 @@ This policy setting configures the backup of certain user settings for Microsoft Microsoft Outlook 2013 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Outlook 2013 settings. - If you enable this policy setting, certain user settings of Microsoft Outlook 2013 will continue to be backed up. -- If you disable this policy setting, certain user settings of Microsoft Outlook 2013 will not be backed up. -- If you do not configure this policy setting, any defined values will be deleted. +- If you disable this policy setting, certain user settings of Microsoft Outlook 2013 won't be backed up. +- If you don't configure this policy setting, any defined values will be deleted. @@ -2998,7 +2998,7 @@ By default, the user settings of Microsoft PowerPoint 2013 synchronize between c - If you enable this policy setting, Microsoft PowerPoint 2013 user settings continue to synchronize. - If you disable this policy setting, Microsoft PowerPoint 2013 user settings are excluded from the synchronization settings. -- If you do not configure this policy setting, any defined values will be deleted. +- If you don't configure this policy setting, any defined values will be deleted. @@ -3060,8 +3060,8 @@ This policy setting configures the backup of certain user settings for Microsoft Microsoft PowerPoint 2013 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft PowerPoint 2013 settings. - If you enable this policy setting, certain user settings of Microsoft PowerPoint 2013 will continue to be backed up. -- If you disable this policy setting, certain user settings of Microsoft PowerPoint 2013 will not be backed up. -- If you do not configure this policy setting, any defined values will be deleted. +- If you disable this policy setting, certain user settings of Microsoft PowerPoint 2013 won't be backed up. +- If you don't configure this policy setting, any defined values will be deleted. @@ -3124,7 +3124,7 @@ By default, the user settings of Microsoft Project 2013 synchronize between comp - If you enable this policy setting, Microsoft Project 2013 user settings continue to synchronize. - If you disable this policy setting, Microsoft Project 2013 user settings are excluded from the synchronization settings. -- If you do not configure this policy setting, any defined values will be deleted. +- If you don't configure this policy setting, any defined values will be deleted. @@ -3186,8 +3186,8 @@ This policy setting configures the backup of certain user settings for Microsoft Microsoft Project 2013 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Project 2013 settings. - If you enable this policy setting, certain user settings of Microsoft Project 2013 will continue to be backed up. -- If you disable this policy setting, certain user settings of Microsoft Project 2013 will not be backed up. -- If you do not configure this policy setting, any defined values will be deleted. +- If you disable this policy setting, certain user settings of Microsoft Project 2013 won't be backed up. +- If you don't configure this policy setting, any defined values will be deleted. @@ -3250,7 +3250,7 @@ By default, the user settings of Microsoft Publisher 2013 synchronize between co - If you enable this policy setting, Microsoft Publisher 2013 user settings continue to synchronize. - If you disable this policy setting, Microsoft Publisher 2013 user settings are excluded from the synchronization settings. -- If you do not configure this policy setting, any defined values will be deleted. +- If you don't configure this policy setting, any defined values will be deleted. @@ -3312,8 +3312,8 @@ This policy setting configures the backup of certain user settings for Microsoft Microsoft Publisher 2013 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Publisher 2013 settings. - If you enable this policy setting, certain user settings of Microsoft Publisher 2013 will continue to be backed up. -- If you disable this policy setting, certain user settings of Microsoft Publisher 2013 will not be backed up. -- If you do not configure this policy setting, any defined values will be deleted. +- If you disable this policy setting, certain user settings of Microsoft Publisher 2013 won't be backed up. +- If you don't configure this policy setting, any defined values will be deleted. @@ -3376,7 +3376,7 @@ By default, the user settings of Microsoft SharePoint Designer 2013 synchronize - If you enable this policy setting, Microsoft SharePoint Designer 2013 user settings continue to synchronize. - If you disable this policy setting, Microsoft SharePoint Designer 2013 user settings are excluded from the synchronization settings. -- If you do not configure this policy setting, any defined values will be deleted. +- If you don't configure this policy setting, any defined values will be deleted. @@ -3438,8 +3438,8 @@ This policy setting configures the backup of certain user settings for Microsoft Microsoft SharePoint Designer 2013 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft SharePoint Designer 2013 settings. - If you enable this policy setting, certain user settings of Microsoft SharePoint Designer 2013 will continue to be backed up. -- If you disable this policy setting, certain user settings of Microsoft SharePoint Designer 2013 will not be backed up. -- If you do not configure this policy setting, any defined values will be deleted. +- If you disable this policy setting, certain user settings of Microsoft SharePoint Designer 2013 won't be backed up. +- If you don't configure this policy setting, any defined values will be deleted. @@ -3502,7 +3502,7 @@ By default, the user settings of Microsoft Office 2013 Upload Center synchronize - If you enable this policy setting, Microsoft Office 2013 Upload Center user settings continue to synchronize. - If you disable this policy setting, Microsoft Office 2013 Upload Center user settings are excluded from the synchronization settings. -- If you do not configure this policy setting, any defined values will be deleted. +- If you don't configure this policy setting, any defined values will be deleted. @@ -3565,7 +3565,7 @@ By default, the user settings of Microsoft Visio 2013 synchronize between comput - If you enable this policy setting, Microsoft Visio 2013 user settings continue to synchronize. - If you disable this policy setting, Microsoft Visio 2013 user settings are excluded from the synchronization settings. -- If you do not configure this policy setting, any defined values will be deleted. +- If you don't configure this policy setting, any defined values will be deleted. @@ -3627,8 +3627,8 @@ This policy setting configures the backup of certain user settings for Microsoft Microsoft Visio 2013 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Visio 2013 settings. - If you enable this policy setting, certain user settings of Microsoft Visio 2013 will continue to be backed up. -- If you disable this policy setting, certain user settings of Microsoft Visio 2013 will not be backed up. -- If you do not configure this policy setting, any defined values will be deleted. +- If you disable this policy setting, certain user settings of Microsoft Visio 2013 won't be backed up. +- If you don't configure this policy setting, any defined values will be deleted. @@ -3691,7 +3691,7 @@ By default, the user settings of Microsoft Word 2013 synchronize between compute - If you enable this policy setting, Microsoft Word 2013 user settings continue to synchronize. - If you disable this policy setting, Microsoft Word 2013 user settings are excluded from the synchronization settings. -- If you do not configure this policy setting, any defined values will be deleted. +- If you don't configure this policy setting, any defined values will be deleted. @@ -3753,8 +3753,8 @@ This policy setting configures the backup of certain user settings for Microsoft Microsoft Word 2013 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Word 2013 settings. - If you enable this policy setting, certain user settings of Microsoft Word 2013 will continue to be backed up. -- If you disable this policy setting, certain user settings of Microsoft Word 2013 will not be backed up. -- If you do not configure this policy setting, any defined values will be deleted. +- If you disable this policy setting, certain user settings of Microsoft Word 2013 won't be backed up. +- If you don't configure this policy setting, any defined values will be deleted. @@ -3817,7 +3817,7 @@ By default, the user settings of Microsoft Access 2016 synchronize between compu - If you enable this policy setting, Microsoft Access 2016 user settings continue to synchronize. - If you disable this policy setting, Microsoft Access 2016 user settings are excluded from the synchronization settings. -- If you do not configure this policy setting, any defined values will be deleted. +- If you don't configure this policy setting, any defined values will be deleted. @@ -3879,8 +3879,8 @@ This policy setting configures the backup of certain user settings for Microsoft Microsoft Access 2016 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Access 2016 settings. - If you enable this policy setting, certain user settings of Microsoft Access 2016 will continue to be backed up. -- If you disable this policy setting, certain user settings of Microsoft Access 2016 will not be backed up. -- If you do not configure this policy setting, any defined values will be deleted. +- If you disable this policy setting, certain user settings of Microsoft Access 2016 won't be backed up. +- If you don't configure this policy setting, any defined values will be deleted. @@ -3942,8 +3942,8 @@ This policy setting configures the synchronization of user settings which are co By default, the user settings which are common between the Microsoft Office Suite 2016 applications synchronize between computers. Use the policy setting to prevent the user settings which are common between the Microsoft Office Suite 2016 applications from synchronization between computers. - If you enable this policy setting, the user settings which are common between the Microsoft Office Suite 2016 applications continue to synchronize. -- If you disable this policy setting, the user settings which are common between the Microsoft Office Suite 2016 applications are excluded from the synchronization settings. If any of the Microsoft Office Suite 2016 applications are enabled, this policy setting should not be disabled. -- If you do not configure this policy setting, any defined values will be deleted. +- If you disable this policy setting, the user settings which are common between the Microsoft Office Suite 2016 applications are excluded from the synchronization settings. If any of the Microsoft Office Suite 2016 applications are enabled, this policy setting shouldn't be disabled. +- If you don't configure this policy setting, any defined values will be deleted. @@ -4005,8 +4005,8 @@ This policy setting configures the backup of certain user settings which are com Microsoft Office Suite 2016 has user settings which are common between applications and are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific common Microsoft Office Suite 2016 applications. - If you enable this policy setting, certain user settings which are common between the Microsoft Office Suite 2016 applications will continue to be backed up. -- If you disable this policy setting, certain user settings which are common between the Microsoft Office Suite 2016 applications will not be backed up. -- If you do not configure this policy setting, any defined values will be deleted. +- If you disable this policy setting, certain user settings which are common between the Microsoft Office Suite 2016 applications won't be backed up. +- If you don't configure this policy setting, any defined values will be deleted. @@ -4069,7 +4069,7 @@ By default, the user settings of Microsoft Excel 2016 synchronize between comput - If you enable this policy setting, Microsoft Excel 2016 user settings continue to synchronize. - If you disable this policy setting, Microsoft Excel 2016 user settings are excluded from the synchronization settings. -- If you do not configure this policy setting, any defined values will be deleted. +- If you don't configure this policy setting, any defined values will be deleted. @@ -4131,8 +4131,8 @@ This policy setting configures the backup of certain user settings for Microsoft Microsoft Excel 2016 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Excel 2016 settings. - If you enable this policy setting, certain user settings of Microsoft Excel 2016 will continue to be backed up. -- If you disable this policy setting, certain user settings of Microsoft Excel 2016 will not be backed up. -- If you do not configure this policy setting, any defined values will be deleted. +- If you disable this policy setting, certain user settings of Microsoft Excel 2016 won't be backed up. +- If you don't configure this policy setting, any defined values will be deleted. @@ -4195,7 +4195,7 @@ By default, the user settings of Microsoft Lync 2016 synchronize between compute - If you enable this policy setting, Microsoft Lync 2016 user settings continue to synchronize. - If you disable this policy setting, Microsoft Lync 2016 user settings are excluded from the synchronization settings. -- If you do not configure this policy setting, any defined values will be deleted. +- If you don't configure this policy setting, any defined values will be deleted. @@ -4257,8 +4257,8 @@ This policy setting configures the backup of certain user settings for Microsoft Microsoft Lync 2016 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Lync 2016 settings. - If you enable this policy setting, certain user settings of Microsoft Lync 2016 will continue to be backed up. -- If you disable this policy setting, certain user settings of Microsoft Lync 2016 will not be backed up. -- If you do not configure this policy setting, any defined values will be deleted. +- If you disable this policy setting, certain user settings of Microsoft Lync 2016 won't be backed up. +- If you don't configure this policy setting, any defined values will be deleted. @@ -4321,7 +4321,7 @@ By default, the user settings of OneDrive for Business 2016 synchronize between - If you enable this policy setting, OneDrive for Business 2016 user settings continue to synchronize. - If you disable this policy setting, OneDrive for Business 2016 user settings are excluded from the synchronization settings. -- If you do not configure this policy setting, any defined values will be deleted. +- If you don't configure this policy setting, any defined values will be deleted. @@ -4384,7 +4384,7 @@ By default, the user settings of Microsoft OneNote 2016 synchronize between comp - If you enable this policy setting, Microsoft OneNote 2016 user settings continue to synchronize. - If you disable this policy setting, Microsoft OneNote 2016 user settings are excluded from the synchronization settings. -- If you do not configure this policy setting, any defined values will be deleted. +- If you don't configure this policy setting, any defined values will be deleted. @@ -4446,8 +4446,8 @@ This policy setting configures the backup of certain user settings for Microsoft Microsoft OneNote 2016 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft OneNote 2016 settings. - If you enable this policy setting, certain user settings of Microsoft OneNote 2016 will continue to be backed up. -- If you disable this policy setting, certain user settings of Microsoft OneNote 2016 will not be backed up. -- If you do not configure this policy setting, any defined values will be deleted. +- If you disable this policy setting, certain user settings of Microsoft OneNote 2016 won't be backed up. +- If you don't configure this policy setting, any defined values will be deleted. @@ -4510,7 +4510,7 @@ By default, the user settings of Microsoft Outlook 2016 synchronize between comp - If you enable this policy setting, Microsoft Outlook 2016 user settings continue to synchronize. - If you disable this policy setting, Microsoft Outlook 2016 user settings are excluded from the synchronization settings. -- If you do not configure this policy setting, any defined values will be deleted. +- If you don't configure this policy setting, any defined values will be deleted. @@ -4572,8 +4572,8 @@ This policy setting configures the backup of certain user settings for Microsoft Microsoft Outlook 2016 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Outlook 2016 settings. - If you enable this policy setting, certain user settings of Microsoft Outlook 2016 will continue to be backed up. -- If you disable this policy setting, certain user settings of Microsoft Outlook 2016 will not be backed up. -- If you do not configure this policy setting, any defined values will be deleted. +- If you disable this policy setting, certain user settings of Microsoft Outlook 2016 won't be backed up. +- If you don't configure this policy setting, any defined values will be deleted. @@ -4636,7 +4636,7 @@ By default, the user settings of Microsoft PowerPoint 2016 synchronize between c - If you enable this policy setting, Microsoft PowerPoint 2016 user settings continue to synchronize. - If you disable this policy setting, Microsoft PowerPoint 2016 user settings are excluded from the synchronization settings. -- If you do not configure this policy setting, any defined values will be deleted. +- If you don't configure this policy setting, any defined values will be deleted. @@ -4698,8 +4698,8 @@ This policy setting configures the backup of certain user settings for Microsoft Microsoft PowerPoint 2016 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft PowerPoint 2016 settings. - If you enable this policy setting, certain user settings of Microsoft PowerPoint 2016 will continue to be backed up. -- If you disable this policy setting, certain user settings of Microsoft PowerPoint 2016 will not be backed up. -- If you do not configure this policy setting, any defined values will be deleted. +- If you disable this policy setting, certain user settings of Microsoft PowerPoint 2016 won't be backed up. +- If you don't configure this policy setting, any defined values will be deleted. @@ -4762,7 +4762,7 @@ By default, the user settings of Microsoft Project 2016 synchronize between comp - If you enable this policy setting, Microsoft Project 2016 user settings continue to synchronize. - If you disable this policy setting, Microsoft Project 2016 user settings are excluded from the synchronization settings. -- If you do not configure this policy setting, any defined values will be deleted. +- If you don't configure this policy setting, any defined values will be deleted. @@ -4824,8 +4824,8 @@ This policy setting configures the backup of certain user settings for Microsoft Microsoft Project 2016 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Project 2016 settings. - If you enable this policy setting, certain user settings of Microsoft Project 2016 will continue to be backed up. -- If you disable this policy setting, certain user settings of Microsoft Project 2016 will not be backed up. -- If you do not configure this policy setting, any defined values will be deleted. +- If you disable this policy setting, certain user settings of Microsoft Project 2016 won't be backed up. +- If you don't configure this policy setting, any defined values will be deleted. @@ -4888,7 +4888,7 @@ By default, the user settings of Microsoft Publisher 2016 synchronize between co - If you enable this policy setting, Microsoft Publisher 2016 user settings continue to synchronize. - If you disable this policy setting, Microsoft Publisher 2016 user settings are excluded from the synchronization settings. -- If you do not configure this policy setting, any defined values will be deleted. +- If you don't configure this policy setting, any defined values will be deleted. @@ -4950,8 +4950,8 @@ This policy setting configures the backup of certain user settings for Microsoft Microsoft Publisher 2016 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Publisher 2016 settings. - If you enable this policy setting, certain user settings of Microsoft Publisher 2016 will continue to be backed up. -- If you disable this policy setting, certain user settings of Microsoft Publisher 2016 will not be backed up. -- If you do not configure this policy setting, any defined values will be deleted. +- If you disable this policy setting, certain user settings of Microsoft Publisher 2016 won't be backed up. +- If you don't configure this policy setting, any defined values will be deleted. @@ -5014,7 +5014,7 @@ By default, the user settings of Microsoft Office 2016 Upload Center synchronize - If you enable this policy setting, Microsoft Office 2016 Upload Center user settings continue to synchronize. - If you disable this policy setting, Microsoft Office 2016 Upload Center user settings are excluded from the synchronization settings. -- If you do not configure this policy setting, any defined values will be deleted. +- If you don't configure this policy setting, any defined values will be deleted. @@ -5077,7 +5077,7 @@ By default, the user settings of Microsoft Visio 2016 synchronize between comput - If you enable this policy setting, Microsoft Visio 2016 user settings continue to synchronize. - If you disable this policy setting, Microsoft Visio 2016 user settings are excluded from the synchronization settings. -- If you do not configure this policy setting, any defined values will be deleted. +- If you don't configure this policy setting, any defined values will be deleted. @@ -5139,8 +5139,8 @@ This policy setting configures the backup of certain user settings for Microsoft Microsoft Visio 2016 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Visio 2016 settings. - If you enable this policy setting, certain user settings of Microsoft Visio 2016 will continue to be backed up. -- If you disable this policy setting, certain user settings of Microsoft Visio 2016 will not be backed up. -- If you do not configure this policy setting, any defined values will be deleted. +- If you disable this policy setting, certain user settings of Microsoft Visio 2016 won't be backed up. +- If you don't configure this policy setting, any defined values will be deleted. @@ -5203,7 +5203,7 @@ By default, the user settings of Microsoft Word 2016 synchronize between compute - If you enable this policy setting, Microsoft Word 2016 user settings continue to synchronize. - If you disable this policy setting, Microsoft Word 2016 user settings are excluded from the synchronization settings. -- If you do not configure this policy setting, any defined values will be deleted. +- If you don't configure this policy setting, any defined values will be deleted. @@ -5265,8 +5265,8 @@ This policy setting configures the backup of certain user settings for Microsoft Microsoft Word 2016 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Word 2016 settings. - If you enable this policy setting, certain user settings of Microsoft Word 2016 will continue to be backed up. -- If you disable this policy setting, certain user settings of Microsoft Word 2016 will not be backed up. -- If you do not configure this policy setting, any defined values will be deleted. +- If you disable this policy setting, certain user settings of Microsoft Word 2016 won't be backed up. +- If you don't configure this policy setting, any defined values will be deleted. @@ -5329,7 +5329,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t - If you enable this policy setting, Microsoft Office 365 Access 2013 user settings continue to sync with UE-V. - If you disable this policy setting, Microsoft Office 365 Access 2013 user settings are excluded from synchronization with UE-V. -- If you do not configure this policy setting, any defined values will be deleted. +- If you don't configure this policy setting, any defined values will be deleted. @@ -5392,7 +5392,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t - If you enable this policy setting, Microsoft Office 365 Access 2016 user settings continue to sync with UE-V. - If you disable this policy setting, Microsoft Office 365 Access 2016 user settings are excluded from synchronization with UE-V. -- If you do not configure this policy setting, any defined values will be deleted. +- If you don't configure this policy setting, any defined values will be deleted. @@ -5455,7 +5455,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t - If you enable this policy setting, user settings which are common between the Microsoft Office Suite 2013 applications continue to synchronize with UE-V. - If you disable this policy setting, user settings which are common between the Microsoft Office Suite 2013 applications are excluded from synchronization with UE-V. -- If you do not configure this policy setting, any defined values will be deleted. +- If you don't configure this policy setting, any defined values will be deleted. @@ -5518,7 +5518,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t - If you enable this policy setting, user settings which are common between the Microsoft Office Suite 2016 applications continue to synchronize with UE-V. - If you disable this policy setting, user settings which are common between the Microsoft Office Suite 2016 applications are excluded from synchronization with UE-V. -- If you do not configure this policy setting, any defined values will be deleted. +- If you don't configure this policy setting, any defined values will be deleted. @@ -5581,7 +5581,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t - If you enable this policy setting, Microsoft Office 365 Excel 2013 user settings continue to sync with UE-V. - If you disable this policy setting, Microsoft Office 365 Excel 2013 user settings are excluded from synchronization with UE-V. -- If you do not configure this policy setting, any defined values will be deleted. +- If you don't configure this policy setting, any defined values will be deleted. @@ -5644,7 +5644,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t - If you enable this policy setting, Microsoft Office 365 Excel 2016 user settings continue to sync with UE-V. - If you disable this policy setting, Microsoft Office 365 Excel 2016 user settings are excluded from synchronization with UE-V. -- If you do not configure this policy setting, any defined values will be deleted. +- If you don't configure this policy setting, any defined values will be deleted. @@ -5707,7 +5707,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t - If you enable this policy setting, Microsoft Office 365 InfoPath 2013 user settings continue to sync with UE-V. - If you disable this policy setting, Microsoft Office 365 InfoPath 2013 user settings are excluded from synchronization with UE-V. -- If you do not configure this policy setting, any defined values will be deleted. +- If you don't configure this policy setting, any defined values will be deleted. @@ -5770,7 +5770,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t - If you enable this policy setting, Microsoft Office 365 Lync 2013 user settings continue to sync with UE-V. - If you disable this policy setting, Microsoft Office 365 Lync 2013 user settings are excluded from synchronization with UE-V. -- If you do not configure this policy setting, any defined values will be deleted. +- If you don't configure this policy setting, any defined values will be deleted. @@ -5833,7 +5833,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t - If you enable this policy setting, Microsoft Office 365 Lync 2016 user settings continue to sync with UE-V. - If you disable this policy setting, Microsoft Office 365 Lync 2016 user settings are excluded from synchronization with UE-V. -- If you do not configure this policy setting, any defined values will be deleted. +- If you don't configure this policy setting, any defined values will be deleted. @@ -5896,7 +5896,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t - If you enable this policy setting, Microsoft Office 365 OneNote 2013 user settings continue to sync with UE-V. - If you disable this policy setting, Microsoft Office 365 OneNote 2013 user settings are excluded from synchronization with UE-V. -- If you do not configure this policy setting, any defined values will be deleted. +- If you don't configure this policy setting, any defined values will be deleted. @@ -5959,7 +5959,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t - If you enable this policy setting, Microsoft Office 365 OneNote 2016 user settings continue to sync with UE-V. - If you disable this policy setting, Microsoft Office 365 OneNote 2016 user settings are excluded from synchronization with UE-V. -- If you do not configure this policy setting, any defined values will be deleted. +- If you don't configure this policy setting, any defined values will be deleted. @@ -6022,7 +6022,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t - If you enable this policy setting, Microsoft Office 365 Outlook 2013 user settings continue to sync with UE-V. - If you disable this policy setting, Microsoft Office 365 Outlook 2013 user settings are excluded from synchronization with UE-V. -- If you do not configure this policy setting, any defined values will be deleted. +- If you don't configure this policy setting, any defined values will be deleted. @@ -6085,7 +6085,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t - If you enable this policy setting, Microsoft Office 365 Outlook 2016 user settings continue to sync with UE-V. - If you disable this policy setting, Microsoft Office 365 Outlook 2016 user settings are excluded from synchronization with UE-V. -- If you do not configure this policy setting, any defined values will be deleted. +- If you don't configure this policy setting, any defined values will be deleted. @@ -6148,7 +6148,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t - If you enable this policy setting, Microsoft Office 365 PowerPoint 2013 user settings continue to sync with UE-V. - If you disable this policy setting, Microsoft Office 365 PowerPoint 2013 user settings are excluded from synchronization with UE-V. -- If you do not configure this policy setting, any defined values will be deleted. +- If you don't configure this policy setting, any defined values will be deleted. @@ -6211,7 +6211,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t - If you enable this policy setting, Microsoft Office 365 PowerPoint 2016 user settings continue to sync with UE-V. - If you disable this policy setting, Microsoft Office 365 PowerPoint 2016 user settings are excluded from synchronization with UE-V. -- If you do not configure this policy setting, any defined values will be deleted. +- If you don't configure this policy setting, any defined values will be deleted. @@ -6274,7 +6274,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t - If you enable this policy setting, Microsoft Office 365 Project 2013 user settings continue to sync with UE-V. - If you disable this policy setting, Microsoft Office 365 Project 2013 user settings are excluded from synchronization with UE-V. -- If you do not configure this policy setting, any defined values will be deleted. +- If you don't configure this policy setting, any defined values will be deleted. @@ -6337,7 +6337,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t - If you enable this policy setting, Microsoft Office 365 Project 2016 user settings continue to sync with UE-V. - If you disable this policy setting, Microsoft Office 365 Project 2016 user settings are excluded from synchronization with UE-V. -- If you do not configure this policy setting, any defined values will be deleted. +- If you don't configure this policy setting, any defined values will be deleted. @@ -6400,7 +6400,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t - If you enable this policy setting, Microsoft Office 365 Publisher 2013 user settings continue to sync with UE-V. - If you disable this policy setting, Microsoft Office 365 Publisher 2013 user settings are excluded from synchronization with UE-V. -- If you do not configure this policy setting, any defined values will be deleted. +- If you don't configure this policy setting, any defined values will be deleted. @@ -6463,7 +6463,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t - If you enable this policy setting, Microsoft Office 365 Publisher 2016 user settings continue to sync with UE-V. - If you disable this policy setting, Microsoft Office 365 Publisher 2016 user settings are excluded from synchronization with UE-V. -- If you do not configure this policy setting, any defined values will be deleted. +- If you don't configure this policy setting, any defined values will be deleted. @@ -6526,7 +6526,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t - If you enable this policy setting, Microsoft Office 365 SharePoint Designer 2013 user settings continue to sync with UE-V. - If you disable this policy setting, Microsoft Office 365 SharePoint Designer 2013 user settings are excluded from synchronization with UE-V. -- If you do not configure this policy setting, any defined values will be deleted. +- If you don't configure this policy setting, any defined values will be deleted. @@ -6589,7 +6589,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t - If you enable this policy setting, Microsoft Office 365 Visio 2013 user settings continue to sync with UE-V. - If you disable this policy setting, Microsoft Office 365 Visio 2013 user settings are excluded from synchronization with UE-V. -- If you do not configure this policy setting, any defined values will be deleted. +- If you don't configure this policy setting, any defined values will be deleted. @@ -6652,7 +6652,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t - If you enable this policy setting, Microsoft Office 365 Visio 2016 user settings continue to sync with UE-V. - If you disable this policy setting, Microsoft Office 365 Visio 2016 user settings are excluded from synchronization with UE-V. -- If you do not configure this policy setting, any defined values will be deleted. +- If you don't configure this policy setting, any defined values will be deleted. @@ -6715,7 +6715,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t - If you enable this policy setting, Microsoft Office 365 Word 2013 user settings continue to sync with UE-V. - If you disable this policy setting, Microsoft Office 365 Word 2013 user settings are excluded from synchronization with UE-V. -- If you do not configure this policy setting, any defined values will be deleted. +- If you don't configure this policy setting, any defined values will be deleted. @@ -6778,7 +6778,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t - If you enable this policy setting, Microsoft Office 365 Word 2016 user settings continue to sync with UE-V. - If you disable this policy setting, Microsoft Office 365 Word 2016 user settings are excluded from synchronization with UE-V. -- If you do not configure this policy setting, any defined values will be deleted. +- If you don't configure this policy setting, any defined values will be deleted. @@ -6841,7 +6841,7 @@ By default, the user settings of Music sync between computers. Use the policy se - If you enable this policy setting, Music user settings continue to sync. - If you disable this policy setting, Music user settings are excluded from the synchronizing settings. -- If you do not configure this policy setting, any defined values will be deleted. +- If you don't configure this policy setting, any defined values will be deleted. @@ -6905,7 +6905,7 @@ By default, the user settings of News sync between computers. Use the policy set - If you enable this policy setting, News user settings continue to sync. - If you disable this policy setting, News user settings are excluded from synchronization. -- If you do not configure this policy setting, any defined values will be deleted. +- If you don't configure this policy setting, any defined values will be deleted. @@ -6969,7 +6969,7 @@ By default, the user settings of Notepad synchronize between computers. Use the - If you enable this policy setting, the Notepad user settings continue to synchronize. - If you disable this policy setting, Notepad user settings are excluded from the synchronization settings. -- If you do not configure this policy setting, any defined values will be deleted. +- If you don't configure this policy setting, any defined values will be deleted. @@ -7033,7 +7033,7 @@ By default, the user settings of Reader sync between computers. Use the policy s - If you enable this policy setting, Reader user settings continue to sync. - If you disable this policy setting, Reader user settings are excluded from the synchronization. -- If you do not configure this policy setting, any defined values will be deleted. +- If you don't configure this policy setting, any defined values will be deleted. @@ -7096,7 +7096,7 @@ This policy setting configures the number of milliseconds that the computer wait You can use this setting to override the default value of 2000 milliseconds. - If you enable this policy setting, set the number of milliseconds that the system waits to retrieve settings. -- If you disable or do not configure this policy setting, the default value of 2000 milliseconds is used. +- If you disable or don't configure this policy setting, the default value of 2000 milliseconds is used. @@ -7157,7 +7157,7 @@ You can use this setting to override the default value of 2000 milliseconds. This policy setting configures where the settings package files that contain user settings are stored. - If you enable this policy setting, the user settings are stored in the specified location. -- If you disable or do not configure this policy setting, the user settings are stored in the user's home directory if configured for your environment. +- If you disable or don't configure this policy setting, the user settings are stored in the user's home directory if configured for your environment. @@ -7216,9 +7216,9 @@ This policy setting configures where custom settings location templates are stor - If you enable this policy setting, the UE-V Agent checks the specified location once each day and updates its synchronization behavior based on the templates in this location. Settings location templates added or updated since the last check are registered by the UE-V Agent. The UE-V Agent deregisters templates that were removed from this location. If you specify a UNC path and leave the option to replace the default Microsoft templates unchecked, the UE-V Agent will use the default Microsoft templates installed by the UE-V Agent and custom templates in the settings template catalog. If there are custom templates in the settings template catalog which use the same ID as the default Microsoft templates, they will be ignored. If you specify a UNC path and check the option to replace the default Microsoft templates, all of the default Microsoft templates installed by the UE-V Agent will be deleted from the computer and only the templates located in the settings template catalog will be used. -- If you disable this policy setting, the UE-V Agent will not use the custom settings location templates. -- If you disable this policy setting after it has been enabled, the UE-V Agent will not restore the default Microsoft templates. -- If you do not configure this policy setting, any defined values will be deleted. +- If you disable this policy setting, the UE-V Agent won't use the custom settings location templates. +- If you disable this policy setting after it has been enabled, the UE-V Agent won't restore the default Microsoft templates. +- If you don't configure this policy setting, any defined values will be deleted. @@ -7281,7 +7281,7 @@ By default, the user settings of Sports sync between computers. Use the policy s - If you enable this policy setting, Sports user settings continue to sync. - If you disable this policy setting, Sports user settings are excluded from synchronization. -- If you do not configure this policy setting, any defined values will be deleted. +- If you don't configure this policy setting, any defined values will be deleted. @@ -7400,10 +7400,10 @@ This policy setting allows you to enable or disable User Experience Virtualizati This policy setting defines whether the User Experience Virtualization (UE-V) Agent synchronizes settings over metered connections. -By default, the UE-V Agent does not synchronize settings over a metered connection. +By default, the UE-V Agent doesn't synchronize settings over a metered connection. With this setting enabled, the UE-V Agent synchronizes settings over a metered connection. -With this setting disabled, the UE-V Agent does not synchronize settings over a metered connection. -If you do not configure this policy setting, any defined values are deleted. +With this setting disabled, the UE-V Agent doesn't synchronize settings over a metered connection. +If you don't configure this policy setting, any defined values are deleted. @@ -7463,10 +7463,10 @@ If you do not configure this policy setting, any defined values are deleted. This policy setting defines whether the User Experience Virtualization (UE-V) Agent synchronizes settings over metered connections outside of the home provider network, for example when connected via a roaming connection. -By default, the UE-V Agent does not synchronize settings over a metered connection that is roaming. -With this setting enabled, the UE-V Agent synchronizes settings over a metered connection that is roaming. -With this setting disabled, the UE-V Agent will not synchronize settings over a metered connection that is roaming. -If you do not configure this policy setting, any defined values are deleted. +By default, the UE-V Agent doesn't synchronize settings over a metered connection that's roaming. +With this setting enabled, the UE-V Agent synchronizes settings over a metered connection that's roaming. +With this setting disabled, the UE-V Agent won't synchronize settings over a metered connection that's roaming. +If you don't configure this policy setting, any defined values are deleted. @@ -7529,7 +7529,7 @@ This policy setting allows you to configure the User Experience Virtualization ( - If you enable this policy setting, the sync provider pings the settings storage location before synchronizing settings packages. - If you disable this policy setting, the sync provider doesn't ping the settings storage location before synchronizing settings packages. -- If you do not configure this policy, any defined values will be deleted. +- If you don't configure this policy, any defined values will be deleted. @@ -7584,11 +7584,11 @@ This policy setting allows you to configure the User Experience Virtualization ( -This policy setting defines the default settings sync behavior of the User Experience Virtualization (UE-V) Agent for Windows apps that are not explicitly listed in Windows App List. +This policy setting defines the default settings sync behavior of the User Experience Virtualization (UE-V) Agent for Windows apps that aren't explicitly listed in Windows App List. By default, the UE-V Agent only synchronizes settings of those Windows apps included in the Windows App List. With this setting enabled, the settings of all Windows apps not expressly disable in the Windows App List are synchronized. With this setting disabled, only the settings of the Windows apps set to synchronize in the Windows App List are synchronized. -If you do not configure this policy setting, any defined values are deleted. +If you don't configure this policy setting, any defined values are deleted. @@ -7652,7 +7652,7 @@ By default, the user settings of Travel sync between computers. Use the policy s - If you enable this policy setting, Travel user settings continue to sync. - If you disable this policy setting, Travel user settings are excluded from synchronization. -- If you do not configure this policy setting, any defined values will be deleted. +- If you don't configure this policy setting, any defined values will be deleted. @@ -7708,8 +7708,8 @@ By default, the user settings of Travel sync between computers. Use the policy s This policy setting enables the User Experience Virtualization (UE-V) tray icon. By default, an icon appears in the system tray that displays notifications for UE-V. This icon also provides a link to the UE-V Agent application, Company Settings Center. Users can open the Company Settings Center by right-clicking the icon and selecting Open or by double-clicking the icon. When this group policy setting is enabled, the UE-V tray icon is visible, the UE-V notifications display, and the Company Settings Center is accessible from the tray icon. -With this setting disabled, the tray icon does not appear in the system tray, UE-V never displays notifications, and the user cannot access Company Settings Center from the system tray. The Company Settings Center remains accessible through the Control Panel and the Start menu or Start screen. -If you do not configure this policy setting, any defined values are deleted. +With this setting disabled, the tray icon doesn't appear in the system tray, UE-V never displays notifications, and the user can't access Company Settings Center from the system tray. The Company Settings Center remains accessible through the Control Panel and the Start menu or Start screen. +If you don't configure this policy setting, any defined values are deleted. @@ -7773,7 +7773,7 @@ By default, the user settings of Video sync between computers. Use the policy se - If you enable this policy setting, Video user settings continue to sync. - If you disable this policy setting, Video user settings are excluded from synchronization. -- If you do not configure this policy setting, any defined values will be deleted. +- If you don't configure this policy setting, any defined values will be deleted. @@ -7837,7 +7837,7 @@ By default, the user settings of Weather sync between computers. Use the policy - If you enable this policy setting, Weather user settings continue to sync. - If you disable this policy setting, Weather user settings are excluded from synchronization. -- If you do not configure this policy setting, any defined values will be deleted. +- If you don't configure this policy setting, any defined values will be deleted. @@ -7901,7 +7901,7 @@ By default, the user settings of WordPad synchronize between computers. Use the - If you enable this policy setting, the WordPad user settings continue to synchronize. - If you disable this policy setting, WordPad user settings are excluded from the synchronization settings. -- If you do not configure this policy setting, any defined values will be deleted. +- If you don't configure this policy setting, any defined values will be deleted. diff --git a/windows/client-management/mdm/policy-csp-admx-userprofiles.md b/windows/client-management/mdm/policy-csp-admx-userprofiles.md index d1ff4bc3ca..d0294c3471 100644 --- a/windows/client-management/mdm/policy-csp-admx-userprofiles.md +++ b/windows/client-management/mdm/policy-csp-admx-userprofiles.md @@ -39,14 +39,14 @@ ms.topic: reference -This policy setting allows an administrator to automatically delete user profiles on system restart that have not been used within a specified number of days. +This policy setting allows an administrator to automatically delete user profiles on system restart that haven't been used within a specified number of days. > [!NOTE] > One day is interpreted as 24 hours after a specific user profile was accessed. -- If you enable this policy setting, the User Profile Service will automatically delete on the next system restart all user profiles on the computer that have not been used within the specified number of days. +- If you enable this policy setting, the User Profile Service will automatically delete on the next system restart all user profiles on the computer that haven't been used within the specified number of days. -- If you disable or do not configure this policy setting, User Profile Service will not automatically delete any profiles on the next system restart. +- If you disable or don't configure this policy setting, User Profile Service won't automatically delete any profiles on the next system restart. @@ -103,11 +103,11 @@ This policy setting allows an administrator to automatically delete user profile This policy setting controls whether Windows forcefully unloads the user's registry at logoff, even if there are open handles to the per-user registry keys. > [!NOTE] -> This policy setting should only be used for cases where you may be running into application compatibility issues due to this specific Windows behavior. It is not recommended to enable this policy by default as it may prevent users from getting an updated version of their roaming user profile. +> This policy setting should only be used for cases where you may be running into application compatibility issues due to this specific Windows behavior. It isn't recommended to enable this policy by default as it may prevent users from getting an updated version of their roaming user profile. -- If you enable this policy setting, Windows will not forcefully unload the users registry at logoff, but will unload the registry when all open handles to the per-user registry keys are closed. +- If you enable this policy setting, Windows won't forcefully unload the users registry at logoff, but will unload the registry when all open handles to the per-user registry keys are closed. -- If you disable or do not configure this policy setting, Windows will always unload the users registry at logoff, even if there are any open handles to the per-user registry keys at user logoff. +- If you disable or don't configure this policy setting, Windows will always unload the users registry at logoff, even if there are any open handles to the per-user registry keys at user logoff. @@ -166,9 +166,9 @@ This policy setting determines whether the system retains a roaming user's Windo By default Windows deletes all information related to a roaming user (which includes the user's settings, data, Windows Installer related data, and the like) when their profile is deleted. As a result, the next time a roaming user whose profile was previously deleted on that client logs on, they will need to reinstall all apps published via policy at logon increasing logon time. You can use this policy setting to change this behavior. -- If you enable this policy setting, Windows will not delete Windows Installer or Group Policy software installation data for roaming users when profiles are deleted from the machine. This will improve the performance of Group Policy based Software Installation during user logon when a user profile is deleted and that user subsequently logs on to the machine. +- If you enable this policy setting, Windows won't delete Windows Installer or Group Policy software installation data for roaming users when profiles are deleted from the machine. This will improve the performance of Group Policy based Software Installation during user logon when a user profile is deleted and that user subsequently logs on to the machine. -- If you disable or do not configure this policy setting, Windows will delete the entire profile for roaming users, including the Windows Installer and Group Policy software installation data when those profiles are deleted. +- If you disable or don't configure this policy setting, Windows will delete the entire profile for roaming users, including the Windows Installer and Group Policy software installation data when those profiles are deleted. > [!NOTE] > If this policy setting is enabled for a machine, local administrator action is required to remove the Windows Installer or Group Policy software installation data stored in the registry and file system of roaming users' profiles on the machine. @@ -228,7 +228,7 @@ By default Windows deletes all information related to a roaming user (which incl This policy setting sets the maximum size of each user profile and determines the system's response when a user profile reaches the maximum size. This policy setting affects both local and roaming profiles. -- If you disable this policy setting or do not configure it, the system does not limit the size of user profiles. +- If you disable this policy setting or don't configure it, the system doesn't limit the size of user profiles. - If you enable this policy setting, you can: @@ -239,7 +239,7 @@ This policy setting sets the maximum size of each user profile and determines th - Determine how often the customized message is displayed. > [!NOTE] -> In operating systems earlier than Microsoft Windows Vista, Windows will not allow users to log off until the profile size has been reduced to within the allowable limit. In Microsoft Windows Vista, Windows will not block users from logging off. Instead, if the user has a roaming user profile, Windows will not synchronize the user's profile with the roaming profile server if the maximum profile size limit specified here is exceeded. +> In operating systems earlier than Microsoft Windows Vista, Windows won't allow users to log off until the profile size has been reduced to within the allowable limit. In Microsoft Windows Vista, Windows won't block users from logging off. Instead, if the user has a roaming user profile, Windows won't synchronize the user's profile with the roaming profile server if the maximum profile size limit specified here is exceeded. @@ -294,13 +294,13 @@ This policy setting sets the maximum size of each user profile and determines th -This policy setting will automatically log off a user when Windows cannot load their profile. +This policy setting will automatically log off a user when Windows can't load their profile. -If Windows cannot access the user profile folder or the profile contains errors that prevent it from loading, Windows logs on the user with a temporary profile. This policy setting allows the administrator to disable this behavior, preventing Windows from loggin on the user with a temporary profile. +If Windows can't access the user profile folder or the profile contains errors that prevent it from loading, Windows logs on the user with a temporary profile. This policy setting allows the administrator to disable this behavior, preventing Windows from loggin on the user with a temporary profile. -- If you enable this policy setting, Windows will not log on a user with a temporary profile. Windows logs the user off if their profile cannot be loaded. +- If you enable this policy setting, Windows won't log on a user with a temporary profile. Windows logs the user off if their profile can't be loaded. -- If you disable this policy setting or do not configure it, Windows logs on the user with a temporary profile when Windows cannot load their user profile. +- If you disable this policy setting or don't configure it, Windows logs on the user with a temporary profile when Windows can't load their user profile. Also, see the "Delete cached copies of roaming profiles" policy setting. @@ -365,7 +365,7 @@ This policy setting and related policy settings in this folder together define t - If you enable this policy setting, you can change how long Windows waits for a response from the server before considering the connection to be slow. -- If you disable or do not configure this policy setting, Windows considers the network connection to be slow if the server returns less than 500 kilobits of data per second or take 120 milliseconds to respond. Consider increasing this value for clients using DHCP Service-assigned addresses or for computers accessing profiles across dial-up connections. Important: If the "Do not detect slow network connections" policy setting is enabled, this policy setting is ignored. Also, if the "Delete cached copies of roaming profiles" policy setting is enabled, there is no local copy of the roaming profile to load when the system detects a slow connection. +- If you disable or don't configure this policy setting, Windows considers the network connection to be slow if the server returns less than 500 kilobits of data per second or take 120 milliseconds to respond. Consider increasing this value for clients using DHCP Service-assigned addresses or for computers accessing profiles across dial-up connections. Important: If the "Do not detect slow network connections" policy setting is enabled, this policy setting is ignored. Also, if the "Delete cached copies of roaming profiles" policy setting is enabled, there is no local copy of the roaming profile to load when the system detects a slow connection. @@ -425,12 +425,12 @@ This policy setting allows you to specify the location and root (file share or l To use this policy setting, in the Location list, choose the location for the home folder. If you choose "On the network," enter the path to a file share in the Path box (for example, \\ComputerName\ShareName), and then choose the drive letter to assign to the file share. If you choose "On the local computer," enter a local path (for example, C:\HomeFolder) in the Path box. -Do not specify environment variables or ellipses in the path. Also, do not specify a placeholder for the user name because the user name will be appended at logon. +Don't specify environment variables or ellipses in the path. Also, don't specify a placeholder for the user name because the user name will be appended at logon. > [!NOTE] > The Drive letter box is ignored if you choose "On the local computer" from the Location list. If you choose "On the local computer" and enter a file share, the user's home folder will be placed in the network location without mapping the file share to a drive letter. -- If you disable or do not configure this policy setting, the user's home folder is configured as specified in the user's Active Directory Domain Services account. +- If you disable or don't configure this policy setting, the user's home folder is configured as specified in the user's Active Directory Domain Services account. If the "Set Remote Desktop Services User Home Directory" policy setting is enabled, the "Set user home folder" policy setting has no effect. @@ -490,11 +490,11 @@ This setting prevents users from managing the ability to allow apps to access th - If you enable this policy setting, sharing of user name, picture and domain information may be controlled by setting one of the following options: -"Always on" - users will not be able to change this setting and the user's name and account picture will be shared with apps (not desktop apps). In addition apps (not desktop apps) that have the enterprise authentication capability will also be able to retrieve the user's UPN, SIP/URI, and DNS. +"Always on" - users won't be able to change this setting and the user's name and account picture will be shared with apps (not desktop apps). In addition apps (not desktop apps) that have the enterprise authentication capability will also be able to retrieve the user's UPN, SIP/URI, and DNS. -"Always off" - users will not be able to change this setting and the user's name and account picture will not be shared with apps (not desktop apps). In addition apps (not desktop apps) that have the enterprise authentication capability will not be able to retrieve the user's UPN, SIP/URI, and DNS. Selecting this option may have a negative impact on certain enterprise software and/or line of business apps that depend on the domain information protected by this setting to connect with network resources. +"Always off" - users won't be able to change this setting and the user's name and account picture won't be shared with apps (not desktop apps). In addition apps (not desktop apps) that have the enterprise authentication capability won't be able to retrieve the user's UPN, SIP/URI, and DNS. Selecting this option may have a negative impact on certain enterprise software and/or line of business apps that depend on the domain information protected by this setting to connect with network resources. -- If you do not configure or disable this policy the user will have full control over this setting and can turn it off and on. Selecting this option may have a negative impact on certain enterprise software and/or line of business apps that depend on the domain information protected by this setting to connect with network resources if users choose to turn the setting off. +- If you don't configure or disable this policy the user will have full control over this setting and can turn it off and on. Selecting this option may have a negative impact on certain enterprise software and/or line of business apps that depend on the domain information protected by this setting to connect with network resources if users choose to turn the setting off. diff --git a/windows/client-management/mdm/policy-csp-admx-w32time.md b/windows/client-management/mdm/policy-csp-admx-w32time.md index a153667ae4..8ba901e770 100644 --- a/windows/client-management/mdm/policy-csp-admx-w32time.md +++ b/windows/client-management/mdm/policy-csp-admx-w32time.md @@ -55,10 +55,10 @@ LargePhaseOffset If a time sample differs from the client computer's local clock by more than LargePhaseOffset, the local clock is deemed to have drifted considerably, or in other words, spiked. Default: 50,000,000 100-nanosecond units (ns) or 5 seconds. MaxAllowedPhaseOffset -If a response is received that has a time variation that is larger than this parameter value, W32time sets the client computer's local clock immediately to the time that is accepted as accurate from the Network Time Protocol (NTP) server. If the time variation is less than this value, the client computer's local clock is corrected gradually. Default: 300 seconds. +If a response is received that has a time variation that's larger than this parameter value, W32time sets the client computer's local clock immediately to the time that's accepted as accurate from the Network Time Protocol (NTP) server. If the time variation is less than this value, the client computer's local clock is corrected gradually. Default: 300 seconds. MaxNegPhaseCorrection -If a time sample is received that indicates a time in the past (as compared to the client computer's local clock) that has a time difference that is greater than the MaxNegPhaseCorrection value, the time sample is discarded. Default: 172,800 seconds. +If a time sample is received that indicates a time in the past (as compared to the client computer's local clock) that has a time difference that's greater than the MaxNegPhaseCorrection value, the time sample is discarded. Default: 172,800 seconds. MaxPosPhaseCorrection If a time sample is received that indicates a time in the future (as compared to the client computer's local clock) that has a time difference greater than the MaxPosPhaseCorrection value, the time sample is discarded. Default: 172,800 seconds. @@ -84,7 +84,7 @@ EventLogFlags This parameter controls special events that may be logged to the Event Viewer System log. Default: 0x02 hexadecimal bitmask. LocalClockDispersion -This parameter indicates the maximum error in seconds that is reported by the NTP server to clients that are requesting a time sample. (Applies only when the NTP server is using the time of the local CMOS clock.) Default: 10 seconds. +This parameter indicates the maximum error in seconds that's reported by the NTP server to clients that are requesting a time sample. (Applies only when the NTP server is using the time of the local CMOS clock.) Default: 10 seconds. MaxPollInterval This parameter controls the maximum polling interval, which defines the maximum amount of time between polls of a peer. Default: 10 in log base-2, or 1024 seconds. (Should not be set higher than 15.) @@ -96,7 +96,7 @@ ClockHoldoverPeriod This parameter indicates the maximum number of seconds a system clock can nominally hold its accuracy without synchronizing with a time source. If this period of time passes without W32time obtaining new samples from any of its input providers, W32time initiates a rediscovery of time sources. Default: 7800 seconds. RequireSecureTimeSyncRequests -This parameter controls whether or not the DC will respond to time sync requests that use older authentication protocols. If enabled (set to 1), the DC will not respond to requests using such protocols. Default: 0 Boolean. +This parameter controls whether or not the DC will respond to time sync requests that use older authentication protocols. If enabled (set to 1), the DC won't respond to requests using such protocols. Default: 0 Boolean. UtilizeSslTimeData This parameter controls whether W32time will use time data computed from SSL traffic on the machine as an additional input for correcting the local clock. Default: 1 (enabled) Boolean @@ -116,7 +116,7 @@ ChainMaxHostEntries This parameter controls the maximum number of entries that are allowed in the chaining table for a particular host. Default: 4 entries. ChainDisable -This parameter controls whether or not the chaining mechanism is disabled. If chaining is disabled (set to 0), the RODC can synchronize with any domain controller, but hosts that do not have their passwords cached on the RODC will not be able to synchronize with the RODC. Default: 0 Boolean. +This parameter controls whether or not the chaining mechanism is disabled. If chaining is disabled (set to 0), the RODC can synchronize with any domain controller, but hosts that don't have their passwords cached on the RODC won't be able to synchronize with the RODC. Default: 0 Boolean. ChainLoggingRate This parameter controls the frequency at which an event that indicates the number of successful and unsuccessful chaining attempts is logged to the System log in Event Viewer. Default: 30 minutes. @@ -177,7 +177,7 @@ This policy setting specifies a set of parameters for controlling the Windows NT - If you enable this policy setting, you can specify the following parameters for the Windows NTP Client. -- If you disable or do not configure this policy setting, the Windows NTP Client uses the defaults of each of the following parameters. +- If you disable or don't configure this policy setting, the Windows NTP Client uses the defaults of each of the following parameters. NtpServer The Domain Name System (DNS) name or IP address of an NTP time source. This value is in the form of "dnsName,flags" where "flags" is a hexadecimal bitmask of the flags for that host. For more information, see the NTP Client Group Policy Settings Associated with Windows Time section of the Windows Time Service Group Policy Settings. The default value is "time.windows.com,0x09". @@ -186,7 +186,7 @@ Type This value controls the authentication that W32time uses. The default value is NT5DS. CrossSiteSyncFlags -This value, expressed as a bitmask, controls how W32time chooses time sources outside its own site. The possible values are 0, 1, and 2. Setting this value to 0 (None) indicates that the time client should not attempt to synchronize time outside its site. Setting this value to 1 (PdcOnly) indicates that only the computers that function as primary domain controller (PDC) emulator operations masters in other domains can be used as synchronization partners when the client has to synchronize time with a partner outside its own site. Setting a value of 2 (All) indicates that any synchronization partner can be used. This value is ignored if the NT5DS value is not set. The default value is 2 decimal (0x02 hexadecimal). +This value, expressed as a bitmask, controls how W32time chooses time sources outside its own site. The possible values are 0, 1, and 2. Setting this value to 0 (None) indicates that the time client shouldn't attempt to synchronize time outside its site. Setting this value to 1 (PdcOnly) indicates that only the computers that function as primary domain controller (PDC) emulator operations masters in other domains can be used as synchronization partners when the client has to synchronize time with a partner outside its own site. Setting a value of 2 (All) indicates that any synchronization partner can be used. This value is ignored if the NT5DS value isn't set. The default value is 2 decimal (0x02 hexadecimal). ResolvePeerBackoffMinutes This value, expressed in minutes, controls how long W32time waits before it attempts to resolve a DNS name when a previous attempt failed. The default value is 15 minutes. @@ -195,10 +195,10 @@ ResolvePeerBackoffMaxTimes This value controls how many times W32time attempts to resolve a DNS name before the discovery process is restarted. Each time DNS name resolution fails, the amount of time to wait before the next attempt will be twice the previous amount. The default value is seven attempts. SpecialPollInterval -This NTP client value, expressed in seconds, controls how often a manually configured time source is polled when the time source is configured to use a special polling interval. If the SpecialInterval flag is enabled on the NTPServer setting, the client uses the value that is set as the SpecialPollInterval, instead of a variable interval between MinPollInterval and MaxPollInterval values, to determine how frequently to poll the time source. SpecialPollInterval must be in the range of [MinPollInterval, MaxPollInterval], else the nearest value of the range is picked. Default: 1024 seconds. +This NTP client value, expressed in seconds, controls how often a manually configured time source is polled when the time source is configured to use a special polling interval. If the SpecialInterval flag is enabled on the NTPServer setting, the client uses the value that's set as the SpecialPollInterval, instead of a variable interval between MinPollInterval and MaxPollInterval values, to determine how frequently to poll the time source. SpecialPollInterval must be in the range of [MinPollInterval, MaxPollInterval], else the nearest value of the range is picked. Default: 1024 seconds. EventLogFlags -This value is a bitmask that controls events that may be logged to the System log in Event Viewer. Setting this value to 0x1 indicates that W32time will create an event whenever a time jump is detected. Setting this value to 0x2 indicates that W32time will create an event whenever a time source change is made. Because it is a bitmask value, setting 0x3 (the addition of 0x1 and 0x2) indicates that both time jumps and time source changes will be logged. +This value is a bitmask that controls events that may be logged to the System log in Event Viewer. Setting this value to 0x1 indicates that W32time will create an event whenever a time jump is detected. Setting this value to 0x2 indicates that W32time will create an event whenever a time source change is made. Because it's a bitmask value, setting 0x3 (the addition of 0x1 and 0x2) indicates that both time jumps and time source changes will be logged. @@ -258,7 +258,7 @@ Enabling the Windows NTP Client allows your computer to synchronize its computer - If you enable this policy setting, you can set the local computer clock to synchronize time with NTP servers. -- If you disable or do not configure this policy setting, the local computer clock does not synchronize time with NTP servers. +- If you disable or don't configure this policy setting, the local computer clock doesn't synchronize time with NTP servers. @@ -317,7 +317,7 @@ This policy setting allows you to specify whether the Windows NTP Server is enab - If you enable this policy setting for the Windows NTP Server, your computer can service NTP requests from other computers. -- If you disable or do not configure this policy setting, your computer cannot service NTP requests from other computers. +- If you disable or don't configure this policy setting, your computer can't service NTP requests from other computers. diff --git a/windows/client-management/mdm/policy-csp-admx-wcm.md b/windows/client-management/mdm/policy-csp-admx-wcm.md index 701e0becfd..16acc01304 100644 --- a/windows/client-management/mdm/policy-csp-admx-wcm.md +++ b/windows/client-management/mdm/policy-csp-admx-wcm.md @@ -41,9 +41,9 @@ ms.topic: reference This policy setting specifies that power management is disabled when the machine enters connected standby mode. -- If this policy setting is enabled, Windows Connection Manager does not manage adapter radios to reduce power consumption when the machine enters connected standby mode. +- If this policy setting is enabled, Windows Connection Manager doesn't manage adapter radios to reduce power consumption when the machine enters connected standby mode. -- If this policy setting is not configured or is disabled, power management is enabled when the machine enters connected standby mode. +- If this policy setting isn't configured or is disabled, power management is enabled when the machine enters connected standby mode. @@ -110,7 +110,7 @@ When soft disconnect is enabled: - Windows then checks the traffic level on the network periodically. If the traffic level is above a certain threshold, no further action is taken. The computer stays connected to the network and continues to use it. For example, if the network connection is currently being used to download files from the Internet, the files will continue to be downloaded using that network connection. - When the network traffic drops below this threshold, the computer will be disconnected from the network. Apps that keep a network connection active even when they're not actively using it (for example, email apps) might lose their connection. If this happens, these apps should re-establish their connection over a different network. -This policy setting depends on other group policy settings. For example, if 'Minimize the number of simultaneous connections to the Internet or a Windows Domain' is disabled, Windows will not disconnect from any networks. +This policy setting depends on other group policy settings. For example, if 'Minimize the number of simultaneous connections to the Internet or a Windows Domain' is disabled, Windows won't disconnect from any networks. diff --git a/windows/client-management/mdm/policy-csp-admx-wdi.md b/windows/client-management/mdm/policy-csp-admx-wdi.md index 7d91ad5cdd..332bf3fb75 100644 --- a/windows/client-management/mdm/policy-csp-admx-wdi.md +++ b/windows/client-management/mdm/policy-csp-admx-wdi.md @@ -41,13 +41,13 @@ ms.topic: reference This policy setting determines the data retention limit for Diagnostic Policy Service (DPS) scenario data. -- If you enable this policy setting, you must enter the maximum size of scenario data that should be retained in megabytes. Detailed troubleshooting data related to scenarios will be retained until this limit is reached. +- If you enable this policy setting, you must enter the maximum size of scenario data that should be retained in megabytes. Detailed troubleshooting data related to scenarios will be retained until this limit's reached. -- If you disable or do not configure this policy setting, the DPS deletes scenario data once it exceeds 128 megabytes in size. +- If you disable or don't configure this policy setting, the DPS deletes scenario data once it exceeds 128 megabytes in size. No reboots or service restarts are required for this policy setting to take effect: changes take effect immediately. -This policy setting will only take effect when the Diagnostic Policy Service is in the running state. When the service is stopped or disabled, diagnostic scenario data will not be deleted. The DPS can be configured with the Services snap-in to the Microsoft Management Console. +This policy setting will only take effect when the Diagnostic Policy Service is in the running state. When the service is stopped or disabled, diagnostic scenario data won't be deleted. The DPS can be configured with the Services snap-in to the Microsoft Management Console. @@ -106,11 +106,11 @@ This policy setting determines the execution level for Diagnostic Policy Service - If you enable this policy setting, you must select an execution level from the drop-down menu. If you select problem detection and troubleshooting only, the DPS will detect problems and attempt to determine their root causes. These root causes will be logged to the event log when detected, but no corrective action will be taken. If you select detection, troubleshooting and resolution, the DPS will attempt to automatically fix problems it detects or indicate to the user that assisted resolution is available. -- If you disable this policy setting, Windows cannot detect, troubleshoot, or resolve any problems that are handled by the DPS. +- If you disable this policy setting, Windows can't detect, troubleshoot, or resolve any problems that are handled by the DPS. -- If you do not configure this policy setting, the DPS enables all scenarios for resolution by default, unless you configure separate scenario-specific policy settings. +- If you don't configure this policy setting, the DPS enables all scenarios for resolution by default, unless you configure separate scenario-specific policy settings. -This policy setting takes precedence over any scenario-specific policy settings when it is enabled or disabled. Scenario-specific policy settings only take effect if this policy setting is not configured. +This policy setting takes precedence over any scenario-specific policy settings when it's enabled or disabled. Scenario-specific policy settings only take effect if this policy setting isn't configured. No reboots or service restarts are required for this policy setting to take effect: changes take effect immediately. diff --git a/windows/client-management/mdm/policy-csp-admx-wincal.md b/windows/client-management/mdm/policy-csp-admx-wincal.md index c2655f33c6..e830e78e1e 100644 --- a/windows/client-management/mdm/policy-csp-admx-wincal.md +++ b/windows/client-management/mdm/policy-csp-admx-wincal.md @@ -43,7 +43,7 @@ Windows Calendar is a feature that allows users to manage appointments and tasks - If you enable this setting, Windows Calendar will be turned off. -- If you disable or do not configure this setting, Windows Calendar will be turned on. +- If you disable or don't configure this setting, Windows Calendar will be turned on. The default is for Windows Calendar to be turned on. @@ -104,7 +104,7 @@ Windows Calendar is a feature that allows users to manage appointments and tasks - If you enable this setting, Windows Calendar will be turned off. -- If you disable or do not configure this setting, Windows Calendar will be turned on. +- If you disable or don't configure this setting, Windows Calendar will be turned on. The default is for Windows Calendar to be turned on. diff --git a/windows/client-management/mdm/policy-csp-admx-windowscolorsystem.md b/windows/client-management/mdm/policy-csp-admx-windowscolorsystem.md index d47c7b3a52..782b870f9c 100644 --- a/windows/client-management/mdm/policy-csp-admx-windowscolorsystem.md +++ b/windows/client-management/mdm/policy-csp-admx-windowscolorsystem.md @@ -41,9 +41,9 @@ ms.topic: reference This policy setting affects the ability of users to install or uninstall color profiles. -- If you enable this policy setting, users cannot install new color profiles or uninstall previously installed color profiles. +- If you enable this policy setting, users can't install new color profiles or uninstall previously installed color profiles. -- If you disable or do not configure this policy setting, all users can install new color profiles. Standard users can uninstall color profiles that they previously installed. Administrators will be able to uninstall all color profiles. +- If you disable or don't configure this policy setting, all users can install new color profiles. Standard users can uninstall color profiles that they previously installed. Administrators will be able to uninstall all color profiles. @@ -100,9 +100,9 @@ This policy setting affects the ability of users to install or uninstall color p This policy setting affects the ability of users to install or uninstall color profiles. -- If you enable this policy setting, users cannot install new color profiles or uninstall previously installed color profiles. +- If you enable this policy setting, users can't install new color profiles or uninstall previously installed color profiles. -- If you disable or do not configure this policy setting, all users can install new color profiles. Standard users can uninstall color profiles that they previously installed. Administrators will be able to uninstall all color profiles. +- If you disable or don't configure this policy setting, all users can install new color profiles. Standard users can uninstall color profiles that they previously installed. Administrators will be able to uninstall all color profiles. diff --git a/windows/client-management/mdm/policy-csp-admx-windowsconnectnow.md b/windows/client-management/mdm/policy-csp-admx-windowsconnectnow.md index c3c304af0c..a9b955dddf 100644 --- a/windows/client-management/mdm/policy-csp-admx-windowsconnectnow.md +++ b/windows/client-management/mdm/policy-csp-admx-windowsconnectnow.md @@ -43,7 +43,7 @@ This policy setting prohibits access to Windows Connect Now (WCN) wizards. - If you enable this policy setting, the wizards are turned off and users have no access to any of the wizard tasks. All the configuration related tasks, including "Set up a wireless router or access point" and "Add a wireless device" are disabled. -- If you disable or do not configure this policy setting, users can access the wizard tasks, including "Set up a wireless router or access point" and "Add a wireless device." The default for this policy setting allows users to access all WCN wizards. +- If you disable or don't configure this policy setting, users can access the wizard tasks, including "Set up a wireless router or access point" and "Add a wireless device." The default for this policy setting allows users to access all WCN wizards. @@ -102,7 +102,7 @@ This policy setting prohibits access to Windows Connect Now (WCN) wizards. - If you enable this policy setting, the wizards are turned off and users have no access to any of the wizard tasks. All the configuration related tasks, including "Set up a wireless router or access point" and "Add a wireless device" are disabled. -- If you disable or do not configure this policy setting, users can access the wizard tasks, including "Set up a wireless router or access point" and "Add a wireless device." The default for this policy setting allows users to access all WCN wizards. +- If you disable or don't configure this policy setting, users can access the wizard tasks, including "Set up a wireless router or access point" and "Add a wireless device." The default for this policy setting allows users to access all WCN wizards. @@ -165,7 +165,7 @@ Additional options are available to allow discovery and configuration over a spe - If you disable this policy setting, operations are disabled over all media. -- If you do not configure this policy setting, operations are enabled over all media. +- If you don't configure this policy setting, operations are enabled over all media. The default for this policy setting allows operations over all media. diff --git a/windows/client-management/mdm/policy-csp-admx-windowsexplorer.md b/windows/client-management/mdm/policy-csp-admx-windowsexplorer.md index 6f2a37dc84..effde9040f 100644 --- a/windows/client-management/mdm/policy-csp-admx-windowsexplorer.md +++ b/windows/client-management/mdm/policy-csp-admx-windowsexplorer.md @@ -41,12 +41,12 @@ ms.topic: reference This policy setting allows you to prevent data loss when you change the target location for Folder Redirection, and the new and old targets point to the same network share, but have different network paths. -- If you enable this policy setting, Folder Redirection creates a temporary file in the old location in order to verify that new and old locations point to the same network share. If both new and old locations point to the same share, the target path is updated and files are not copied or deleted. The temporary file is deleted. +- If you enable this policy setting, Folder Redirection creates a temporary file in the old location in order to verify that new and old locations point to the same network share. If both new and old locations point to the same share, the target path is updated and files aren't copied or deleted. The temporary file is deleted. -- If you disable or do not configure this policy setting, Folder Redirection does not create a temporary file and functions as if both new and old locations point to different shares when their network paths are different. +- If you disable or don't configure this policy setting, Folder Redirection doesn't create a temporary file and functions as if both new and old locations point to different shares when their network paths are different. > [!NOTE] -> If the paths point to different network shares, this policy setting is not required. If the paths point to the same network share, any data contained in the redirected folders is deleted if this policy setting is not enabled. +> If the paths point to different network shares, this policy setting isn't required. If the paths point to the same network share, any data contained in the redirected folders is deleted if this policy setting isn't enabled. @@ -103,7 +103,7 @@ This policy setting allows you to prevent data loss when you change the target l This setting allows an administrator to revert specific Windows Shell behavior to classic Shell behavior. -- If you enable this setting, users cannot configure their system to open items by single-clicking (such as in Mouse in Control Panel). As a result, the user interface looks and operates like the interface for Windows NT 4.0, and users cannot restore the new features. +- If you enable this setting, users can't configure their system to open items by single-clicking (such as in Mouse in Control Panel). As a result, the user interface looks and operates like the interface for Windows NT 4.0, and users can't restore the new features. Enabling this policy will also turn off the preview pane and set the folder options for File Explorer to Use classic folders view and disable the users ability to change these options. - If you disable or not configure this policy, the default File Explorer behavior is applied to the user. @@ -170,7 +170,7 @@ Allows you to have File Explorer display a confirmation dialog whenever a file i - If you enable this setting, a confirmation dialog is displayed when a file is deleted or moved to the Recycle Bin by the user. -- If you disable or do not configure this setting, the default behavior of not displaying a confirmation dialog occurs. +- If you disable or don't configure this setting, the default behavior of not displaying a confirmation dialog occurs. @@ -231,9 +231,9 @@ Allows you to have File Explorer display a confirmation dialog whenever a file i This policy setting allows you to specify a location where all default Library definition files for users/machines reside. -- If you enable this policy setting, administrators can specify a path where all default Library definition files for users reside. The user will not be allowed to make changes to these Libraries from the UI. On every logon, the policy settings are verified and Libraries for the user are updated or changed according to the path defined. +- If you enable this policy setting, administrators can specify a path where all default Library definition files for users reside. The user won't be allowed to make changes to these Libraries from the UI. On every logon, the policy settings are verified and Libraries for the user are updated or changed according to the path defined. -- If you disable or do not configure this policy setting, no changes are made to the location of the default Library definition files. +- If you disable or don't configure this policy setting, no changes are made to the location of the default Library definition files. @@ -357,10 +357,10 @@ Setting this policy will: * Disable view of file content snippets in Content mode when search results are returned * Disable ability to stack in the Context menu and Column headers * Exclude Libraries from the scope of Start search -This policy will not enable users to add unsupported locations to Libraries. +This policy won't enable users to add unsupported locations to Libraries. - If you enable this policy, Windows Libraries features that rely on indexed file data will be disabled. -- If you disable or do not configure this policy, all default Windows Libraries features will be enabled. +- If you disable or don't configure this policy, all default Windows Libraries features will be enabled. @@ -480,7 +480,7 @@ Disables suggesting recent queries for the Search Box and prevents entries into File Explorer shows suggestion pop-ups as users type into the Search Box. These suggestions are based on their past entries into the Search Box. > [!NOTE] -> If you enable this policy, File Explorer will not show suggestion pop-ups as users type into the Search Box, and it will not store Search Box entries into the registry for future references. If the user types a property, values that match this property will be shown but no data will be saved in the registry or re-shown on subsequent uses of the search box. +> If you enable this policy, File Explorer won't show suggestion pop-ups as users type into the Search Box, and it won't store Search Box entries into the registry for future references. If the user types a property, values that match this property will be shown but no data will be saved in the registry or re-shown on subsequent uses of the search box. @@ -539,7 +539,7 @@ This policy setting determines whether remote paths can be used for file shortcu - If you enable this policy setting, file shortcut icons are allowed to be obtained from remote paths. -- If you disable or do not configure this policy setting, file shortcut icons that use remote paths are prevented from being displayed. +- If you disable or don't configure this policy setting, file shortcut icons that use remote paths are prevented from being displayed. > [!NOTE] > Allowing the use of remote paths in file shortcut icons can expose users' computers to security risks. @@ -597,7 +597,7 @@ This policy setting determines whether remote paths can be used for file shortcu -This policy allows you to turn Windows Defender SmartScreen on or off. SmartScreen helps protect PCs by warning users before running potentially malicious programs downloaded from the Internet. This warning is presented as an interstitial dialog shown before running an app that has been downloaded from the Internet and is unrecognized or known to be malicious. No dialog is shown for apps that do not appear to be suspicious. +This policy allows you to turn Windows Defender SmartScreen on or off. SmartScreen helps protect PCs by warning users before running potentially malicious programs downloaded from the Internet. This warning is presented as an interstitial dialog shown before running an app that has been downloaded from the Internet and is unrecognized or known to be malicious. No dialog is shown for apps that don't appear to be suspicious. Some information is sent to Microsoft about files and programs run on PCs with this feature enabled. @@ -606,13 +606,13 @@ Some information is sent to Microsoft about files and programs run on PCs with t - Warn and prevent bypass - Warn -- If you enable this policy with the "Warn and prevent bypass" option, SmartScreen's dialogs will not present the user with the option to disregard the warning and run the app. SmartScreen will continue to show the warning on subsequent attempts to run the app. +- If you enable this policy with the "Warn and prevent bypass" option, SmartScreen's dialogs won't present the user with the option to disregard the warning and run the app. SmartScreen will continue to show the warning on subsequent attempts to run the app. -- If you enable this policy with the "Warn" option, SmartScreen's dialogs will warn the user that the app appears suspicious, but will permit the user to disregard the warning and run the app anyway. SmartScreen will not warn the user again for that app if the user tells SmartScreen to run the app. +- If you enable this policy with the "Warn" option, SmartScreen's dialogs will warn the user that the app appears suspicious, but will permit the user to disregard the warning and run the app anyway. SmartScreen won't warn the user again for that app if the user tells SmartScreen to run the app. -- If you disable this policy, SmartScreen will be turned off for all users. Users will not be warned if they try to run suspicious apps from the Internet. +- If you disable this policy, SmartScreen will be turned off for all users. Users won't be warned if they try to run suspicious apps from the Internet. -- If you do not configure this policy, SmartScreen will be enabled by default, but users may change their settings. +- If you don't configure this policy, SmartScreen will be enabled by default, but users may change their settings. @@ -669,7 +669,7 @@ For more information, see [Microsoft Defender SmartScreen](/windows/security/thr -This setting is designed to ensure that shell extensions can operate on a per-user basis. If you enable this setting, Windows is directed to only run those shell extensions that have either been approved by an administrator or that will not impact other users of the machine. +This setting is designed to ensure that shell extensions can operate on a per-user basis. If you enable this setting, Windows is directed to only run those shell extensions that have either been approved by an administrator or that won't impact other users of the machine. A shell extension only runs if there is an entry in at least one of the following locations in registry. @@ -737,7 +737,7 @@ For shell extensions to run on a per-user basis, there must be an entry at HKEY_ This policy setting allows you to specify whether the ribbon appears minimized or in full when new File Explorer windows are opened. - If you enable this policy setting, you can set how the ribbon appears the first time users open File Explorer and whenever they open new windows. -- If you disable or do not configure this policy setting, users can choose how the ribbon appears when they open new windows. +- If you disable or don't configure this policy setting, users can choose how the ribbon appears when they open new windows. @@ -794,9 +794,9 @@ This policy setting allows you to specify whether the ribbon appears minimized o This policy setting allows you to turn off the display of snippets in Content view mode. -- If you enable this policy setting, File Explorer will not display snippets in Content view mode. +- If you enable this policy setting, File Explorer won't display snippets in Content view mode. -- If you disable or do not configure this policy setting, File Explorer shows snippets in Content view mode by default. +- If you disable or don't configure this policy setting, File Explorer shows snippets in Content view mode by default. @@ -855,13 +855,13 @@ This policy setting allows you to turn off the display of snippets in Content vi -This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumbnails, it is the zone of the thumbnail that is checked, not the zone of item. Typically these are the same but a source is able to define a specific location of a thumbnail that is different than the location of the item. +This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumbnails, it's the zone of the thumbnail that's checked, not the zone of item. Typically these are the same but a source is able to define a specific location of a thumbnail that's different than the location of the item. - If you enable this policy setting, users can preview items and get custom thumbnails from OpenSearch query results in this zone using File Explorer. - If you disable this policy setting, users will be prevented from previewing items and get custom thumbnails from OpenSearch query results in this zone using File Explorer. -- If you do not configure this policy setting, users can preview items and get custom thumbnails from OpenSearch query results in this zone using File Explorer. +- If you don't configure this policy setting, users can preview items and get custom thumbnails from OpenSearch query results in this zone using File Explorer. Changes to this setting may not be applied until the user logs off from Windows. @@ -922,13 +922,13 @@ Changes to this setting may not be applied until the user logs off from Windows. -This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumbnails, it is the zone of the thumbnail that is checked, not the zone of item. Typically these are the same but a source is able to define a specific location of a thumbnail that is different than the location of the item. +This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumbnails, it's the zone of the thumbnail that's checked, not the zone of item. Typically these are the same but a source is able to define a specific location of a thumbnail that's different than the location of the item. - If you enable this policy setting, users can preview items and get custom thumbnails from OpenSearch query results in this zone using File Explorer. - If you disable this policy setting, users will be prevented from previewing items and get custom thumbnails from OpenSearch query results in this zone using File Explorer. -- If you do not configure this policy setting, users can preview items and get custom thumbnails from OpenSearch query results in this zone using File Explorer. +- If you don't configure this policy setting, users can preview items and get custom thumbnails from OpenSearch query results in this zone using File Explorer. Changes to this setting may not be applied until the user logs off from Windows. @@ -989,13 +989,13 @@ Changes to this setting may not be applied until the user logs off from Windows. -This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumbnails, it is the zone of the thumbnail that is checked, not the zone of item. Typically these are the same but a source is able to define a specific location of a thumbnail that is different than the location of the item. +This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumbnails, it's the zone of the thumbnail that's checked, not the zone of item. Typically these are the same but a source is able to define a specific location of a thumbnail that's different than the location of the item. - If you enable this policy setting, users can preview items and get custom thumbnails from OpenSearch query results in this zone using File Explorer. - If you disable this policy setting, users will be prevented from previewing items and get custom thumbnails from OpenSearch query results in this zone using File Explorer. -- If you do not configure this policy setting, users can preview items and get custom thumbnails from OpenSearch query results in this zone using File Explorer. +- If you don't configure this policy setting, users can preview items and get custom thumbnails from OpenSearch query results in this zone using File Explorer. Changes to this setting may not be applied until the user logs off from Windows. @@ -1056,13 +1056,13 @@ Changes to this setting may not be applied until the user logs off from Windows. -This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumbnails, it is the zone of the thumbnail that is checked, not the zone of item. Typically these are the same but a source is able to define a specific location of a thumbnail that is different than the location of the item. +This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumbnails, it's the zone of the thumbnail that's checked, not the zone of item. Typically these are the same but a source is able to define a specific location of a thumbnail that's different than the location of the item. - If you enable this policy setting, users can preview items and get custom thumbnails from OpenSearch query results in this zone using File Explorer. - If you disable this policy setting, users will be prevented from previewing items and get custom thumbnails from OpenSearch query results in this zone using File Explorer. -- If you do not configure this policy setting, users can preview items and get custom thumbnails from OpenSearch query results in this zone using File Explorer. +- If you don't configure this policy setting, users can preview items and get custom thumbnails from OpenSearch query results in this zone using File Explorer. Changes to this setting may not be applied until the user logs off from Windows. @@ -1123,13 +1123,13 @@ Changes to this setting may not be applied until the user logs off from Windows. -This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumbnails, it is the zone of the thumbnail that is checked, not the zone of item. Typically these are the same but a source is able to define a specific location of a thumbnail that is different than the location of the item. +This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumbnails, it's the zone of the thumbnail that's checked, not the zone of item. Typically these are the same but a source is able to define a specific location of a thumbnail that's different than the location of the item. - If you enable this policy setting, users can preview items and get custom thumbnails from OpenSearch query results in this zone using File Explorer. - If you disable this policy setting, users will be prevented from previewing items and get custom thumbnails from OpenSearch query results in this zone using File Explorer. -- If you do not configure this policy setting, users can preview items and get custom thumbnails from OpenSearch query results in this zone using File Explorer. +- If you don't configure this policy setting, users can preview items and get custom thumbnails from OpenSearch query results in this zone using File Explorer. Changes to this setting may not be applied until the user logs off from Windows. @@ -1190,13 +1190,13 @@ Changes to this setting may not be applied until the user logs off from Windows. -This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumbnails, it is the zone of the thumbnail that is checked, not the zone of item. Typically these are the same but a source is able to define a specific location of a thumbnail that is different than the location of the item. +This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumbnails, it's the zone of the thumbnail that's checked, not the zone of item. Typically these are the same but a source is able to define a specific location of a thumbnail that's different than the location of the item. - If you enable this policy setting, users can preview items and get custom thumbnails from OpenSearch query results in this zone using File Explorer. - If you disable this policy setting, users will be prevented from previewing items and get custom thumbnails from OpenSearch query results in this zone using File Explorer. -- If you do not configure this policy setting, users can preview items and get custom thumbnails from OpenSearch query results in this zone using File Explorer. +- If you don't configure this policy setting, users can preview items and get custom thumbnails from OpenSearch query results in this zone using File Explorer. Changes to this setting may not be applied until the user logs off from Windows. @@ -1257,13 +1257,13 @@ Changes to this setting may not be applied until the user logs off from Windows. -This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumbnails, it is the zone of the thumbnail that is checked, not the zone of item. Typically these are the same but a source is able to define a specific location of a thumbnail that is different than the location of the item. +This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumbnails, it's the zone of the thumbnail that's checked, not the zone of item. Typically these are the same but a source is able to define a specific location of a thumbnail that's different than the location of the item. - If you enable this policy setting, users can preview items and get custom thumbnails from OpenSearch query results in this zone using File Explorer. - If you disable this policy setting, users will be prevented from previewing items and get custom thumbnails from OpenSearch query results in this zone using File Explorer. -- If you do not configure this policy setting, users cannot preview items or get custom thumbnails from OpenSearch query results in this zone using File Explorer. +- If you don't configure this policy setting, users can't preview items or get custom thumbnails from OpenSearch query results in this zone using File Explorer. Changes to this setting may not be applied until the user logs off from Windows. @@ -1324,13 +1324,13 @@ Changes to this setting may not be applied until the user logs off from Windows. -This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumbnails, it is the zone of the thumbnail that is checked, not the zone of item. Typically these are the same but a source is able to define a specific location of a thumbnail that is different than the location of the item. +This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumbnails, it's the zone of the thumbnail that's checked, not the zone of item. Typically these are the same but a source is able to define a specific location of a thumbnail that's different than the location of the item. - If you enable this policy setting, users can preview items and get custom thumbnails from OpenSearch query results in this zone using File Explorer. - If you disable this policy setting, users will be prevented from previewing items and get custom thumbnails from OpenSearch query results in this zone using File Explorer. -- If you do not configure this policy setting, users cannot preview items or get custom thumbnails from OpenSearch query results in this zone using File Explorer. +- If you don't configure this policy setting, users can't preview items or get custom thumbnails from OpenSearch query results in this zone using File Explorer. Changes to this setting may not be applied until the user logs off from Windows. @@ -1391,13 +1391,13 @@ Changes to this setting may not be applied until the user logs off from Windows. -This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumbnails, it is the zone of the thumbnail that is checked, not the zone of item. Typically these are the same but a source is able to define a specific location of a thumbnail that is different than the location of the item. +This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumbnails, it's the zone of the thumbnail that's checked, not the zone of item. Typically these are the same but a source is able to define a specific location of a thumbnail that's different than the location of the item. - If you enable this policy setting, users can preview items and get custom thumbnails from OpenSearch query results in this zone using File Explorer. - If you disable this policy setting, users will be prevented from previewing items and get custom thumbnails from OpenSearch query results in this zone using File Explorer. -- If you do not configure this policy setting, users can preview items and get custom thumbnails from OpenSearch query results in this zone using File Explorer. +- If you don't configure this policy setting, users can preview items and get custom thumbnails from OpenSearch query results in this zone using File Explorer. Changes to this setting may not be applied until the user logs off from Windows. @@ -1458,13 +1458,13 @@ Changes to this setting may not be applied until the user logs off from Windows. -This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumbnails, it is the zone of the thumbnail that is checked, not the zone of item. Typically these are the same but a source is able to define a specific location of a thumbnail that is different than the location of the item. +This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumbnails, it's the zone of the thumbnail that's checked, not the zone of item. Typically these are the same but a source is able to define a specific location of a thumbnail that's different than the location of the item. - If you enable this policy setting, users can preview items and get custom thumbnails from OpenSearch query results in this zone using File Explorer. - If you disable this policy setting, users will be prevented from previewing items and get custom thumbnails from OpenSearch query results in this zone using File Explorer. -- If you do not configure this policy setting, users can preview items and get custom thumbnails from OpenSearch query results in this zone using File Explorer. +- If you don't configure this policy setting, users can preview items and get custom thumbnails from OpenSearch query results in this zone using File Explorer. Changes to this setting may not be applied until the user logs off from Windows. @@ -1531,7 +1531,7 @@ This policy setting allows you to manage whether OpenSearch queries in this zone - If you disable this policy setting, users are prevented from performing OpenSearch queries in this zone using Search Connectors. -- If you do not configure this policy setting, users can perform OpenSearch queries in this zone using Search Connectors. +- If you don't configure this policy setting, users can perform OpenSearch queries in this zone using Search Connectors. @@ -1596,7 +1596,7 @@ This policy setting allows you to manage whether OpenSearch queries in this zone - If you disable this policy setting, users are prevented from performing OpenSearch queries in this zone using Search Connectors. -- If you do not configure this policy setting, users can perform OpenSearch queries in this zone using Search Connectors. +- If you don't configure this policy setting, users can perform OpenSearch queries in this zone using Search Connectors. @@ -1661,7 +1661,7 @@ This policy setting allows you to manage whether OpenSearch queries in this zone - If you disable this policy setting, users are prevented from performing OpenSearch queries in this zone using Search Connectors. -- If you do not configure this policy setting, users can perform OpenSearch queries in this zone using Search Connectors. +- If you don't configure this policy setting, users can perform OpenSearch queries in this zone using Search Connectors. @@ -1726,7 +1726,7 @@ This policy setting allows you to manage whether OpenSearch queries in this zone - If you disable this policy setting, users are prevented from performing OpenSearch queries in this zone using Search Connectors. -- If you do not configure this policy setting, users can perform OpenSearch queries in this zone using Search Connectors. +- If you don't configure this policy setting, users can perform OpenSearch queries in this zone using Search Connectors. @@ -1791,7 +1791,7 @@ This policy setting allows you to manage whether OpenSearch queries in this zone - If you disable this policy setting, users are prevented from performing OpenSearch queries in this zone using Search Connectors. -- If you do not configure this policy setting, users can perform OpenSearch queries in this zone using Search Connectors. +- If you don't configure this policy setting, users can perform OpenSearch queries in this zone using Search Connectors. @@ -1856,7 +1856,7 @@ This policy setting allows you to manage whether OpenSearch queries in this zone - If you disable this policy setting, users are prevented from performing OpenSearch queries in this zone using Search Connectors. -- If you do not configure this policy setting, users can perform OpenSearch queries in this zone using Search Connectors. +- If you don't configure this policy setting, users can perform OpenSearch queries in this zone using Search Connectors. @@ -1921,7 +1921,7 @@ This policy setting allows you to manage whether OpenSearch queries in this zone - If you disable this policy setting, users are prevented from performing OpenSearch queries in this zone using Search Connectors. -- If you do not configure this policy setting, users cannot perform OpenSearch queries in this zone using Search Connectors. +- If you don't configure this policy setting, users can't perform OpenSearch queries in this zone using Search Connectors. @@ -1986,7 +1986,7 @@ This policy setting allows you to manage whether OpenSearch queries in this zone - If you disable this policy setting, users are prevented from performing OpenSearch queries in this zone using Search Connectors. -- If you do not configure this policy setting, users cannot perform OpenSearch queries in this zone using Search Connectors. +- If you don't configure this policy setting, users can't perform OpenSearch queries in this zone using Search Connectors. @@ -2051,7 +2051,7 @@ This policy setting allows you to manage whether OpenSearch queries in this zone - If you disable this policy setting, users are prevented from performing OpenSearch queries in this zone using Search Connectors. -- If you do not configure this policy setting, users can perform OpenSearch queries in this zone using Search Connectors. +- If you don't configure this policy setting, users can perform OpenSearch queries in this zone using Search Connectors. @@ -2116,7 +2116,7 @@ This policy setting allows you to manage whether OpenSearch queries in this zone - If you disable this policy setting, users are prevented from performing OpenSearch queries in this zone using Search Connectors. -- If you do not configure this policy setting, users can perform OpenSearch queries in this zone using Search Connectors. +- If you don't configure this policy setting, users can perform OpenSearch queries in this zone using Search Connectors. @@ -2171,13 +2171,13 @@ This policy setting allows you to manage whether OpenSearch queries in this zone -This policy setting determines whether Windows traces shortcuts back to their sources when it cannot find the target on the user's system. +This policy setting determines whether Windows traces shortcuts back to their sources when it can't find the target on the user's system. -Shortcut files typically include an absolute path to the original target file as well as the relative path to the current target file. When the system cannot find the file in the current target path, then, by default, it searches for the target in the original path. If the shortcut has been copied to a different computer, the original path might lead to a network computer, including external resources, such as an Internet server. +Shortcut files typically include an absolute path to the original target file as well as the relative path to the current target file. When the system can't find the file in the current target path, then, by default, it searches for the target in the original path. If the shortcut has been copied to a different computer, the original path might lead to a network computer, including external resources, such as an Internet server. -- If you enable this policy setting, Windows only searches the current target path. It does not search for the original path even when it cannot find the target file in the current target path. +- If you enable this policy setting, Windows only searches the current target path. It doesn't search for the original path even when it can't find the target file in the current target path. -- If you disable or do not configure this policy setting, Windows searches for the original path when it cannot find the target file in the current target path. +- If you disable or don't configure this policy setting, Windows searches for the original path when it can't find the target file in the current target path. @@ -2238,7 +2238,7 @@ The Recent Items menu contains shortcuts to the nonprogram files the user has mo - If you enable this policy setting, the system displays the number of shortcuts specified by the policy setting. -- If you disable or do not configure this policy setting, by default, the system displays shortcuts to the 10 most recently opened documents." +- If you disable or don't configure this policy setting, by default, the system displays shortcuts to the 10 most recently opened documents." @@ -2298,12 +2298,12 @@ This policy setting lets you remove new features added in Microsoft Windows 2000 - If you enable this policy setting, the Back button is removed from the standard Open dialog box. -- If you disable or do not configure this policy setting, the Back button is displayed for any standard Open dialog box. +- If you disable or don't configure this policy setting, the Back button is displayed for any standard Open dialog box. To see an example of the standard Open dialog box, start Notepad and, on the File menu, click Open. > [!NOTE] -> In Windows Vista, this policy setting applies only to applications that are using the Windows XP common dialog box style. This policy setting does not apply to the new Windows Vista common dialog box style. Also, third-party applications with Windows 2000 or later certification to are required to adhere to this policy setting. +> In Windows Vista, this policy setting applies only to applications that are using the Windows XP common dialog box style. This policy setting doesn't apply to the new Windows Vista common dialog box style. Also, third-party applications with Windows 2000 or later certification to are required to adhere to this policy setting. @@ -2360,9 +2360,9 @@ To see an example of the standard Open dialog box, start Notepad and, on the Fil This policy setting allows you to turn off caching of thumbnail pictures. -- If you enable this policy setting, thumbnail views are not cached. +- If you enable this policy setting, thumbnail views aren't cached. -- If you disable or do not configure this policy setting, thumbnail views are cached. +- If you disable or don't configure this policy setting, thumbnail views are cached. > [!NOTE] > For shared corporate workstations or computers where security is a top concern, you should enable this policy setting to turn off the thumbnail view cache, because the thumbnail cache can be read by everyone. @@ -2424,10 +2424,10 @@ This policy setting allows you to remove CD Burning features. File Explorer allo - If you enable this policy setting, all features in the File Explorer that allow you to use your CD writer are removed. -- If you disable or do not configure this policy setting, users are able to use the File Explorer CD burning features. +- If you disable or don't configure this policy setting, users are able to use the File Explorer CD burning features. > [!NOTE] -> This policy setting does not prevent users from using third-party applications to create or modify CDs using a CD writer. +> This policy setting doesn't prevent users from using third-party applications to create or modify CDs using a CD writer. @@ -2484,11 +2484,11 @@ This policy setting allows you to remove CD Burning features. File Explorer allo This policy setting allows you to prevent users from enabling or disabling minor animations in the operating system for the movement of windows, menus, and lists. -- If you enable this policy setting, the "Use transition effects for menus and tooltips" option in Display in Control Panel is disabled, and cannot be toggled by users. +- If you enable this policy setting, the "Use transition effects for menus and tooltips" option in Display in Control Panel is disabled, and can't be toggled by users. Effects, such as animation, are designed to enhance the user's experience but might be confusing or distracting to some users. -- If you disable or do not configure this policy setting, users are allowed to turn on or off these minor system animations using the "Use transition effects for menus and tooltips" option in Display in Control Panel. +- If you disable or don't configure this policy setting, users are allowed to turn on or off these minor system animations using the "Use transition effects for menus and tooltips" option in Display in Control Panel. @@ -2545,7 +2545,7 @@ Effects, such as animation, are designed to enhance the user's experience but mi Disables the "Hide keyboard navigation indicators until I use the ALT key" option in Display in Control Panel. -When this Display Properties option is selected, the underlining that indicates a keyboard shortcut character (hot key) does not appear on menus until you press ALT. +When this Display Properties option is selected, the underlining that indicates a keyboard shortcut character (hot key) doesn't appear on menus until you press ALT. Effects, such as transitory underlines, are designed to enhance the user's experience but might be confusing or distracting to some users. @@ -2604,11 +2604,11 @@ Effects, such as transitory underlines, are designed to enhance the user's exper This policy setting allows you to remove the DFS tab from File Explorer. -- If you enable this policy setting, the DFS (Distributed File System) tab is removed from File Explorer and from other programs that use the File Explorer browser, such as My Computer. As a result, users cannot use this tab to view or change the properties of the DFS shares available from their computer. +- If you enable this policy setting, the DFS (Distributed File System) tab is removed from File Explorer and from other programs that use the File Explorer browser, such as My Computer. As a result, users can't use this tab to view or change the properties of the DFS shares available from their computer. -This policy setting does not prevent users from using other methods to configure DFS. +This policy setting doesn't prevent users from using other methods to configure DFS. -- If you disable or do not configure this policy setting, the DFS tab is available. +- If you disable or don't configure this policy setting, the DFS tab is available. @@ -2665,16 +2665,16 @@ This policy setting does not prevent users from using other methods to configure This policy setting allows you to hide these specified drives in My Computer. -This policy setting allows you to remove the icons representing selected hard drives from My Computer and File Explorer. Also, the drive letters representing the selected drives do not appear in the standard Open dialog box. +This policy setting allows you to remove the icons representing selected hard drives from My Computer and File Explorer. Also, the drive letters representing the selected drives don't appear in the standard Open dialog box. - If you enable this policy setting, select a drive or combination of drives in the drop-down list. > [!NOTE] > This policy setting removes the drive icons. Users can still gain access to drive contents by using other methods, such as by typing the path to a directory on the drive in the Map Network Drive dialog box, in the Run dialog box, or in a command window. -Also, this policy setting does not prevent users from using programs to access these drives or their contents. And, it does not prevent users from using the Disk Management snap-in to view and change drive characteristics. +Also, this policy setting doesn't prevent users from using programs to access these drives or their contents. And, it doesn't prevent users from using the Disk Management snap-in to view and change drive characteristics. -- If you disable or do not configure this policy setting, all drives are displayed, or select the "Do not restrict drives" option in the drop-down list. +- If you disable or don't configure this policy setting, all drives are displayed, or select the "Do not restrict drives" option in the drop-down list. Also, see the "Prevent access to drives from My Computer" policy setting. @@ -2734,12 +2734,12 @@ Removes all computers outside of the user's workgroup or local domain from lists If you enable this setting, the system removes the Entire Network option and the icons representing networked computers from Network Locations and from the browser associated with the Map Network Drive option. -This setting does not prevent users from viewing or connecting to computers in their workgroup or domain. It also does not prevent users from connecting to remote computers by other commonly used methods, such as by typing the share name in the Run dialog box or the Map Network Drive dialog box. +This setting doesn't prevent users from viewing or connecting to computers in their workgroup or domain. It also doesn't prevent users from connecting to remote computers by other commonly used methods, such as by typing the share name in the Run dialog box or the Map Network Drive dialog box. To remove computers in the user's workgroup or domain from lists of network resources, use the "No Computers Near Me in Network Locations" setting. > [!NOTE] -> It is a requirement for third-party applications with Windows 2000 or later certification to adhere to this setting. +> It's a requirement for third-party applications with Windows 2000 or later certification to adhere to this setting. @@ -2796,7 +2796,7 @@ To remove computers in the user's workgroup or domain from lists of network reso Removes the File menu from My Computer and File Explorer. -This setting does not prevent users from using other methods to perform tasks available on the File menu. +This setting doesn't prevent users from using other methods to perform tasks available on the File menu. @@ -2853,7 +2853,7 @@ This setting does not prevent users from using other methods to perform tasks av Removes the list of most recently used files from the Open dialog box. -- If you disable this setting or do not configure it, the "File name" field includes a drop-down list of recently used files. +- If you disable this setting or don't configure it, the "File name" field includes a drop-down list of recently used files. - If you enable this setting, the "File name" field is a simple text box. Users must browse directories to find a file or type a file name in the text box. @@ -2862,7 +2862,7 @@ This setting, and others in this folder, lets you remove new features added in W To see an example of the standard Open dialog box, start Wordpad and, on the File menu, click Open. > [!NOTE] -> In Windows Vista, this policy setting applies only to applications that are using the Windows XP common dialog box style. This policy setting does not apply to the new Windows Vista common dialog box style. It is a requirement for third-party applications with Windows 2000 or later certification to adhere to this setting. +> In Windows Vista, this policy setting applies only to applications that are using the Windows XP common dialog box style. This policy setting doesn't apply to the new Windows Vista common dialog box style. It's a requirement for third-party applications with Windows 2000 or later certification to adhere to this setting. @@ -2921,9 +2921,9 @@ This policy setting allows you to prevent users from accessing Folder Options th Folder Options allows users to change the way files and folders open, what appears in the navigation pane, and other advanced view settings. -- If you enable this policy setting, users will receive an error message if they tap or click the Options button or choose the Change folder and search options command, and they will not be able to open Folder Options. +- If you enable this policy setting, users will receive an error message if they tap or click the Options button or choose the Change folder and search options command, and they won't be able to open Folder Options. -- If you disable or do not configure this policy setting, users can open Folder Options from the View tab on the ribbon. +- If you disable or don't configure this policy setting, users can open Folder Options from the View tab on the ribbon. @@ -2980,7 +2980,7 @@ Folder Options allows users to change the way files and folders open, what appea Removes the Hardware tab. -This setting removes the Hardware tab from Mouse, Keyboard, and Sounds and Audio Devices in Control Panel. It also removes the Hardware tab from the Properties dialog box for all local drives, including hard drives, floppy disk drives, and CD-ROM drives. As a result, users cannot use the Hardware tab to view or change the device list or device properties, or use the Troubleshoot button to resolve problems with the device. +This setting removes the Hardware tab from Mouse, Keyboard, and Sounds and Audio Devices in Control Panel. It also removes the Hardware tab from the Properties dialog box for all local drives, including hard drives, floppy disk drives, and CD-ROM drives. As a result, users can't use the Hardware tab to view or change the device list or device properties, or use the Troubleshoot button to resolve problems with the device. @@ -3039,7 +3039,7 @@ Removes the Manage item from the File Explorer context menu. This context menu a The Manage item opens Computer Management (Compmgmt.msc), a console tool that includes many of the primary Windows 2000 administrative tools, such as Event Viewer, Device Manager, and Disk Management. You must be an administrator to use many of the features of these tools. -This setting does not remove the Computer Management item from the Start menu (Start, Programs, Administrative Tools, Computer Management), nor does it prevent users from using other methods to start Computer Management. +This setting doesn't remove the Computer Management item from the Start menu (Start, Programs, Administrative Tools, Computer Management), nor does it prevent users from using other methods to start Computer Management. > [!TIP] > To hide all context menus, use the "Remove File Explorer's default context menu" setting. @@ -3101,9 +3101,9 @@ This policy setting allows you to remove the Shared Documents folder from My Com When a Windows client is in a workgroup, a Shared Documents icon appears in the File Explorer Web view under "Other Places" and also under "Files Stored on This Computer" in My Computer. Using this policy setting, you can choose not to have these items displayed. -- If you enable this policy setting, the Shared Documents folder is not displayed in the Web view or in My Computer. +- If you enable this policy setting, the Shared Documents folder isn't displayed in the Web view or in My Computer. -- If you disable or do not configure this policy setting, the Shared Documents folder is displayed in Web view and also in My Computer when the client is part of a workgroup. +- If you disable or don't configure this policy setting, the Shared Documents folder is displayed in Web view and also in My Computer when the client is part of a workgroup. > [!NOTE] > The ability to remove the Shared Documents folder via Group Policy is only available on Windows XP Professional. @@ -3165,7 +3165,7 @@ Prevents users from using File Explorer or Network Locations to map or disconnec If you enable this setting, the system removes the Map Network Drive and Disconnect Network Drive commands from the toolbar and Tools menus in File Explorer and Network Locations and from menus that appear when you right-click the File Explorer or Network Locations icons. -This setting does not prevent users from connecting to another computer by typing the name of a shared folder in the Run dialog box. +This setting doesn't prevent users from connecting to another computer by typing the name of a shared folder in the Run dialog box. > [!NOTE] > @@ -3173,7 +3173,7 @@ This setting does not prevent users from connecting to another computer by typin This setting was documented incorrectly on the Explain tab in Group Policy for Windows 2000. The Explain tab states incorrectly that this setting prevents users from connecting and disconnecting drives. > [!NOTE] -> It is a requirement for third-party applications with Windows 2000 or later certification to adhere to this setting. +> It's a requirement for third-party applications with Windows 2000 or later certification to adhere to this setting. @@ -3230,7 +3230,7 @@ This setting was documented incorrectly on the Explain tab in Group Policy for W This policy removes the end-user notification for new application associations. These associations are based on file types (e.g. *.txt) or protocols (e.g. http:) -If this group policy is enabled, no notifications will be shown. If the group policy is not configured or disabled, notifications will be shown to the end user if a new application has been installed that can handle the file type or protocol association that was invoked. +If this group policy is enabled, no notifications will be shown. If the group policy isn't configured or disabled, notifications will be shown to the end user if a new application has been installed that can handle the file type or protocol association that was invoked. @@ -3292,7 +3292,7 @@ This setting, and others in this folder, lets you remove new features added in W To see an example of the standard Open dialog box, start Wordpad and, on the File menu, click Open. > [!NOTE] -> In Windows Vista, this policy setting applies only to applications that are using the Windows XP common dialog box style. This policy setting does not apply to the new Windows Vista common dialog box style. It is a requirement for third-party applications with Windows 2000 or later certification to adhere to this setting. +> In Windows Vista, this policy setting applies only to applications that are using the Windows XP common dialog box style. This policy setting doesn't apply to the new Windows Vista common dialog box style. It's a requirement for third-party applications with Windows 2000 or later certification to adhere to this setting. @@ -3349,9 +3349,9 @@ To see an example of the standard Open dialog box, start Wordpad and, on the Fil When a file or folder is deleted in File Explorer, a copy of the file or folder is placed in the Recycle Bin. Using this setting, you can change this behavior. -- If you enable this setting, files and folders that are deleted using File Explorer will not be placed in the Recycle Bin and will therefore be permanently deleted. +- If you enable this setting, files and folders that are deleted using File Explorer won't be placed in the Recycle Bin and will therefore be permanently deleted. -- If you disable or do not configure this setting, files and folders deleted using File Explorer will be placed in the Recycle Bin. +- If you disable or don't configure this setting, files and folders deleted using File Explorer will be placed in the Recycle Bin. @@ -3408,15 +3408,15 @@ When a file or folder is deleted in File Explorer, a copy of the file or folder Prevents users from submitting alternate logon credentials to install a program. -This setting suppresses the "Install Program As Other User" dialog box for local and network installations. This dialog box, which prompts the current user for the user name and password of an administrator, appears when users who are not administrators try to install programs locally on their computers. This setting allows administrators who have logged on as regular users to install programs without logging off and logging on again using their administrator credentials. +This setting suppresses the "Install Program As Other User" dialog box for local and network installations. This dialog box, which prompts the current user for the user name and password of an administrator, appears when users who aren't administrators try to install programs locally on their computers. This setting allows administrators who have logged-on as regular users to install programs without logging off and logging on again using their administrator credentials. Many programs can be installed only by an administrator. -- If you enable this setting and a user does not have sufficient permissions to install a program, the installation continues with the current user's logon credentials. As a result, the installation might fail, or it might complete but not include all features. Or, it might appear to complete successfully, but the installed program might not operate correctly. +- If you enable this setting and a user doesn't have sufficient permissions to install a program, the installation continues with the current user's logon credentials. As a result, the installation might fail, or it might complete but not include all features. Or, it might appear to complete successfully, but the installed program might not operate correctly. -- If you disable this setting or do not configure it, the "Install Program As Other User" dialog box appears whenever users install programs locally on the computer. +- If you disable this setting or don't configure it, the "Install Program As Other User" dialog box appears whenever users install programs locally on the computer. -By default, users are not prompted for alternate logon credentials when installing programs from a network share. If enabled, this setting overrides the "Request credentials for network installations" setting. +By default, users aren't prompted for alternate logon credentials when installing programs from a network share. If enabled, this setting overrides the "Request credentials for network installations" setting. @@ -3472,11 +3472,11 @@ By default, users are not prompted for alternate logon credentials when installi -- If you enable this policy, the "Internet" "Search again" link will not be shown when the user performs a search in the Explorer window. +- If you enable this policy, the "Internet" "Search again" link won't be shown when the user performs a search in the Explorer window. - If you disable this policy, there will be an "Internet" "Search again" link when the user performs a search in the Explorer window. This button launches a search in the default browser with the search terms. -- If you do not configure this policy (default), there will be an "Internet" link when the user performs a search in the Explorer window. +- If you don't configure this policy (default), there will be an "Internet" link when the user performs a search in the Explorer window. @@ -3533,9 +3533,9 @@ By default, users are not prompted for alternate logon credentials when installi Removes the Security tab from File Explorer. -- If you enable this setting, users opening the Properties dialog box for all file system objects, including folders, files, shortcuts, and drives, will not be able to access the Security tab. As a result, users will be able to neither change the security settings nor view a list of all users that have access to the resource in question. +- If you enable this setting, users opening the Properties dialog box for all file system objects, including folders, files, shortcuts, and drives, won't be able to access the Security tab. As a result, users will be able to neither change the security settings nor view a list of all users that have access to the resource in question. -- If you disable or do not configure this setting, users will be able to access the security tab. +- If you disable or don't configure this setting, users will be able to access the security tab. @@ -3594,11 +3594,11 @@ This policy setting allows you to remove the Search button from the File Explore - If you enable this policy setting, the Search button is removed from the Standard Buttons toolbar that appears in File Explorer and other programs that use the File Explorer window, such as My Computer and Network Locations. -Enabling this policy setting does not remove the Search button or affect any search features of Internet browser windows, such as the Internet Explorer window. +Enabling this policy setting doesn't remove the Search button or affect any search features of Internet browser windows, such as the Internet Explorer window. -- If you disable or do not configure this policy setting, the Search button is available from the File Explorer toolbar. +- If you disable or don't configure this policy setting, the Search button is available from the File Explorer toolbar. -This policy setting does not affect the Search items on the File Explorer context menu or on the Start menu. To remove Search from the Start menu, use the "Remove Search menu from Start menu" policy setting (in User Configuration\Administrative Templates\Start Menu and Taskbar). To hide all context menus, use the "Remove File Explorer's default context menu" policy setting. +This policy setting doesn't affect the Search items on the File Explorer context menu or on the Start menu. To remove Search from the Start menu, use the "Remove Search menu from Start menu" policy setting (in User Configuration\Administrative Templates\Start Menu and Taskbar). To hide all context menus, use the "Remove File Explorer's default context menu" policy setting. @@ -3660,7 +3660,7 @@ This policy setting does not affect the Search items on the File Explorer contex This policy setting allows you to have file names sorted literally (as in Windows 2000 and earlier) rather than in numerical order. - If you enable this policy setting, File Explorer will sort file names by each digit in a file name (for example, 111 < 22 < 3). -- If you disable or do not configure this policy setting, File Explorer will sort file names by increasing number value (for example, 3 < 22 < 111). +- If you disable or don't configure this policy setting, File Explorer will sort file names by increasing number value (for example, 3 < 22 < 111). @@ -3717,7 +3717,7 @@ This policy setting allows you to have file names sorted literally (as in Window Removes shortcut menus from the desktop and File Explorer. Shortcut menus appear when you right-click an item. -If you enable this setting, menus do not appear when you right-click the desktop or when you right-click the items in File Explorer. This setting does not prevent users from using other methods to issue commands available on the shortcut menus. +If you enable this setting, menus don't appear when you right-click the desktop or when you right-click the items in File Explorer. This setting doesn't prevent users from using other methods to issue commands available on the shortcut menus. @@ -3774,14 +3774,14 @@ If you enable this setting, menus do not appear when you right-click the desktop Prevents users from using My Computer to gain access to the content of selected drives. -If you enable this setting, users can browse the directory structure of the selected drives in My Computer or File Explorer, but they cannot open folders and access the contents. Also, they cannot use the Run dialog box or the Map Network Drive dialog box to view the directories on these drives. +If you enable this setting, users can browse the directory structure of the selected drives in My Computer or File Explorer, but they can't open folders and access the contents. Also, they can't use the Run dialog box or the Map Network Drive dialog box to view the directories on these drives. To use this setting, select a drive or combination of drives from the drop-down list. To allow access to all drive directories, disable this setting or select the "Do not restrict drives" option from the drop-down list. > [!NOTE] > The icons representing the specified drives still appear in My Computer, but if users double-click the icons, a message appears explaining that a setting prevents the action. -Also, this setting does not prevent users from using programs to access local and network drives. And, it does not prevent them from using the Disk Management snap-in to view and change drive characteristics. +Also, this setting doesn't prevent users from using programs to access local and network drives. And, it doesn't prevent them from using the Disk Management snap-in to view and change drive characteristics. Also, see the "Hide these specified drives in My Computer" setting. @@ -3843,7 +3843,7 @@ Keyboards with a Windows key provide users with shortcuts to common shell featur - If you enable this setting, the Windows Key hotkeys are unavailable. -- If you disable or do not configure this setting, the Windows Key hotkeys are available. +- If you disable or don't configure this setting, the Windows Key hotkeys are available. @@ -3902,9 +3902,9 @@ This policy setting allows you to remove computers in the user's workgroup and d - If you enable this policy setting, the system removes the "Computers Near Me" option and the icons representing nearby computers from Network Locations. This policy setting also removes these icons from the Map Network Drive browser. -- If you disable or do not configure this policy setting, computers in the user's workgroup and domain appear in lists of network resources in File Explorer and Network Locations. +- If you disable or don't configure this policy setting, computers in the user's workgroup and domain appear in lists of network resources in File Explorer and Network Locations. -This policy setting does not prevent users from connecting to computers in their workgroup or domain by other commonly used methods, such as typing the share name in the Run dialog box or the Map Network Drive dialog box. +This policy setting doesn't prevent users from connecting to computers in their workgroup or domain by other commonly used methods, such as typing the share name in the Run dialog box or the Map Network Drive dialog box. To remove network computers from lists of network resources, use the "No Entire Network in Network Locations" policy setting. @@ -3979,10 +3979,10 @@ The list of Common Shell Folders that may be specified: Desktop, Recent Places, Documents, Pictures, Music, Recently Changed, Attachments and Saved Searches. -If you disable or do not configure this setting the default list of items will be displayed in the Places Bar. +If you disable or don't configure this setting the default list of items will be displayed in the Places Bar. > [!NOTE] -> In Windows Vista, this policy setting applies only to applications that are using the Windows XP common dialog box style. This policy setting does not apply to the new Windows Vista common dialog box style. +> In Windows Vista, this policy setting applies only to applications that are using the Windows XP common dialog box style. This policy setting doesn't apply to the new Windows Vista common dialog box style. @@ -4040,14 +4040,14 @@ Prompts users for alternate logon credentials during network-based installations This setting displays the "Install Program As Other User" dialog box even when a program is being installed from files on a network computer across a local area network connection. -If you disable this setting or do not configure it, this dialog box appears only when users are installing programs from local media. +If you disable this setting or don't configure it, this dialog box appears only when users are installing programs from local media. -The "Install Program as Other User" dialog box prompts the current user for the user name and password of an administrator. This setting allows administrators who have logged on as regular users to install programs without logging off and logging on again using their administrator credentials. +The "Install Program as Other User" dialog box prompts the current user for the user name and password of an administrator. This setting allows administrators who have logged-on as regular users to install programs without logging off and logging on again using their administrator credentials. -If the dialog box does not appear, the installation proceeds with the current user's permissions. If these permissions are not sufficient, the installation might fail, or it might complete but not include all features. Or, it might appear to complete successfully, but the installed program might not operate correctly. +If the dialog box doesn't appear, the installation proceeds with the current user's permissions. If these permissions aren't sufficient, the installation might fail, or it might complete but not include all features. Or, it might appear to complete successfully, but the installed program might not operate correctly. > [!NOTE] -> If it is enabled, the "Do not request alternate credentials" setting takes precedence over this setting. When that setting is enabled, users are not prompted for alternate logon credentials on any installation. +> If it's enabled, the "Do not request alternate credentials" setting takes precedence over this setting. When that setting is enabled, users aren't prompted for alternate logon credentials on any installation. @@ -4106,7 +4106,7 @@ Limits the percentage of a volume's disk space that can be used to store deleted - If you enable this setting, the user has a maximum amount of disk space that may be used for the Recycle Bin on their workstation. -- If you disable or do not configure this setting, users can change the total amount of disk space used by the Recycle Bin. +- If you disable or don't configure this setting, users can change the total amount of disk space used by the Recycle Bin. > [!NOTE] > This setting is applied to all volumes. @@ -4163,13 +4163,13 @@ Limits the percentage of a volume's disk space that can be used to store deleted -This policy setting allows you to configure the amount of functionality that the shell protocol can have. When using the full functionality of this protocol, applications can open folders and launch files. The protected mode reduces the functionality of this protocol allowing applications to only open a limited set of folders. Applications are not able to open files with this protocol when it is in the protected mode. It is recommended to leave this protocol in the protected mode to increase the security of Windows. +This policy setting allows you to configure the amount of functionality that the shell protocol can have. When using the full functionality of this protocol, applications can open folders and launch files. The protected mode reduces the functionality of this protocol allowing applications to only open a limited set of folders. Applications aren't able to open files with this protocol when it's in the protected mode. It's recommended to leave this protocol in the protected mode to increase the security of Windows. - If you enable this policy setting the protocol is fully enabled, allowing the opening of folders and files. - If you disable this policy setting the protocol is in the protected mode, allowing applications to only open a limited set of folders. -- If you do not configure this policy setting the protocol is in the protected mode, allowing applications to only open a limited set of folders. +- If you don't configure this policy setting the protocol is in the protected mode, allowing applications to only open a limited set of folders. @@ -4224,13 +4224,13 @@ This policy setting allows you to configure the amount of functionality that the -This policy setting allows you to configure the amount of functionality that the shell protocol can have. When using the full functionality of this protocol, applications can open folders and launch files. The protected mode reduces the functionality of this protocol allowing applications to only open a limited set of folders. Applications are not able to open files with this protocol when it is in the protected mode. It is recommended to leave this protocol in the protected mode to increase the security of Windows. +This policy setting allows you to configure the amount of functionality that the shell protocol can have. When using the full functionality of this protocol, applications can open folders and launch files. The protected mode reduces the functionality of this protocol allowing applications to only open a limited set of folders. Applications aren't able to open files with this protocol when it's in the protected mode. It's recommended to leave this protocol in the protected mode to increase the security of Windows. - If you enable this policy setting the protocol is fully enabled, allowing the opening of folders and files. - If you disable this policy setting the protocol is in the protected mode, allowing applications to only open a limited set of folders. -- If you do not configure this policy setting the protocol is in the protected mode, allowing applications to only open a limited set of folders. +- If you don't configure this policy setting the protocol is in the protected mode, allowing applications to only open a limited set of folders. @@ -4287,11 +4287,11 @@ This policy setting allows you to configure the amount of functionality that the Shows or hides hibernate from the power options menu. -- If you enable this policy setting, the hibernate option will be shown in the Power Options menu (as long as it is supported by the machine's hardware). +- If you enable this policy setting, the hibernate option will be shown in the Power Options menu (as long as it's supported by the machine's hardware). - If you disable this policy setting, the hibernate option will never be shown in the Power Options menu. -- If you do not configure this policy setting, users will be able to choose whether they want hibernate to show through the Power Options Control Panel. +- If you don't configure this policy setting, users will be able to choose whether they want hibernate to show through the Power Options Control Panel. @@ -4348,11 +4348,11 @@ Shows or hides hibernate from the power options menu. Shows or hides sleep from the power options menu. -- If you enable this policy setting, the sleep option will be shown in the Power Options menu (as long as it is supported by the machine's hardware). +- If you enable this policy setting, the sleep option will be shown in the Power Options menu (as long as it's supported by the machine's hardware). - If you disable this policy setting, the sleep option will never be shown in the Power Options menu. -- If you do not configure this policy setting, users will be able to choose whether they want sleep to show through the Power Options Control Panel. +- If you don't configure this policy setting, users will be able to choose whether they want sleep to show through the Power Options Control Panel. @@ -4411,11 +4411,11 @@ This policy setting allows up to five Libraries or Search Connectors to be pinne You can add up to five additional links to the "Search again" links at the bottom of results returned in File Explorer after a search is executed. These links will be shared between Internet search sites and Search Connectors/Libraries. Search Connector/Library links take precedence over Internet search links. -The first several links will also be pinned to the Start menu. A total of four links can be included on the Start menu. The "See more results" link will be pinned first by default, unless it is disabled via Group Policy. The "Search the Internet" link is pinned second, if it is pinned via Group Policy (though this link is disabled by default). If a custom Internet search link is pinned using the "Custom Internet search provider" Group Policy, this link will be pinned third on the Start menu. The remaining link(s) will be shared between pinned Search Connectors/Libraries and pinned Internet/intranet search links. Search Connector/Library links take precedence over Internet/intranet search links. +The first several links will also be pinned to the Start menu. A total of four links can be included on the Start menu. The "See more results" link will be pinned first by default, unless it's disabled via Group Policy. The "Search the Internet" link is pinned second, if it's pinned via Group Policy (though this link is disabled by default). If a custom Internet search link is pinned using the "Custom Internet search provider" Group Policy, this link will be pinned third on the Start menu. The remaining link(s) will be shared between pinned Search Connectors/Libraries and pinned Internet/intranet search links. Search Connector/Library links take precedence over Internet/intranet search links. - If you enable this policy setting, the specified Libraries or Search Connectors will appear in the "Search again" links and the Start menu links. -- If you disable or do not configure this policy setting, no Libraries or Search Connectors will appear in the "Search again" links or the Start menu links. +- If you disable or don't configure this policy setting, no Libraries or Search Connectors will appear in the "Search again" links or the Start menu links. @@ -4474,11 +4474,11 @@ This policy setting allows you to add Internet or intranet sites to the "Search You can add up to five additional links to the "Search again" links at the bottom of results returned in File Explorer after a search is executed. These links will be shared between Internet search sites and Search Connectors/Libraries. Search Connector/Library links take precedence over Internet search links. -The first several links will also be pinned to the Start menu. A total of four links can be pinned on the Start menu. The "See more results" link will be pinned first by default, unless it is disabled via Group Policy. The "Search the Internet" link is pinned second, if it is pinned via Group Policy (though this link is disabled by default). If a custom Internet search link is pinned using the "Custom Internet search provider" Group Policy, this link will be pinned third on the Start menu. The remaining link(s) will be shared between pinned Internet/intranet links and pinned Search Connectors/Libraries. Search Connector/Library links take precedence over Internet/intranet search links. +The first several links will also be pinned to the Start menu. A total of four links can be pinned on the Start menu. The "See more results" link will be pinned first by default, unless it's disabled via Group Policy. The "Search the Internet" link is pinned second, if it's pinned via Group Policy (though this link is disabled by default). If a custom Internet search link is pinned using the "Custom Internet search provider" Group Policy, this link will be pinned third on the Start menu. The remaining link(s) will be shared between pinned Internet/intranet links and pinned Search Connectors/Libraries. Search Connector/Library links take precedence over Internet/intranet search links. - If you enable this policy setting, the specified Internet sites will appear in the "Search again" links and the Start menu links. -- If you disable or do not configure this policy setting, no custom Internet search sites will be added to the "Search again" links or the Start menu links. +- If you disable or don't configure this policy setting, no custom Internet search sites will be added to the "Search again" links or the Start menu links. diff --git a/windows/client-management/mdm/policy-csp-admx-windowsmediadrm.md b/windows/client-management/mdm/policy-csp-admx-windowsmediadrm.md index a280ce8e6a..0c6b7d6c45 100644 --- a/windows/client-management/mdm/policy-csp-admx-windowsmediadrm.md +++ b/windows/client-management/mdm/policy-csp-admx-windowsmediadrm.md @@ -43,7 +43,7 @@ Prevents Windows Media Digital Rights Management (DRM) from accessing the Intern When enabled, Windows Media DRM is prevented from accessing the Internet (or intranet) for license acquisition and security upgrades. -When this policy is enabled, programs are not able to acquire licenses for secure content, upgrade Windows Media DRM security components, or restore backed up content licenses. Secure content that is already licensed to the local computer will continue to play. Users are also able to protect music that they copy from a CD and play this protected content on their computer, since the license is generated locally in this scenario. +When this policy is enabled, programs aren't able to acquire licenses for secure content, upgrade Windows Media DRM security components, or restore backed up content licenses. Secure content that's already licensed to the local computer will continue to play. Users are also able to protect music that they copy from a CD and play this protected content on their computer, since the license is generated locally in this scenario. When this policy is either disabled or not configured, Windows Media DRM functions normally and will connect to the Internet (or intranet) to acquire licenses, download security upgrades, and perform license restoration. diff --git a/windows/client-management/mdm/policy-csp-admx-windowsmediaplayer.md b/windows/client-management/mdm/policy-csp-admx-windowsmediaplayer.md index 5f200c9cf1..6ec3963e29 100644 --- a/windows/client-management/mdm/policy-csp-admx-windowsmediaplayer.md +++ b/windows/client-management/mdm/policy-csp-admx-windowsmediaplayer.md @@ -49,13 +49,13 @@ This policy setting allows you to specify the HTTP proxy settings for Windows Me If the Custom proxy type is selected, the rest of the options on the Setting tab must be specified because no default settings are used for the proxy. The options are ignored if Autodetect or Browser is selected. -The Configure button on the Network tab in the Player is not available for the HTTP protocol and the proxy cannot be configured. If the "Hide network tab" policy setting is also enabled, the entire Network tab is hidden. +The Configure button on the Network tab in the Player isn't available for the HTTP protocol and the proxy can't be configured. If the "Hide network tab" policy setting is also enabled, the entire Network tab is hidden. -This policy is ignored if the "Streaming media protocols" policy setting is enabled and HTTP is not selected. +This policy is ignored if the "Streaming media protocols" policy setting is enabled and HTTP isn't selected. -- If you disable this policy setting, the HTTP proxy server cannot be used and the user cannot configure the HTTP proxy. +- If you disable this policy setting, the HTTP proxy server can't be used and the user can't configure the HTTP proxy. -- If you do not configure this policy setting, users can configure the HTTP proxy settings. +- If you don't configure this policy setting, users can configure the HTTP proxy settings. @@ -119,13 +119,13 @@ This policy setting allows you to specify the MMS proxy settings for Windows Med If the Custom proxy type is selected, the rest of the options on the Setting tab must be specified; otherwise, the default settings are used. The options are ignored if Autodetect is selected. -The Configure button on the Network tab in the Player is not available and the protocol cannot be configured. If the "Hide network tab" policy setting is also enabled, the entire Network tab is hidden. +The Configure button on the Network tab in the Player isn't available and the protocol can't be configured. If the "Hide network tab" policy setting is also enabled, the entire Network tab is hidden. -This policy setting is ignored if the "Streaming media protocols" policy setting is enabled and Multicast is not selected. +This policy setting is ignored if the "Streaming media protocols" policy setting is enabled and Multicast isn't selected. -- If you disable this policy setting, the MMS proxy server cannot be used and users cannot configure the MMS proxy settings. +- If you disable this policy setting, the MMS proxy server can't be used and users can't configure the MMS proxy settings. -- If you do not configure this policy setting, users can configure the MMS proxy settings. +- If you don't configure this policy setting, users can configure the MMS proxy settings. @@ -189,11 +189,11 @@ This policy setting allows you to specify the RTSP proxy settings for Windows Me If the Custom proxy type is selected, the rest of the options on the Setting tab must be specified; otherwise, the default settings are used. The options are ignored if Autodetect is selected. -The Configure button on the Network tab in the Player is not available and the protocol cannot be configured. If the "Hide network tab" policy setting is also enabled, the entire Network tab is hidden. +The Configure button on the Network tab in the Player isn't available and the protocol can't be configured. If the "Hide network tab" policy setting is also enabled, the entire Network tab is hidden. -- If you disable this policy setting, the RTSP proxy server cannot be used and users cannot change the RTSP proxy settings. +- If you disable this policy setting, the RTSP proxy server can't be used and users can't change the RTSP proxy settings. -- If you do not configure this policy setting, users can configure the RTSP proxy settings. +- If you don't configure this policy setting, users can configure the RTSP proxy settings. @@ -248,13 +248,13 @@ The Configure button on the Network tab in the Player is not available and the p -This policy setting allows you to turn off do not show first use dialog boxes. +This policy setting allows you to turn off don't show first use dialog boxes. - If you enable this policy setting, the Privacy Options and Installation Options dialog boxes are prevented from being displayed the first time a user starts Windows Media Player. This policy setting prevents the dialog boxes which allow users to select privacy, file types, and other desktop options from being displayed when the Player is first started. Some of the options can be configured by using other Windows Media Player group policies. -- If you disable or do not configure this policy setting, the dialog boxes are displayed when the user starts the Player for the first time. +- If you disable or don't configure this policy setting, the dialog boxes are displayed when the user starts the Player for the first time. @@ -313,7 +313,7 @@ This policy setting allows you to hide the Network tab. - If you enable this policy setting, the Network tab in Windows Media Player is hidden. The default network settings are used unless the user has previously defined network settings for the Player. -- If you disable or do not configure this policy setting, the Network tab appears and users can use it to configure network settings. +- If you disable or don't configure this policy setting, the Network tab appears and users can use it to configure network settings. @@ -370,11 +370,11 @@ This policy setting allows you to hide the Network tab. This policy setting allows you to prevent the anchor window from being displayed when Windows Media Player is in skin mode. -- If you enable this policy setting, the anchor window is hidden when the Player is in skin mode. In addition, the option on the Player tab in the Player that enables users to choose whether the anchor window displays is not available. +- If you enable this policy setting, the anchor window is hidden when the Player is in skin mode. In addition, the option on the Player tab in the Player that enables users to choose whether the anchor window displays isn't available. -- If you disable or do not configure this policy setting, users can show or hide the anchor window when the Player is in skin mode by using the Player tab in the Player. +- If you disable or don't configure this policy setting, users can show or hide the anchor window when the Player is in skin mode by using the Player tab in the Player. -- If you do not configure this policy setting, and the "Set and lock skin" policy setting is enabled, some options in the anchor window are not available. +- If you don't configure this policy setting, and the "Set and lock skin" policy setting is enabled, some options in the anchor window aren't available. @@ -431,11 +431,11 @@ This policy setting allows you to prevent the anchor window from being displayed Prevents the anchor window from being displayed when Windows Media Player is in skin mode. -This policy hides the anchor window when the Player is in skin mode. In addition, the option on the Player tab in the Player that enables users to choose whether the anchor window displays is not available. +This policy hides the anchor window when the Player is in skin mode. In addition, the option on the Player tab in the Player that enables users to choose whether the anchor window displays isn't available. -When this policy is not configured or disabled, users can show or hide the anchor window when the Player is in skin mode by using the Player tab in the Player. +When this policy isn't configured or disabled, users can show or hide the anchor window when the Player is in skin mode by using the Player tab in the Player. -When this policy is not configured and the Set and Lock Skin policy is enabled, some options in the anchor window are not available. +When this policy isn't configured and the Set and Lock Skin policy is enabled, some options in the anchor window aren't available. @@ -492,11 +492,11 @@ When this policy is not configured and the Set and Lock Skin policy is enabled, This policy setting allows you to prevent video smoothing from occurring. -- If you enable this policy setting, video smoothing is prevented, which can improve video playback on computers with limited resources. In addition, the Use Video Smoothing check box in the Video Acceleration Settings dialog box in the Player is cleared and is not available. +- If you enable this policy setting, video smoothing is prevented, which can improve video playback on computers with limited resources. In addition, the Use Video Smoothing check box in the Video Acceleration Settings dialog box in the Player is cleared and isn't available. -- If you disable this policy setting, video smoothing occurs if necessary, and the Use Video Smoothing check box is selected and is not available. +- If you disable this policy setting, video smoothing occurs if necessary, and the Use Video Smoothing check box is selected and isn't available. -- If you do not configure this policy setting, video smoothing occurs if necessary. Users can change the setting for the Use Video Smoothing check box. +- If you don't configure this policy setting, video smoothing occurs if necessary. Users can change the setting for the Use Video Smoothing check box. Video smoothing is available only on the Windows XP Home Edition and Windows XP Professional operating systems. @@ -555,11 +555,11 @@ Video smoothing is available only on the Windows XP Home Edition and Windows XP This policy setting allows a screen saver to interrupt playback. -- If you enable this policy setting, a screen saver is displayed during playback of digital media according to the options selected on the Screen Saver tab in the Display Properties dialog box in Control Panel. The Allow screen saver during playback check box on the Player tab in the Player is selected and is not available. +- If you enable this policy setting, a screen saver is displayed during playback of digital media according to the options selected on the Screen Saver tab in the Display Properties dialog box in Control Panel. The Allow screen saver during playback check box on the Player tab in the Player is selected and isn't available. -- If you disable this policy setting, a screen saver does not interrupt playback even if users have selected a screen saver. The Allow screen saver during playback check box is cleared and is not available. +- If you disable this policy setting, a screen saver doesn't interrupt playback even if users have selected a screen saver. The Allow screen saver during playback check box is cleared and isn't available. -- If you do not configure this policy setting, users can change the setting for the Allow screen saver during playback check box. +- If you don't configure this policy setting, users can change the setting for the Allow screen saver during playback check box. @@ -620,7 +620,7 @@ This policy setting allows you to hide the Privacy tab in Windows Media Player. The default privacy settings are used for the options on the Privacy tab unless the user changed the settings previously. -- If you disable or do not configure this policy setting, the Privacy tab is not hidden, and users can configure any privacy settings not configured by other polices. +- If you disable or don't configure this policy setting, the Privacy tab isn't hidden, and users can configure any privacy settings not configured by other polices. @@ -679,7 +679,7 @@ This policy setting allows you to hide the Security tab in Windows Media Player. - If you enable this policy setting, the default security settings for the options on the Security tab are used unless the user changed the settings previously. Users can still change security and zone settings by using Internet Explorer unless these settings have been hidden or disabled by Internet Explorer policies. -- If you disable or do not configure this policy setting, users can configure the security settings on the Security tab. +- If you disable or don't configure this policy setting, users can configure the security settings on the Security tab. @@ -736,14 +736,14 @@ This policy setting allows you to hide the Security tab in Windows Media Player. This policy setting allows you to specify whether network buffering uses the default or a specified number of seconds. -- If you enable this policy setting, select one of the following options to specify the number of seconds streaming media is buffered before it is played. +- If you enable this policy setting, select one of the following options to specify the number of seconds streaming media is buffered before it's played. - Custom: the number of seconds, up to 60, that streaming media is buffered. -- Default: default network buffering is used and the number of seconds that is specified is ignored. +- Default: default network buffering is used and the number of seconds that's specified is ignored. -The "Use default buffering" and "Buffer" options on the Performance tab in the Player are not available. +The "Use default buffering" and "Buffer" options on the Performance tab in the Player aren't available. -- If you disable or do not configure this policy setting, users can change the buffering options on the Performance tab. +- If you disable or don't configure this policy setting, users can change the buffering options on the Performance tab. @@ -800,11 +800,11 @@ The "Use default buffering" and "Buffer" options on the Performance tab in the P This policy setting allows you to prevent Windows Media Player from downloading codecs. -- If you enable this policy setting, the Player is prevented from automatically downloading codecs to your computer. In addition, the Download codecs automatically check box on the Player tab in the Player is not available. +- If you enable this policy setting, the Player is prevented from automatically downloading codecs to your computer. In addition, the Download codecs automatically check box on the Player tab in the Player isn't available. -- If you disable this policy setting, codecs are automatically downloaded and the Download codecs automatically check box is not available. +- If you disable this policy setting, codecs are automatically downloaded and the Download codecs automatically check box isn't available. -- If you do not configure this policy setting, users can change the setting for the Download codecs automatically check box. +- If you don't configure this policy setting, users can change the setting for the Download codecs automatically check box. @@ -861,9 +861,9 @@ This policy setting allows you to prevent Windows Media Player from downloading This policy setting allows you to prevent media information for CDs and DVDs from being retrieved from the Internet. -- If you enable this policy setting, the Player is prevented from automatically obtaining media information from the Internet for CDs and DVDs played by users. In addition, the Retrieve media information for CDs and DVDs from the Internet check box on the Privacy Options tab in the first use dialog box and on the Privacy tab in the Player are not selected and are not available. +- If you enable this policy setting, the Player is prevented from automatically obtaining media information from the Internet for CDs and DVDs played by users. In addition, the Retrieve media information for CDs and DVDs from the Internet check box on the Privacy Options tab in the first use dialog box and on the Privacy tab in the Player aren't selected and aren't available. -- If you disable or do not configure this policy setting, users can change the setting of the Retrieve media information for CDs and DVDs from the Internet check box. +- If you disable or don't configure this policy setting, users can change the setting of the Retrieve media information for CDs and DVDs from the Internet check box. @@ -922,7 +922,7 @@ This policy setting allows you to prevent media sharing from Windows Media Playe - If you enable this policy setting, any user on this computer is prevented from sharing digital media content from Windows Media Player with other computers and devices that are on the same network. Media sharing is disabled from Windows Media Player or from programs that depend on the Player's media sharing feature. -- If you disable or do not configure this policy setting, anyone using Windows Media Player can turn media sharing on or off. +- If you disable or don't configure this policy setting, anyone using Windows Media Player can turn media sharing on or off. @@ -979,9 +979,9 @@ This policy setting allows you to prevent media sharing from Windows Media Playe This policy setting allows you to prevent media information for music files from being retrieved from the Internet. -- If you enable this policy setting, the Player is prevented from automatically obtaining media information for music files such as Windows Media Audio (WMA) and MP3 files from the Internet. In addition, the Update my music files (WMA and MP3 files) by retrieving missing media information from the Internet check box in the first use dialog box and on the Privacy and Media Library tabs in the Player are not selected and are not available. +- If you enable this policy setting, the Player is prevented from automatically obtaining media information for music files such as Windows Media Audio (WMA) and MP3 files from the Internet. In addition, the Update my music files (WMA and MP3 files) by retrieving missing media information from the Internet check box in the first use dialog box and on the Privacy and Media Library tabs in the Player aren't selected and aren't available. -- If you disable or do not configure this policy setting, users can change the setting of the Update my music files (WMA and MP3 files) by retrieving missing media information from the Internet check box. +- If you disable or don't configure this policy setting, users can change the setting of the Update my music files (WMA and MP3 files) by retrieving missing media information from the Internet check box. @@ -1038,9 +1038,9 @@ This policy setting allows you to prevent media information for music files from This policy setting allows you to prevent a shortcut for the Player from being added to the Quick Launch bar. -- If you enable this policy setting, the user cannot add the shortcut for the Player to the Quick Launch bar. +- If you enable this policy setting, the user can't add the shortcut for the Player to the Quick Launch bar. -- If you disable or do not configure this policy setting, the user can choose whether to add the shortcut for the Player to the Quick Launch bar. +- If you disable or don't configure this policy setting, the user can choose whether to add the shortcut for the Player to the Quick Launch bar. @@ -1097,9 +1097,9 @@ This policy setting allows you to prevent a shortcut for the Player from being a This policy setting allows you to prevent radio station presets from being retrieved from the Internet. -- If you enable this policy setting, the Player is prevented from automatically retrieving radio station presets from the Internet and displaying them in Media Library. In addition, presets that exist before the policy is configured are not be updated, and presets a user adds are not be displayed. +- If you enable this policy setting, the Player is prevented from automatically retrieving radio station presets from the Internet and displaying them in Media Library. In addition, presets that exist before the policy is configured aren't be updated, and presets a user adds aren't be displayed. -- If you disable or do not configure this policy setting, the Player automatically retrieves radio station presets from the Internet. +- If you disable or don't configure this policy setting, the Player automatically retrieves radio station presets from the Internet. @@ -1156,9 +1156,9 @@ This policy setting allows you to prevent radio station presets from being retri This policy setting allows you to prevent a shortcut icon for the Player from being added to the user's desktop. -- If you enable this policy setting, users cannot add the Player shortcut icon to their desktops. +- If you enable this policy setting, users can't add the Player shortcut icon to their desktops. -- If you disable or do not configure this policy setting, users can choose whether to add the Player shortcut icon to their desktops. +- If you disable or don't configure this policy setting, users can choose whether to add the Player shortcut icon to their desktops. @@ -1217,11 +1217,11 @@ This policy setting allows you to set and lock Windows Media Player in skin mode - If you enable this policy setting, the Player displays only in skin mode using the skin specified in the Skin box on the Setting tab. -You must use the complete file name for the skin (for example, skin_name.wmz), and the skin must be installed in the %programfiles%\Windows Media Player\Skins Folder on a user's computer. If the skin is not installed on a user's computer, or if the Skin box is blank, the Player opens by using the Corporate skin. The only way to specify the Corporate skin is to leave the Skin box blank. +You must use the complete file name for the skin (for example, skin_name.wmz), and the skin must be installed in the %programfiles%\Windows Media Player\Skins Folder on a user's computer. If the skin isn't installed on a user's computer, or if the Skin box is blank, the Player opens by using the Corporate skin. The only way to specify the Corporate skin is to leave the Skin box blank. -A user has access only to the Player features that are available with the specified skin. Users cannot switch the Player to full mode and cannot choose a different skin. +A user has access only to the Player features that are available with the specified skin. Users can't switch the Player to full mode and can't choose a different skin. -- If you disable or do not configure this policy setting, users can display the Player in full or skin mode and have access to all available features of the Player. +- If you disable or don't configure this policy setting, users can display the Player in full or skin mode and have access to all available features of the Player. @@ -1278,13 +1278,13 @@ A user has access only to the Player features that are available with the specif This policy setting allows you to specify that Windows Media Player can attempt to use selected protocols when receiving streaming media from a server running Windows Media Services. -- If you enable this policy setting, the protocols that are selected on the Network tab of the Player are used to receive a stream initiated through an MMS or RTSP URL from a Windows Media server. If the RSTP/UDP check box is selected, a user can specify UDP ports in the Use ports check box. If the user does not specify UDP ports, the Player uses default ports when using the UDP protocol. This policy setting also specifies that multicast streams can be received if the "Allow the Player to receive multicast streams" check box on the Network tab is selected. +- If you enable this policy setting, the protocols that are selected on the Network tab of the Player are used to receive a stream initiated through an MMS or RTSP URL from a Windows Media server. If the RSTP/UDP check box is selected, a user can specify UDP ports in the Use ports check box. If the user doesn't specify UDP ports, the Player uses default ports when using the UDP protocol. This policy setting also specifies that multicast streams can be received if the "Allow the Player to receive multicast streams" check box on the Network tab is selected. -- If you enable this policy setting, the administrator must also specify the protocols that are available to users on the Network tab. If the administrator does not specify any protocols, the Player cannot access an MMS or RTSP URL from a Windows Media server. If the "Hide network tab" policy setting is enabled, the entire Network tab is hidden. +- If you enable this policy setting, the administrator must also specify the protocols that are available to users on the Network tab. If the administrator doesn't specify any protocols, the Player can't access an MMS or RTSP URL from a Windows Media server. If the "Hide network tab" policy setting is enabled, the entire Network tab is hidden. -- If you do not configure this policy setting, users can select the protocols to use on the Network tab. +- If you don't configure this policy setting, users can select the protocols to use on the Network tab. -- If you disable this policy setting, the Protocols for MMS URLs and Multicast streams areas of the Network tab are not available and the Player cannot receive an MMS or RTSP stream from a Windows Media server. +- If you disable this policy setting, the Protocols for MMS URLs and Multicast streams areas of the Network tab aren't available and the Player can't receive an MMS or RTSP stream from a Windows Media server. diff --git a/windows/client-management/mdm/policy-csp-admx-windowsremotemanagement.md b/windows/client-management/mdm/policy-csp-admx-windowsremotemanagement.md index 78cf4e3ebe..462ba24fcb 100644 --- a/windows/client-management/mdm/policy-csp-admx-windowsremotemanagement.md +++ b/windows/client-management/mdm/policy-csp-admx-windowsremotemanagement.md @@ -41,9 +41,9 @@ ms.topic: reference This policy setting allows you to manage whether the Windows Remote Management (WinRM) service accepts Kerberos credentials over the network. -- If you enable this policy setting, the WinRM service does not accept Kerberos credentials over the network. +- If you enable this policy setting, the WinRM service doesn't accept Kerberos credentials over the network. -- If you disable or do not configure this policy setting, the WinRM service accepts Kerberos authentication from a remote client. +- If you disable or don't configure this policy setting, the WinRM service accepts Kerberos authentication from a remote client. @@ -100,9 +100,9 @@ This policy setting allows you to manage whether the Windows Remote Management ( This policy setting allows you to manage whether the Windows Remote Management (WinRM) client uses Kerberos authentication directly. -- If you enable this policy setting, the Windows Remote Management (WinRM) client does not use Kerberos authentication directly. Kerberos can still be used if the WinRM client is using the Negotiate authentication and Kerberos is selected. +- If you enable this policy setting, the Windows Remote Management (WinRM) client doesn't use Kerberos authentication directly. Kerberos can still be used if the WinRM client is using the Negotiate authentication and Kerberos is selected. -- If you disable or do not configure this policy setting, the WinRM client uses the Kerberos authentication directly. +- If you disable or don't configure this policy setting, the WinRM client uses the Kerberos authentication directly. diff --git a/windows/client-management/mdm/policy-csp-admx-windowsstore.md b/windows/client-management/mdm/policy-csp-admx-windowsstore.md index 8d59d83fdb..0303ddaecd 100644 --- a/windows/client-management/mdm/policy-csp-admx-windowsstore.md +++ b/windows/client-management/mdm/policy-csp-admx-windowsstore.md @@ -102,9 +102,9 @@ Enables or disables the automatic download of app updates on PCs running Windows Enables or disables the Store offer to update to the latest version of Windows. -- If you enable this setting, the Store application will not offer updates to the latest version of Windows. +- If you enable this setting, the Store application won't offer updates to the latest version of Windows. -- If you disable or do not configure this setting the Store application will offer updates to the latest version of Windows. +- If you disable or don't configure this setting the Store application will offer updates to the latest version of Windows. @@ -161,9 +161,9 @@ Enables or disables the Store offer to update to the latest version of Windows. Enables or disables the Store offer to update to the latest version of Windows. -- If you enable this setting, the Store application will not offer updates to the latest version of Windows. +- If you enable this setting, the Store application won't offer updates to the latest version of Windows. -- If you disable or do not configure this setting the Store application will offer updates to the latest version of Windows. +- If you disable or don't configure this setting the Store application will offer updates to the latest version of Windows. diff --git a/windows/client-management/mdm/policy-csp-admx-wininit.md b/windows/client-management/mdm/policy-csp-admx-wininit.md index a6ab24e318..88222e9dd9 100644 --- a/windows/client-management/mdm/policy-csp-admx-wininit.md +++ b/windows/client-management/mdm/policy-csp-admx-wininit.md @@ -41,9 +41,9 @@ ms.topic: reference This policy setting controls the legacy remote shutdown interface (named pipe). The named pipe remote shutdown interface is needed in order to shutdown this system from a remote Windows XP or Windows Server 2003 system. -- If you enable this policy setting, the system does not create the named pipe remote shutdown interface. +- If you enable this policy setting, the system doesn't create the named pipe remote shutdown interface. -- If you disable or do not configure this policy setting, the system creates the named pipe remote shutdown interface. +- If you disable or don't configure this policy setting, the system creates the named pipe remote shutdown interface. @@ -102,7 +102,7 @@ This policy setting controls the use of fast startup. - If you enable this policy setting, the system requires hibernate to be enabled. -- If you disable or do not configure this policy setting, the local setting is used. +- If you disable or don't configure this policy setting, the local setting is used. @@ -161,7 +161,7 @@ This policy setting configures the number of minutes the system waits for the hu - If you enable this policy setting, the system waits for the hung logon sessions for the number of minutes specified. -- If you disable or do not configure this policy setting, the default timeout value is 3 minutes for workstations and 15 minutes for servers. +- If you disable or don't configure this policy setting, the default timeout value is 3 minutes for workstations and 15 minutes for servers. diff --git a/windows/client-management/mdm/policy-csp-admx-winlogon.md b/windows/client-management/mdm/policy-csp-admx-winlogon.md index abd05901dc..6d8729d3a0 100644 --- a/windows/client-management/mdm/policy-csp-admx-winlogon.md +++ b/windows/client-management/mdm/policy-csp-admx-winlogon.md @@ -45,9 +45,9 @@ The Explorer program (%windir%\explorer.exe) creates the familiar Windows interf - If you enable this setting, the system starts the interface you specify instead of Explorer.exe. -To use this setting, copy your interface program to a network share or to your system drive. Then, enable this setting, and type the name of the interface program, including the file name extension, in the Shell name text box. If the interface program file is not located in a folder specified in the Path environment variable for your system, enter the fully qualified path to the file. +To use this setting, copy your interface program to a network share or to your system drive. Then, enable this setting, and type the name of the interface program, including the file name extension, in the Shell name text box. If the interface program file isn't located in a folder specified in the Path environment variable for your system, enter the fully qualified path to the file. -- If you disable this setting or do not configure it, the setting is ignored and the system displays the Explorer interface. +- If you disable this setting or don't configure it, the setting is ignored and the system displays the Explorer interface. > [!TIP] > To find the folders indicated by the Path environment variable, click System Properties in Control Panel, click the Advanced tab, click the Environment Variables button, and then, in the System variables box, click Path. @@ -108,9 +108,9 @@ This policy setting controls whether or not the system displays information abou For local user accounts and domain user accounts in domains of at least a Windows Server 2008 functional level, if you enable this setting, a message appears after the user logs on that displays the date and time of the last successful logon by that user, the date and time of the last unsuccessful logon attempted with that user name, and the number of unsuccessful logons since the last successful logon by that user. This message must be acknowledged by the user before the user is presented with the Microsoft Windows desktop. -For domain user accounts in Windows Server 2003, Windows 2000 native, or Windows 2000 mixed functional level domains, if you enable this setting, a warning message will appear that Windows could not retrieve the information and the user will not be able to log on. Therefore, you should not enable this policy setting if the domain is not at the Windows Server 2008 domain functional level. +For domain user accounts in Windows Server 2003, Windows 2000 native, or Windows 2000 mixed functional level domains, if you enable this setting, a warning message will appear that Windows couldn't retrieve the information and the user won't be able to log on. Therefore, you shouldn't enable this policy setting if the domain isn't at the Windows Server 2008 domain functional level. -If you disable or do not configure this setting, messages about the previous logon or logon failures are not displayed. +If you disable or don't configure this setting, messages about the previous logon or logon failures aren't displayed. @@ -165,11 +165,11 @@ If you disable or do not configure this setting, messages about the previous log -This policy controls whether the logged on user should be notified when his logon hours are about to expire. By default, a user is notified before logon hours expire, if actions have been set to occur when the logon hours expire. +This policy controls whether the logged-on user should be notified when his logon hours are about to expire. By default, a user is notified before logon hours expire, if actions have been set to occur when the logon hours expire. -- If you enable this setting, warnings are not displayed to the user before the logon hours expire. +- If you enable this setting, warnings aren't displayed to the user before the logon hours expire. -- If you disable or do not configure this setting, users receive warnings before the logon hours expire, if actions have been set to occur when the logon hours expire. +- If you disable or don't configure this setting, users receive warnings before the logon hours expire, if actions have been set to occur when the logon hours expire. > [!NOTE] > If you configure this setting, you might want to examine and appropriately configure the "Set action to take when logon hours expire" setting. If "Set action to take when logon hours expire" is disabled or not configured, the "Remove logon hours expiration warnings" setting will have no effect, and users receive no warnings about logon hour expiration. @@ -227,15 +227,15 @@ This policy controls whether the logged on user should be notified when his logo -This policy controls which action will be taken when the logon hours expire for the logged on user. The actions include lock the workstation, disconnect the user, or log the user off completely. +This policy controls which action will be taken when the logon hours expire for the logged-on user. The actions include lock the workstation, disconnect the user, or log the user off completely. -If you choose to lock or disconnect a session, the user cannot unlock the session or reconnect except during permitted logon hours. +If you choose to lock or disconnect a session, the user can't unlock the session or reconnect except during permitted logon hours. -If you choose to log off a user, the user cannot log on again except during permitted logon hours. If you choose to log off a user, the user might lose unsaved data. +If you choose to log off a user, the user can't log on again except during permitted logon hours. If you choose to log off a user, the user might lose unsaved data. - If you enable this setting, the system will perform the action you specify when the user's logon hours expire. -- If you disable or do not configure this setting, the system takes no action when the user's logon hours expire. The user can continue the existing session, but cannot log on to a new session. +- If you disable or don't configure this setting, the system takes no action when the user's logon hours expire. The user can continue the existing session, but can't log on to a new session. > [!NOTE] > If you configure this setting, you might want to examine and appropriately configure the "Remove logon hours expiration warnings" setting. @@ -296,7 +296,7 @@ If you choose to log off a user, the user cannot log on again except during perm -This policy controls whether the logged on user should be notified if the logon server could not be contacted during logon and he has been logged on using previously stored account information. +This policy controls whether the logged-on user should be notified if the logon server couldn't be contacted during logon and he has been logged-on using previously stored account information. If enabled, a notification popup will be displayed to the user when the user logs on with cached credentials. @@ -359,12 +359,12 @@ This policy setting controls whether or not software can simulate the Secure Att - If you enable this policy setting, you have one of four options: -If you set this policy setting to "None," user mode software cannot simulate the SAS. +If you set this policy setting to "None," user mode software can't simulate the SAS. If you set this policy setting to "Services," services can simulate the SAS. If you set this policy setting to "Ease of Access applications," Ease of Access applications can simulate the SAS. If you set this policy setting to "Services and Ease of Access applications," both services and Ease of Access applications can simulate the SAS. -- If you disable or do not configure this setting, only Ease of Access applications running on the secure desktop can simulate the SAS. +- If you disable or don't configure this setting, only Ease of Access applications running on the secure desktop can simulate the SAS. diff --git a/windows/client-management/mdm/policy-csp-admx-winsrv.md b/windows/client-management/mdm/policy-csp-admx-winsrv.md index 05370d3487..84f8a86271 100644 --- a/windows/client-management/mdm/policy-csp-admx-winsrv.md +++ b/windows/client-management/mdm/policy-csp-admx-winsrv.md @@ -41,9 +41,9 @@ ms.topic: reference This policy setting specifies whether Windows will allow console applications and GUI applications without visible top-level windows to block or cancel shutdown. By default, such applications are automatically terminated if they attempt to cancel shutdown or block it indefinitely. -- If you enable this setting, console applications or GUI applications without visible top-level windows that block or cancel shutdown will not be automatically terminated during shutdown. +- If you enable this setting, console applications or GUI applications without visible top-level windows that block or cancel shutdown won't be automatically terminated during shutdown. -- If you disable or do not configure this setting, these applications will be automatically terminated during shutdown, helping to ensure that Windows can shut down faster and more smoothly. +- If you disable or don't configure this setting, these applications will be automatically terminated during shutdown, helping to ensure that Windows can shut down faster and more smoothly. diff --git a/windows/client-management/mdm/policy-csp-admx-wlansvc.md b/windows/client-management/mdm/policy-csp-admx-wlansvc.md index 78e7ae4623..51b01f6e05 100644 --- a/windows/client-management/mdm/policy-csp-admx-wlansvc.md +++ b/windows/client-management/mdm/policy-csp-admx-wlansvc.md @@ -45,11 +45,11 @@ This policy setting configures the cost of Wireless LAN (WLAN) connections on th - Unrestricted: Use of this connection is unlimited and not restricted by usage charges and capacity constraints. -- Fixed: Use of this connection is not restricted by usage charges and capacity constraints up to a certain data limit. +- Fixed: Use of this connection isn't restricted by usage charges and capacity constraints up to a certain data limit. - Variable: This connection is costed on a per byte basis. -- If this policy setting is disabled or is not configured, the cost of Wireless LAN connections is Unrestricted by default. +- If this policy setting is disabled or isn't configured, the cost of Wireless LAN connections is Unrestricted by default. @@ -107,7 +107,7 @@ This policy applies to Wireless Display connections. This policy means that the Conversely it means that Push Button is NOT allowed. -- If this policy setting is disabled or is not configured, by default Push Button pairing is allowed (but not necessarily preferred). +- If this policy setting is disabled or isn't configured, by default Push Button pairing is allowed (but not necessarily preferred). @@ -166,7 +166,7 @@ This policy applies to Wireless Display connections. This policy changes the pre When enabled, it makes the connections to prefer a PIN for pairing to Wireless Display devices over the Push Button pairing method. -- If this policy setting is disabled or is not configured, by default Push Button pairing is preferred (if allowed by other policies). +- If this policy setting is disabled or isn't configured, by default Push Button pairing is preferred (if allowed by other policies). diff --git a/windows/client-management/mdm/policy-csp-admx-workfoldersclient.md b/windows/client-management/mdm/policy-csp-admx-workfoldersclient.md index 2eda61fdfb..4b7838b695 100644 --- a/windows/client-management/mdm/policy-csp-admx-workfoldersclient.md +++ b/windows/client-management/mdm/policy-csp-admx-workfoldersclient.md @@ -41,9 +41,9 @@ ms.topic: reference This policy setting specifies whether Work Folders should be set up automatically for all users of the affected computer. -- If you enable this policy setting, Work Folders will be set up automatically for all users of the affected computer. This prevents users from choosing not to use Work Folders on the computer; it also prevents them from manually specifying the local folder in which Work Folders stores files. Work Folders will use the settings specified in the "Specify Work Folders settings" policy setting in User Configuration\Administrative Templates\Windows Components\WorkFolders. If the "Specify Work Folders settings" policy setting does not apply to a user, Work Folders is not automatically set up. +- If you enable this policy setting, Work Folders will be set up automatically for all users of the affected computer. This prevents users from choosing not to use Work Folders on the computer; it also prevents them from manually specifying the local folder in which Work Folders stores files. Work Folders will use the settings specified in the "Specify Work Folders settings" policy setting in User Configuration\Administrative Templates\Windows Components\WorkFolders. If the "Specify Work Folders settings" policy setting doesn't apply to a user, Work Folders isn't automatically set up. -- If you disable or do not configure this policy setting, Work Folders uses the "Force automatic setup" option of the "Specify Work Folders settings" policy setting to determine whether to automatically set up Work Folders for a given user. +- If you disable or don't configure this policy setting, Work Folders uses the "Force automatic setup" option of the "Specify Work Folders settings" policy setting to determine whether to automatically set up Work Folders for a given user. @@ -169,9 +169,9 @@ The "On-demand file access preference" option controls whether to enable on-dema - If you enable this policy setting, on-demand file access is enabled. - If you disable this policy setting, on-demand file access is disabled, and enough storage space to store all the user's files is required on each of their PCs. -If you specify User choice or do not configure this policy setting, the user decides whether to enable on-demand file access. However, if the Force automatic setup policy setting is enabled, Work Folders is set up automatically with on-demand file access enabled. +If you specify User choice or don't configure this policy setting, the user decides whether to enable on-demand file access. However, if the Force automatic setup policy setting is enabled, Work Folders is set up automatically with on-demand file access enabled. -The "Force automatic setup" option specifies that Work Folders should be set up automatically without prompting users. This prevents users from choosing not to use Work Folders on the computer; it also prevents them from manually specifying the local folder in which Work Folders stores files. By default, Work Folders is stored in the "%USERPROFILE%\Work Folders" folder. If this option is not specified, users must use the Work Folders Control Panel item on their computers to set up Work Folders. +The "Force automatic setup" option specifies that Work Folders should be set up automatically without prompting users. This prevents users from choosing not to use Work Folders on the computer; it also prevents them from manually specifying the local folder in which Work Folders stores files. By default, Work Folders is stored in the "%USERPROFILE%\Work Folders" folder. If this option isn't specified, users must use the Work Folders Control Panel item on their computers to set up Work Folders. diff --git a/windows/client-management/mdm/policy-csp-admx-wpn.md b/windows/client-management/mdm/policy-csp-admx-wpn.md index d25946b8cb..e9f61c9ac5 100644 --- a/windows/client-management/mdm/policy-csp-admx-wpn.md +++ b/windows/client-management/mdm/policy-csp-admx-wpn.md @@ -41,11 +41,11 @@ ms.topic: reference This policy setting blocks voice and video calls during Quiet Hours. -- If you enable this policy setting, voice and video calls will be blocked during the designated Quiet Hours time window each day, and users will not be able to customize any other Quiet Hours settings. +- If you enable this policy setting, voice and video calls will be blocked during the designated Quiet Hours time window each day, and users won't be able to customize any other Quiet Hours settings. -- If you disable this policy setting, voice and video calls will be allowed during Quiet Hours, and users will not be able to customize this or any other Quiet Hours settings. +- If you disable this policy setting, voice and video calls will be allowed during Quiet Hours, and users won't be able to customize this or any other Quiet Hours settings. -- If you do not configure this policy setting, voice and video calls will be allowed during Quiet Hours by default. Adminstrators and users will be able to modify this setting. +- If you don't configure this policy setting, voice and video calls will be allowed during Quiet Hours by default. Adminstrators and users will be able to modify this setting. @@ -102,9 +102,9 @@ This policy setting blocks voice and video calls during Quiet Hours. This policy setting turns off toast notifications on the lock screen. -- If you enable this policy setting, applications will not be able to raise toast notifications on the lock screen. +- If you enable this policy setting, applications won't be able to raise toast notifications on the lock screen. -- If you disable or do not configure this policy setting, toast notifications on the lock screen are enabled and can be turned off by the administrator or user. +- If you disable or don't configure this policy setting, toast notifications on the lock screen are enabled and can be turned off by the administrator or user. No reboots or service restarts are required for this policy setting to take effect. @@ -163,11 +163,11 @@ No reboots or service restarts are required for this policy setting to take effe This policy setting turns off Quiet Hours functionality. -- If you enable this policy setting, toast notifications will not be suppressed and some background tasks will not be deferred during the designated Quiet Hours time window each day. +- If you enable this policy setting, toast notifications won't be suppressed and some background tasks won't be deferred during the designated Quiet Hours time window each day. -- If you disable this policy setting, toast notifications will be suppressed and some background task deferred during the designated Quiet Hours time window. Users will not be able to change this or any other Quiet Hours settings. +- If you disable this policy setting, toast notifications will be suppressed and some background task deferred during the designated Quiet Hours time window. Users won't be able to change this or any other Quiet Hours settings. -- If you do not configure this policy setting, Quiet Hours are enabled by default but can be turned off or by the administrator or user. +- If you don't configure this policy setting, Quiet Hours are enabled by default but can be turned off or by the administrator or user. @@ -228,13 +228,13 @@ This policy setting turns off Quiet Hours functionality. This policy setting turns off toast notifications for applications. -- If you enable this policy setting, applications will not be able to raise toast notifications. +- If you enable this policy setting, applications won't be able to raise toast notifications. -Note that this policy does not affect taskbar notification balloons. +Note that this policy doesn't affect taskbar notification balloons. -Note that Windows system features are not affected by this policy. You must enable/disable system features individually to stop their ability to raise toast notifications. +Note that Windows system features aren't affected by this policy. You must enable/disable system features individually to stop their ability to raise toast notifications. -- If you disable or do not configure this policy setting, toast notifications are enabled and can be turned off by the administrator or user. +- If you disable or don't configure this policy setting, toast notifications are enabled and can be turned off by the administrator or user. No reboots or service restarts are required for this policy setting to take effect. @@ -293,11 +293,11 @@ No reboots or service restarts are required for this policy setting to take effe This policy setting specifies the number of minutes after midnight (local time) that Quiet Hours is to begin each day. -- If you enable this policy setting, the specified time will be used, and users will not be able to customize any Quiet Hours settings. +- If you enable this policy setting, the specified time will be used, and users won't be able to customize any Quiet Hours settings. -- If you disable this policy setting, a default value will be used, and users will not be able to change it or any other Quiet Hours setting. +- If you disable this policy setting, a default value will be used, and users won't be able to change it or any other Quiet Hours setting. -- If you do not configure this policy setting, a default value will be used, which administrators and users will be able to modify. +- If you don't configure this policy setting, a default value will be used, which administrators and users will be able to modify. @@ -353,11 +353,11 @@ This policy setting specifies the number of minutes after midnight (local time) This policy setting specifies the number of minutes after midnight (local time) that Quiet Hours is to end each day. -- If you enable this policy setting, the specified time will be used, and users will not be able to customize any Quiet Hours settings. +- If you enable this policy setting, the specified time will be used, and users won't be able to customize any Quiet Hours settings. -- If you disable this policy setting, a default value will be used, and users will not be able to change it or any other Quiet Hours setting. +- If you disable this policy setting, a default value will be used, and users won't be able to change it or any other Quiet Hours setting. -- If you do not configure this policy setting, a default value will be used, which administrators and users will be able to modify. +- If you don't configure this policy setting, a default value will be used, which administrators and users will be able to modify. diff --git a/windows/client-management/mdm/policy-csp-applicationdefaults.md b/windows/client-management/mdm/policy-csp-applicationdefaults.md index 7153de8aea..90a0ae5825 100644 --- a/windows/client-management/mdm/policy-csp-applicationdefaults.md +++ b/windows/client-management/mdm/policy-csp-applicationdefaults.md @@ -46,7 +46,7 @@ For more information, refer to the DISM documentation on TechNet. If this group policy is enabled and the client machine is domain-joined, the file will be processed and default associations will be applied at logon time. -If the group policy is not configured, disabled, or the client machine is not domain-joined, no default associations will be applied at logon time. +If the group policy isn't configured, disabled, or the client machine isn't domain-joined, no default associations will be applied at logon time. If the policy is enabled, disabled, or not configured, users will still be able to override default file type and protocol associations. @@ -158,7 +158,7 @@ Enabling this policy setting enables web-to-app linking so that apps can be laun Disabling this policy disables web-to-app linking and http(s) URIs will be opened in the default browser instead of launching the associated app. -If you do not configure this policy setting, the default behavior depends on the Windows edition. Changes to this policy take effect on reboot. +If you don't configure this policy setting, the default behavior depends on the Windows edition. Changes to this policy take effect on reboot. diff --git a/windows/client-management/mdm/policy-csp-applicationmanagement.md b/windows/client-management/mdm/policy-csp-applicationmanagement.md index 7f9fdcb85f..a360d0d4bc 100644 --- a/windows/client-management/mdm/policy-csp-applicationmanagement.md +++ b/windows/client-management/mdm/policy-csp-applicationmanagement.md @@ -41,7 +41,7 @@ This policy setting allows you to manage the installation of trusted line-of-bus - If you enable this policy setting, you can install any LOB or developer-signed Windows Store app (which must be signed with a certificate chain that can be successfully validated by the local computer). -- If you disable or do not configure this policy setting, you cannot install LOB or developer-signed Windows Store apps. +- If you disable or don't configure this policy setting, you can't install LOB or developer-signed Windows Store apps. @@ -173,9 +173,9 @@ This policy setting controls whether the system can archive infrequently used ap - If you enable this policy setting, then the system will periodically check for and archive infrequently used apps. -- If you disable this policy setting, then the system will not archive any apps. +- If you disable this policy setting, then the system won't archive any apps. -- If you do not configure this policy setting (default), then the system will follow default behavior, which is to periodically check for and archive infrequently used apps, and the user will be able to configure this setting themselves. +- If you don't configure this policy setting (default), then the system will follow default behavior, which is to periodically check for and archive infrequently used apps, and the user will be able to configure this setting themselves. @@ -243,7 +243,7 @@ Allows or denies development of Microsoft Store applications and installing them - If you enable this setting and enable the "Allow all trusted apps to install" Group Policy, you can develop Microsoft Store apps and install them directly from an IDE. -- If you disable or do not configure this setting, you cannot develop Microsoft Store apps or install them directly from an IDE. +- If you disable or don't configure this setting, you can't develop Microsoft Store apps or install them directly from an IDE. @@ -309,7 +309,7 @@ Allows or denies development of Microsoft Store applications and installing them Windows Game Recording and Broadcasting. -This setting enables or disables the Windows Game Recording and Broadcasting features. If you disable this setting, Windows Game Recording will not be allowed. +This setting enables or disables the Windows Game Recording and Broadcasting features. If you disable this setting, Windows Game Recording won't be allowed. If the setting is enabled or not configured, then Recording and Broadcasting (streaming) will be allowed. @@ -540,7 +540,7 @@ Manages non-Administrator users' ability to install Windows app packages. - If you enable this policy, non-Administrators will be unable to initiate installation of Windows app packages. Administrators who wish to install an app will need to do so from an Administrator context (for example, an Administrator PowerShell window). All users will still be able to install Windows app packages via the Microsoft Store, if permitted by other policies. -- If you disable or do not configure this policy, all users will be able to initiate installation of Windows app packages. +- If you disable or don't configure this policy, all users will be able to initiate installation of Windows app packages. @@ -563,7 +563,7 @@ Manages non-Administrator users' ability to install Windows app packages. | Value | Description | |:--|:--| | 0 (Default) | Disabled. All users will be able to initiate installation of Windows app packages. | -| 1 | Enabled. Non-administrator users will not be able to initiate installation of Windows app packages. | +| 1 | Enabled. Non-administrator users won't be able to initiate installation of Windows app packages. | @@ -603,7 +603,7 @@ Manages non-Administrator users' ability to install Windows app packages. -Disable turns off the launch of all apps from the Microsoft Store that came pre-installed or were downloaded. Apps will not be updated. Your Store will also be disabled. Enable turns all of it back on. This setting applies only to Enterprise and Education editions of Windows. +Disable turns off the launch of all apps from the Microsoft Store that came pre-installed or were downloaded. Apps won't be updated. Your Store will also be disabled. Enable turns all of it back on. This setting applies only to Enterprise and Education editions of Windows. @@ -723,7 +723,7 @@ This policy setting permits users to change installation options that typically - If you enable this policy setting, some of the security features of Windows Installer are bypassed. It permits installations to complete that otherwise would be halted due to a security violation. -- If you disable or do not configure this policy setting, the security features of Windows Installer prevent users from changing installation options typically reserved for system administrators, such as specifying the directory to which files are installed. +- If you disable or don't configure this policy setting, the security features of Windows Installer prevent users from changing installation options typically reserved for system administrators, such as specifying the directory to which files are installed. If Windows Installer detects that an installation package has permitted the user to change a protected option, it stops the installation and displays a message. These security features operate only when the installation program is running in a privileged security context in which it has access to directories denied to the user. @@ -798,13 +798,13 @@ This policy setting directs Windows Installer to use elevated permissions when i - If you enable this policy setting, privileges are extended to all programs. These privileges are usually reserved for programs that have been assigned to the user (offered on the desktop), assigned to the computer (installed automatically), or made available in Add or Remove Programs in Control Panel. This profile setting lets users install programs that require access to directories that the user might not have permission to view or change, including directories on highly restricted computers. -- If you disable or do not configure this policy setting, the system applies the current user's permissions when it installs programs that a system administrator does not distribute or offer. +- If you disable or don't configure this policy setting, the system applies the current user's permissions when it installs programs that a system administrator doesn't distribute or offer. > [!NOTE] > This policy setting appears both in the Computer Configuration and User Configuration folders. To make this policy setting effective, you must enable it in both folders. > [!CAUTION] -> Skilled users can take advantage of the permissions this policy setting grants to change their privileges and gain permanent access to restricted files and folders. Note that the User Configuration version of this policy setting is not guaranteed to be secure. +> Skilled users can take advantage of the permissions this policy setting grants to change their privileges and gain permanent access to restricted files and folders. Note that the User Configuration version of this policy setting isn't guaranteed to be secure. @@ -873,7 +873,7 @@ This policy setting directs Windows Installer to use elevated permissions when i Denies access to the retail catalog in the Microsoft Store, but displays the private store. -- If you enable this setting, users will not be able to view the retail catalog in the Microsoft Store, but they will be able to view apps in the private store. +- If you enable this setting, users won't be able to view the retail catalog in the Microsoft Store, but they will be able to view apps in the private store. - If you disable or don't configure this setting, users can access the retail catalog in the Microsoft Store. @@ -942,7 +942,7 @@ Prevent users' app data from moving to another location when an app is moved or - If you enable this setting, all users' app data will stay on the system volume, regardless of where the app is installed. -- If you disable or do not configure this setting, then when an app is moved to a different volume, the users' app data will also move to this volume. +- If you disable or don't configure this setting, then when an app is moved to a different volume, the users' app data will also move to this volume. @@ -1007,9 +1007,9 @@ Prevent users' app data from moving to another location when an app is moved or This policy setting allows you to manage installing Windows apps on additional volumes such as secondary partitions, USB drives, or SD cards. -- If you enable this setting, you can't move or install Windows apps on volumes that are not the system volume. +- If you enable this setting, you can't move or install Windows apps on volumes that aren't the system volume. -- If you disable or do not configure this setting, you can move or install Windows apps on other volumes. +- If you disable or don't configure this setting, you can move or install Windows apps on other volumes. diff --git a/windows/client-management/mdm/policy-csp-appruntime.md b/windows/client-management/mdm/policy-csp-appruntime.md index b95821fb82..cc82ff6965 100644 --- a/windows/client-management/mdm/policy-csp-appruntime.md +++ b/windows/client-management/mdm/policy-csp-appruntime.md @@ -43,7 +43,7 @@ This policy setting lets you control whether Microsoft accounts are optional for - If you enable this policy setting, Windows Store apps that typically require a Microsoft account to sign in will allow users to sign in with an enterprise account instead. -- If you disable or do not configure this policy setting, users will need to sign in with a Microsoft account. +- If you disable or don't configure this policy setting, users will need to sign in with a Microsoft account. diff --git a/windows/client-management/mdm/policy-csp-appvirtualization.md b/windows/client-management/mdm/policy-csp-appvirtualization.md index 789e490c75..273303fe89 100644 --- a/windows/client-management/mdm/policy-csp-appvirtualization.md +++ b/windows/client-management/mdm/policy-csp-appvirtualization.md @@ -322,9 +322,9 @@ Delay reporting for the random minutes: The maximum minutes of random delay on t Repeat reporting for every (days): The periodical interval in days for sending the reporting data. -Data Cache Limit: This value specifies the maximum size in megabytes (MB) of the XML cache for storing reporting information. The default value is 20 MB. The size applies to the cache in memory. When the limit is reached, the log file will roll over. When a new record is to be added (bottom of the list), one or more of the oldest records (top of the list) will be deleted to make room. A warning will be logged to the Client log and the event log the first time this occurs, and will not be logged again until after the cache has been successfully cleared on transmission and the log has filled up again. +Data Cache Limit: This value specifies the maximum size in megabytes (MB) of the XML cache for storing reporting information. The default value is 20 MB. The size applies to the cache in memory. When the limit's reached, the log file will roll over. When a new record is to be added (bottom of the list), one or more of the oldest records (top of the list) will be deleted to make room. A warning will be logged to the Client log and the event log the first time this occurs, and won't be logged again until after the cache has been successfully cleared on transmission and the log has filled up again. -Data Block Size: This value specifies the maximum size in bytes to transmit to the server at once on a reporting upload, to avoid permanent transmission failures when the log has reached a significant size. The default value is 65536. When transmitting report data to the server, one block at a time of application records that is less than or equal to the block size in bytes of XML data will be removed from the cache and sent to the server. Each block will have the general Client data and global package list data prepended, and these will not factor into the block size calculations; the potential exists for an extremely large package list to result in transmission failures over low bandwidth or unreliable connections. +Data Block Size: This value specifies the maximum size in bytes to transmit to the server at once on a reporting upload, to avoid permanent transmission failures when the log has reached a significant size. The default value is 65536. When transmitting report data to the server, one block at a time of application records that's less than or equal to the block size in bytes of XML data will be removed from the cache and sent to the server. Each block will have the general Client data and global package list data prepended, and these won't factor into the block size calculations; the potential exists for an extremely large package list to result in transmission failures over low bandwidth or unreliable connections. @@ -379,7 +379,7 @@ Data Block Size: This value specifies the maximum size in bytes to transmit to t -Specifies the file paths relative to %userprofile% that do not roam with a user's profile. Example usage: /FILEEXCLUSIONLIST='desktop;my pictures'. +Specifies the file paths relative to %userprofile% that don't roam with a user's profile. Example usage: /FILEEXCLUSIONLIST='desktop;my pictures'. @@ -433,7 +433,7 @@ Specifies the file paths relative to %userprofile% that do not roam with a user' -Specifies the registry paths that do not roam with a user profile. Example usage: /REGISTRYEXCLUSIONLIST=software\classes;software\clients. +Specifies the registry paths that don't roam with a user profile. Example usage: /REGISTRYEXCLUSIONLIST=software\classes;software\clients. @@ -596,7 +596,7 @@ Migration mode allows the App-V client to modify shortcuts and FTA's for package -Specifies the location where symbolic links are created to the current version of a per-user published package. Shortcuts, file type associations, etc. are created pointing to this path. If empty, symbolic links are not used during publishing. Example: %localappdata%\Microsoft\AppV\Client\Integration. +Specifies the location where symbolic links are created to the current version of a per-user published package. Shortcuts, file type associations, etc. are created pointing to this path. If empty, symbolic links aren't used during publishing. Example: %localappdata%\Microsoft\AppV\Client\Integration. @@ -650,7 +650,7 @@ Specifies the location where symbolic links are created to the current version o -Specifies the location where symbolic links are created to the current version of a globally published package. Shortcuts, file type associations, etc. are created pointing to this path. If empty, symbolic links are not used during publishing. Example: %allusersprofile%\Microsoft\AppV\Client\Integration. +Specifies the location where symbolic links are created to the current version of a globally published package. Shortcuts, file type associations, etc. are created pointing to this path. If empty, symbolic links aren't used during publishing. Example: %allusersprofile%\Microsoft\AppV\Client\Integration. @@ -1498,7 +1498,7 @@ Specifies that streamed package contents will be not be saved to the local hard -If enabled, the App-V client will support BrancheCache compatible HTTP streaming. If BranchCache support is not desired, this should be disabled. The client can then apply HTTP optimizations which are incompatible with BranchCache. +If enabled, the App-V client will support BrancheCache compatible HTTP streaming. If BranchCache support isn't desired, this should be disabled. The client can then apply HTTP optimizations which are incompatible with BranchCache. diff --git a/windows/client-management/mdm/policy-csp-attachmentmanager.md b/windows/client-management/mdm/policy-csp-attachmentmanager.md index 773aa14a81..0a4a89d068 100644 --- a/windows/client-management/mdm/policy-csp-attachmentmanager.md +++ b/windows/client-management/mdm/policy-csp-attachmentmanager.md @@ -39,13 +39,13 @@ ms.topic: reference -This policy setting allows you to manage whether Windows marks file attachments with information about their zone of origin (such as restricted, Internet, intranet, local). This requires NTFS in order to function correctly, and will fail without notice on FAT32. By not preserving the zone information, Windows cannot make proper risk assessments. +This policy setting allows you to manage whether Windows marks file attachments with information about their zone of origin (such as restricted, Internet, intranet, local). This requires NTFS in order to function correctly, and will fail without notice on FAT32. By not preserving the zone information, Windows can't make proper risk assessments. -- If you enable this policy setting, Windows does not mark file attachments with their zone information. +- If you enable this policy setting, Windows doesn't mark file attachments with their zone information. - If you disable this policy setting, Windows marks file attachments with their zone information. -- If you do not configure this policy setting, Windows marks file attachments with their zone information. +- If you don't configure this policy setting, Windows marks file attachments with their zone information. @@ -106,7 +106,7 @@ This policy setting allows you to manage whether users can manually remove the z - If you disable this policy setting, Windows shows the check box and Unblock button. -- If you do not configure this policy setting, Windows hides the check box and Unblock button. +- If you don't configure this policy setting, Windows hides the check box and Unblock button. @@ -165,9 +165,9 @@ This policy setting allows you to manage the behavior for notifying registered a - If you enable this policy setting, Windows tells the registered antivirus program to scan the file when a user opens a file attachment. If the antivirus program fails, the attachment is blocked from being opened. -- If you disable this policy setting, Windows does not call the registered antivirus programs when file attachments are opened. +- If you disable this policy setting, Windows doesn't call the registered antivirus programs when file attachments are opened. -- If you do not configure this policy setting, Windows does not call the registered antivirus programs when file attachments are opened. +- If you don't configure this policy setting, Windows doesn't call the registered antivirus programs when file attachments are opened. diff --git a/windows/client-management/mdm/policy-csp-audit.md b/windows/client-management/mdm/policy-csp-audit.md index d191218a9b..07697f66e8 100644 --- a/windows/client-management/mdm/policy-csp-audit.md +++ b/windows/client-management/mdm/policy-csp-audit.md @@ -37,7 +37,7 @@ ms.topic: reference -This policy setting allows you to audit events generated by validation tests on user account logon credentials. Events in this subcategory occur only on the computer that is authoritative for those credentials. For domain accounts, the domain controller is authoritative. For local accounts, the local computer is authoritative. +This policy setting allows you to audit events generated by validation tests on user account logon credentials. Events in this subcategory occur only on the computer that's authoritative for those credentials. For domain accounts, the domain controller is authoritative. For local accounts, the local computer is authoritative. @@ -100,7 +100,7 @@ Volume: High on domain controllers. This policy setting allows you to audit events generated by Kerberos authentication ticket-granting ticket (TGT) requests. - If you configure this policy setting, an audit event is generated after a Kerberos authentication TGT request. Success audits record successful requests and Failure audits record unsuccessful requests. -- If you do not configure this policy setting, no audit event is generated after a Kerberos authentication TGT request. +- If you don't configure this policy setting, no audit event is generated after a Kerberos authentication TGT request. @@ -163,7 +163,7 @@ Volume: High on Kerberos Key Distribution Center servers. This policy setting allows you to audit events generated by Kerberos authentication ticket-granting ticket (TGT) requests submitted for user accounts. - If you configure this policy setting, an audit event is generated after a Kerberos authentication TGT is requested for a user account. Success audits record successful requests and Failure audits record unsuccessful requests. -- If you do not configure this policy setting, no audit event is generated after a Kerberos authentication TGT is request for a user account. +- If you don't configure this policy setting, no audit event is generated after a Kerberos authentication TGT is request for a user account. @@ -224,7 +224,7 @@ Volume: Low. -This policy setting allows you to audit events generated by responses to credential requests submitted for a user account logon that are not credential validation or Kerberos tickets. Currently, there are no events in this subcategory. +This policy setting allows you to audit events generated by responses to credential requests submitted for a user account logon that aren't credential validation or Kerberos tickets. Currently, there are no events in this subcategory. @@ -284,7 +284,7 @@ This policy setting allows you to audit events generated by responses to credent -This policy setting allows you to audit events generated by a failed attempt to log on to an account that is locked out. If you configure this policy setting, an audit event is generated when an account cannot log on to a computer because the account is locked out. Success audits record successful attempts and Failure audits record unsuccessful attempts. Logon events are essential for understanding user activity and to detect potential attacks. +This policy setting allows you to audit events generated by a failed attempt to log on to an account that's locked out. If you configure this policy setting, an audit event is generated when an account can't log on to a computer because the account is locked out. Success audits record successful attempts and Failure audits record unsuccessful attempts. Logon events are essential for understanding user activity and to detect potential attacks. @@ -345,7 +345,7 @@ Volume: Low. -This policy allows you to audit the group membership information in the user's logon token. Events in this subcategory are generated on the computer on which a logon session is created. For an interactive logon, the security audit event is generated on the computer that the user logged on to. For a network logon, such as accessing a shared folder on the network, the security audit event is generated on the computer hosting the resource. When this setting is configured, one or more security audit events are generated for each successful logon. You must also enable the Audit Logon setting under Advanced Audit Policy Configuration\System Audit Policies\Logon/Logoff. Multiple events are generated if the group membership information cannot fit in a single security audit event. +This policy allows you to audit the group membership information in the user's logon token. Events in this subcategory are generated on the computer on which a logon session is created. For an interactive logon, the security audit event is generated on the computer that the user logged-on to. For a network logon, such as accessing a shared folder on the network, the security audit event is generated on the computer hosting the resource. When this setting is configured, one or more security audit events are generated for each successful logon. You must also enable the Audit Logon setting under Advanced Audit Policy Configuration\System Audit Policies\Logon/Logoff. Multiple events are generated if the group membership information can't fit in a single security audit event. @@ -408,7 +408,7 @@ Volume: Low on a client computer. Medium on a domain controller or a network ser This policy setting allows you to audit events generated by Internet Key Exchange protocol (IKE) and Authenticated Internet Protocol (AuthIP) during Extended Mode negotiations. - If you configure this policy setting, an audit event is generated during an IPsec Extended Mode negotiation. Success audits record successful attempts and Failure audits record unsuccessful attempts. -- If you do not configure this policy setting, no audit event is generated during an IPsec Extended Mode negotiation. +- If you don't configure this policy setting, no audit event is generated during an IPsec Extended Mode negotiation. @@ -471,7 +471,7 @@ Volume: High. This policy setting allows you to audit events generated by Internet Key Exchange protocol (IKE) and Authenticated Internet Protocol (AuthIP) during Main Mode negotiations. - If you configure this policy setting, an audit event is generated during an IPsec Main Mode negotiation. Success audits record successful attempts and Failure audits record unsuccessful attempts. -- If you do not configure this policy setting, no audit event is generated during an IPsec Main Mode negotiation. +- If you don't configure this policy setting, no audit event is generated during an IPsec Main Mode negotiation. @@ -534,7 +534,7 @@ Volume: High. This policy setting allows you to audit events generated by Internet Key Exchange protocol (IKE) and Authenticated Internet Protocol (AuthIP) during Quick Mode negotiations. - If you configure this policy setting, an audit event is generated during an IPsec Quick Mode negotiation. Success audits record successful attempts and Failure audits record unsuccessful attempts. -- If you do not configure this policy setting, no audit event is generated during an IPsec Quick Mode negotiation. +- If you don't configure this policy setting, no audit event is generated during an IPsec Quick Mode negotiation. @@ -595,9 +595,9 @@ Volume: High. -This policy setting allows you to audit events generated by the closing of a logon session. These events occur on the computer that was accessed. For an interactive logoff the security audit event is generated on the computer that the user account logged on to. +This policy setting allows you to audit events generated by the closing of a logon session. These events occur on the computer that was accessed. For an interactive logoff the security audit event is generated on the computer that the user account logged-on to. - If you configure this policy setting, an audit event is generated when a logon session is closed. Success audits record successful attempts to close sessions and Failure audits record unsuccessful attempts to close sessions. -- If you do not configure this policy setting, no audit event is generated when a logon session is closed. +- If you don't configure this policy setting, no audit event is generated when a logon session is closed. @@ -658,7 +658,7 @@ Volume: Low. -This policy setting allows you to audit events generated by user account logon attempts on the computer. Events in this subcategory are related to the creation of logon sessions and occur on the computer which was accessed. For an interactive logon, the security audit event is generated on the computer that the user account logged on to. For a network logon, such as accessing a shared folder on the network, the security audit event is generated on the computer hosting the resource. The following events are included: Successful logon attempts. Failed logon attempts. Logon attempts using explicit credentials. This event is generated when a process attempts to log on an account by explicitly specifying that account's credentials. This most commonly occurs in batch logon configurations, such as scheduled tasks or when using the RUNAS command. Security identifiers (SIDs) were filtered and not allowed to log on. +This policy setting allows you to audit events generated by user account logon attempts on the computer. Events in this subcategory are related to the creation of logon sessions and occur on the computer which was accessed. For an interactive logon, the security audit event is generated on the computer that the user account logged-on to. For a network logon, such as accessing a shared folder on the network, the security audit event is generated on the computer hosting the resource. The following events are included: Successful logon attempts. Failed logon attempts. Logon attempts using explicit credentials. This event is generated when a process attempts to log on an account by explicitly specifying that account's credentials. This most commonly occurs in batch logon configurations, such as scheduled tasks or when using the RUNAS command. Security identifiers (SIDs) were filtered and not allowed to log on. @@ -721,7 +721,7 @@ Volume: Low on a client computer. Medium on a domain controller or a network ser This policy setting allows you to audit events generated by RADIUS (IAS) and Network Access Protection (NAP) user access requests. These requests can be Grant, Deny, Discard, Quarantine, Lock, and Unlock. - If you configure this policy setting, an audit event is generated for each IAS and NAP user access request. Success audits record successful user access requests and Failure audits record unsuccessful attempts. -- If you do not configure this policy settings, IAS and NAP user access requests are not audited. +- If you don't configure this policy settings, IAS and NAP user access requests aren't audited. @@ -782,7 +782,7 @@ Volume: Medium or High on NPS and IAS server. No volume on other computers. -This policy setting allows you to audit other logon/logoff-related events that are not covered in the "Logon/Logoff" policy setting such as the following: Terminal Services session disconnections. New Terminal Services sessions. Locking and unlocking a workstation. Invoking a screen saver. Dismissal of a screen saver. Detection of a Kerberos replay attack, in which a Kerberos request was received twice with identical information. This condition could be caused by network misconfiguration. Access to a wireless network granted to a user or computer account. Access to a wired 802.1x network granted to a user or computer account. +This policy setting allows you to audit other logon/logoff-related events that aren't covered in the "Logon/Logoff" policy setting such as the following: Terminal Services session disconnections. New Terminal Services sessions. Locking and unlocking a workstation. Invoking a screen saver. Dismissal of a screen saver. Detection of a Kerberos replay attack, in which a Kerberos request was received twice with identical information. This condition could be caused by network misconfiguration. Access to a wireless network granted to a user or computer account. Access to a wired 802.1x network granted to a user or computer account. @@ -843,7 +843,7 @@ Volume: Low. -This policy setting allows you to audit events generated by special logons such as the following: The use of a special logon, which is a logon that has administrator-equivalent privileges and can be used to elevate a process to a higher level. A logon by a member of a Special Group. Special Groups enable you to audit events generated when a member of a certain group has logged on to your network. You can configure a list of group security identifiers (SIDs) in the registry. If any of those SIDs are added to a token during logon and the subcategory is enabled, an event is logged. For more information about this feature, see [article 947223 in the Microsoft Knowledge Base](https://go.microsoft.com/fwlink/?LinkId=121697). +This policy setting allows you to audit events generated by special logons such as the following: The use of a special logon, which is a logon that has administrator-equivalent privileges and can be used to elevate a process to a higher level. A logon by a member of a Special Group. Special Groups enable you to audit events generated when a member of a certain group has logged-on to your network. You can configure a list of group security identifiers (SIDs) in the registry. If any of those SIDs are added to a token during logon and the subcategory is enabled, an event is logged. For more information about this feature, see [article 947223 in the Microsoft Knowledge Base](https://go.microsoft.com/fwlink/?LinkId=121697). @@ -904,7 +904,7 @@ Volume: Low. -This policy allows you to audit user and device claims information in the user's logon token. Events in this subcategory are generated on the computer on which a logon session is created. For an interactive logon, the security audit event is generated on the computer that the user logged on to. For a network logon, such as accessing a shared folder on the network, the security audit event is generated on the computer hosting the resource. User claims are added to a logon token when claims are included with a user's account attributes in Active Directory. Device claims are added to the logon token when claims are included with a device's computer account attributes in Active Directory. In addition, compound identity must be enabled for the domain and on the computer where the user logged on. When this setting is configured, one or more security audit events are generated for each successful logon. You must also enable the Audit Logon setting under Advanced Audit Policy Configuration\System Audit Policies\Logon/Logoff. Multiple events are generated if the user and device claims information cannot fit in a single security audit event. +This policy allows you to audit user and device claims information in the user's logon token. Events in this subcategory are generated on the computer on which a logon session is created. For an interactive logon, the security audit event is generated on the computer that the user logged-on to. For a network logon, such as accessing a shared folder on the network, the security audit event is generated on the computer hosting the resource. User claims are added to a logon token when claims are included with a user's account attributes in Active Directory. Device claims are added to the logon token when claims are included with a device's computer account attributes in Active Directory. In addition, compound identity must be enabled for the domain and on the computer where the user logged on. When this setting is configured, one or more security audit events are generated for each successful logon. You must also enable the Audit Logon setting under Advanced Audit Policy Configuration\System Audit Policies\Logon/Logoff. Multiple events are generated if the user and device claims information can't fit in a single security audit event. @@ -967,7 +967,7 @@ Volume: Low on a client computer. Medium on a domain controller or a network ser This policy setting allows you to audit events generated by changes to application groups such as the following: Application group is created, changed, or deleted. Member is added or removed from an application group. - If you configure this policy setting, an audit event is generated when an attempt to change an application group is made. Success audits record successful attempts and Failure audits record unsuccessful attempts. -- If you do not configure this policy setting, no audit event is generated when an application group changes. +- If you don't configure this policy setting, no audit event is generated when an application group changes. @@ -1030,7 +1030,7 @@ Volume: Low. This policy setting allows you to audit events generated by changes to computer accounts such as when a computer account is created, changed, or deleted. - If you configure this policy setting, an audit event is generated when an attempt to change a computer account is made. Success audits record successful attempts and Failure audits record unsuccessful attempts. -- If you do not configure this policy setting, no audit event is generated when a computer account changes. +- If you don't configure this policy setting, no audit event is generated when a computer account changes. @@ -1093,7 +1093,7 @@ Volume: Low. This policy setting allows you to audit events generated by changes to distribution groups such as the following: Distribution group is created, changed, or deleted. Member is added or removed from a distribution group. Distribution group type is changed. - If you configure this policy setting, an audit event is generated when an attempt to change a distribution group is made. Success audits record successful attempts and Failure audits record unsuccessful attempts. -- If you do not configure this policy setting, no audit event is generated when a distribution group changes. +- If you don't configure this policy setting, no audit event is generated when a distribution group changes. > [!NOTE] > Events in this subcategory are logged only on domain controllers. @@ -1157,7 +1157,7 @@ Volume: Low. -This policy setting allows you to audit events generated by other user account changes that are not covered in this category, such as the following: The password hash of a user account was accessed. This typically happens during an Active Directory Management Tool password migration. The Password Policy Checking API was called. Calls to this function can be part of an attack when a malicious application tests the policy to reduce the number of attempts during a password dictionary attack. Changes to the Default Domain Group Policy under the following Group Policy paths: Computer Configuration\Windows Settings\Security Settings\Account Policies\Password Policy Computer Configuration\Windows Settings\Security Settings\Account Policies\Account Lockout Policy. +This policy setting allows you to audit events generated by other user account changes that aren't covered in this category, such as the following: The password hash of a user account was accessed. This typically happens during an Active Directory Management Tool password migration. The Password Policy Checking API was called. Calls to this function can be part of an attack when a malicious application tests the policy to reduce the number of attempts during a password dictionary attack. Changes to the Default Domain Group Policy under the following Group Policy paths: Computer Configuration\Windows Settings\Security Settings\Account Policies\Password Policy Computer Configuration\Windows Settings\Security Settings\Account Policies\Account Lockout Policy. @@ -1220,7 +1220,7 @@ Volume: Low. This policy setting allows you to audit events generated by changes to security groups such as the following: Security group is created, changed, or deleted. Member is added or removed from a security group. Group type is changed. - If you configure this policy setting, an audit event is generated when an attempt to change a security group is made. Success audits record successful attempts and Failure audits record unsuccessful attempts. -- If you do not configure this policy setting, no audit event is generated when a security group changes. +- If you don't configure this policy setting, no audit event is generated when a security group changes. @@ -1283,7 +1283,7 @@ Volume: Low. This policy setting allows you to audit changes to user accounts. Events include the following: A user account is created, changed, deleted; renamed, disabled, enabled, locked out, or unlocked. A user account's password is set or changed. A security identifier (SID) is added to the SID History of a user account. The Directory Services Restore Mode password is configured. Permissions on administrative user accounts are changed. Credential Manager credentials are backed up or restored. - If you configure this policy setting, an audit event is generated when an attempt to change a user account is made. Success audits record successful attempts and Failure audits record unsuccessful attempts. -- If you do not configure this policy setting, no audit event is generated when a user account changes. +- If you don't configure this policy setting, no audit event is generated when a user account changes. @@ -1346,7 +1346,7 @@ Volume: Low. This policy setting allows you to audit events generated when encryption or decryption requests are made to the Data Protection application interface (DPAPI). DPAPI is used to protect secret information such as stored password and key information. For more information about DPAPI, see [How to Use Data Protection](/dotnet/standard/security/how-to-use-data-protection). - If you configure this policy setting, an audit event is generated when an encryption or decryption request is made to DPAPI. Success audits record successful requests and Failure audits record unsuccessful requests. -- If you do not configure this policy setting, no audit event is generated when an encryption or decryption request is made to DPAPI. +- If you don't configure this policy setting, no audit event is generated when an encryption or decryption request is made to DPAPI. @@ -1409,7 +1409,7 @@ Volume: Low. This policy setting allows you to audit when plug and play detects an external device. - If you configure this policy setting, an audit event is generated whenever plug and play detects an external device. Only Success audits are recorded for this category. -- If you do not configure this policy setting, no audit event is generated when an external device is detected by plug and play. +- If you don't configure this policy setting, no audit event is generated when an external device is detected by plug and play. @@ -1472,7 +1472,7 @@ Volume: Low. This policy setting allows you to audit events generated when a process is created or starts. The name of the application or user that created the process is also audited. - If you configure this policy setting, an audit event is generated when a process is created. Success audits record successful attempts and Failure audits record unsuccessful attempts. -- If you do not configure this policy setting, no audit event is generated when a process is created. +- If you don't configure this policy setting, no audit event is generated when a process is created. @@ -1535,7 +1535,7 @@ Volume: Depends on how the computer is used. This policy setting allows you to audit events generated when a process ends. - If you configure this policy setting, an audit event is generated when a process ends. Success audits record successful attempts and Failure audits record unsuccessful attempts. -- If you do not configure this policy setting, no audit event is generated when a process ends. +- If you don't configure this policy setting, no audit event is generated when a process ends. @@ -1598,7 +1598,7 @@ Volume: Depends on how the computer is used. This policy setting allows you to audit inbound remote procedure call (RPC) connections. - If you configure this policy setting, an audit event is generated when a remote RPC connection is attempted. Success audits record successful attempts and Failure audits record unsuccessful attempts. -- If you do not configure this policy setting, no audit event is generated when a remote RPC connection is attempted. +- If you don't configure this policy setting, no audit event is generated when a remote RPC connection is attempted. @@ -1845,9 +1845,9 @@ Volume: High on domain controllers. None on client computers. This policy setting allows you to audit events generated by changes to objects in Active Directory Domain Services (AD DS). Events are logged when an object is created, deleted, modified, moved, or undeleted. When possible, events logged in this subcategory indicate the old and new values of the object's properties. Events in this subcategory are logged only on domain controllers, and only objects in AD DS with a matching system access control list (SACL) are logged. > [!NOTE] -> Actions on some objects and properties do not cause audit events to be generated due to settings on the object class in the schema. +> Actions on some objects and properties don't cause audit events to be generated due to settings on the object class in the schema. - If you configure this policy setting, an audit event is generated when an attempt to change an object in AD DS is made. Success audits record successful attempts, however unsuccessful attempts are NOT recorded. -- If you do not configure this policy setting, no audit event is generated when an attempt to change an object in AD DS object is made. +- If you don't configure this policy setting, no audit event is generated when an attempt to change an object in AD DS object is made. @@ -1910,7 +1910,7 @@ Volume: High on domain controllers only. This policy setting allows you to audit replication between two Active Directory Domain Services (AD DS) domain controllers. - If you configure this policy setting, an audit event is generated during AD DS replication. Success audits record successful replication and Failure audits record unsuccessful replication. -- If you do not configure this policy setting, no audit event is generated during AD DS replication. +- If you don't configure this policy setting, no audit event is generated during AD DS replication. @@ -2032,7 +2032,7 @@ Volume: Depends on the applications that are generating them. -This policy setting allows you to audit access requests where the permission granted or denied by a proposed policy differs from the current central access policy on an object. If you configure this policy setting, an audit event is generated each time a user accesses an object and the permission granted by the current central access policy on the object differs from that granted by the proposed policy. The resulting audit event will be generated as follows: 1) Success audits, when configured, records access attempts when the current central access policy grants access but the proposed policy denies access. 2) Failure audits when configured records access attempts when: a) The current central access policy does not grant access but the proposed policy grants access. b) A principal requests the maximum access rights they are allowed and the access rights granted by the current central access policy are different than the access rights granted by the proposed policy. Volume: Potentially high on a file server when the proposed policy differs significantly from the current central access policy. +This policy setting allows you to audit access requests where the permission granted or denied by a proposed policy differs from the current central access policy on an object. If you configure this policy setting, an audit event is generated each time a user accesses an object and the permission granted by the current central access policy on the object differs from that granted by the proposed policy. The resulting audit event will be generated as follows: 1) Success audits, when configured, records access attempts when the current central access policy grants access but the proposed policy denies access. 2) Failure audits when configured records access attempts when: a) The current central access policy doesn't grant access but the proposed policy grants access. b) A principal requests the maximum access rights they're allowed and the access rights granted by the current central access policy are different than the access rights granted by the proposed policy. Volume: Potentially high on a file server when the proposed policy differs significantly from the current central access policy. @@ -2291,7 +2291,7 @@ Volume: High on a file server or domain controller because of SYSVOL network acc This policy setting allows you to audit user attempts to access file system objects. A security audit event is generated only for objects that have system access control lists (SACL) specified, and only if the type of access requested, such as Write, Read, or Modify and the account making the request match the settings in the SACL. For more information about enabling object access auditing, see< https://go.microsoft.com/fwlink/?LinkId=122083>. - If you configure this policy setting, an audit event is generated each time an account accesses a file system object with a matching SACL. Success audits record successful attempts and Failure audits record unsuccessful attempts. -- If you do not configure this policy setting, no audit event is generated when an account accesses a file system object with a matching SACL. +- If you don't configure this policy setting, no audit event is generated when an account accesses a file system object with a matching SACL. > [!NOTE] > You can set a SACL on a file system object using the Security tab in that object's Properties dialog box. @@ -2357,7 +2357,7 @@ Volume: Depends on how the file system SACLs are configured. This policy setting allows you to audit connections that are allowed or blocked by the Windows Filtering Platform (WFP). The following events are included: The Windows Firewall Service blocks an application from accepting incoming connections on the network. The WFP allows a connection. The WFP blocks a connection. The WFP permits a bind to a local port. The WFP blocks a bind to a local port. The WFP allows a connection. The WFP blocks a connection. The WFP permits an application or service to listen on a port for incoming connections. The WFP blocks an application or service to listen on a port for incoming connections. - If you configure this policy setting, an audit event is generated when connections are allowed or blocked by the WFP. Success audits record events generated when connections are allowed and Failure audits record events generated when connections are blocked. -- If you do not configure this policy setting, no audit event is generated when connected are allowed or blocked by the WFP. +- If you don't configure this policy setting, no audit event is generated when connected are allowed or blocked by the WFP. @@ -2481,10 +2481,10 @@ Volume: High. This policy setting allows you to audit events generated when a handle to an object is opened or closed. Only objects with a matching system access control list (SACL) generate security audit events. - If you configure this policy setting, an audit event is generated when a handle is manipulated. Success audits record successful attempts and Failure audits record unsuccessful attempts. -- If you do not configure this policy setting, no audit event is generated when a handle is manipulated. +- If you don't configure this policy setting, no audit event is generated when a handle is manipulated. > [!NOTE] -> Events in this subcategory generate events only for object types where the corresponding Object Access subcategory is enabled. For example, if File system object access is enabled, handle manipulation security audit events are generated. If Registry object access is not enabled, handle manipulation security audit events will not be generated. +> Events in this subcategory generate events only for object types where the corresponding Object Access subcategory is enabled. For example, if File system object access is enabled, handle manipulation security audit events are generated. If Registry object access isn't enabled, handle manipulation security audit events won't be generated. @@ -2672,7 +2672,7 @@ Volume: Low. This policy setting allows you to audit attempts to access registry objects. A security audit event is generated only for objects that have system access control lists (SACLs) specified, and only if the type of access requested, such as Read, Write, or Modify, and the account making the request match the settings in the SACL. - If you configure this policy setting, an audit event is generated each time an account accesses a registry object with a matching SACL. Success audits record successful attempts and Failure audits record unsuccessful attempts. -- If you do not configure this policy setting, no audit event is generated when an account accesses a registry object with a matching SACL. +- If you don't configure this policy setting, no audit event is generated when an account accesses a registry object with a matching SACL. > [!NOTE] > You can set a SACL on a registry object using the Permissions dialog box. @@ -2738,7 +2738,7 @@ Volume: Depends on how registry SACLs are configured. This policy setting allows you to audit user attempts to access file system objects on a removable storage device. A security audit event is generated only for all objects for all types of access requested. - If you configure this policy setting, an audit event is generated each time an account accesses a file system object on a removable storage. Success audits record successful attempts and Failure audits record unsuccessful attempts. -- If you do not configure this policy setting, no audit event is generated when an account accesses a file system object on a removable storage. +- If you don't configure this policy setting, no audit event is generated when an account accesses a file system object on a removable storage. @@ -2798,9 +2798,9 @@ This policy setting allows you to audit user attempts to access file system obje -This policy setting allows you to audit events generated by attempts to access to Security Accounts Manager (SAM) objects. SAM objects include the following: SAM_ALIAS -- A local group. SAM_GROUP -- A group that is not a local group. SAM_USER - A user account. SAM_DOMAIN - A domain. SAM_SERVER - A computer account. +This policy setting allows you to audit events generated by attempts to access to Security Accounts Manager (SAM) objects. SAM objects include the following: SAM_ALIAS -- A local group. SAM_GROUP -- A group that isn't a local group. SAM_USER - A user account. SAM_DOMAIN - A domain. SAM_SERVER - A computer account. - If you configure this policy setting, an audit event is generated when an attempt to access a kernel object is made. Success audits record successful attempts and Failure audits record unsuccessful attempts. -- If you do not configure this policy setting, no audit event is generated when an attempt to access a kernel object is made. +- If you don't configure this policy setting, no audit event is generated when an attempt to access a kernel object is made. > [!NOTE] > Only the System Access Control List (SACL) for SAM_SERVER can be modified. Volume: High on domain controllers. @@ -2866,10 +2866,10 @@ Volume: High on domain controllers. For more information about reducing the numb This policy setting allows you to audit events generated by changes to the authentication policy such as the following: Creation of forest and domain trusts. Modification of forest and domain trusts. Removal of forest and domain trusts. Changes to Kerberos policy under Computer Configuration\Windows Settings\Security Settings\Account Policies\Kerberos Policy. Granting of any of the following user rights to a user or group: Access This Computer From the Network. Allow Logon Locally. Allow Logon Through Terminal Services. Logon as a Batch Job. Logon a Service. Namespace collision. For example, when a new trust has the same name as an existing namespace name. - If you configure this policy setting, an audit event is generated when an attempt to change the authentication policy is made. Success audits record successful attempts and Failure audits record unsuccessful attempts. -- If you do not configure this policy setting, no audit event is generated when the authentication policy is changed. +- If you don't configure this policy setting, no audit event is generated when the authentication policy is changed. > [!NOTE] -> The security audit event is logged when the group policy is applied. It does not occur at the time when the settings are modified. +> The security audit event is logged when the group policy is applied. It doesn't occur at the time when the settings are modified. @@ -2930,9 +2930,9 @@ Volume: Low. -This policy setting allows you to audit events generated by changes to the authorization policy such as the following: Assignment of user rights (privileges), such as SeCreateTokenPrivilege, that are not audited through the "Authentication Policy Change" subcategory. Removal of user rights (privileges), such as SeCreateTokenPrivilege, that are not audited through the "Authentication Policy Change" subcategory. Changes in the Encrypted File System (EFS) policy. Changes to the Resource attributes of an object. Changes to the Central Access Policy (CAP) applied to an object. +This policy setting allows you to audit events generated by changes to the authorization policy such as the following: Assignment of user rights (privileges), such as SeCreateTokenPrivilege, that aren't audited through the "Authentication Policy Change" subcategory. Removal of user rights (privileges), such as SeCreateTokenPrivilege, that aren't audited through the "Authentication Policy Change" subcategory. Changes in the Encrypted File System (EFS) policy. Changes to the Resource attributes of an object. Changes to the Central Access Policy (CAP) applied to an object. - If you configure this policy setting, an audit event is generated when an attempt to change the authorization policy is made. Success audits record successful attempts and Failure audits record unsuccessful attempts. -- If you do not configure this policy setting, no audit event is generated when the authorization policy changes. +- If you don't configure this policy setting, no audit event is generated when the authorization policy changes. @@ -2995,7 +2995,7 @@ Volume: Low. This policy setting allows you to audit events generated by changes to the Windows Filtering Platform (WFP) such as the following: IPsec services status. Changes to IPsec policy settings. Changes to Windows Firewall policy settings. Changes to WFP providers and engine. - If you configure this policy setting, an audit event is generated when a change to the WFP is attempted. Success audits record successful attempts and Failure audits record unsuccessful attempts. -- If you do not configure this policy setting, no audit event is generated when a change occurs to the WFP. +- If you don't configure this policy setting, no audit event is generated when a change occurs to the WFP. @@ -3058,7 +3058,7 @@ Volume: Low. This policy setting allows you to audit events generated by changes in policy rules used by the Microsoft Protection Service (MPSSVC). This service is used by Windows Firewall. Events include the following: Reporting of active policies when Windows Firewall service starts. Changes to Windows Firewall rules. Changes to Windows Firewall exception list. Changes to Windows Firewall settings. Rules ignored or not applied by Windows Firewall Service. Changes to Windows Firewall Group Policy settings. - If you configure this policy setting, an audit event is generated by attempts to change policy rules used by the MPSSVC. Success audits record successful attempts and Failure audits record unsuccessful attempts. -- If you do not configure this policy setting, no audit event is generated by changes in policy rules used by the MPSSVC. +- If you don't configure this policy setting, no audit event is generated by changes in policy rules used by the MPSSVC. @@ -3119,7 +3119,7 @@ Volume: Low. -This policy setting allows you to audit events generated by other security policy changes that are not audited in the policy change category, such as the following: Trusted Platform Module (TPM) configuration changes. Kernel-mode cryptographic self tests. Cryptographic provider operations. Cryptographic context operations or modifications. Applied Central Access Policies (CAPs) changes. Boot Configuration Data (BCD) modifications. +This policy setting allows you to audit events generated by other security policy changes that aren't audited in the policy change category, such as the following: Trusted Platform Module (TPM) configuration changes. Kernel-mode cryptographic self tests. Cryptographic provider operations. Cryptographic context operations or modifications. Applied Central Access Policies (CAPs) changes. Boot Configuration Data (BCD) modifications. @@ -3247,7 +3247,7 @@ Volume: Low. This policy setting allows you to audit events generated by the use of non-sensitive privileges (user rights). The following privileges are non-sensitive: Access Credential Manager as a trusted caller. Access this computer from the network. Add workstations to domain. Adjust memory quotas for a process. Allow log on locally. Allow log on through Terminal Services. Bypass traverse checking. Change the system time. Create a pagefile. Create global objects. Create permanent shared objects. Create symbolic links. Deny access this computer from the network. Deny log on as a batch job. Deny log on as a service. Deny log on locally. Deny log on through Terminal Services. Force shutdown from a remote system. Increase a process working set. Increase scheduling priority. Lock pages in memory. Log on as a batch job. Log on as a service. Modify an object label. Perform volume maintenance tasks. Profile single process. Profile system performance. Remove computer from docking station. Shut down the system. Synchronize directory service data. - If you configure this policy setting, an audit event is generated when a non-sensitive privilege is called. Success audits record successful calls and Failure audits record unsuccessful calls. -- If you do not configure this policy setting, no audit event is generated when a non-sensitive privilege is called. +- If you don't configure this policy setting, no audit event is generated when a non-sensitive privilege is called. @@ -3370,7 +3370,7 @@ Not used. This policy setting allows you to audit events generated when sensitive privileges (user rights) are used such as the following: A privileged service is called. One of the following privileges are called: Act as part of the operating system. Back up files and directories. Create a token object. Debug programs. Enable computer and user accounts to be trusted for delegation. Generate security audits. Impersonate a client after authentication. Load and unload device drivers. Manage auditing and security log. Modify firmware environment values. Replace a process-level token. Restore files and directories. Take ownership of files or other objects. - If you configure this policy setting, an audit event is generated when sensitive privilege requests are made. Success audits record successful requests and Failure audits record unsuccessful requests. -- If you do not configure this policy setting, no audit event is generated when sensitive privilege requests are made. +- If you don't configure this policy setting, no audit event is generated when sensitive privilege requests are made. @@ -3431,9 +3431,9 @@ Volume: High. -This policy setting allows you to audit events generated by the IPsec filter driver such as the following: Startup and shutdown of the IPsec services. Network packets dropped due to integrity check failure. Network packets dropped due to replay check failure. Network packets dropped due to being in plaintext. Network packets received with incorrect Security Parameter Index (SPI). This may indicate that either the network card is not working correctly or the driver needs to be updated. Inability to process IPsec filters. +This policy setting allows you to audit events generated by the IPsec filter driver such as the following: Startup and shutdown of the IPsec services. Network packets dropped due to integrity check failure. Network packets dropped due to replay check failure. Network packets dropped due to being in plaintext. Network packets received with incorrect Security Parameter Index (SPI). This may indicate that either the network card isn't working correctly or the driver needs to be updated. Inability to process IPsec filters. - If you configure this policy setting, an audit event is generated on an IPsec filter driver operation. Success audits record successful attempts and Failure audits record unsuccessful attempts. -- If you do not configure this policy setting, no audit event is generated on an IPSec filter driver operation. +- If you don't configure this policy setting, no audit event is generated on an IPSec filter driver operation. @@ -3616,9 +3616,9 @@ Volume: Low. -This policy setting allows you to audit events related to security system extensions or services such as the following: A security system extension, such as an authentication, notification, or security package is loaded and is registered with the Local Security Authority (LSA). It is used to authenticate logon attempts, submit logon requests, and any account or password changes. Examples of security system extensions are Kerberos and NTLM. A service is installed and registered with the Service Control Manager. The audit log contains information about the service name, binary, type, start type, and service account. +This policy setting allows you to audit events related to security system extensions or services such as the following: A security system extension, such as an authentication, notification, or security package is loaded and is registered with the Local Security Authority (LSA). It's used to authenticate logon attempts, submit logon requests, and any account or password changes. Examples of security system extensions are Kerberos and NTLM. A service is installed and registered with the Service Control Manager. The audit log contains information about the service name, binary, type, start type, and service account. - If you configure this policy setting, an audit event is generated when an attempt is made to load a security system extension. Success audits record successful attempts and Failure audits record unsuccessful attempts. -- If you do not configure this policy setting, no audit event is generated when an attempt is made to load a security system extension. +- If you don't configure this policy setting, no audit event is generated when an attempt is made to load a security system extension. @@ -3679,7 +3679,7 @@ Volume: Low. Security system extension events are generated more often on a doma -This policy setting allows you to audit events that violate the integrity of the security subsystem, such as the following: Events that could not be written to the event log because of a problem with the auditing system. A process that uses a local procedure call (LPC) port that is not valid in an attempt to impersonate a client by replying, reading, or writing to or from a client address space. The detection of a Remote Procedure Call (RPC) that compromises system integrity. The detection of a hash value of an executable file that is not valid as determined by Code Integrity. Cryptographic operations that compromise system integrity. +This policy setting allows you to audit events that violate the integrity of the security subsystem, such as the following: Events that couldn't be written to the event log because of a problem with the auditing system. A process that uses a local procedure call (LPC) port that isn't valid in an attempt to impersonate a client by replying, reading, or writing to or from a client address space. The detection of a Remote Procedure Call (RPC) that compromises system integrity. The detection of a hash value of an executable file that isn't valid as determined by Code Integrity. Cryptographic operations that compromise system integrity. diff --git a/windows/client-management/mdm/policy-csp-authentication.md b/windows/client-management/mdm/policy-csp-authentication.md index e09370032f..f89819c7ab 100644 --- a/windows/client-management/mdm/policy-csp-authentication.md +++ b/windows/client-management/mdm/policy-csp-authentication.md @@ -190,9 +190,9 @@ Allows EAP Fast Reconnect from being attempted for EAP Method TLS. Most restrict This policy allows users to use a companion device, such as a phone, fitness band, or IoT device, to sign on to a desktop computer running Windows 10. The companion device provides a second factor of authentication with Windows Hello. -- If you enable or do not configure this policy setting, users can authenticate to Windows Hello using a companion device. +- If you enable or don't configure this policy setting, users can authenticate to Windows Hello using a companion device. -- If you disable this policy, users cannot use a companion device to authenticate with Windows Hello. +- If you disable this policy, users can't use a companion device to authenticate with Windows Hello. @@ -387,7 +387,7 @@ This policy is intended for use on Shared PCs to enable a quick first sign-in ex |:--|:--| | 0 (Default) | The feature defaults to the existing SKU and device capabilities. | | 1 | Enabled. Auto-connect new non-admin Azure AD accounts to pre-configured candidate local accounts. | -| 2 | Disabled. Do not auto-connect new non-admin Azure AD accounts to pre-configured local accounts. | +| 2 | Disabled. Don't auto-connect new non-admin Azure AD accounts to pre-configured local accounts. | @@ -437,7 +437,7 @@ Specifies whether connected users on AADJ devices receive a Passwordless experie |:--|:--| | 0 (Default) | The feature defaults to the existing edition and device capabilities. | | 1 | Enabled. The Passwordless experience will be enabled on Windows. | -| 2 | Disabled. The Passwordless experience will not be enabled on Windows. | +| 2 | Disabled. The Passwordless experience won't be enabled on Windows. | @@ -495,7 +495,7 @@ Specifies whether web-based sign-in is allowed for signing in to Windows. |:--|:--| | 0 (Default) | The feature defaults to the existing SKU and device capabilities. | | 1 | Enabled. Web Sign-in will be enabled for signing in to Windows. | -| 2 | Disabled. Web Sign-in will not be enabled for signing in to Windows. | +| 2 | Disabled. Web Sign-in won't be enabled for signing in to Windows. | diff --git a/windows/client-management/mdm/policy-csp-autoplay.md b/windows/client-management/mdm/policy-csp-autoplay.md index 9489269011..14d67c424b 100644 --- a/windows/client-management/mdm/policy-csp-autoplay.md +++ b/windows/client-management/mdm/policy-csp-autoplay.md @@ -45,9 +45,9 @@ ms.topic: reference This policy setting disallows AutoPlay for MTP devices like cameras or phones. -- If you enable this policy setting, AutoPlay is not allowed for MTP devices like cameras or phones. +- If you enable this policy setting, AutoPlay isn't allowed for MTP devices like cameras or phones. -- If you disable or do not configure this policy setting, AutoPlay is enabled for non-volume devices. +- If you disable or don't configure this policy setting, AutoPlay is enabled for non-volume devices. @@ -187,9 +187,9 @@ Starting with Windows XP SP2, Autoplay is enabled for removable drives as well, - If you enable this policy setting, Autoplay is disabled on CD-ROM and removable media drives, or disabled on all drives. -This policy setting disables Autoplay on additional types of drives. You cannot use this setting to enable Autoplay on drives on which it is disabled by default. +This policy setting disables Autoplay on additional types of drives. You can't use this setting to enable Autoplay on drives on which it's disabled by default. -- If you disable or do not configure this policy setting, AutoPlay is enabled. +- If you disable or don't configure this policy setting, AutoPlay is enabled. > [!NOTE] > This policy setting appears in both the Computer Configuration and User Configuration folders. If the policy settings conflict, the policy setting in Computer Configuration takes precedence over the policy setting in User Configuration. diff --git a/windows/client-management/mdm/policy-csp-bits.md b/windows/client-management/mdm/policy-csp-bits.md index 558e3a029e..49e554a641 100644 --- a/windows/client-management/mdm/policy-csp-bits.md +++ b/windows/client-management/mdm/policy-csp-bits.md @@ -37,16 +37,16 @@ ms.topic: reference -This policy setting limits the network bandwidth that Background Intelligent Transfer Service (BITS) uses for background transfers. (This policy setting does not affect foreground transfers.) +This policy setting limits the network bandwidth that Background Intelligent Transfer Service (BITS) uses for background transfers. (This policy setting doesn't affect foreground transfers.) You can specify a limit to use during a specific time interval and at all other times. For example, limit the use of network bandwidth to 10 Kbps from 8:00 A. M. to 5:00 P. M., and use all available unused bandwidth the rest of the day's hours. - If you enable this policy setting, BITS will limit its bandwidth usage to the specified values. You can specify the limit in kilobits per second (Kbps). If you specify a value less than 2 kilobits, BITS will continue to use approximately 2 kilobits. To prevent BITS transfers from occurring, specify a limit of 0. -- If you disable or do not configure this policy setting, BITS uses all available unused bandwidth. +- If you disable or don't configure this policy setting, BITS uses all available unused bandwidth. > [!NOTE] -> You should base the limit on the speed of the network link, not the computer's network interface card (NIC). This policy setting does not affect Peercaching transfers between peer computers (it does affect transfers from the origin server); the "Limit the maximum network bandwidth used for Peercaching" policy setting should be used for that purpose. +> You should base the limit on the speed of the network link, not the computer's network interface card (NIC). This policy setting doesn't affect Peercaching transfers between peer computers (it does affect transfers from the origin server); the "Limit the maximum network bandwidth used for Peercaching" policy setting should be used for that purpose. Consider using this setting to prevent BITS transfers from competing for network bandwidth when the client computer has a fast network card (10Mbs), but is connected to the network via a slow link (56Kbs). @@ -103,16 +103,16 @@ Consider using this setting to prevent BITS transfers from competing for network -This policy setting limits the network bandwidth that Background Intelligent Transfer Service (BITS) uses for background transfers. (This policy setting does not affect foreground transfers.) +This policy setting limits the network bandwidth that Background Intelligent Transfer Service (BITS) uses for background transfers. (This policy setting doesn't affect foreground transfers.) You can specify a limit to use during a specific time interval and at all other times. For example, limit the use of network bandwidth to 10 Kbps from 8:00 A. M. to 5:00 P. M., and use all available unused bandwidth the rest of the day's hours. - If you enable this policy setting, BITS will limit its bandwidth usage to the specified values. You can specify the limit in kilobits per second (Kbps). If you specify a value less than 2 kilobits, BITS will continue to use approximately 2 kilobits. To prevent BITS transfers from occurring, specify a limit of 0. -- If you disable or do not configure this policy setting, BITS uses all available unused bandwidth. +- If you disable or don't configure this policy setting, BITS uses all available unused bandwidth. > [!NOTE] -> You should base the limit on the speed of the network link, not the computer's network interface card (NIC). This policy setting does not affect Peercaching transfers between peer computers (it does affect transfers from the origin server); the "Limit the maximum network bandwidth used for Peercaching" policy setting should be used for that purpose. +> You should base the limit on the speed of the network link, not the computer's network interface card (NIC). This policy setting doesn't affect Peercaching transfers between peer computers (it does affect transfers from the origin server); the "Limit the maximum network bandwidth used for Peercaching" policy setting should be used for that purpose. Consider using this setting to prevent BITS transfers from competing for network bandwidth when the client computer has a fast network card (10Mbs), but is connected to the network via a slow link (56Kbs). @@ -169,16 +169,16 @@ Consider using this setting to prevent BITS transfers from competing for network -This policy setting limits the network bandwidth that Background Intelligent Transfer Service (BITS) uses for background transfers. (This policy setting does not affect foreground transfers.) +This policy setting limits the network bandwidth that Background Intelligent Transfer Service (BITS) uses for background transfers. (This policy setting doesn't affect foreground transfers.) You can specify a limit to use during a specific time interval and at all other times. For example, limit the use of network bandwidth to 10 Kbps from 8:00 A. M. to 5:00 P. M., and use all available unused bandwidth the rest of the day's hours. - If you enable this policy setting, BITS will limit its bandwidth usage to the specified values. You can specify the limit in kilobits per second (Kbps). If you specify a value less than 2 kilobits, BITS will continue to use approximately 2 kilobits. To prevent BITS transfers from occurring, specify a limit of 0. -- If you disable or do not configure this policy setting, BITS uses all available unused bandwidth. +- If you disable or don't configure this policy setting, BITS uses all available unused bandwidth. > [!NOTE] -> You should base the limit on the speed of the network link, not the computer's network interface card (NIC). This policy setting does not affect Peercaching transfers between peer computers (it does affect transfers from the origin server); the "Limit the maximum network bandwidth used for Peercaching" policy setting should be used for that purpose. +> You should base the limit on the speed of the network link, not the computer's network interface card (NIC). This policy setting doesn't affect Peercaching transfers between peer computers (it does affect transfers from the origin server); the "Limit the maximum network bandwidth used for Peercaching" policy setting should be used for that purpose. Consider using this setting to prevent BITS transfers from competing for network bandwidth when the client computer has a fast network card (10Mbs), but is connected to the network via a slow link (56Kbs). @@ -237,7 +237,7 @@ Consider using this setting to prevent BITS transfers from competing for network This policy setting defines the default behavior that the Background Intelligent Transfer Service (BITS) uses for background transfers when the system is connected to a costed network (3G, etc.). Download behavior policies further limit the network usage of background transfers. -If you enable this policy setting, you can define a default download policy for each BITS job priority. This setting does not override a download policy explicitly configured by the application that created the BITS job, but does apply to jobs that are created by specifying only a priority. +If you enable this policy setting, you can define a default download policy for each BITS job priority. This setting doesn't override a download policy explicitly configured by the application that created the BITS job, but does apply to jobs that are created by specifying only a priority. For example, you can specify that background jobs are by default to transfer only when on uncosted network connections, but foreground jobs should proceed only when not roaming. The values that can be assigned are: @@ -323,7 +323,7 @@ For example, you can specify that background jobs are by default to transfer onl This policy setting defines the default behavior that the Background Intelligent Transfer Service (BITS) uses for background transfers when the system is connected to a costed network (3G, etc.). Download behavior policies further limit the network usage of background transfers. -If you enable this policy setting, you can define a default download policy for each BITS job priority. This setting does not override a download policy explicitly configured by the application that created the BITS job, but does apply to jobs that are created by specifying only a priority. +If you enable this policy setting, you can define a default download policy for each BITS job priority. This setting doesn't override a download policy explicitly configured by the application that created the BITS job, but does apply to jobs that are created by specifying only a priority. For example, you can specify that background jobs are by default to transfer only when on uncosted network connections, but foreground jobs should proceed only when not roaming. The values that can be assigned are: @@ -417,7 +417,7 @@ Consider decreasing this value if you are concerned about orphaned jobs occupyin - If you enable this policy setting, you can configure the inactive job timeout to specified number of days. -- If you disable or do not configure this policy setting, the default value of 90 (days) will be used for the inactive job timeout. +- If you disable or don't configure this policy setting, the default value of 90 (days) will be used for the inactive job timeout. diff --git a/windows/client-management/mdm/policy-csp-bluetooth.md b/windows/client-management/mdm/policy-csp-bluetooth.md index 8441ab6161..fdfb7dee5d 100644 --- a/windows/client-management/mdm/policy-csp-bluetooth.md +++ b/windows/client-management/mdm/policy-csp-bluetooth.md @@ -37,7 +37,7 @@ ms.topic: reference -Specifies whether the device can send out Bluetooth advertisements. If this is not set or it is deleted, the default value of 1 (Allow) is used. Most restricted value is 0. +Specifies whether the device can send out Bluetooth advertisements. If this isn't set or it's deleted, the default value of 1 (Allow) is used. Most restricted value is 0. @@ -59,7 +59,7 @@ Specifies whether the device can send out Bluetooth advertisements. If this is n | Value | Description | |:--|:--| -| 0 | Not allowed. When set to 0, the device will not send out advertisements. To verify, use any Bluetooth LE app and enable it to do advertising. Then, verify that the advertisement is not received by the peripheral. | +| 0 | Not allowed. When set to 0, the device won't send out advertisements. To verify, use any Bluetooth LE app and enable it to do advertising. Then, verify that the advertisement isn't received by the peripheral. | | 1 (Default) | Allowed. When set to 1, the device will send out advertisements. To verify, use any Bluetooth LE app and enable it to do advertising. Then, verify that the advertisement is received by the peripheral. | @@ -86,7 +86,7 @@ Specifies whether the device can send out Bluetooth advertisements. If this is n -Specifies whether other Bluetooth-enabled devices can discover the device. If this is not set or it is deleted, the default value of 1 (Allow) is used. Most restricted value is 0. +Specifies whether other Bluetooth-enabled devices can discover the device. If this isn't set or it's deleted, the default value of 1 (Allow) is used. Most restricted value is 0. @@ -108,7 +108,7 @@ Specifies whether other Bluetooth-enabled devices can discover the device. If th | Value | Description | |:--|:--| -| 0 | Not allowed. When set to 0, other devices will not be able to detect the device. To verify, open the Bluetooth control panel on the device. Then, go to another Bluetooth-enabled device, open the Bluetooth control panel, and verify that you cannot see the name of the device. | +| 0 | Not allowed. When set to 0, other devices won't be able to detect the device. To verify, open the Bluetooth control panel on the device. Then, go to another Bluetooth-enabled device, open the Bluetooth control panel, and verify that you can't see the name of the device. | | 1 (Default) | Allowed. When set to 1, other devices will be able to detect the device. To verify, open the Bluetooth control panel on the device. Then, go to another Bluetooth-enabled device, open the Bluetooth control panel and verify that you can discover it. | @@ -233,7 +233,7 @@ This policy allows the IT admin to block users on these managed devices from usi -Sets the local Bluetooth device name. If this is set, the value that it is set to will be used as the Bluetooth device name. To verify the policy is set, open the Bluetooth control panel on the device. Then, go to another Bluetooth-enabled device, open the Bluetooth control panel, and verify that the value that was specified. If this policy is not set or it is deleted, the default local radio name is used. +Sets the local Bluetooth device name. If this is set, the value that it's set to will be used as the Bluetooth device name. To verify the policy is set, open the Bluetooth control panel on the device. Then, go to another Bluetooth-enabled device, open the Bluetooth control panel, and verify that the value that was specified. If this policy isn't set or it's deleted, the default local radio name is used. diff --git a/windows/client-management/mdm/policy-csp-browser.md b/windows/client-management/mdm/policy-csp-browser.md index e0cc47c40d..ff06ee4287 100644 --- a/windows/client-management/mdm/policy-csp-browser.md +++ b/windows/client-management/mdm/policy-csp-browser.md @@ -1193,7 +1193,7 @@ With this policy, you can restrict whether printing web content in Microsoft Edg If enabled, printing is allowed. -If disabled, printing is not allowed. +If disabled, printing isn't allowed. @@ -1264,7 +1264,7 @@ Microsoft Edge saves your user's browsing history, which is made up of info abou If enabled or not configured, the browsing history is saved and visible in the History pane. -If disabled, the browsing history stops saving and is not visible in the History pane. If browsing history exists before this policy was disabled, the previous browsing history remains visible in the History pane. This policy, when disabled, does not stop roaming of existing history or history coming from other roamed devices. +If disabled, the browsing history stops saving and isn't visible in the History pane. If browsing history exists before this policy was disabled, the previous browsing history remains visible in the History pane. This policy, when disabled, doesn't stop roaming of existing history or history coming from other roamed devices. @@ -1483,7 +1483,7 @@ Sideloading installs and runs unverified extensions in Microsoft Edge. With this If enabled or not configured, sideloading of unverified extensions in Microsoft Edge is allowed. -If disabled, sideloading of unverified extensions in Microsoft Edge is not allowed. Extensions can be installed only through Microsoft store (including a store for business), enterprise storefront (such as Company Portal) or PowerShell (using Add-AppxPackage). When disabled, this policy does not prevent sideloading of extensions using Add-AppxPackage via PowerShell. To prevent this, in Group Policy Editor, enable Allows development of Windows Store apps and installing them from an integrated development environment (IDE), which is located at: +If disabled, sideloading of unverified extensions in Microsoft Edge isn't allowed. Extensions can be installed only through Microsoft store (including a store for business), enterprise storefront (such as Company Portal) or PowerShell (using Add-AppxPackage). When disabled, this policy doesn't prevent sideloading of extensions using Add-AppxPackage via PowerShell. To prevent this, in Group Policy Editor, enable Allows development of Windows Store apps and installing them from an integrated development environment (IDE), which is located at: Computer Configuration > Administrative Templates > Windows Components > App Package Deployment @@ -1514,7 +1514,7 @@ Related policies: | Value | Description | |:--|:--| -| 0 | Prevented/Not allowed. Disabling does not prevent sideloading of extensions using Add-AppxPackage via Powershell. To prevent this, set the ApplicationManagement/AllowDeveloperUnlock policy to 1 (enabled). | +| 0 | Prevented/Not allowed. Disabling doesn't prevent sideloading of extensions using Add-AppxPackage via Powershell. To prevent this, set the ApplicationManagement/AllowDeveloperUnlock policy to 1 (enabled). | | 1 (Default) | Allowed. | @@ -1587,7 +1587,7 @@ This policy setting lets you configure whether to turn on Windows Defender Smart | Value | Description | |:--|:--| -| 0 | Turned off. Do not protect users from potential threats and prevent users from turning it on. | +| 0 | Turned off. Don't protect users from potential threats and prevent users from turning it on. | | 1 (Default) | Turned on. Protect users from potential threats and prevent users from turning it off. | @@ -1853,7 +1853,7 @@ This policy setting helps you to decide whether to make the Books tab visible, r This policy setting allows the automatic clearing of browsing data when Microsoft Edge closes. -- If you enable this policy setting, clearing browsing history on exit is turned on. +- If you enable this policy setting, clearing browsing history on exit's turned on. - If you disable or don't configure this policy setting, it can be turned on and configured by the employee in the Clear browsing data options under Settings. @@ -1938,7 +1938,7 @@ This setting can only be used with domain-joined or MDM-enrolled devices. For mo - If you disable this setting, any added search engines are removed from your employee's devices. -- If you don't configure this setting, the search engine list is set to what is specified in App settings. +- If you don't configure this setting, the search engine list is set to what's specified in App settings. @@ -1995,7 +1995,7 @@ This setting can only be used with domain-joined or MDM-enrolled devices. For mo -The favorites bar shows your user's links to sites they have added to it. With this policy, you can specify whether to set the favorites bar to always be visible or hidden on any page. +The favorites bar shows your user's links to sites they've added to it. With this policy, you can specify whether to set the favorites bar to always be visible or hidden on any page. If enabled, favorites bar is always visible on any page, and the favorites bar toggle in Settings sets to On, but disabled preventing your users from making changes. An error message also shows at the top of the Settings pane indicating that your organization manages some settings. The show bar/hide bar option is hidden from the context menu. @@ -2237,11 +2237,11 @@ You can configure Microsoft Edge to reset to the configured start experience aft If enabled, you can set the idle time in minutes (0-1440). You must set the Configure kiosk mode policy to 1 and configure Microsoft Edge in assigned access as a single app for this policy to work. Once the idle time meets the time specified, a confirmation message prompts the user to continue, and if no user action, Microsoft Edge resets after 30 seconds. -If you set this policy to 0, Microsoft Edge does not use an idle timer. +If you set this policy to 0, Microsoft Edge doesn't use an idle timer. If disabled or not configured, the default value is 5 minutes. -If you do not configure Microsoft Edge in assigned access, then this policy does not take effect. +If you don't configure Microsoft Edge in assigned access, then this policy doesn't take effect. @@ -2391,7 +2391,7 @@ Related policies: -You can configure Microsoft Edge to send intranet history only, internet history only, or both to Desktop Analytics for enterprise devices with a configured Commercial ID. If disabled or not configured, Microsoft Edge does not send browsing history data to Desktop Analytics. +You can configure Microsoft Edge to send intranet history only, internet history only, or both to Desktop Analytics for enterprise devices with a configured Commercial ID. If disabled or not configured, Microsoft Edge doesn't send browsing history data to Desktop Analytics. Supported versions: Microsoft Edge on Windows 10, version 1809 Default setting: Disabled or not configured (no data collected or sent) @@ -2463,9 +2463,9 @@ Default setting: Disabled or not configured (no data collected or sent) -You can configure Microsoft Edge to disable the lockdown of Start pages allowing users to change or customize their start pages. To do this, you must also enable the Configure Start Pages or Configure Open Microsoft With policy. When enabled, all configured start pages are editable. Any Start page configured using the Configure Start pages policy is not locked down allowing users to edit their Start pages. +You can configure Microsoft Edge to disable the lockdown of Start pages allowing users to change or customize their start pages. To do this, you must also enable the Configure Start Pages or Configure Open Microsoft With policy. When enabled, all configured start pages are editable. Any Start page configured using the Configure Start pages policy isn't locked down allowing users to edit their Start pages. -If disabled or not configured, the Start pages configured in the Configure Start Pages policy cannot be changed and remain locked down. +If disabled or not configured, the Start pages configured in the Configure Start Pages policy can't be changed and remain locked down. Supported devices: Domain-joined or MDM-enrolled Related policy: @@ -2761,7 +2761,7 @@ Configure first run URL. -When you enable the Configure Open Microsoft Edge With policy, you can configure one or more Start pages. When you enable this policy, users are not allowed to make changes to their Start pages. +When you enable the Configure Open Microsoft Edge With policy, you can configure one or more Start pages. When you enable this policy, users aren't allowed to make changes to their Start pages. If enabled, you must include URLs to the pages, separating multiple pages using angle brackets in the following format: @@ -2770,7 +2770,7 @@ If enabled, you must include URLs to the pages, separating multiple pages using If disabled or not configured, the webpages specified in App settings loads as the default Start pages. Version 1703 or later: -If you do not want to send traffic to Microsoft, enable this policy and use the `` value, which honors domain- and non-domain-joined devices, when it is the only configured URL. +If you don't want to send traffic to Microsoft, enable this policy and use the `` value, which honors domain- and non-domain-joined devices, when it's the only configured URL. Version 1809: If enabled, and you select either Start page, New Tab page, or previous page in the Configure Open Microsoft Edge With policy, Microsoft Edge ignores the Configure Start Pages policy. If not configured or you set the Configure Open Microsoft Edge With policy to a specific page or pages, Microsoft Edge uses the Configure Start Pages policy. @@ -2983,7 +2983,7 @@ This policy setting lets you decide whether employees can access the about:flags Web security certificates are used to ensure a site your users go to is legitimate, and in some circumstances encrypts the data. With this policy, you can specify whether to prevent users from bypassing the security warning to sites that have SSL errors. -If enabled, overriding certificate errors are not allowed. +If enabled, overriding certificate errors aren't allowed. If disabled or not configured, overriding certificate errors are allowed. @@ -3196,7 +3196,7 @@ This policy lets you decide whether Microsoft Edge can gather Live Tile metadata This policy setting lets you decide whether employees can override the Windows Defender SmartScreen warnings about potentially malicious websites. -- If you enable this setting, employees can't ignore Windows Defender SmartScreen warnings and they are blocked from continuing to the site. +- If you enable this setting, employees can't ignore Windows Defender SmartScreen warnings and they're blocked from continuing to the site. - If you disable or don't configure this setting, employees can ignore Windows Defender SmartScreen warnings and continue to the site. @@ -3267,7 +3267,7 @@ This policy setting lets you decide whether employees can override the Windows D This policy setting lets you decide whether employees can override the Windows Defender SmartScreen warnings about downloading unverified files. -- If you enable this setting, employees can't ignore Windows Defender SmartScreen warnings and they are blocked from downloading the unverified files. +- If you enable this setting, employees can't ignore Windows Defender SmartScreen warnings and they're blocked from downloading the unverified files. - If you disable or don't configure this setting, employees can ignore Windows Defender SmartScreen warnings and continue the download process. @@ -3477,7 +3477,7 @@ This policy setting lets you decide whether an employee's LocalHost IP address s -This policy setting allows you to configure a default set of favorites, which will appear for employees. Employees cannot modify, sort, move, export or delete these provisioned favorites. +This policy setting allows you to configure a default set of favorites, which will appear for employees. Employees can't modify, sort, move, export or delete these provisioned favorites. - If you enable this setting, you can set favorite URL's and favorite folders to appear on top of users' favorites list (either in the Hub or Favorites Bar). The user favorites will appear after these provisioned favorites. diff --git a/windows/client-management/mdm/policy-csp-camera.md b/windows/client-management/mdm/policy-csp-camera.md index c2ea4b8e02..8de9d8b270 100644 --- a/windows/client-management/mdm/policy-csp-camera.md +++ b/windows/client-management/mdm/policy-csp-camera.md @@ -39,7 +39,7 @@ ms.topic: reference This policy setting allow the use of Camera devices on the machine. -- If you enable or do not configure this policy setting, Camera devices will be enabled. +- If you enable or don't configure this policy setting, Camera devices will be enabled. - If you disable this property setting, Camera devices will be disabled. diff --git a/windows/client-management/mdm/policy-csp-cellular.md b/windows/client-management/mdm/policy-csp-cellular.md index 61927574aa..33692bd982 100644 --- a/windows/client-management/mdm/policy-csp-cellular.md +++ b/windows/client-management/mdm/policy-csp-cellular.md @@ -45,11 +45,11 @@ You can specify either a default setting for all apps or a per-app setting by sp If you choose the "User is in control" option, employees in your organization can decide whether Windows apps can access cellular data by using Settings > Network - Internet > Cellular on the device. -If you choose the "Force Allow" option, Windows apps are allowed to access cellular data and employees in your organization cannot change it. +If you choose the "Force Allow" option, Windows apps are allowed to access cellular data and employees in your organization can't change it. -If you choose the "Force Deny" option, Windows apps are not allowed to access cellular data and employees in your organization cannot change it. +If you choose the "Force Deny" option, Windows apps aren't allowed to access cellular data and employees in your organization can't change it. -If you disable or do not configure this policy setting, employees in your organization can decide whether Windows apps can access cellular data by using Settings > Network - Internet > Cellular on the device. +If you disable or don't configure this policy setting, employees in your organization can decide whether Windows apps can access cellular data by using Settings > Network - Internet > Cellular on the device. If an app is open when this Group Policy object is applied on a device, employees must restart the app or device for the policy changes to be applied to the app. @@ -132,11 +132,11 @@ You can specify either a default setting for all apps or a per-app setting by sp If you choose the "User is in control" option, employees in your organization can decide whether Windows apps can access cellular data by using Settings > Network - Internet > Cellular on the device. -If you choose the "Force Allow" option, Windows apps are allowed to access cellular data and employees in your organization cannot change it. +If you choose the "Force Allow" option, Windows apps are allowed to access cellular data and employees in your organization can't change it. -If you choose the "Force Deny" option, Windows apps are not allowed to access cellular data and employees in your organization cannot change it. +If you choose the "Force Deny" option, Windows apps aren't allowed to access cellular data and employees in your organization can't change it. -If you disable or do not configure this policy setting, employees in your organization can decide whether Windows apps can access cellular data by using Settings > Network - Internet > Cellular on the device. +If you disable or don't configure this policy setting, employees in your organization can decide whether Windows apps can access cellular data by using Settings > Network - Internet > Cellular on the device. If an app is open when this Group Policy object is applied on a device, employees must restart the app or device for the policy changes to be applied to the app. @@ -197,11 +197,11 @@ You can specify either a default setting for all apps or a per-app setting by sp If you choose the "User is in control" option, employees in your organization can decide whether Windows apps can access cellular data by using Settings > Network - Internet > Cellular on the device. -If you choose the "Force Allow" option, Windows apps are allowed to access cellular data and employees in your organization cannot change it. +If you choose the "Force Allow" option, Windows apps are allowed to access cellular data and employees in your organization can't change it. -If you choose the "Force Deny" option, Windows apps are not allowed to access cellular data and employees in your organization cannot change it. +If you choose the "Force Deny" option, Windows apps aren't allowed to access cellular data and employees in your organization can't change it. -If you disable or do not configure this policy setting, employees in your organization can decide whether Windows apps can access cellular data by using Settings > Network - Internet > Cellular on the device. +If you disable or don't configure this policy setting, employees in your organization can decide whether Windows apps can access cellular data by using Settings > Network - Internet > Cellular on the device. If an app is open when this Group Policy object is applied on a device, employees must restart the app or device for the policy changes to be applied to the app. @@ -262,11 +262,11 @@ You can specify either a default setting for all apps or a per-app setting by sp If you choose the "User is in control" option, employees in your organization can decide whether Windows apps can access cellular data by using Settings > Network - Internet > Cellular on the device. -If you choose the "Force Allow" option, Windows apps are allowed to access cellular data and employees in your organization cannot change it. +If you choose the "Force Allow" option, Windows apps are allowed to access cellular data and employees in your organization can't change it. -If you choose the "Force Deny" option, Windows apps are not allowed to access cellular data and employees in your organization cannot change it. +If you choose the "Force Deny" option, Windows apps aren't allowed to access cellular data and employees in your organization can't change it. -If you disable or do not configure this policy setting, employees in your organization can decide whether Windows apps can access cellular data by using Settings > Network - Internet > Cellular on the device. +If you disable or don't configure this policy setting, employees in your organization can decide whether Windows apps can access cellular data by using Settings > Network - Internet > Cellular on the device. If an app is open when this Group Policy object is applied on a device, employees must restart the app or device for the policy changes to be applied to the app. @@ -324,7 +324,7 @@ If an app is open when this Group Policy object is applied on a device, employee This policy setting configures the visibility of the link to the per-application cellular access control page in the cellular setting UX. - If this policy setting is enabled, a drop-down list box presenting possible values will be active. Select "Hide" or "Show" to hide or show the link to the per-application cellular access control page. -- If this policy setting is disabled or is not configured, the link to the per-application cellular access control page is showed by default. +- If this policy setting is disabled or isn't configured, the link to the per-application cellular access control page is showed by default. diff --git a/windows/client-management/mdm/policy-csp-clouddesktop.md b/windows/client-management/mdm/policy-csp-clouddesktop.md index 55896ea4f2..0eecfa5c99 100644 --- a/windows/client-management/mdm/policy-csp-clouddesktop.md +++ b/windows/client-management/mdm/policy-csp-clouddesktop.md @@ -39,7 +39,7 @@ ms.topic: reference -This policy allows the user to configure the boot to cloud mode. Boot to Cloud mode enables users to seamlessly sign-in to a Cloud PC that is provisioned for them by an IT Admin. For using boot to cloud mode, users need to install and configure a Cloud Provider application (eg: Win365) on their PC and need to have a Cloud PC provisioned to them. For successful use of this policy, OverrideShellProgram policy needs to be configured as well. This policy supports the below options: 1. Not Configured: Machine will not trigger the Cloud PC connection automatically. 2. Enable Boot to Cloud Desktop: Users who have a Cloud PC provisioned will get connected seamlessly to the Cloud PC as they finish sign-in operation. +This policy allows the user to configure the boot to cloud mode. Boot to Cloud mode enables users to seamlessly sign-in to a Cloud PC that's provisioned for them by an IT Admin. For using boot to cloud mode, users need to install and configure a Cloud Provider application (eg: Win365) on their PC and need to have a Cloud PC provisioned to them. For successful use of this policy, OverrideShellProgram policy needs to be configured as well. This policy supports the below options: 1. Not Configured: Machine won't trigger the Cloud PC connection automatically. 2. Enable Boot to Cloud Desktop: Users who have a Cloud PC provisioned will get connected seamlessly to the Cloud PC as they finish sign-in operation. diff --git a/windows/client-management/mdm/policy-csp-connectivity.md b/windows/client-management/mdm/policy-csp-connectivity.md index 489c25883d..0ba1dc7cfe 100644 --- a/windows/client-management/mdm/policy-csp-connectivity.md +++ b/windows/client-management/mdm/policy-csp-connectivity.md @@ -42,7 +42,7 @@ ms.topic: reference Allows the user to enable Bluetooth or restrict access. > [!NOTE] -> This value is not supported in Windows Phone 8. 1 MDM and EAS, Windows 10 for desktop, or Windows 10 Mobile. If this is not set or it is deleted, the default value of 2 (Allow) is used. Most restricted value is 0. +> This value isn't supported in Windows Phone 8. 1 MDM and EAS, Windows 10 for desktop, or Windows 10 Mobile. If this isn't set or it's deleted, the default value of 2 (Allow) is used. Most restricted value is 0. @@ -64,7 +64,7 @@ Allows the user to enable Bluetooth or restrict access. | Value | Description | |:--|:--| -| 0 | Disallow Bluetooth. If this is set to 0, the radio in the Bluetooth control panel will be grayed out and the user will not be able to turn Bluetooth on. | +| 0 | Disallow Bluetooth. If this is set to 0, the radio in the Bluetooth control panel will be grayed out and the user won't be able to turn Bluetooth on. | | 1 | Reserved. If this is set to 1, the radio in the Bluetooth control panel will be functional and the user will be able to turn Bluetooth on. | | 2 (Default) | Allow Bluetooth. If this is set to 2, the radio in the Bluetooth control panel will be functional and the user will be able to turn Bluetooth on. | @@ -92,7 +92,7 @@ Allows the user to enable Bluetooth or restrict access. -Allows the cellular data channel on the device. Device reboot is not required to enforce the policy. +Allows the cellular data channel on the device. Device reboot isn't required to enforce the policy. @@ -114,9 +114,9 @@ Allows the cellular data channel on the device. Device reboot is not required to | Value | Description | |:--|:--| -| 0 | Do not allow the cellular data channel. The user cannot turn it on. This value is not supported in Windows 10, version 1511. | +| 0 | Don't allow the cellular data channel. The user can't turn it on. This value isn't supported in Windows 10, version 1511. | | 1 (Default) | Allow the cellular data channel. The user can turn it off. | -| 2 | Allow the cellular data channel. The user cannot turn it off. | +| 2 | Allow the cellular data channel. The user can't turn it off. | @@ -146,7 +146,7 @@ This policy setting prevents clients from connecting to Mobile Broadband network - If this policy setting is enabled, all automatic and manual connection attempts to roaming provider networks are blocked until the client registers with the home provider network. -- If this policy setting is not configured or is disabled, clients are allowed to connect to roaming provider Mobile Broadband networks. +- If this policy setting isn't configured or is disabled, clients are allowed to connect to roaming provider Mobile Broadband networks. @@ -168,9 +168,9 @@ This policy setting prevents clients from connecting to Mobile Broadband network | Value | Description | |:--|:--| -| 0 | Do not allow cellular data roaming. The user cannot turn it on. This value is not supported in Windows 10, version 1511. | +| 0 | Don't allow cellular data roaming. The user can't turn it on. This value isn't supported in Windows 10, version 1511. | | 1 (Default) | Allow cellular data roaming. | -| 2 | Allow cellular data roaming on. The user cannot turn it off. | +| 2 | Allow cellular data roaming on. The user can't turn it off. | @@ -324,9 +324,9 @@ This policy allows IT admins to turn off the ability to Link a Phone with a PC t - If you enable this policy setting, the Windows device will be able to enroll in Phone-PC linking functionality and participate in Continue on PC experiences. -- If you disable this policy setting, the Windows device is not allowed to be linked to Phones, will remove itself from the device list of any linked Phones, and cannot participate in Continue on PC experiences. +- If you disable this policy setting, the Windows device isn't allowed to be linked to Phones, will remove itself from the device list of any linked Phones, and can't participate in Continue on PC experiences. -- If you do not configure this policy setting, the default behavior depends on the Windows edition. Changes to this policy take effect on reboot. +- If you don't configure this policy setting, the default behavior depends on the Windows edition. Changes to this policy take effect on reboot. @@ -348,7 +348,7 @@ This policy allows IT admins to turn off the ability to Link a Phone with a PC t | Value | Description | |:--|:--| -| 0 | Do not link. | +| 0 | Don't link. | | 1 (Default) | Allow phone-PC linking. | @@ -396,7 +396,7 @@ Device that has previously opt-in to MMX will also stop showing on the device li > [!NOTE] -> Currently, this policy is supported only in HoloLens 2, HoloLens (1st gen) Commercial Suite, and HoloLens (1st gen) Development Edition. Enables USB connection between the device and a computer to sync files with the device or to use developer tools to deploy or debug applications. Changing this policy does not affect USB charging. Both Media Transfer Protocol (MTP) and IP over USB are disabled when this policy is enforced. Most restricted value is 0. +> Currently, this policy is supported only in HoloLens 2, HoloLens (1st gen) Commercial Suite, and HoloLens (1st gen) Development Edition. Enables USB connection between the device and a computer to sync files with the device or to use developer tools to deploy or debug applications. Changing this policy doesn't affect USB charging. Both Media Transfer Protocol (MTP) and IP over USB are disabled when this policy is enforced. Most restricted value is 0. @@ -467,7 +467,7 @@ Specifies what type of underlying connections VPN is allowed to use. Most restri | Value | Description | |:--|:--| -| 0 | VPN is not allowed over cellular. | +| 0 | VPN isn't allowed over cellular. | | 1 (Default) | VPN can use any connection, including cellular. | @@ -548,11 +548,11 @@ This policy setting specifies whether to allow printing over HTTP from this clie Printing over HTTP allows a client to print to printers on the intranet as well as the Internet. > [!NOTE] -> This policy setting affects the client side of Internet printing only. It does not prevent this computer from acting as an Internet Printing server and making its shared printers available via HTTP. +> This policy setting affects the client side of Internet printing only. It doesn't prevent this computer from acting as an Internet Printing server and making its shared printers available via HTTP. - If you enable this policy setting, it prevents this client from printing to Internet printers over HTTP. -- If you disable or do not configure this policy setting, users can choose to print to Internet printers over HTTP. +- If you disable or don't configure this policy setting, users can choose to print to Internet printers over HTTP. Also, see the "Web-based printing" policy setting in Computer Configuration/Administrative Templates/Printers. @@ -614,11 +614,11 @@ This policy setting specifies whether to allow this client to download print dri To set up HTTP printing, non-inbox drivers need to be downloaded over HTTP. > [!NOTE] -> This policy setting does not prevent the client from printing to printers on the Intranet or the Internet over HTTP. It only prohibits downloading drivers that are not already installed locally. +> This policy setting doesn't prevent the client from printing to printers on the Intranet or the Internet over HTTP. It only prohibits downloading drivers that aren't already installed locally. -- If you enable this policy setting, print drivers cannot be downloaded over HTTP. +- If you enable this policy setting, print drivers can't be downloaded over HTTP. -- If you disable or do not configure this policy setting, users can download print drivers over HTTP. +- If you disable or don't configure this policy setting, users can download print drivers over HTTP. @@ -677,9 +677,9 @@ This policy setting specifies whether Windows should download a list of provider These wizards allow users to select from a list of companies that provide services such as online storage and photographic printing. By default, Windows displays providers downloaded from a Windows website in addition to providers specified in the registry. -- If you enable this policy setting, Windows does not download providers, and only the service providers that are cached in the local registry are displayed. +- If you enable this policy setting, Windows doesn't download providers, and only the service providers that are cached in the local registry are displayed. -- If you disable or do not configure this policy setting, a list of providers are downloaded when the user uses the web publishing or online ordering wizards. +- If you disable or don't configure this policy setting, a list of providers are downloaded when the user uses the web publishing or online ordering wizards. See the documentation for the web publishing and online ordering wizards for more information, including details on specifying service providers in the registry. @@ -740,9 +740,9 @@ This policy setting turns off the active tests performed by the Windows Network As part of determining the connectivity level, NCSI performs one of two active tests: downloading a page from a dedicated Web server or making a DNS request for a dedicated address. -- If you enable this policy setting, NCSI does not run either of the two active tests. This may reduce the ability of NCSI, and of other components that use NCSI, to determine Internet access. +- If you enable this policy setting, NCSI doesn't run either of the two active tests. This may reduce the ability of NCSI, and of other components that use NCSI, to determine Internet access. -- If you disable or do not configure this policy setting, NCSI runs one of the two active tests. +- If you disable or don't configure this policy setting, NCSI runs one of the two active tests. @@ -865,11 +865,11 @@ For more information, see [MS15-011: Vulnerability in Group Policy could allow r Determines whether a user can install and configure the Network Bridge. > [!IMPORTANT] -> This settings is location aware. It only applies when a computer is connected to the same DNS domain network it was connected to when the setting was refreshed on that computer. If a computer is connected to a DNS domain network other than the one it was connected to when the setting was refreshed, this setting does not apply. +> This settings is location aware. It only applies when a computer is connected to the same DNS domain network it was connected to when the setting was refreshed on that computer. If a computer is connected to a DNS domain network other than the one it was connected to when the setting was refreshed, this setting doesn't apply. The Network Bridge allows users to create a layer 2 MAC bridge, enabling them to connect two or more network segements together. This connection appears in the Network Connections folder. -If you disable this setting or do not configure it, the user will be able to create and modify the configuration of a Network Bridge. Enabling this setting does not remove an existing Network Bridge from the user's computer. +If you disable this setting or don't configure it, the user will be able to create and modify the configuration of a Network Bridge. Enabling this setting doesn't remove an existing Network Bridge from the user's computer. diff --git a/windows/client-management/mdm/policy-csp-controlpolicyconflict.md b/windows/client-management/mdm/policy-csp-controlpolicyconflict.md index 15c0389036..6c618bf585 100644 --- a/windows/client-management/mdm/policy-csp-controlpolicyconflict.md +++ b/windows/client-management/mdm/policy-csp-controlpolicyconflict.md @@ -37,7 +37,7 @@ ms.topic: reference -If set to 1 then any MDM policy that is set that has an equivalent GP policy will result in GP service blocking the setting of the policy by GP MMC. Setting the value to 0 (zero) or deleting the policy will remove the GP policy blocks restore the saved GP policies. +If set to 1 then any MDM policy that's set that has an equivalent GP policy will result in GP service blocking the setting of the policy by GP MMC. Setting the value to 0 (zero) or deleting the policy will remove the GP policy blocks restore the saved GP policies. diff --git a/windows/client-management/mdm/policy-csp-credentialproviders.md b/windows/client-management/mdm/policy-csp-credentialproviders.md index f7601e1216..6d56c65fbe 100644 --- a/windows/client-management/mdm/policy-csp-credentialproviders.md +++ b/windows/client-management/mdm/policy-csp-credentialproviders.md @@ -164,7 +164,7 @@ Note that the user's domain password will be cached in the system vault when usi -Boolean policy to disable the visibility of the credential provider that triggers the PC refresh on a device. This policy does not actually trigger the refresh. The admin user is required to authenticate to trigger the refresh on the target device. The Autopilot Reset feature allows admin to reset devices to a known good managed state while preserving the management enrollment. After the Autopilot Reset is triggered the devices are for ready for use by information workers or students. +Boolean policy to disable the visibility of the credential provider that triggers the PC refresh on a device. This policy doesn't actually trigger the refresh. The admin user is required to authenticate to trigger the refresh on the target device. The Autopilot Reset feature allows admin to reset devices to a known good managed state while preserving the management enrollment. After the Autopilot Reset is triggered the devices are for ready for use by information workers or students. diff --git a/windows/client-management/mdm/policy-csp-credentialsdelegation.md b/windows/client-management/mdm/policy-csp-credentialsdelegation.md index 4403faa777..2f2df60c50 100644 --- a/windows/client-management/mdm/policy-csp-credentialsdelegation.md +++ b/windows/client-management/mdm/policy-csp-credentialsdelegation.md @@ -45,7 +45,7 @@ When using credential delegation, devices provide an exportable version of crede - If you enable this policy setting, the host supports Restricted Admin or Remote Credential Guard mode. -- If you disable or do not configure this policy setting, Restricted Administration and Remote Credential Guard mode are not supported. User will always need to pass their credentials to the host. +- If you disable or don't configure this policy setting, Restricted Administration and Remote Credential Guard mode aren't supported. User will always need to pass their credentials to the host. diff --git a/windows/client-management/mdm/policy-csp-credentialsui.md b/windows/client-management/mdm/policy-csp-credentialsui.md index 15f980bcd2..5cc00c3b0a 100644 --- a/windows/client-management/mdm/policy-csp-credentialsui.md +++ b/windows/client-management/mdm/policy-csp-credentialsui.md @@ -45,9 +45,9 @@ ms.topic: reference This policy setting allows you to configure the display of the password reveal button in password entry user experiences. -- If you enable this policy setting, the password reveal button will not be displayed after a user types a password in the password entry text box. +- If you enable this policy setting, the password reveal button won't be displayed after a user types a password in the password entry text box. -- If you disable or do not configure this policy setting, the password reveal button will be displayed after a user types a password in the password entry text box. +- If you disable or don't configure this policy setting, the password reveal button will be displayed after a user types a password in the password entry text box. By default, the password reveal button is displayed after a user types a password in the password entry text box. To display the password, click the password reveal button. @@ -106,7 +106,7 @@ The policy applies to all Windows components and applications that use the Windo -This policy setting controls whether administrator accounts are displayed when a user attempts to elevate a running application. By default, administrator accounts are not displayed when the user attempts to elevate a running application. +This policy setting controls whether administrator accounts are displayed when a user attempts to elevate a running application. By default, administrator accounts aren't displayed when the user attempts to elevate a running application. - If you enable this policy setting, all local administrator accounts on the PC will be displayed so the user can choose one and enter the correct password. diff --git a/windows/client-management/mdm/policy-csp-dataprotection.md b/windows/client-management/mdm/policy-csp-dataprotection.md index 2bed9781c9..eacbfd0997 100644 --- a/windows/client-management/mdm/policy-csp-dataprotection.md +++ b/windows/client-management/mdm/policy-csp-dataprotection.md @@ -86,10 +86,10 @@ This policy setting allows you to block direct memory access (DMA) for all hot p -Important. This policy may change in a future release. It may be used for testing purposes, but should not be used in a production environment at this time. Setting used by Windows 8. 1 Selective Wipe. +Important. This policy may change in a future release. It may be used for testing purposes, but shouldn't be used in a production environment at this time. Setting used by Windows 8. 1 Selective Wipe. > [!NOTE] -> This policy is not recommended for use in Windows 10. +> This policy isn't recommended for use in Windows 10. diff --git a/windows/client-management/mdm/policy-csp-datausage.md b/windows/client-management/mdm/policy-csp-datausage.md index 55963b49c3..141857534d 100644 --- a/windows/client-management/mdm/policy-csp-datausage.md +++ b/windows/client-management/mdm/policy-csp-datausage.md @@ -45,11 +45,11 @@ This policy setting configures the cost of 3G connections on the local machine. - Unrestricted: Use of this connection is unlimited and not restricted by usage charges and capacity constraints. -- Fixed: Use of this connection is not restricted by usage charges and capacity constraints up to a certain data limit. +- Fixed: Use of this connection isn't restricted by usage charges and capacity constraints up to a certain data limit. - Variable: This connection is costed on a per byte basis. -- If this policy setting is disabled or is not configured, the cost of 3G connections is Fixed by default. +- If this policy setting is disabled or isn't configured, the cost of 3G connections is Fixed by default. @@ -111,11 +111,11 @@ This policy setting configures the cost of 4G connections on the local machine. - Unrestricted: Use of this connection is unlimited and not restricted by usage charges and capacity constraints. -- Fixed: Use of this connection is not restricted by usage charges and capacity constraints up to a certain data limit. +- Fixed: Use of this connection isn't restricted by usage charges and capacity constraints up to a certain data limit. - Variable: This connection is costed on a per byte basis. -- If this policy setting is disabled or is not configured, the cost of 4G connections is Fixed by default. +- If this policy setting is disabled or isn't configured, the cost of 4G connections is Fixed by default. diff --git a/windows/client-management/mdm/policy-csp-defender.md b/windows/client-management/mdm/policy-csp-defender.md index 86104e0374..58c4d7d6cf 100644 --- a/windows/client-management/mdm/policy-csp-defender.md +++ b/windows/client-management/mdm/policy-csp-defender.md @@ -39,9 +39,9 @@ ms.topic: reference This policy setting allows you to configure scans for malicious software and unwanted software in archive files such as . ZIP or . CAB files. -- If you enable or do not configure this setting, archive files will be scanned. +- If you enable or don't configure this setting, archive files will be scanned. -- If you disable this setting, archive files will not be scanned. However, archives are always scanned during directed scans. +- If you disable this setting, archive files won't be scanned. However, archives are always scanned during directed scans. @@ -108,7 +108,7 @@ This policy setting allows you to configure scans for malicious software and unw This policy setting allows you to configure behavior monitoring. -- If you enable or do not configure this setting, behavior monitoring will be enabled. +- If you enable or don't configure this setting, behavior monitoring will be enabled. - If you disable this setting, behavior monitoring will be disabled. @@ -177,7 +177,7 @@ This policy setting allows you to configure behavior monitoring. This policy setting allows you to join Microsoft MAPS. Microsoft MAPS is the online community that helps you choose how to respond to potential threats. The community also helps stop the spread of new malicious software infections. -You can choose to send basic or additional information about detected software. Additional information helps Microsoft create new security intelligence and help it to protect your computer. This information can include things like location of detected items on your computer if harmful software was removed. The information will be automatically collected and sent. In some instances, personal information might unintentionally be sent to Microsoft. However, Microsoft will not use this information to identify you or contact you. +You can choose to send basic or additional information about detected software. Additional information helps Microsoft create new security intelligence and help it to protect your computer. This information can include things like location of detected items on your computer if harmful software was removed. The information will be automatically collected and sent. In some instances, personal information might unintentionally be sent to Microsoft. However, Microsoft won't use this information to identify you or contact you. Possible options are: (0x0) Disabled (default) @@ -190,7 +190,7 @@ Advanced membership, in addition to basic information, will send more informatio - If you enable this setting, you will join Microsoft MAPS with the membership specified. -- If you disable or do not configure this setting, you will not join Microsoft MAPS. +- If you disable or don't configure this setting, you won't join Microsoft MAPS. In Windows 10, Basic membership is no longer available, so setting the value to 1 or 2 enrolls the device into Advanced membership. @@ -257,11 +257,11 @@ In Windows 10, Basic membership is no longer available, so setting the value to -This policy setting allows you to configure e-mail scanning. When e-mail scanning is enabled, the engine will parse the mailbox and mail files, according to their specific format, in order to analyze the mail bodies and attachments. Several e-mail formats are currently supported, for example: pst (Outlook), dbx, mbx, mime (Outlook Express), binhex (Mac). Email scanning is not supported on modern email clients. +This policy setting allows you to configure e-mail scanning. When e-mail scanning is enabled, the engine will parse the mailbox and mail files, according to their specific format, in order to analyze the mail bodies and attachments. Several e-mail formats are currently supported, for example: pst (Outlook), dbx, mbx, mime (Outlook Express), binhex (Mac). Email scanning isn't supported on modern email clients. - If you enable this setting, e-mail scanning will be enabled. -- If you disable or do not configure this setting, e-mail scanning will be disabled. +- If you disable or don't configure this setting, e-mail scanning will be disabled. @@ -328,7 +328,7 @@ This policy setting allows you to configure scanning mapped network drives. - If you enable this setting, mapped network drives will be scanned. -- If you disable or do not configure this setting, mapped network drives will not be scanned. +- If you disable or don't configure this setting, mapped network drives won't be scanned. @@ -395,7 +395,7 @@ This policy setting allows you to manage whether or not to scan for malicious so - If you enable this setting, removable drives will be scanned during any type of scan. -- If you disable or do not configure this setting, removable drives will not be scanned during a full scan. Removable drives may still be scanned during quick scan and custom scan. +- If you disable or don't configure this setting, removable drives won't be scanned during a full scan. Removable drives may still be scanned during quick scan and custom scan. @@ -511,7 +511,7 @@ Allows or disallows Windows Defender Intrusion Prevention functionality. This policy setting allows you to configure scanning for all downloaded files and attachments. -- If you enable or do not configure this setting, scanning for all downloaded files and attachments will be enabled. +- If you enable or don't configure this setting, scanning for all downloaded files and attachments will be enabled. - If you disable this setting, scanning for all downloaded files and attachments will be disabled. @@ -580,7 +580,7 @@ This policy setting allows you to configure scanning for all downloaded files an This policy setting allows you to configure monitoring for file and program activity. -- If you enable or do not configure this setting, monitoring for file and program activity will be enabled. +- If you enable or don't configure this setting, monitoring for file and program activity will be enabled. - If you disable this setting, monitoring for file and program activity will be disabled. @@ -967,8 +967,8 @@ Set the state for each Attack Surface Reduction (ASR) rule. After enabling this setting, you can set each rule to the following in the Options section: - Block: the rule will be applied - - Audit Mode: if the rule would normally cause an event, then it will be recorded (although the rule will not actually be applied) - - Off: the rule will not be applied + - Audit Mode: if the rule would normally cause an event, then it will be recorded (although the rule won't actually be applied) + - Off: the rule won't be applied - Not Configured: the rule is enabled with default values - Warn: the rule will be applied and the end-user will have the option to bypass the block @@ -1058,9 +1058,9 @@ You can exclude folders or files in the "Exclude files and paths from Attack Sur This policy setting allows you to configure the maximum percentage CPU utilization permitted during a scan. Valid values for this setting are a percentage represented by the integers 5 to 100. A value of 0 indicates that there should be no throttling of CPU utilization. The default value is 50. -- If you enable this setting, CPU utilization will not exceed the percentage specified. +- If you enable this setting, CPU utilization won't exceed the percentage specified. -- If you disable or do not configure this setting, CPU utilization will not exceed the default value. +- If you disable or don't configure this setting, CPU utilization won't exceed the default value. @@ -1121,7 +1121,7 @@ This setting applies to scheduled scans, but it has no effect on scans initiated - If you enable this setting, a check for new security intelligence will occur before running a scan. -- If you disable this setting or do not configure this setting, the scan will start using the existing security intelligence. +- If you disable this setting or don't configure this setting, the scan will start using the existing security intelligence. @@ -1397,7 +1397,7 @@ Default system folders are automatically guarded, but you can add folders in the Specify additional folders that should be guarded by the Controlled folder access feature. -Files in these folders cannot be modified or deleted by untrusted applications. +Files in these folders can't be modified or deleted by untrusted applications. Default system folders are automatically protected. You can configure this setting to add additional folders. The list of default system folders that are protected is shown in Windows Security. @@ -1471,7 +1471,7 @@ This policy setting defines the number of days items should be kept in the Quara - If you enable this setting, items will be removed from the Quarantine folder after the number of days specified. -- If you disable or do not configure this setting, items will be kept in the quarantine folder indefinitely and will not be automatically removed. +- If you disable or don't configure this setting, items will be kept in the quarantine folder indefinitely and won't be automatically removed. @@ -1526,11 +1526,11 @@ This policy setting defines the number of days items should be kept in the Quara -This policy setting allows you to configure catch-up scans for scheduled full scans. A catch-up scan is a scan that is initiated because a regularly scheduled scan was missed. Usually these scheduled scans are missed because the computer was turned off at the scheduled time. +This policy setting allows you to configure catch-up scans for scheduled full scans. A catch-up scan is a scan that's initiated because a regularly scheduled scan was missed. Usually these scheduled scans are missed because the computer was turned off at the scheduled time. - If you enable this setting, catch-up scans for scheduled full scans will be turned on. If a computer is offline for two consecutive scheduled scans, a catch-up scan is started the next time someone logs on to the computer. If there is no scheduled scan configured, there will be no catch-up scan run. -- If you disable or do not configure this setting, catch-up scans for scheduled full scans will be turned off. +- If you disable or don't configure this setting, catch-up scans for scheduled full scans will be turned off. @@ -1592,11 +1592,11 @@ This policy setting allows you to configure catch-up scans for scheduled full sc -This policy setting allows you to configure catch-up scans for scheduled quick scans. A catch-up scan is a scan that is initiated because a regularly scheduled scan was missed. Usually these scheduled scans are missed because the computer was turned off at the scheduled time. +This policy setting allows you to configure catch-up scans for scheduled quick scans. A catch-up scan is a scan that's initiated because a regularly scheduled scan was missed. Usually these scheduled scans are missed because the computer was turned off at the scheduled time. - If you enable this setting, catch-up scans for scheduled quick scans will be turned on. If a computer is offline for two consecutive scheduled scans, a catch-up scan is started the next time someone logs on to the computer. If there is no scheduled scan configured, there will be no catch-up scan run. -- If you disable or do not configure this setting, catch-up scans for scheduled quick scans will be turned off. +- If you disable or don't configure this setting, catch-up scans for scheduled quick scans will be turned off. @@ -1676,14 +1676,14 @@ The following will be blocked: The Windows event log will record these blocks under Applications and Services Logs > Microsoft > Windows > Windows Defender > Operational > ID 1123. Disabled: -The following will not be blocked and will be allowed to run: +The following won't be blocked and will be allowed to run: - Attempts by untrusted apps to modify or delete files in protected folders - Attempts by untrusted apps to write to disk sectors -These attempts will not be recorded in the Windows event log. +These attempts won't be recorded in the Windows event log. Audit Mode: -The following will not be blocked and will be allowed to run: +The following won't be blocked and will be allowed to run: - Attempts by untrusted apps to modify or delete files in protected folders - Attempts by untrusted apps to write to disk sectors @@ -1695,18 +1695,18 @@ The following will be blocked: - Attempts by untrusted apps to write to disk sectors The Windows event log will record these attempts under Applications and Services Logs > Microsoft > Windows > Windows Defender > Operational > ID 1123. -The following will not be blocked and will be allowed to run: +The following won't be blocked and will be allowed to run: - Attempts by untrusted apps to modify or delete files in protected folders -These attempts will not be recorded in the Windows event log. +These attempts won't be recorded in the Windows event log. Audit disk modification only: -The following will not be blocked and will be allowed to run: +The following won't be blocked and will be allowed to run: - Attempts by untrusted apps to write to disk sectors - Attempts by untrusted apps to modify or delete files in protected folders Only attempts to write to protected disk sectors will be recorded in the Windows event log (under Applications and Services Logs > Microsoft > Windows > Windows Defender > Operational > ID 1124). -Attempts to modify or delete files in protected folders will not be recorded. +Attempts to modify or delete files in protected folders won't be recorded. Not configured: Same as Disabled. @@ -1777,7 +1777,7 @@ This policy setting allows you to enable or disable low CPU priority for schedul - If you enable this setting, low CPU priority will be used during scheduled scans. -- If you disable or do not configure this setting, not changes will be made to CPU priority for scheduled scans. +- If you disable or don't configure this setting, not changes will be made to CPU priority for scheduled scans. @@ -1844,11 +1844,11 @@ Enable or disable Microsoft Defender Exploit Guard network protection to prevent Enabled: Specify the mode in the Options section: --Block: Users and applications will not be able to access dangerous domains --Audit Mode: Users and applications can connect to dangerous domains, however if this feature would have blocked access if it were set to Block, then a record of the event will be in the event logs. +-Block: Users and applications won't be able to access dangerous domains +-Audit Mode: Users and applications can connect to dangerous domains, however if this feature would've blocked access if it were set to Block, then a record of the event will be in the event logs. Disabled: -Users and applications will not be blocked from connecting to dangerous domains. +Users and applications won't be blocked from connecting to dangerous domains. Not configured: Same as Disabled. @@ -2029,7 +2029,7 @@ Allows an administrator to specify a list of directory paths to ignore during a Allows an administrator to specify a list of files opened by processes to ignore during a scan. > [!IMPORTANT] -> The process itself is not excluded from the scan, but can be by using the Defender/ExcludedPaths policy to exclude its path. Each file type must be separated by a |. For example, C:\Example. exe|C:\Example1.exe. +> The process itself isn't excluded from the scan, but can be by using the Defender/ExcludedPaths policy to exclude its path. Each file type must be separated by a |. For example, C:\Example. exe|C:\Example1.exe. @@ -2091,10 +2091,10 @@ Enabled: Specify the mode in the Options section: -Block: Potentially unwanted software will be blocked. --Audit Mode: Potentially unwanted software will not be blocked, however if this feature would have blocked access if it were set to Block, then a record of the event will be in the event logs. +-Audit Mode: Potentially unwanted software won't be blocked, however if this feature would've blocked access if it were set to Block, then a record of the event will be in the event logs. Disabled: -Potentially unwanted software will not be blocked. +Potentially unwanted software won't be blocked. Not configured: Same as Disabled. @@ -2119,9 +2119,9 @@ Same as Disabled. | Value | Description | |:--|:--| -| 0 (Default) | PUA Protection off. Windows Defender will not protect against potentially unwanted applications. | +| 0 (Default) | PUA Protection off. Windows Defender won't protect against potentially unwanted applications. | | 1 | PUA Protection on. Detected items are blocked. They will show in history along with other threats. | -| 2 | Audit mode. Windows Defender will detect potentially unwanted applications, but take no action. You can review information about the applications Windows Defender would have taken action against by searching for events created by Windows Defender in the Event Viewer. | +| 2 | Audit mode. Windows Defender will detect potentially unwanted applications, but take no action. You can review information about the applications Windows Defender would've taken action against by searching for events created by Windows Defender in the Event Viewer. | @@ -2160,7 +2160,7 @@ Same as Disabled. -This policy setting allows you to configure monitoring for incoming and outgoing files, without having to turn off monitoring entirely. It is recommended for use on servers where there is a lot of incoming and outgoing file activity but for performance reasons need to have scanning disabled for a particular scan direction. The appropriate configuration should be evaluated based on the server role. +This policy setting allows you to configure monitoring for incoming and outgoing files, without having to turn off monitoring entirely. It's recommended for use on servers where there is a lot of incoming and outgoing file activity but for performance reasons need to have scanning disabled for a particular scan direction. The appropriate configuration should be evaluated based on the server role. Note that this configuration is only honored for NTFS volumes. For any other file system type, full monitoring of file and program activity will be present on those volumes. @@ -2169,11 +2169,11 @@ The options for this setting are mutually exclusive: 1 = Scan incoming files only 2 = Scan outgoing files only -Any other value, or if the value does not exist, resolves to the default (0). +Any other value, or if the value doesn't exist, resolves to the default (0). - If you enable this setting, the specified type of monitoring will be enabled. -- If you disable or do not configure this setting, monitoring for incoming and outgoing files will be enabled. +- If you disable or don't configure this setting, monitoring for incoming and outgoing files will be enabled. @@ -2243,7 +2243,7 @@ This policy setting allows you to specify the scan type to use during a schedule - If you enable this setting, the scan type will be set to the specified value. -- If you disable or do not configure this setting, the default scan type will be used. +- If you disable or don't configure this setting, the default scan type will be used. @@ -2310,7 +2310,7 @@ This policy setting allows you to specify the time of day at which to perform a - If you enable this setting, a daily quick scan will run at the time of day specified. -- If you disable or do not configure this setting, daily quick scan controlled by this config will not be run. +- If you disable or don't configure this setting, daily quick scan controlled by this config won't be run. @@ -2380,7 +2380,7 @@ This setting can be configured with the following ordinal number values: - If you enable this setting, a scheduled scan will run at the frequency specified. -- If you disable or do not configure this setting, a scheduled scan will run at a default frequency. +- If you disable or don't configure this setting, a scheduled scan will run at a default frequency. @@ -2454,7 +2454,7 @@ This policy setting allows you to specify the time of day at which to perform a - If you enable this setting, a scheduled scan will run at the time of day specified. -- If you disable or do not configure this setting, a scheduled scan will run at a default time. +- If you disable or don't configure this setting, a scheduled scan will run at a default time. @@ -2511,7 +2511,7 @@ This policy setting allows you to specify the time of day at which to perform a This policy setting allows you to define the security intelligence location for VDI-configured computers. -If you disable or do not configure this setting, security intelligence will be referred from the default local source. +If you disable or don't configure this setting, security intelligence will be referred from the default local source. @@ -2568,9 +2568,9 @@ This policy setting allows you to define the order in which different security i For Example: `{ InternalDefinitionUpdateServer | MicrosoftUpdateServer | MMPC }` -- If you enable this setting, security intelligence update sources will be contacted in the order specified. Once security intelligence updates have been successfully downloaded from one specified source, the remaining sources in the list will not be contacted. +- If you enable this setting, security intelligence update sources will be contacted in the order specified. Once security intelligence updates have been successfully downloaded from one specified source, the remaining sources in the list won't be contacted. -- If you disable or do not configure this setting, security intelligence update sources will be contacted in a default order. +- If you disable or don't configure this setting, security intelligence update sources will be contacted in a default order. @@ -2624,11 +2624,11 @@ For Example: `{ InternalDefinitionUpdateServer | MicrosoftUpdateServer | MMPC }` -This policy setting allows you to configure UNC file share sources for downloading security intelligence updates. Sources will be contacted in the order specified. The value of this setting should be entered as a pipe-separated string enumerating the security intelligence update sources. For example: "{\\unc1 | \\unc2 }". The list is empty by default. +This policy setting allows you to configure UNC file share sources for downloading security intelligence updates. Sources will be contacted in the order specified. The value of this setting should be entered as a pipe-separated string enumerating the security intelligence update sources. For example: "`{\\unc1 | \\unc2 }`". The list is empty by default. -- If you enable this setting, the specified sources will be contacted for security intelligence updates. Once security intelligence updates have been successfully downloaded from one specified source, the remaining sources in the list will not be contacted. +- If you enable this setting, the specified sources will be contacted for security intelligence updates. Once security intelligence updates have been successfully downloaded from one specified source, the remaining sources in the list won't be contacted. -- If you disable or do not configure this setting, the list will remain empty by default and no sources will be contacted. +- If you disable or don't configure this setting, the list will remain empty by default and no sources will be contacted. @@ -2686,7 +2686,7 @@ This policy setting allows you to specify an interval at which to check for secu - If you enable this setting, checks for security intelligence updates will occur at the interval specified. -- If you disable or do not configure this setting, checks for security intelligence updates will occur at the default interval. +- If you disable or don't configure this setting, checks for security intelligence updates will occur at the default interval. @@ -2848,7 +2848,7 @@ Valid remediation action values are: |:--|:--| | Name | Threats_ThreatSeverityDefaultAction | | Friendly Name | Specify threat alert levels at which default action should not be taken when detected | -| Element Name | Specify threat alert levels at which default action should not be taken when detected. | +| Element Name | Specify threat alert levels at which default action shouldn't be taken when detected. | | Location | Computer Configuration | | Path | Windows Components > Microsoft Defender Antivirus > Threats | | Registry Key Name | Software\Policies\Microsoft\Windows Defender\Threats | diff --git a/windows/client-management/mdm/policy-csp-deliveryoptimization.md b/windows/client-management/mdm/policy-csp-deliveryoptimization.md index 96df133dc7..85af3b232c 100644 --- a/windows/client-management/mdm/policy-csp-deliveryoptimization.md +++ b/windows/client-management/mdm/policy-csp-deliveryoptimization.md @@ -229,7 +229,7 @@ Options available are: 2 = DHCP Option 235 Force. -If this policy is not configured, the client will attempt to automatically find a cache server using DNS-SD. If set to 0, the client will not use DNS-SD to automatically find a cache server. If set to 1 or 2, the client will query DHCP Option ID 235 and use the returned value as the Cache Server Hostname. Option 2 overrides the Cache Server Hostname policy, if configured. +If this policy isn't configured, the client will attempt to automatically find a cache server using DNS-SD. If set to 0, the client won't use DNS-SD to automatically find a cache server. If set to 1 or 2, the client will query DHCP Option ID 235 and use the returned value as the Cache Server Hostname. Option 2 overrides the Cache Server Hostname policy, if configured. @@ -286,11 +286,11 @@ If this policy is not configured, the client will attempt to automatically find -This policy allows you to delay the use of an HTTP source in a background download that is allowed to use P2P. +This policy allows you to delay the use of an HTTP source in a background download that's allowed to use P2P. -After the max delay has reached, the download will resume using HTTP, either downloading the entire payload or complementing the bytes that could not be downloaded from Peers. +After the max delay has reached, the download will resume using HTTP, either downloading the entire payload or complementing the bytes that couldn't be downloaded from Peers. -Note that a download that is waiting for peer sources, will appear to be stuck for the end user. +Note that a download that's waiting for peer sources, will appear to be stuck for the end user. The recommended value is 1 hour (3600). @@ -457,11 +457,11 @@ Specifies the time in seconds to delay the fallback from Cache Server to the HTT -This policy allows you to delay the use of an HTTP source in a foreground (interactive) download that is allowed to use P2P. +This policy allows you to delay the use of an HTTP source in a foreground (interactive) download that's allowed to use P2P. -After the max delay has reached, the download will resume using HTTP, either downloading the entire payload or complementing the bytes that could not be downloaded from Peers. +After the max delay has reached, the download will resume using HTTP, either downloading the entire payload or complementing the bytes that couldn't be downloaded from Peers. -Note that a download that is waiting for peer sources, will appear to be stuck for the end user. +Note that a download that's waiting for peer sources, will appear to be stuck for the end user. The recommended value is 1 minute (60). @@ -605,8 +605,8 @@ Specifies the download method that Delivery Optimization can use in downloads of | 1 | HTTP blended with peering behind the same NAT. | | 2 | When this option is selected, peering will cross NATs. To create a custom group use Group ID in combination with Mode 2. | | 3 | HTTP blended with Internet peering. | -| 99 | Simple download mode with no peering. Delivery Optimization downloads using HTTP only and does not attempt to contact the Delivery Optimization cloud services. Added in Windows 10, version 1607. | -| 100 | Bypass mode. Windows 10: Do not use Delivery Optimization and use BITS instead. Windows 11: Deprecated, use Simple mode instead. | +| 99 | Simple download mode with no peering. Delivery Optimization downloads using HTTP only and doesn't attempt to contact the Delivery Optimization cloud services. Added in Windows 10, version 1607. | +| 100 | Bypass mode. Windows 10: Don't use Delivery Optimization and use BITS instead. Windows 11: Deprecated, use Simple mode instead. | @@ -648,9 +648,9 @@ Specifies the download method that Delivery Optimization can use in downloads of Group ID must be set as a GUID. This Policy specifies an arbitrary group ID that the device belongs to. -Use this if you need to create a single group for Local Network Peering for branches that are on different domains or are not on the same LAN. +Use this if you need to create a single group for Local Network Peering for branches that are on different domains or aren't on the same LAN. -Note this is a best effort optimization and should not be relied on for an authentication of identity. +Note this is a best effort optimization and shouldn't be relied on for an authentication of identity. @@ -829,7 +829,7 @@ The default value 0 (zero) means that Delivery Optimization dynamically adjusts -Specifies the maximum time in seconds that each file is held in the Delivery Optimization cache after downloading successfully. The value 0 (zero) means unlimited; Delivery Optimization will hold the files in the cache longer and make the files available for uploads to other devices, as long as the cache size has not exceeded. The value 0 is new in Windows 10, version 1607. The default value is 604800 seconds (7 days). +Specifies the maximum time in seconds that each file is held in the Delivery Optimization cache after downloading successfully. The value 0 (zero) means unlimited; Delivery Optimization will hold the files in the cache longer and make the files available for uploads to other devices, as long as the cache size hasn't exceeded. The value 0 is new in Windows 10, version 1607. The default value is 604800 seconds (7 days). @@ -1335,7 +1335,7 @@ By default, %SystemDrive% is used to store the cache. The drive location can be -Specifies the maximum total bytes in GB that Delivery Optimization is allowed to upload to Internet peers in each calendar month. The value 0 (zero) means unlimited; No monthly upload limit is applied if 0 is set. The default value is 5120 (5 TB). +Specifies the maximum total bytes in GB that Delivery Optimization is allowed to upload to Internet peers in each calendar month. The value 0 (zero) means unlimited; No monthly upload limit's applied if 0 is set. The default value is 5120 (5 TB). diff --git a/windows/client-management/mdm/policy-csp-desktopappinstaller.md b/windows/client-management/mdm/policy-csp-desktopappinstaller.md index 81d408575b..8167513c1a 100644 --- a/windows/client-management/mdm/policy-csp-desktopappinstaller.md +++ b/windows/client-management/mdm/policy-csp-desktopappinstaller.md @@ -41,9 +41,9 @@ ms.topic: reference This policy controls additional sources provided by the enterprise IT administrator. -- If you do not configure this policy, no additional sources will be configured for the [Windows Package Manager](/windows/package-manager/). +- If you don't configure this policy, no additional sources will be configured for the [Windows Package Manager](/windows/package-manager/). -- If you enable this policy, the additional sources will be added to the [Windows Package Manager](/windows/package-manager/) and cannot be removed. The representation for each additional source can be obtained from installed sources using '[winget source export](/windows/package-manager/winget)'. +- If you enable this policy, the additional sources will be added to the [Windows Package Manager](/windows/package-manager/) and can't be removed. The representation for each additional source can be obtained from installed sources using '[winget source export](/windows/package-manager/winget)'. - If you disable this policy, no additional sources can be configured for the [Windows Package Manager](/windows/package-manager/). @@ -102,7 +102,7 @@ This policy controls additional sources provided by the enterprise IT administra This policy controls additional sources allowed by the enterprise IT administrator. -- If you do not configure this policy, users will be able to add or remove additional sources other than those configured by policy. +- If you don't configure this policy, users will be able to add or remove additional sources other than those configured by policy. - If you enable this policy, only the sources specified can be added or removed from the [Windows Package Manager](/windows/package-manager/). The representation for each allowed source can be obtained from installed sources using '[winget source export](/windows/package-manager/winget)'. @@ -163,9 +163,9 @@ This policy controls additional sources allowed by the enterprise IT administrat This policy controls whether the [Windows Package Manager](/windows/package-manager/) can be used by users. -- If you enable or do not configure this setting, users will be able to use the [Windows Package Manager](/windows/package-manager/). +- If you enable or don't configure this setting, users will be able to use the [Windows Package Manager](/windows/package-manager/). -- If you disable this setting, users will not be able to use the [Windows Package Manager](/windows/package-manager/). +- If you disable this setting, users won't be able to use the [Windows Package Manager](/windows/package-manager/). @@ -273,11 +273,11 @@ Users will still be able to execute the *winget* command. The default help will This policy controls the default source included with the [Windows Package Manager](/windows/package-manager/). -- If you do not configure this setting, the default source for the [Windows Package Manager](/windows/package-manager/) will be available and can be removed. +- If you don't configure this setting, the default source for the [Windows Package Manager](/windows/package-manager/) will be available and can be removed. -- If you enable this setting, the default source for the [Windows Package Manager](/windows/package-manager/) will be available and cannot be removed. +- If you enable this setting, the default source for the [Windows Package Manager](/windows/package-manager/) will be available and can't be removed. -- If you disable this setting the default source for the [Windows Package Manager](/windows/package-manager/) will not be available. +- If you disable this setting the default source for the [Windows Package Manager](/windows/package-manager/) won't be available. @@ -334,9 +334,9 @@ This policy controls the default source included with the [Windows Package Manag This policy controls whether users can enable experimental features in the [Windows Package Manager](/windows/package-manager/). -- If you enable or do not configure this setting, users will be able to enable experimental features for the [Windows Package Manager](/windows/package-manager/). +- If you enable or don't configure this setting, users will be able to enable experimental features for the [Windows Package Manager](/windows/package-manager/). -- If you disable this setting, users will not be able to enable experimental features for the [Windows Package Manager](/windows/package-manager/). +- If you disable this setting, users won't be able to enable experimental features for the [Windows Package Manager](/windows/package-manager/). @@ -394,9 +394,9 @@ Experimental features are used during Windows Package Manager development cycle This policy controls whether or not the [Windows Package Manager](/windows/package-manager/) can be configured to enable the ability override the SHA256 security validation in settings. -- If you enable or do not configure this policy, users will be able to enable the ability override the SHA256 security validation in the [Windows Package Manager](/windows/package-manager/) settings. +- If you enable or don't configure this policy, users will be able to enable the ability override the SHA256 security validation in the [Windows Package Manager](/windows/package-manager/) settings. -- If you disable this policy, users will not be able to enable the ability override the SHA256 security validation in the [Windows Package Manager](/windows/package-manager/) settings. +- If you disable this policy, users won't be able to enable the ability override the SHA256 security validation in the [Windows Package Manager](/windows/package-manager/) settings. @@ -503,9 +503,9 @@ This policy controls whether or not the [Windows Package Manager](/windows/packa This policy controls whether users can install packages with local manifest files. -- If you enable or do not configure this setting, users will be able to install packages with local manifests using the [Windows Package Manager](/windows/package-manager/). +- If you enable or don't configure this setting, users will be able to install packages with local manifests using the [Windows Package Manager](/windows/package-manager/). -- If you disable this setting, users will not be able to install packages with local manifests using the [Windows Package Manager](/windows/package-manager/). +- If you disable this setting, users won't be able to install packages with local manifests using the [Windows Package Manager](/windows/package-manager/). @@ -562,11 +562,11 @@ This policy controls whether users can install packages with local manifest file This policy controls the Microsoft Store source included with the [Windows Package Manager](/windows/package-manager/). -- If you do not configure this setting, the Microsoft Store source for the Windows Package manager will be available and can be removed. +- If you don't configure this setting, the Microsoft Store source for the Windows Package manager will be available and can be removed. -- If you enable this setting, the Microsoft Store source for the [Windows Package Manager](/windows/package-manager/) will be available and cannot be removed. +- If you enable this setting, the Microsoft Store source for the [Windows Package Manager](/windows/package-manager/) will be available and can't be removed. -- If you disable this setting the Microsoft Store source for the [Windows Package Manager](/windows/package-manager/) will not be available. +- If you disable this setting the Microsoft Store source for the [Windows Package Manager](/windows/package-manager/) won't be available. @@ -621,11 +621,11 @@ This policy controls the Microsoft Store source included with the [Windows Packa -This policy controls whether users can install packages from a website that is using the ms-appinstaller protocol. +This policy controls whether users can install packages from a website that's using the ms-appinstaller protocol. -- If you enable or do not configure this setting, users will be able to install packages from websites that use this protocol. +- If you enable or don't configure this setting, users will be able to install packages from websites that use this protocol. -- If you disable this setting, users will not be able to install packages from websites that use this protocol. +- If you disable this setting, users won't be able to install packages from websites that use this protocol. @@ -682,9 +682,9 @@ This policy controls whether users can install packages from a website that is u This policy controls whether users can change their settings. -- If you enable or do not configure this setting, users will be able to change settings for the [Windows Package Manager](/windows/package-manager/). +- If you enable or don't configure this setting, users will be able to change settings for the [Windows Package Manager](/windows/package-manager/). -- If you disable this setting, users will not be able to change settings for the [Windows Package Manager](/windows/package-manager/). +- If you disable this setting, users won't be able to change settings for the [Windows Package Manager](/windows/package-manager/). @@ -742,7 +742,7 @@ The settings are stored inside of a .json file on the user’s system. It may be This policy controls the auto update interval for package-based sources. -- If you disable or do not configure this setting, the default interval or the value specified in settings will be used by the [Windows Package Manager](/windows/package-manager/). +- If you disable or don't configure this setting, the default interval or the value specified in settings will be used by the [Windows Package Manager](/windows/package-manager/). - If you enable this setting, the number of minutes specified will be used by the [Windows Package Manager](/windows/package-manager/). diff --git a/windows/client-management/mdm/policy-csp-devicehealthmonitoring.md b/windows/client-management/mdm/policy-csp-devicehealthmonitoring.md index 259c785fc2..d895e28ed0 100644 --- a/windows/client-management/mdm/policy-csp-devicehealthmonitoring.md +++ b/windows/client-management/mdm/policy-csp-devicehealthmonitoring.md @@ -87,7 +87,7 @@ DeviceHealthMonitoring is an opt-in health monitoring connection between the dev -If the device is not opted-in to the DeviceHealthMonitoring service via the AllowDeviceHealthMonitoring then this policy has no meaning. For devices which are opted in, the value of this policy modifies which types of events are monitored. +If the device isn't opted-in to the DeviceHealthMonitoring service via the AllowDeviceHealthMonitoring then this policy has no meaning. For devices which are opted in, the value of this policy modifies which types of events are monitored. @@ -128,7 +128,7 @@ This policy is applicable only if the [AllowDeviceHealthMonitoring](#allowdevice -If the device is not opted-in to the DeviceHealthMonitoring service via the AllowDeviceHealthMonitoring then this policy has no meaning. For devices which are opted in, the value of this policy modifies which service instance to which events are to be uploaded. +If the device isn't opted-in to the DeviceHealthMonitoring service via the AllowDeviceHealthMonitoring then this policy has no meaning. For devices which are opted in, the value of this policy modifies which service instance to which events are to be uploaded. @@ -168,7 +168,7 @@ If the device is not opted-in to the DeviceHealthMonitoring service via the Allo -If the device is not opted-in to the DeviceHealthMonitoring service via the AllowDeviceHealthMonitoring then this policy has no meaning. For devices which are opted in, the value of this policy modifies which destinations are in-scope for monitored events to be uploaded. +If the device isn't opted-in to the DeviceHealthMonitoring service via the AllowDeviceHealthMonitoring then this policy has no meaning. For devices which are opted in, the value of this policy modifies which destinations are in-scope for monitored events to be uploaded. diff --git a/windows/client-management/mdm/policy-csp-deviceinstallation.md b/windows/client-management/mdm/policy-csp-deviceinstallation.md index 2f8849bd97..1389673315 100644 --- a/windows/client-management/mdm/policy-csp-deviceinstallation.md +++ b/windows/client-management/mdm/policy-csp-deviceinstallation.md @@ -45,16 +45,16 @@ When this policy setting is enabled together with the "Apply layered order of ev - Prevent installation of devices that match these device IDs - Prevent installation of devices that match any of these device instance IDs -If the "Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria" policy setting is not enabled with this policy setting, then any other policy settings specifically preventing installation will take precedence. +If the "Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria" policy setting isn't enabled with this policy setting, then any other policy settings specifically preventing installation will take precedence. > [!NOTE] -> The "Prevent installation of devices not described by other policy settings" policy setting has been replaced by the "Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria" policy setting for supported target Windows 10 versions. It is recommended that you use the "Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria" policy setting when possible. +> The "Prevent installation of devices not described by other policy settings" policy setting has been replaced by the "Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria" policy setting for supported target Windows 10 versions. It's recommended that you use the "Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria" policy setting when possible. Alternatively, if this policy setting is enabled together with the "Prevent installation of devices not described by other policy settings" policy setting, Windows is allowed to install or update any device whose Plug and Play hardware ID or compatible ID appears in the list you create, unless another policy setting specifically prevents that installation (for example, the "Prevent installation of devices that match any of these device IDs" policy setting, the "Prevent installation of devices for these device classes" policy setting, the "Prevent installation of devices that match any of these device instance IDs" policy setting, or the "Prevent installation of removable devices" policy setting). - If you enable this policy setting on a remote desktop server, the policy setting affects redirection of the specified devices from a remote desktop client to the remote desktop server. -- If you disable or do not configure this policy setting, and no other policy setting describes the device, the "Prevent installation of devices not described by other policy settings" policy setting determines whether the device can be installed. +- If you disable or don't configure this policy setting, and no other policy setting describes the device, the "Prevent installation of devices not described by other policy settings" policy setting determines whether the device can be installed. @@ -146,16 +146,16 @@ This policy setting allows you to specify a list of Plug and Play device instanc When this policy setting is enabled together with the "Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria" policy setting, Windows is allowed to install or update any device whose Plug and Play device instance ID appears in the list you create, unless another policy setting at the same or higher layer in the hierarchy specifically prevents that installation, such as the following policy settings: - Prevent installation of devices that match any of these device instance IDs -If the "Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria" policy setting is not enabled with this policy setting, then any other policy settings specifically preventing installation will take precedence. +If the "Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria" policy setting isn't enabled with this policy setting, then any other policy settings specifically preventing installation will take precedence. > [!NOTE] -> The "Prevent installation of devices not described by other policy settings" policy setting has been replaced by the "Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria" policy setting for supported target Windows 10 versions. It is recommended that you use the "Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria" policy setting when possible. +> The "Prevent installation of devices not described by other policy settings" policy setting has been replaced by the "Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria" policy setting for supported target Windows 10 versions. It's recommended that you use the "Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria" policy setting when possible. Alternatively, if this policy setting is enabled together with the "Prevent installation of devices not described by other policy settings" policy setting, Windows is allowed to install or update any device whose Plug and Play device instance ID appears in the list you create, unless another policy setting specifically prevents that installation (for example, the "Prevent installation of devices that match any of these device IDs" policy setting, the "Prevent installation of devices for these device classes" policy setting, the "Prevent installation of devices that match any of these device instance IDs" policy setting, or the "Prevent installation of removable devices" policy setting). - If you enable this policy setting on a remote desktop server, the policy setting affects redirection of the specified devices from a remote desktop client to the remote desktop server. -- If you disable or do not configure this policy setting, and no other policy setting describes the device, the "Prevent installation of devices not described by other policy settings" policy setting determines whether the device can be installed. +- If you disable or don't configure this policy setting, and no other policy setting describes the device, the "Prevent installation of devices not described by other policy settings" policy setting determines whether the device can be installed. @@ -251,16 +251,16 @@ When this policy setting is enabled together with the "Apply layered order of ev - Prevent installation of devices for these device classes - Prevent installation of devices that match these device IDs - Prevent installation of devices that match any of these device instance IDs -If the "Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria" policy setting is not enabled with this policy setting, then any other policy settings specifically preventing installation will take precedence. +If the "Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria" policy setting isn't enabled with this policy setting, then any other policy settings specifically preventing installation will take precedence. > [!NOTE] -> The "Prevent installation of devices not described by other policy settings" policy setting has been replaced by the "Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria" policy setting for supported target Windows 10 versions. It is recommended that you use the "Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria" policy setting when possible. +> The "Prevent installation of devices not described by other policy settings" policy setting has been replaced by the "Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria" policy setting for supported target Windows 10 versions. It's recommended that you use the "Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria" policy setting when possible. Alternatively, if this policy setting is enabled together with the "Prevent installation of devices not described by other policy settings" policy setting, Windows is allowed to install or update driver packages whose device setup class GUIDs appear in the list you create, unless another policy setting specifically prevents installation (for example, the "Prevent installation of devices that match these device IDs" policy setting, the "Prevent installation of devices for these device classes" policy setting, the "Prevent installation of devices that match any of these device instance IDs" policy setting, or the "Prevent installation of removable devices" policy setting). - If you enable this policy setting on a remote desktop server, the policy setting affects redirection of the specified devices from a remote desktop client to the remote desktop server. -- If you disable or do not configure this policy setting, and no other policy setting describes the device, the "Prevent installation of devices not described by other policy settings" policy setting determines whether the device can be installed. +- If you disable or don't configure this policy setting, and no other policy setting describes the device, the "Prevent installation of devices not described by other policy settings" policy setting determines whether the device can be installed. @@ -381,7 +381,7 @@ Removable devices > [!NOTE] > This policy setting provides more granular control than the "Prevent installation of devices not described by other policy settings" policy setting. If these conflicting policy settings are enabled at the same time, the "Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria" policy setting will be enabled and the other policy setting will be ignored. -If you disable or do not configure this policy setting, the default evaluation is used. By default, all "Prevent installation..." policy settings have precedence over any other policy setting that allows Windows to install a device. +If you disable or don't configure this policy setting, the default evaluation is used. By default, all "Prevent installation..." policy settings have precedence over any other policy setting that allows Windows to install a device. @@ -473,9 +473,9 @@ You can also change the evaluation order of device installation policy settings This policy setting allows you to prevent Windows from retrieving device metadata from the Internet. -- If you enable this policy setting, Windows does not retrieve device metadata for installed devices from the Internet. This policy setting overrides the setting in the Device Installation Settings dialog box (Control Panel > System and Security > System > Advanced System Settings > Hardware tab). +- If you enable this policy setting, Windows doesn't retrieve device metadata for installed devices from the Internet. This policy setting overrides the setting in the Device Installation Settings dialog box (Control Panel > System and Security > System > Advanced System Settings > Hardware tab). -- If you disable or do not configure this policy setting, the setting in the Device Installation Settings dialog box controls whether Windows retrieves device metadata from the Internet. +- If you disable or don't configure this policy setting, the setting in the Device Installation Settings dialog box controls whether Windows retrieves device metadata from the Internet. @@ -530,14 +530,14 @@ This policy setting allows you to prevent Windows from retrieving device metadat -This policy setting allows you to prevent the installation of devices that are not specifically described by any other policy setting. +This policy setting allows you to prevent the installation of devices that aren't specifically described by any other policy setting. > [!NOTE] -> This policy setting has been replaced by the "Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria" policy setting to provide more granular control. It is recommended that you use the "Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria" policy setting instead of this policy setting. +> This policy setting has been replaced by the "Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria" policy setting to provide more granular control. It's recommended that you use the "Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria" policy setting instead of this policy setting. -- If you enable this policy setting, Windows is prevented from installing or updating the driver package for any device that is not described by either the "Allow installation of devices that match any of these device IDs", the "Allow installation of devices for these device classes", or the "Allow installation of devices that match any of these device instance IDs" policy setting. +- If you enable this policy setting, Windows is prevented from installing or updating the driver package for any device that isn't described by either the "Allow installation of devices that match any of these device IDs", the "Allow installation of devices for these device classes", or the "Allow installation of devices that match any of these device instance IDs" policy setting. -- If you disable or do not configure this policy setting, Windows is allowed to install or update the driver package for any device that is not described by the "Prevent installation of devices that match any of these device IDs", "Prevent installation of devices for these device classes" policy setting, "Prevent installation of devices that match any of these device instance IDs", or "Prevent installation of removable devices" policy setting. +- If you disable or don't configure this policy setting, Windows is allowed to install or update the driver package for any device that isn't described by the "Prevent installation of devices that match any of these device IDs", "Prevent installation of devices for these device classes" policy setting, "Prevent installation of devices that match any of these device instance IDs", or "Prevent installation of removable devices" policy setting. @@ -638,7 +638,7 @@ This policy setting allows you to specify a list of Plug and Play hardware IDs a - If you enable this policy setting on a remote desktop server, the policy setting affects redirection of the specified devices from a remote desktop client to the remote desktop server. -- If you disable or do not configure this policy setting, devices can be installed and updated as allowed or prevented by other policy settings. +- If you disable or don't configure this policy setting, devices can be installed and updated as allowed or prevented by other policy settings. @@ -739,7 +739,7 @@ This policy setting allows you to specify a list of Plug and Play device instanc - If you enable this policy setting on a remote desktop server, the policy setting affects redirection of the specified devices from a remote desktop client to the remote desktop server. -- If you disable or do not configure this policy setting, devices can be installed and updated as allowed or prevented by other policy settings. +- If you disable or don't configure this policy setting, devices can be installed and updated as allowed or prevented by other policy settings. @@ -853,7 +853,7 @@ This policy setting allows you to specify a list of device setup class globally - If you enable this policy setting on a remote desktop server, the policy setting affects redirection of the specified devices from a remote desktop client to the remote desktop server. -- If you disable or do not configure this policy setting, Windows can install and update devices as allowed or prevented by other policy settings. +- If you disable or don't configure this policy setting, Windows can install and update devices as allowed or prevented by other policy settings. diff --git a/windows/client-management/mdm/policy-csp-devicelock.md b/windows/client-management/mdm/policy-csp-devicelock.md index a6e8a48030..c2c0ede75a 100644 --- a/windows/client-management/mdm/policy-csp-devicelock.md +++ b/windows/client-management/mdm/policy-csp-devicelock.md @@ -43,7 +43,7 @@ ms.topic: reference -Account lockout threshold - This security setting determines the number of failed logon attempts that causes a user account to be locked out. A locked-out account cannot be used until it is reset by an administrator or until the lockout duration for the account has expired. You can set a value between 0 and 999 failed logon attempts. If you set the value to 0, the account will never be locked out. Failed password attempts against workstations or member servers that have been locked using either CTRL+ALT+DELETE or password-protected screen savers count as failed logon attempts. Default: 0 Account lockout duration - This security setting determines the number of minutes a locked-out account remains locked out before automatically becoming unlocked. The available range is from 0 minutes through 99,999 minutes. If you set the account lockout duration to 0, the account will be locked out until an administrator explicitly unlocks it. If an account lockout threshold is defined, the account lockout duration must be greater than or equal to the reset time. Default: None, because this policy setting only has meaning when an Account lockout threshold is specified. Reset account lockout counter after - This security setting determines the number of minutes that must elapse after a failed logon attempt before the failed logon attempt counter is reset to 0 bad logon attempts. The available range is 1 minute to 99,999 minutes. If an account lockout threshold is defined, this reset time must be less than or equal to the Account lockout duration. Default: None, because this policy setting only has meaning when an Account lockout threshold is specified. +Account lockout threshold - This security setting determines the number of failed logon attempts that causes a user account to be locked out. A locked-out account can't be used until it's reset by an administrator or until the lockout duration for the account has expired. You can set a value between 0 and 999 failed logon attempts. If you set the value to 0, the account will never be locked out. Failed password attempts against workstations or member servers that have been locked using either CTRL+ALT+DELETE or password-protected screen savers count as failed logon attempts. Default: 0 Account lockout duration - This security setting determines the number of minutes a locked-out account remains locked out before automatically becoming unlocked. The available range is from 0 minutes through 99,999 minutes. If you set the account lockout duration to 0, the account will be locked out until an administrator explicitly unlocks it. If an account lockout threshold is defined, the account lockout duration must be greater than or equal to the reset time. Default: None, because this policy setting only has meaning when an Account lockout threshold is specified. Reset account lockout counter after - This security setting determines the number of minutes that must elapse after a failed logon attempt before the failed logon attempt counter is reset to 0 bad logon attempts. The available range is 1 minute to 99,999 minutes. If an account lockout threshold is defined, this reset time must be less than or equal to the Account lockout duration. Default: None, because this policy setting only has meaning when an Account lockout threshold is specified. @@ -348,7 +348,7 @@ Determines the type of PIN or password required. This policy only applies if the Store passwords using reversible encryption -This security setting determines whether the operating system stores passwords using reversible encryption. This policy provides support for applications that use protocols that require knowledge of the user's password for authentication purposes. Storing passwords using reversible encryption is essentially the same as storing plaintext versions of the passwords. For this reason, this policy should never be enabled unless application requirements outweigh the need to protect password information. This policy is required when using Challenge-Handshake Authentication Protocol (CHAP) authentication through remote access or Internet Authentication Services (IAS). It is also required when using Digest Authentication in Internet Information Services (IIS). +This security setting determines whether the operating system stores passwords using reversible encryption. This policy provides support for applications that use protocols that require knowledge of the user's password for authentication purposes. Storing passwords using reversible encryption is essentially the same as storing plaintext versions of the passwords. For this reason, this policy should never be enabled unless application requirements outweigh the need to protect password information. This policy is required when using Challenge-Handshake Authentication Protocol (CHAP) authentication through remote access or Internet Authentication Services (IAS). It's also required when using Digest Authentication in Internet Information Services (IIS). @@ -578,7 +578,7 @@ For more information about this policy, see [Exchange ActiveSync Policy Engine O -Specifies the default lock screen and logon image shown when no user is signed in. It also sets the specified image for all users, which replaces the default image. The same image is used for both the lock and logon screens. Users will not be able to change this image. Value type is a string, which is the full image filepath and filename. +Specifies the default lock screen and logon image shown when no user is signed in. It also sets the specified image for all users, which replaces the default image. The same image is used for both the lock and logon screens. Users won't be able to change this image. Value type is a string, which is the full image filepath and filename. @@ -658,7 +658,7 @@ Specifies the default lock screen and logon image shown when no user is signed i The number of authentication failures allowed before the device will be wiped. A value of 0 disables device wipe functionality. > [!NOTE] -> This policy must be wrapped in an Atomic command. This policy has different behaviors on the mobile device and desktop. On a mobile device, when the user reaches the value set by this policy, then the device is wiped. On a desktop, when the user reaches the value set by this policy, it is not wiped. Instead, the desktop is put on BitLocker recovery mode, which makes the data inaccessible but recoverable. If BitLocker is not enabled, then the policy cannot be enforced. Prior to reaching the failed attempts limit, the user is sent to the lock screen and warned that more failed attempts will lock their computer. When the user reaches the limit, the device automatically reboots and shows the BitLocker recovery page. This page prompts the user for the BitLocker recovery key. Most secure value is 0 if all policy values = 0; otherwise, Min policy value is the most secure value. For additional information about this policy, see [Exchange ActiveSync Policy Engine Overview](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn282287(v=ws.11)). +> This policy must be wrapped in an Atomic command. This policy has different behaviors on the mobile device and desktop. On a mobile device, when the user reaches the value set by this policy, then the device is wiped. On a desktop, when the user reaches the value set by this policy, it isn't wiped. Instead, the desktop is put on BitLocker recovery mode, which makes the data inaccessible but recoverable. If BitLocker isn't enabled, then the policy can't be enforced. Prior to reaching the failed attempts limit, the user is sent to the lock screen and warned that more failed attempts will lock their computer. When the user reaches the limit, the device automatically reboots and shows the BitLocker recovery page. This page prompts the user for the BitLocker recovery key. Most secure value is 0 if all policy values = 0; otherwise, Min policy value is the most secure value. For additional information about this policy, see [Exchange ActiveSync Policy Engine Overview](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn282287(v=ws.11)). @@ -703,7 +703,7 @@ The number of authentication failures allowed before the device will be wiped. A This security setting determines the period of time (in days) that a password can be used before the system requires the user to change it. You can set passwords to expire after a number of days between 1 and 999, or you can specify that passwords never expire by setting the number of days to 0. If the maximum password age is between 1 and 999 days, the Minimum password age must be less than the maximum password age. If the maximum password age is set to 0, the minimum password age can be any value between 0 and 998 days. > [!NOTE] -> It is a security best practice to have passwords expire every 30 to 90 days, depending on your environment. This way, an attacker has a limited amount of time in which to crack a user's password and have access to your network resources. Default: 42. +> It's a security best practice to have passwords expire every 30 to 90 days, depending on your environment. This way, an attacker has a limited amount of time in which to crack a user's password and have access to your network resources. Default: 42. @@ -990,7 +990,7 @@ The following example shows how to set the minimum password length to 4 characte -This security setting determines the period of time (in days) that a password must be used before the user can change it. You can set a value between 1 and 998 days, or you can allow changes immediately by setting the number of days to 0. The minimum password age must be less than the Maximum password age, unless the maximum password age is set to 0, indicating that passwords will never expire. If the maximum password age is set to 0, the minimum password age can be set to any value between 0 and 998. Configure the minimum password age to be more than 0 if you want Enforce password history to be effective. Without a minimum password age, users can cycle through passwords repeatedly until they get to an old favorite. The default setting does not follow this recommendation, so that an administrator can specify a password for a user and then require the user to change the administrator-defined password when the user logs on. If the password history is set to 0, the user does not have to choose a new password. For this reason, Enforce password history is set to 1 by default. +This security setting determines the period of time (in days) that a password must be used before the user can change it. You can set a value between 1 and 998 days, or you can allow changes immediately by setting the number of days to 0. The minimum password age must be less than the Maximum password age, unless the maximum password age is set to 0, indicating that passwords will never expire. If the maximum password age is set to 0, the minimum password age can be set to any value between 0 and 998. Configure the minimum password age to be more than 0 if you want Enforce password history to be effective. Without a minimum password age, users can cycle through passwords repeatedly until they get to an old favorite. The default setting doesn't follow this recommendation, so that an administrator can specify a password for a user and then require the user to change the administrator-defined password when the user logs on. If the password history is set to 0, the user doesn't have to choose a new password. For this reason, Enforce password history is set to 1 by default. @@ -1101,10 +1101,10 @@ Complexity requirements are enforced when passwords are changed or created. Enforce password history -This security setting determines the number of unique new passwords that have to be associated with a user account before an old password can be reused. The value must be between 0 and 24 passwords. This policy enables administrators to enhance security by ensuring that old passwords are not reused continually. Default: 24 on domain controllers. 0 on stand-alone servers. +This security setting determines the number of unique new passwords that have to be associated with a user account before an old password can be reused. The value must be between 0 and 24 passwords. This policy enables administrators to enhance security by ensuring that old passwords aren't reused continually. Default: 24 on domain controllers. 0 on stand-alone servers. > [!NOTE] -> By default, member computers follow the configuration of their domain controllers. To maintain the effectiveness of the password history, do not allow passwords to be changed immediately after they were just changed by also enabling the Minimum password age security policy setting. For information about the minimum password age security policy setting, see Minimum password age. +> By default, member computers follow the configuration of their domain controllers. To maintain the effectiveness of the password history, don't allow passwords to be changed immediately after they were just changed by also enabling the Minimum password age security policy setting. For information about the minimum password age security policy setting, see Minimum password age. @@ -1158,7 +1158,7 @@ Disables the lock screen camera toggle switch in PC Settings and prevents a came By default, users can enable invocation of an available camera on the lock screen. -If you enable this setting, users will no longer be able to enable or disable lock screen camera access in PC Settings, and the camera cannot be invoked on the lock screen. +If you enable this setting, users will no longer be able to enable or disable lock screen camera access in PC Settings, and the camera can't be invoked on the lock screen. diff --git a/windows/client-management/mdm/policy-csp-display.md b/windows/client-management/mdm/policy-csp-display.md index ea1b11491d..740ba29976 100644 --- a/windows/client-management/mdm/policy-csp-display.md +++ b/windows/client-management/mdm/policy-csp-display.md @@ -37,19 +37,19 @@ ms.topic: reference -Per Process System DPI is an application compatibility feature for desktop applications that do not render properly after a display-scale factor (DPI) change. When the display scale factor of the primary display changes (which can happen when you connect or disconnect a display that has a different display scale factor (DPI), connect remotely from a device with a different display scale factor, or manually change the display scale factor), many desktop applications can display blurry. Desktop applications that have not been updated to display properly in this scenario will be blurry until the user logs out and back in to Windows. +Per Process System DPI is an application compatibility feature for desktop applications that don't render properly after a display-scale factor (DPI) change. When the display scale factor of the primary display changes (which can happen when you connect or disconnect a display that has a different display scale factor (DPI), connect remotely from a device with a different display scale factor, or manually change the display scale factor), many desktop applications can display blurry. Desktop applications that haven't been updated to display properly in this scenario will be blurry until the user logs out and back in to Windows. -When you enable this policy some blurry applications will be crisp after they are restarted, without requiring the user to log out and back in to Windows. +When you enable this policy some blurry applications will be crisp after they're restarted, without requiring the user to log out and back in to Windows. Be aware of the following: Per Process System DPI will only improve the rendering of desktop applications that are positioned on the primary display. Some desktop applications can still be blurry on secondary displays that have different display scale factors. -Per Process System DPI will not work for all applications as some older desktop applications will always be blurry on high DPI displays. +Per Process System DPI won't work for all applications as some older desktop applications will always be blurry on high DPI displays. In some cases, you may see some odd behavior in some desktop applications. If that happens, Per Process System DPI should be disabled. -Enabling this setting lets you specify the system-wide default for desktop applications as well as per-application overrides. If you disable or do not configure this setting, Per Process System DPI will not apply to any processes on the system. +Enabling this setting lets you specify the system-wide default for desktop applications as well as per-application overrides. If you disable or don't configure this setting, Per Process System DPI won't apply to any processes on the system. @@ -107,19 +107,19 @@ Enabling this setting lets you specify the system-wide default for desktop appli -Per Process System DPI is an application compatibility feature for desktop applications that do not render properly after a display-scale factor (DPI) change. When the display scale factor of the primary display changes (which can happen when you connect or disconnect a display that has a different display scale factor (DPI), connect remotely from a device with a different display scale factor, or manually change the display scale factor), many desktop applications can display blurry. Desktop applications that have not been updated to display properly in this scenario will be blurry until the user logs out and back in to Windows. +Per Process System DPI is an application compatibility feature for desktop applications that don't render properly after a display-scale factor (DPI) change. When the display scale factor of the primary display changes (which can happen when you connect or disconnect a display that has a different display scale factor (DPI), connect remotely from a device with a different display scale factor, or manually change the display scale factor), many desktop applications can display blurry. Desktop applications that haven't been updated to display properly in this scenario will be blurry until the user logs out and back in to Windows. -When you enable this policy some blurry applications will be crisp after they are restarted, without requiring the user to log out and back in to Windows. +When you enable this policy some blurry applications will be crisp after they're restarted, without requiring the user to log out and back in to Windows. Be aware of the following: Per Process System DPI will only improve the rendering of desktop applications that are positioned on the primary display. Some desktop applications can still be blurry on secondary displays that have different display scale factors. -Per Process System DPI will not work for all applications as some older desktop applications will always be blurry on high DPI displays. +Per Process System DPI won't work for all applications as some older desktop applications will always be blurry on high DPI displays. In some cases, you may see some odd behavior in some desktop applications. If that happens, Per Process System DPI should be disabled. -Enabling this setting lets you specify the system-wide default for desktop applications as well as per-application overrides. If you disable or do not configure this setting, Per Process System DPI will not apply to any processes on the system. +Enabling this setting lets you specify the system-wide default for desktop applications as well as per-application overrides. If you disable or don't configure this setting, Per Process System DPI won't apply to any processes on the system. @@ -194,19 +194,19 @@ Enabling this setting lets you specify the system-wide default for desktop appli -Per Process System DPI is an application compatibility feature for desktop applications that do not render properly after a display-scale factor (DPI) change. When the display scale factor of the primary display changes (which can happen when you connect or disconnect a display that has a different display scale factor (DPI), connect remotely from a device with a different display scale factor, or manually change the display scale factor), many desktop applications can display blurry. Desktop applications that have not been updated to display properly in this scenario will be blurry until the user logs out and back in to Windows. +Per Process System DPI is an application compatibility feature for desktop applications that don't render properly after a display-scale factor (DPI) change. When the display scale factor of the primary display changes (which can happen when you connect or disconnect a display that has a different display scale factor (DPI), connect remotely from a device with a different display scale factor, or manually change the display scale factor), many desktop applications can display blurry. Desktop applications that haven't been updated to display properly in this scenario will be blurry until the user logs out and back in to Windows. -When you enable this policy some blurry applications will be crisp after they are restarted, without requiring the user to log out and back in to Windows. +When you enable this policy some blurry applications will be crisp after they're restarted, without requiring the user to log out and back in to Windows. Be aware of the following: Per Process System DPI will only improve the rendering of desktop applications that are positioned on the primary display. Some desktop applications can still be blurry on secondary displays that have different display scale factors. -Per Process System DPI will not work for all applications as some older desktop applications will always be blurry on high DPI displays. +Per Process System DPI won't work for all applications as some older desktop applications will always be blurry on high DPI displays. In some cases, you may see some odd behavior in some desktop applications. If that happens, Per Process System DPI should be disabled. -Enabling this setting lets you specify the system-wide default for desktop applications as well as per-application overrides. If you disable or do not configure this setting, Per Process System DPI will not apply to any processes on the system. +Enabling this setting lets you specify the system-wide default for desktop applications as well as per-application overrides. If you disable or don't configure this setting, Per Process System DPI won't apply to any processes on the system. @@ -260,13 +260,13 @@ Enabling this setting lets you specify the system-wide default for desktop appli -GDI DPI Scaling enables applications that are not DPI aware to become per monitor DPI aware. +GDI DPI Scaling enables applications that aren't DPI aware to become per monitor DPI aware. This policy setting lets you specify legacy applications that have GDI DPI Scaling turned off. -- If you enable this policy setting, GDI DPI Scaling is turned off for all applications in the list, even if they are enabled by using ApplicationCompatibility database, ApplicationCompatibility UI System (Enhanced) setting, or an application manifest. +- If you enable this policy setting, GDI DPI Scaling is turned off for all applications in the list, even if they're enabled by using ApplicationCompatibility database, ApplicationCompatibility UI System (Enhanced) setting, or an application manifest. -- If you disable or do not configure this policy setting, GDI DPI Scaling might still be turned on for legacy applications. +- If you disable or don't configure this policy setting, GDI DPI Scaling might still be turned on for legacy applications. If GDI DPI Scaling is configured to both turn off and turn on an application, the application will be turned off. @@ -338,13 +338,13 @@ To validate on Desktop, do the following tasks: -GDI DPI Scaling enables applications that are not DPI aware to become per monitor DPI aware. +GDI DPI Scaling enables applications that aren't DPI aware to become per monitor DPI aware. This policy setting lets you specify legacy applications that have GDI DPI Scaling turned on. - If you enable this policy setting, GDI DPI Scaling is turned on for all legacy applications in the list. -- If you disable or do not configure this policy setting, GDI DPI Scaling will not be enabled for an application except when an application is enabled by using ApplicationCompatibility database, ApplicationCompatibility UI System (Enhanced) setting, or an application manifest. +- If you disable or don't configure this policy setting, GDI DPI Scaling won't be enabled for an application except when an application is enabled by using ApplicationCompatibility database, ApplicationCompatibility UI System (Enhanced) setting, or an application manifest. If GDI DPI Scaling is configured to both turn off and turn on an application, the application will be turned off. diff --git a/windows/client-management/mdm/policy-csp-dmaguard.md b/windows/client-management/mdm/policy-csp-dmaguard.md index 6249356995..4d115aecee 100644 --- a/windows/client-management/mdm/policy-csp-dmaguard.md +++ b/windows/client-management/mdm/policy-csp-dmaguard.md @@ -37,7 +37,7 @@ ms.topic: reference -Enumeration policy for external DMA-capable devices incompatible with DMA remapping. This policy only takes effect when Kernel DMA Protection is enabled and supported by the system. Note this policy does not apply to 1394, PCMCIA or ExpressCard devices. +Enumeration policy for external DMA-capable devices incompatible with DMA remapping. This policy only takes effect when Kernel DMA Protection is enabled and supported by the system. Note this policy doesn't apply to 1394, PCMCIA or ExpressCard devices. diff --git a/windows/client-management/mdm/policy-csp-eap.md b/windows/client-management/mdm/policy-csp-eap.md index 26b2475e63..2960a6ecc4 100644 --- a/windows/client-management/mdm/policy-csp-eap.md +++ b/windows/client-management/mdm/policy-csp-eap.md @@ -59,7 +59,7 @@ Added in Windows 10, version 21. H1. Allow or disallow use of TLS 1.3 during EAP | Value | Description | |:--|:--| -| 0 | Use of TLS version 1.3 is not allowed for authentication. | +| 0 | Use of TLS version 1.3 isn't allowed for authentication. | | 1 (Default) | Use of TLS version 1.3 is allowed for authentication. | diff --git a/windows/client-management/mdm/policy-csp-education.md b/windows/client-management/mdm/policy-csp-education.md index 69c684f79b..e8c6feb635 100644 --- a/windows/client-management/mdm/policy-csp-education.md +++ b/windows/client-management/mdm/policy-csp-education.md @@ -38,7 +38,7 @@ ms.topic: reference This policy setting allows you to control whether graphing functionality is available in the Windows Calculator app. -- If you disable this policy setting, graphing functionality will not be accessible in the Windows Calculator app. +- If you disable this policy setting, graphing functionality won't be accessible in the Windows Calculator app. - If you enable or don't configure this policy setting, users will be able to access graphing functionality. @@ -144,7 +144,7 @@ The policy value is expected to be the name (network host name) of an installed This policy setting allows you to control whether EDU-specific theme packs are available in Settings > Personalization. -- If you disable or don't configure this policy setting, EDU-specific theme packs will not be included. +- If you disable or don't configure this policy setting, EDU-specific theme packs won't be included. - If you enable this policy setting, users will be able to personalize their devices with EDU-specific themes. @@ -248,11 +248,11 @@ Prevents users from using familiar methods to add local and network printers. - If this policy setting is enabled, it removes the Add Printer option from the Start menu. (To find the Add Printer option, click Start, click Printers, and then click Add Printer.) This setting also removes Add Printer from the Printers folder in Control Panel. -Also, users cannot add printers by dragging a printer icon into the Printers folder. If they try, a message appears explaining that the setting prevents the action. +Also, users can't add printers by dragging a printer icon into the Printers folder. If they try, a message appears explaining that the setting prevents the action. -However, this setting does not prevent users from using the Add Hardware Wizard to add a printer. Nor does it prevent users from running other programs to add printers. +However, this setting doesn't prevent users from using the Add Hardware Wizard to add a printer. Nor does it prevent users from running other programs to add printers. -This setting does not delete printers that users have already added. However, if users have not added a printer when this setting is applied, they cannot print. +This setting doesn't delete printers that users have already added. However, if users haven't added a printer when this setting is applied, they can't print. > [!NOTE] > You can use printer permissions to restrict the use of printers without specifying a setting. In the Printers folder, right-click a printer, click Properties, and then click the Security tab. diff --git a/windows/client-management/mdm/policy-csp-errorreporting.md b/windows/client-management/mdm/policy-csp-errorreporting.md index d5e7653b5e..4de4b61de6 100644 --- a/windows/client-management/mdm/policy-csp-errorreporting.md +++ b/windows/client-management/mdm/policy-csp-errorreporting.md @@ -49,11 +49,11 @@ This policy setting determines the consent behavior of Windows Error Reporting f - 2 (Send parameters): Windows Error Reporting automatically sends the minimum data required to check for an existing solution, and Windows prompts the user for consent to send any additional data requested by Microsoft. -- 3 (Send parameters and safe additional data): Windows Error Reporting automatically sends the minimum data required to check for an existing solution, as well as data which Windows has determined (within a high probability) does not contain personally identifiable data, and prompts the user for consent to send any additional data requested by Microsoft. +- 3 (Send parameters and safe additional data): Windows Error Reporting automatically sends the minimum data required to check for an existing solution, as well as data which Windows has determined (within a high probability) doesn't contain personally identifiable data, and prompts the user for consent to send any additional data requested by Microsoft. - 4 (Send all data): Any data requested by Microsoft is sent automatically. -- If you disable or do not configure this policy setting, then the default consent settings that are applied are those specified by the user in Control Panel, or in the Configure Default Consent policy setting. +- If you disable or don't configure this policy setting, then the default consent settings that are applied are those specified by the user in Control Panel, or in the Configure Default Consent policy setting. @@ -107,11 +107,11 @@ This policy setting determines the consent behavior of Windows Error Reporting f -This policy setting turns off Windows Error Reporting, so that reports are not collected or sent to either Microsoft or internal servers within your organization when software unexpectedly stops working or fails. +This policy setting turns off Windows Error Reporting, so that reports aren't collected or sent to either Microsoft or internal servers within your organization when software unexpectedly stops working or fails. -- If you enable this policy setting, Windows Error Reporting does not send any problem information to Microsoft. Additionally, solution information is not available in Security and Maintenance in Control Panel. +- If you enable this policy setting, Windows Error Reporting doesn't send any problem information to Microsoft. Additionally, solution information isn't available in Security and Maintenance in Control Panel. -- If you disable or do not configure this policy setting, the Turn off Windows Error Reporting policy setting in Computer Configuration/Administrative Templates/System/Internet Communication Management/Internet Communication settings takes precedence. If Turn off Windows Error Reporting is also either disabled or not configured, user settings in Control Panel for Windows Error Reporting are applied. +- If you disable or don't configure this policy setting, the Turn off Windows Error Reporting policy setting in Computer Configuration/Administrative Templates/System/Internet Communication Management/Internet Communication settings takes precedence. If Turn off Windows Error Reporting is also either disabled or not configured, user settings in Control Panel for Windows Error Reporting are applied. @@ -170,9 +170,9 @@ This policy setting controls whether users are shown an error dialog box that le - If you enable this policy setting, users are notified in a dialog box that an error has occurred, and can display more details about the error. If the Configure Error Reporting policy setting is also enabled, the user can also report the error. -- If you disable this policy setting, users are not notified that errors have occurred. If the Configure Error Reporting policy setting is also enabled, errors are reported, but users receive no notification. Disabling this policy setting is useful for servers that do not have interactive users. +- If you disable this policy setting, users aren't notified that errors have occurred. If the Configure Error Reporting policy setting is also enabled, errors are reported, but users receive no notification. Disabling this policy setting is useful for servers that don't have interactive users. -- If you do not configure this policy setting, users can change this setting in Control Panel, which is set to enable notification by default on computers that are running Windows XP Personal Edition and Windows XP Professional Edition, and disable notification by default on computers that are running Windows Server. +- If you don't configure this policy setting, users can change this setting in Control Panel, which is set to enable notification by default on computers that are running Windows XP Personal Edition and Windows XP Professional Edition, and disable notification by default on computers that are running Windows Server. See also the Configure Error Reporting policy setting. @@ -233,7 +233,7 @@ This policy setting controls whether additional data in support of error reports - If you enable this policy setting, any additional data requests from Microsoft in response to a Windows Error Reporting report are automatically declined, without notification to the user. -- If you disable or do not configure this policy setting, then consent policy settings in Computer Configuration/Administrative Templates/Windows Components/Windows Error Reporting/Consent take precedence. +- If you disable or don't configure this policy setting, then consent policy settings in Computer Configuration/Administrative Templates/Windows Components/Windows Error Reporting/Consent take precedence. @@ -290,7 +290,7 @@ This policy setting controls whether additional data in support of error reports This policy setting prevents the display of the user interface for critical errors. -- If you enable or do not configure this policy setting, Windows Error Reporting does not display any GUI-based error messages or dialog boxes for critical errors. +- If you enable or don't configure this policy setting, Windows Error Reporting doesn't display any GUI-based error messages or dialog boxes for critical errors. - If you disable this policy setting, Windows Error Reporting displays the GUI-based error messages or dialog boxes for critical errors. diff --git a/windows/client-management/mdm/policy-csp-eventlogservice.md b/windows/client-management/mdm/policy-csp-eventlogservice.md index 8fa6c8fcc7..82a2f6c7de 100644 --- a/windows/client-management/mdm/policy-csp-eventlogservice.md +++ b/windows/client-management/mdm/policy-csp-eventlogservice.md @@ -41,9 +41,9 @@ ms.topic: reference This policy setting controls Event Log behavior when the log file reaches its maximum size. -- If you enable this policy setting and a log file reaches its maximum size, new events are not written to the log and are lost. +- If you enable this policy setting and a log file reaches its maximum size, new events aren't written to the log and are lost. -- If you disable or do not configure this policy setting and a log file reaches its maximum size, new events overwrite old events. +- If you disable or don't configure this policy setting and a log file reaches its maximum size, new events overwrite old events. > [!NOTE] > Old events may or may not be retained according to the "Backup log automatically when full" policy setting. @@ -105,7 +105,7 @@ This policy setting specifies the maximum size of the log file in kilobytes. - If you enable this policy setting, you can configure the maximum log file size to be between 1 megabyte (1024 kilobytes) and 2 terabytes (2147483647 kilobytes), in kilobyte increments. -- If you disable or do not configure this policy setting, the maximum size of the log file will be set to the locally configured value. This value can be changed by the local administrator using the Log Properties dialog, and it defaults to 1 megabyte. +- If you disable or don't configure this policy setting, the maximum size of the log file will be set to the locally configured value. This value can be changed by the local administrator using the Log Properties dialog, and it defaults to 1 megabyte. @@ -163,7 +163,7 @@ This policy setting specifies the maximum size of the log file in kilobytes. - If you enable this policy setting, you can configure the maximum log file size to be between 20 megabytes (20480 kilobytes) and 2 terabytes (2147483647 kilobytes), in kilobyte increments. -- If you disable or do not configure this policy setting, the maximum size of the log file will be set to the locally configured value. This value can be changed by the local administrator using the Log Properties dialog, and it defaults to 20 megabytes. +- If you disable or don't configure this policy setting, the maximum size of the log file will be set to the locally configured value. This value can be changed by the local administrator using the Log Properties dialog, and it defaults to 20 megabytes. @@ -221,7 +221,7 @@ This policy setting specifies the maximum size of the log file in kilobytes. - If you enable this policy setting, you can configure the maximum log file size to be between 1 megabyte (1024 kilobytes) and 2 terabytes (2147483647 kilobytes), in kilobyte increments. -- If you disable or do not configure this policy setting, the maximum size of the log file will be set to the locally configured value. This value can be changed by the local administrator using the Log Properties dialog, and it defaults to 1 megabyte. +- If you disable or don't configure this policy setting, the maximum size of the log file will be set to the locally configured value. This value can be changed by the local administrator using the Log Properties dialog, and it defaults to 1 megabyte. diff --git a/windows/client-management/mdm/policy-csp-experience.md b/windows/client-management/mdm/policy-csp-experience.md index 651623093f..f96eb7a075 100644 --- a/windows/client-management/mdm/policy-csp-experience.md +++ b/windows/client-management/mdm/policy-csp-experience.md @@ -42,7 +42,7 @@ ms.topic: reference This policy setting determines whether history of Clipboard contents can be stored in memory. - If you enable this policy setting, history of Clipboard contents are allowed to be stored. -- If you disable this policy setting, history of Clipboard contents are not allowed to be stored. +- If you disable this policy setting, history of Clipboard contents aren't allowed to be stored. Policy change takes effect immediately. @@ -233,7 +233,7 @@ When Cortana is off, users will still be able to use search to find things on th -Allows users to turn on/off device discovery UX. When set to 0 , the projection pane is disabled. The Win+P and Win+K shortcut keys will not work on. Most restricted value is 0. +Allows users to turn on/off device discovery UX. When set to 0 , the projection pane is disabled. The Win+P and Win+K shortcut keys won't work on. Most restricted value is 0. @@ -286,7 +286,7 @@ This policy turns on Find My Device. When Find My Device is on, the device and its location are registered in the cloud so that the device can be located when the user initiates a Find command from account.microsoft.com. On devices that are compatible with active digitizers, enabling Find My Device will also allow the user to view the last location of use of their active digitizer on their device; this location is stored locally on the user's device after each use of their active digitizer. -When Find My Device is off, the device and its location are not registered and the Find My Device feature will not work. The user will also not be able to view the location of the last use of their active digitizer on their device. +When Find My Device is off, the device and its location aren't registered and the Find My Device feature won't work. The user will also not be able to view the location of the last use of their active digitizer on their device. @@ -603,7 +603,7 @@ Allow SIM error dialog prompts when no SIM is inserted. Specifies whether Spotlight collection is allowed as a Personalization->Background Setting. - If you enable this policy setting, Spotlight collection will show as an option in the user's Personalization Settings, and the user will be able to get daily images from Microsoft displayed on their desktop. -- If you disable this policy setting, Spotlight collection will not show as an option in Personalization Settings, and the user will not have the choice of getting Microsoft daily images shown on their desktop. +- If you disable this policy setting, Spotlight collection won't show as an option in Personalization Settings, and the user won't have the choice of getting Microsoft daily images shown on their desktop. @@ -684,7 +684,7 @@ Allows or disallows all Windows sync settings on the device. For information abo | Value | Description | |:--|:--| -| 0 | Sync settings are not allowed. | +| 0 | Sync settings aren't allowed. | | 1 (Default) | Sync settings allowed. | @@ -713,11 +713,11 @@ Allows or disallows all Windows sync settings on the device. For information abo This policy allows you to prevent Windows from using diagnostic data to provide customized experiences to the user. -- If you enable this policy setting, Windows will not use diagnostic data from this device to customize content shown on the lock screen, Windows tips, Microsoft consumer features, or other related features. If these features are enabled, users will still see recommendations, tips and offers, but they may be less relevant. -- If you disable or do not configure this policy setting, Microsoft will use diagnostic data to provide personalized recommendations, tips, and offers to tailor Windows for the user's needs and make it work better for them. Diagnostic data can include browser, app and feature usage, depending on the Diagnostic and usage data setting value. +- If you enable this policy setting, Windows won't use diagnostic data from this device to customize content shown on the lock screen, Windows tips, Microsoft consumer features, or other related features. If these features are enabled, users will still see recommendations, tips and offers, but they may be less relevant. +- If you disable or don't configure this policy setting, Microsoft will use diagnostic data to provide personalized recommendations, tips, and offers to tailor Windows for the user's needs and make it work better for them. Diagnostic data can include browser, app and feature usage, depending on the Diagnostic and usage data setting value. > [!NOTE] -> This setting does not control Cortana cutomized experiences because there are separate policies to configure it. Most restricted value is 0. +> This setting doesn't control Cortana cutomized experiences because there are separate policies to configure it. Most restricted value is 0. @@ -1016,7 +1016,7 @@ Prior to Windows 10, version 1803, this policy had User scope. This policy allow Specifies whether to turn off all Windows spotlight features at once. - If you enable this policy setting, Windows spotlight on lock screen, Windows Tips, Microsoft consumer features and other related features will be turned off. You should enable this policy setting if your goal is to minimize network traffic from target devices. -- If you disable or do not configure this policy setting, Windows spotlight features are allowed and may be controlled individually using their corresponding policy settings. Most restricted value is 0. +- If you disable or don't configure this policy setting, Windows spotlight features are allowed and may be controlled individually using their corresponding policy settings. Most restricted value is 0. @@ -1082,7 +1082,7 @@ Specifies whether to turn off all Windows spotlight features at once. This policy allows administrators to prevent Windows spotlight notifications from being displayed in the Action Center. - If you enable this policy, Windows spotlight notifications will no longer be displayed in the Action Center. -- If you disable or do not configure this policy, Microsoft may display notifications in the Action Center that will suggest apps or features to help users be more productive on Windows. Most restricted value is 0. +- If you disable or don't configure this policy, Microsoft may display notifications in the Action Center that will suggest apps or features to help users be more productive on Windows. Most restricted value is 0. @@ -1212,7 +1212,7 @@ This policy allows IT admins to turn off Suggestions in Settings app. These sugg This policy setting lets you turn off the Windows spotlight Windows welcome experience feature. The Windows welcome experience feature introduces onboard users to Windows; for example, launching Microsoft Edge with a webpage that highlights new features. - If you enable this policy, the Windows welcome experience will no longer be displayed when there are updates and changes to Windows and its apps. -- If you disable or do not configure this policy, the Windows welcome experience will be launched to inform onboard users about what's new, changed, and suggested. Most restricted value is 0. +- If you disable or don't configure this policy, the Windows welcome experience will be launched to inform onboard users about what's new, changed, and suggested. Most restricted value is 0. @@ -1349,9 +1349,9 @@ This policy setting allows you to configure the Chat icon on the taskbar. - If you enable this policy setting and set it to Hide, the Chat icon will be hidden by default. Users can show or hide it in Settings. -- If you enable this policy setting and set it to Disabled, the Chat icon will not be displayed, and users cannot show or hide it in Settings. +- If you enable this policy setting and set it to Disabled, the Chat icon won't be displayed, and users can't show or hide it in Settings. -- If you disable or do not configure this policy setting, the Chat icon will be configured according to the defaults for your Windows edition. +- If you disable or don't configure this policy setting, the Chat icon will be configured according to the defaults for your Windows edition. @@ -1420,13 +1420,13 @@ This policy setting allows you to configure the Chat icon on the taskbar. This policy setting lets you configure Windows spotlight on the lock screen. -- If you enable this policy setting, "Windows spotlight" will be set as the lock screen provider and users will not be able to modify their lock screen. "Windows spotlight" will display daily images from Microsoft on the lock screen. +- If you enable this policy setting, "Windows spotlight" will be set as the lock screen provider and users won't be able to modify their lock screen. "Windows spotlight" will display daily images from Microsoft on the lock screen. -Additionally, if you check the "Include content from Enterprise spotlight" checkbox and your organization has setup an Enterprise spotlight content service in Azure, the lock screen will display internal messages and communications configured in that service, when available. If your organization does not have an Enterprise spotlight content service, the checkbox will have no effect. +Additionally, if you check the "Include content from Enterprise spotlight" checkbox and your organization has setup an Enterprise spotlight content service in Azure, the lock screen will display internal messages and communications configured in that service, when available. If your organization doesn't have an Enterprise spotlight content service, the checkbox will have no effect. - If you disable this policy setting, Windows spotlight will be turned off and users will no longer be able to select it as their lock screen. Users will see the default lock screen image and will be able to select another image, unless you have enabled the "Prevent changing lock screen image" policy. -- If you do not configure this policy, Windows spotlight will be available on the lock screen and will be selected by default, unless you have configured another default lock screen image using the "Force a specific default lock screen and logon image" policy. +- If you don't configure this policy, Windows spotlight will be available on the lock screen and will be selected by default, unless you have configured another default lock screen image using the "Force a specific default lock screen and logon image" policy. > [!NOTE] > This policy is only available for Enterprise SKUs. @@ -1454,8 +1454,8 @@ Additionally, if you check the "Include content from Enterprise spotlight" check |:--|:--| | 0 | Windows spotlight disabled. | | 1 (Default) | Windows spotlight enabled. | -| 2 | Windows spotlight is always enabled, the user cannot disable it. | -| 3 | Windows spotlight is always enabled, the user cannot disable it. For special configurations only. | +| 2 | Windows spotlight is always enabled, the user can't disable it. | +| 3 | Windows spotlight is always enabled, the user can't disable it. For special configurations only. | @@ -1499,7 +1499,7 @@ This policy setting lets you turn off cloud optimized content in all Windows exp - If you enable this policy, Windows experiences that use the cloud optimized content client component, will instead present the default fallback content. -- If you disable or do not configure this policy, Windows experiences will be able to use cloud optimized content. +- If you disable or don't configure this policy, Windows experiences will be able to use cloud optimized content. @@ -1566,7 +1566,7 @@ This policy setting lets you turn off cloud consumer account state content in al - If you enable this policy, Windows experiences that use the cloud consumer account state content client component, will instead present the default fallback content. -- If you disable or do not configure this policy, Windows experiences will be able to use cloud consumer account state content. +- If you disable or don't configure this policy, Windows experiences will be able to use cloud consumer account state content. @@ -1682,10 +1682,10 @@ This policy setting allows an organization to prevent its devices from showing f - If you enable this policy setting, users will no longer see feedback notifications through the Windows Feedback app. -- If you disable or do not configure this policy setting, users may see notifications through the Windows Feedback app asking users for feedback. +- If you disable or don't configure this policy setting, users may see notifications through the Windows Feedback app asking users for feedback. > [!NOTE] -> If you disable or do not configure this policy setting, users can control how often they receive feedback questions. +> If you disable or don't configure this policy setting, users can control how often they receive feedback questions. @@ -1707,7 +1707,7 @@ This policy setting allows an organization to prevent its devices from showing f | Value | Description | |:--|:--| -| 0 (Default) | Feedback notifications are not disabled. The actual state of feedback notifications on the device will then depend on what GP has configured or what the user has configured locally. | +| 0 (Default) | Feedback notifications aren't disabled. The actual state of feedback notifications on the device will then depend on what GP has configured or what the user has configured locally. | | 1 | Feedback notifications are disabled. | @@ -1750,11 +1750,11 @@ This policy setting allows an organization to prevent its devices from showing f Prevent the "browser" group from syncing to and from this PC. This turns off and disables the "browser" group on the "sync your settings" page in PC settings. The "browser" group contains settings and info like history and favorites. -If you enable this policy setting, the "browser" group, including info like history and favorites, will not be synced. +If you enable this policy setting, the "browser" group, including info like history and favorites, won't be synced. Use the option "Allow users to turn browser syncing on" so that syncing is turned off by default but not disabled. -If you do not set or disable this setting, syncing of the "browser" group is on by default and configurable by the user. +If you don't set or disable this setting, syncing of the "browser" group is on by default and configurable by the user. @@ -1973,7 +1973,7 @@ Shows or hides lock from the user tile menu. - If you disable this policy setting, the lock option will never be shown in the User Tile menu. -- If you do not configure this policy setting, users will be able to choose whether they want lock to show through the Power Options Control Panel. +- If you don't configure this policy setting, users will be able to choose whether they want lock to show through the Power Options Control Panel. @@ -1995,7 +1995,7 @@ Shows or hides lock from the user tile menu. | Value | Description | |:--|:--| -| 0 | The lock option is not displayed in the User Tile menu. | +| 0 | The lock option isn't displayed in the User Tile menu. | | 1 (Default) | The lock option is displayed in the User Tile menu. | diff --git a/windows/client-management/mdm/policy-csp-exploitguard.md b/windows/client-management/mdm/policy-csp-exploitguard.md index 9ad5c28623..946ae4afdc 100644 --- a/windows/client-management/mdm/policy-csp-exploitguard.md +++ b/windows/client-management/mdm/policy-csp-exploitguard.md @@ -37,7 +37,7 @@ ms.topic: reference -Enables the IT admin to push out a configuration representing the desired system and application mitigation options to all the devices in the organization. The configuration is represented by an XML. For more information Exploit Protection, see [Enable Exploit Protection on Devices](/microsoft-365/security/defender-endpoint/enable-exploit-protection) and [Import, export, and deploy Exploit Protection configurations](/windows/threat-protection/windows-defender-exploit-guard/import-export-exploit-protection-emet-xml). The system settings require a reboot; the application settings do not require a reboot. +Enables the IT admin to push out a configuration representing the desired system and application mitigation options to all the devices in the organization. The configuration is represented by an XML. For more information Exploit Protection, see [Enable Exploit Protection on Devices](/microsoft-365/security/defender-endpoint/enable-exploit-protection) and [Import, export, and deploy Exploit Protection configurations](/windows/threat-protection/windows-defender-exploit-guard/import-export-exploit-protection-emet-xml). The system settings require a reboot; the application settings don't require a reboot. diff --git a/windows/client-management/mdm/policy-csp-fileexplorer.md b/windows/client-management/mdm/policy-csp-fileexplorer.md index eaae8b1034..2473c7db0c 100644 --- a/windows/client-management/mdm/policy-csp-fileexplorer.md +++ b/windows/client-management/mdm/policy-csp-fileexplorer.md @@ -168,7 +168,7 @@ Turning off files from Office.com will prevent File Explorer from requesting rec | Value | Description | |:--|:--| | 0 (Default) | File Explorer will request cloud file metadata and display it in the Quick access view. | -| 1 | File Explorer will not request cloud file metadata or display it in the Quick access view. | +| 1 | File Explorer won't request cloud file metadata or display it in the Quick access view. | diff --git a/windows/client-management/mdm/policy-csp-humanpresence.md b/windows/client-management/mdm/policy-csp-humanpresence.md index 8dd592ade3..4129760b55 100644 --- a/windows/client-management/mdm/policy-csp-humanpresence.md +++ b/windows/client-management/mdm/policy-csp-humanpresence.md @@ -39,7 +39,7 @@ ms.topic: reference -Determines whether Allow Adaptive Dimming When External Display Connected checkbox is forced checked/unchecked by the MDM policy. The user will not be able to change this setting and the checkbox in the UI will be greyed out. +Determines whether Allow Adaptive Dimming When External Display Connected checkbox is forced checked/unchecked by the MDM policy. The user won't be able to change this setting and the checkbox in the UI will be greyed out. @@ -98,7 +98,7 @@ Determines whether Allow Adaptive Dimming When External Display Connected checkb -Determines whether Allow Lock on Leave When External Display Connected checkbox is forced checked/unchecked by the MDM policy. The user will not be able to change this setting and the checkbox in the UI will be greyed out. +Determines whether Allow Lock on Leave When External Display Connected checkbox is forced checked/unchecked by the MDM policy. The user won't be able to change this setting and the checkbox in the UI will be greyed out. @@ -157,7 +157,7 @@ Determines whether Allow Lock on Leave When External Display Connected checkbox -Determines whether Allow Wake on Approach When External Display Connected checkbox is forced checked/unchecked by the MDM policy. The user will not be able to change this setting and the checkbox in the UI will be greyed out. +Determines whether Allow Wake on Approach When External Display Connected checkbox is forced checked/unchecked by the MDM policy. The user won't be able to change this setting and the checkbox in the UI will be greyed out. @@ -216,7 +216,7 @@ Determines whether Allow Wake on Approach When External Display Connected checkb -Determines whether Disable Wake on Approach When Battery Saver On checkbox is forced checked/unchecked by the MDM policy. The user will not be able to change this setting and the checkbox in the UI will be greyed out. +Determines whether Disable Wake on Approach When Battery Saver On checkbox is forced checked/unchecked by the MDM policy. The user won't be able to change this setting and the checkbox in the UI will be greyed out. @@ -275,7 +275,7 @@ Determines whether Disable Wake on Approach When Battery Saver On checkbox is fo -Determines whether Attention Based Display Dimming is forced on/off by the MDM policy. The user will not be able to change this setting and the toggle in the UI will be greyed out. +Determines whether Attention Based Display Dimming is forced on/off by the MDM policy. The user won't be able to change this setting and the toggle in the UI will be greyed out. @@ -339,7 +339,7 @@ This is a power saving feature that prolongs battery charge. -Determines whether Lock on Leave is forced on/off by the MDM policy. The user will not be able to change this setting and the toggle in the UI will be greyed out. +Determines whether Lock on Leave is forced on/off by the MDM policy. The user won't be able to change this setting and the toggle in the UI will be greyed out. @@ -403,7 +403,7 @@ Determines whether Lock on Leave is forced on/off by the MDM policy. The user wi -Determines whether Wake On Arrival is forced on/off by the MDM policy. The user will not be able to change this setting and the toggle in the UI will be greyed out. +Determines whether Wake On Arrival is forced on/off by the MDM policy. The user won't be able to change this setting and the toggle in the UI will be greyed out. diff --git a/windows/client-management/mdm/policy-csp-internetexplorer.md b/windows/client-management/mdm/policy-csp-internetexplorer.md index 5d865bac55..34a00c32b7 100644 --- a/windows/client-management/mdm/policy-csp-internetexplorer.md +++ b/windows/client-management/mdm/policy-csp-internetexplorer.md @@ -50,7 +50,7 @@ This policy setting allows you to add a specific list of search providers to the > [!NOTE] > This list can be created from a custom administrative template file. For information about creating this custom administrative template file, see the Internet Explorer documentation on search providers. -- If you disable or do not configure this policy setting, the user can configure their list of search providers unless another policy setting restricts such configuration. +- If you disable or don't configure this policy setting, the user can configure their list of search providers unless another policy setting restricts such configuration. @@ -111,9 +111,9 @@ This policy setting allows you to add a specific list of search providers to the This policy setting controls the ActiveX Filtering feature for websites that are running ActiveX controls. The user can choose to turn off ActiveX Filtering for specific websites so that ActiveX controls can run properly. -- If you enable this policy setting, ActiveX Filtering is enabled by default for the user. The user cannot turn off ActiveX Filtering, although they may add per-site exceptions. +- If you enable this policy setting, ActiveX Filtering is enabled by default for the user. The user can't turn off ActiveX Filtering, although they may add per-site exceptions. -- If you disable or do not configure this policy setting, ActiveX Filtering is not enabled by default for the user. The user can turn ActiveX Filtering on or off. +- If you disable or don't configure this policy setting, ActiveX Filtering isn't enabled by default for the user. The user can turn ActiveX Filtering on or off. @@ -239,11 +239,11 @@ Value - A number indicating whether Internet Explorer should deny or allow the a This AutoComplete feature can remember and suggest User names and passwords on Forms. -- If you enable this setting, the user cannot change "User name and passwords on forms" or "prompt me to save passwords". The Auto Complete feature for User names and passwords on Forms will be turned on. You have to decide whether to select "prompt me to save passwords". +- If you enable this setting, the user can't change "User name and passwords on forms" or "prompt me to save passwords". The Auto Complete feature for User names and passwords on Forms will be turned on. You have to decide whether to select "prompt me to save passwords". -- If you disable this setting the user cannot change "User name and passwords on forms" or "prompt me to save passwords". The Auto Complete feature for User names and passwords on Forms is turned off. The user also cannot opt to be prompted to save passwords. +- If you disable this setting the user can't change "User name and passwords on forms" or "prompt me to save passwords". The Auto Complete feature for User names and passwords on Forms is turned off. The user also can't opt to be prompted to save passwords. -- If you do not configure this setting, the user has the freedom of turning on Auto complete for User name and passwords on forms and the option of prompting to save passwords. To display this option, the users open the Internet Options dialog box, click the Contents Tab and click the Settings button. +- If you don't configure this setting, the user has the freedom of turning on Auto complete for User name and passwords on forms and the option of prompting to save passwords. To display this option, the users open the Internet Options dialog box, click the Contents Tab and click the Settings button. @@ -306,7 +306,7 @@ This policy setting allows you to turn on the certificate address mismatch secur - If you enable this policy setting, the certificate address mismatch warning always appears. -- If you disable or do not configure this policy setting, the user can choose whether the certificate address mismatch warning appears (by using the Advanced page in the Internet Control panel). +- If you disable or don't configure this policy setting, the user can choose whether the certificate address mismatch warning appears (by using the Advanced page in the Internet Control panel). @@ -367,11 +367,11 @@ This policy setting allows you to turn on the certificate address mismatch secur This policy setting allows the automatic deletion of specified items when the last browser window closes. The preferences selected in the Delete Browsing History dialog box (such as deleting temporary Internet files, cookies, history, form data, and passwords) are applied, and those items are deleted. -- If you enable this policy setting, deleting browsing history on exit is turned on. +- If you enable this policy setting, deleting browsing history on exit's turned on. -- If you disable this policy setting, deleting browsing history on exit is turned off. +- If you disable this policy setting, deleting browsing history on exit's turned off. -- If you do not configure this policy setting, it can be configured on the General tab in Internet Options. +- If you don't configure this policy setting, it can be configured on the General tab in Internet Options. If the "Prevent access to Delete Browsing History" policy setting is enabled, this policy setting has no effect. @@ -434,11 +434,11 @@ If the "Prevent access to Delete Browsing History" policy setting is enabled, th Enhanced Protected Mode provides additional protection against malicious websites by using 64-bit processes on 64-bit versions of Windows. For computers running at least Windows 8, Enhanced Protected Mode also limits the locations Internet Explorer can read from in the registry and the file system. -- If you enable this policy setting, Enhanced Protected Mode will be turned on. Any zone that has Protected Mode enabled will use Enhanced Protected Mode. Users will not be able to disable Enhanced Protected Mode. +- If you enable this policy setting, Enhanced Protected Mode will be turned on. Any zone that has Protected Mode enabled will use Enhanced Protected Mode. Users won't be able to disable Enhanced Protected Mode. - If you disable this policy setting, Enhanced Protected Mode will be turned off. Any zone that has Protected Mode enabled will use the version of Protected Mode introduced in Internet Explorer 7 for Windows Vista. -- If you do not configure this policy, users will be able to turn on or turn off Enhanced Protected Mode on the Advanced tab of the Internet Options dialog. +- If you don't configure this policy, users will be able to turn on or turn off Enhanced Protected Mode on the Advanced tab of the Internet Options dialog. @@ -684,9 +684,9 @@ This policy setting lets you specify where to find the list of websites you want This policy setting allows you to block an insecure fallback to SSL 3.0. When this policy is enabled, Internet Explorer will attempt to connect to sites using SSL 3.0 or below when TLS 1.0 or greater fails. -We recommend that you do not allow insecure fallback in order to prevent a man-in-the-middle attack. +We recommend that you don't allow insecure fallback in order to prevent a man-in-the-middle attack. -This policy does not affect which security protocols are enabled. +This policy doesn't affect which security protocols are enabled. If you disable this policy, system defaults will be used. @@ -748,9 +748,9 @@ If you disable this policy, system defaults will be used. This policy setting allows you to add specific sites that must be viewed in Internet Explorer 7 Compatibility View. -- If you enable this policy setting, the user can add and remove sites from the list, but the user cannot remove the entries that you specify. +- If you enable this policy setting, the user can add and remove sites from the list, but the user can't remove the entries that you specify. -- If you disable or do not configure this policy setting, the user can add and remove sites from the list. +- If you disable or don't configure this policy setting, the user can add and remove sites from the list. @@ -810,11 +810,11 @@ This policy setting allows you to add specific sites that must be viewed in Inte This policy setting controls how Internet Explorer displays local intranet content. Intranet content is defined as any webpage that belongs to the local intranet security zone. -- If you enable this policy setting, Internet Explorer uses the current user agent string for local intranet content. Additionally, all local intranet Standards Mode pages appear in the Standards Mode available with the latest version of Internet Explorer. The user cannot change this behavior through the Compatibility View Settings dialog box. +- If you enable this policy setting, Internet Explorer uses the current user agent string for local intranet content. Additionally, all local intranet Standards Mode pages appear in the Standards Mode available with the latest version of Internet Explorer. The user can't change this behavior through the Compatibility View Settings dialog box. -- If you disable this policy setting, Internet Explorer uses an Internet Explorer 7 user agent string (with an additional string appended) for local intranet content. Additionally, all local intranet Standards Mode pages appear in Internet Explorer 7 Standards Mode. The user cannot change this behavior through the Compatibility View Settings dialog box. +- If you disable this policy setting, Internet Explorer uses an Internet Explorer 7 user agent string (with an additional string appended) for local intranet content. Additionally, all local intranet Standards Mode pages appear in Internet Explorer 7 Standards Mode. The user can't change this behavior through the Compatibility View Settings dialog box. -- If you do not configure this policy setting, Internet Explorer uses an Internet Explorer 7 user agent string (with an additional string appended) for local intranet content. Additionally, all local intranet Standards Mode pages appear in Internet Explorer 7 Standards Mode. This option results in the greatest compatibility with existing webpages, but newer content written to common Internet standards may be displayed incorrectly. This option matches the default behavior of Internet Explorer. +- If you don't configure this policy setting, Internet Explorer uses an Internet Explorer 7 user agent string (with an additional string appended) for local intranet content. Additionally, all local intranet Standards Mode pages appear in Internet Explorer 7 Standards Mode. This option results in the greatest compatibility with existing webpages, but newer content written to common Internet standards may be displayed incorrectly. This option matches the default behavior of Internet Explorer. @@ -879,11 +879,11 @@ This template policy setting allows you to configure policy settings in this zon - If you disable this template policy setting, no security level is configured. -- If you do not configure this template policy setting, no security level is configured. +- If you don't configure this template policy setting, no security level is configured. Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the same change should be made to the Locked-Down equivalent. -Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets. +Note. It's recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets. @@ -948,11 +948,11 @@ This template policy setting allows you to configure policy settings in this zon - If you disable this template policy setting, no security level is configured. -- If you do not configure this template policy setting, no security level is configured. +- If you don't configure this template policy setting, no security level is configured. Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the same change should be made to the Locked-Down equivalent. -Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets. +Note. It's recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets. @@ -1017,11 +1017,11 @@ This template policy setting allows you to configure policy settings in this zon - If you disable this template policy setting, no security level is configured. -- If you do not configure this template policy setting, no security level is configured. +- If you don't configure this template policy setting, no security level is configured. Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the same change should be made to the Locked-Down equivalent. -Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets. +Note. It's recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets. @@ -1086,11 +1086,11 @@ This template policy setting allows you to configure policy settings in this zon - If you disable this template policy setting, no security level is configured. -- If you do not configure this template policy setting, no security level is configured. +- If you don't configure this template policy setting, no security level is configured. Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the same change should be made to the Locked-Down equivalent. -Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets. +Note. It's recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets. @@ -1155,11 +1155,11 @@ This template policy setting allows you to configure policy settings in this zon - If you disable this template policy setting, no security level is configured. -- If you do not configure this template policy setting, no security level is configured. +- If you don't configure this template policy setting, no security level is configured. Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the same change should be made to the Locked-Down equivalent. -Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets. +Note. It's recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets. @@ -1224,11 +1224,11 @@ This template policy setting allows you to configure policy settings in this zon - If you disable this template policy setting, no security level is configured. -- If you do not configure this template policy setting, no security level is configured. +- If you don't configure this template policy setting, no security level is configured. Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the same change should be made to the Locked-Down equivalent. -Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets. +Note. It's recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets. @@ -1293,11 +1293,11 @@ This template policy setting allows you to configure policy settings in this zon - If you disable this template policy setting, no security level is configured. -- If you do not configure this template policy setting, no security level is configured. +- If you don't configure this template policy setting, no security level is configured. Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the same change should be made to the Locked-Down equivalent. -Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets. +Note. It's recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets. @@ -1358,9 +1358,9 @@ Note. It is recommended to configure template policy settings in one Group Polic This policy allows the user to go directly to an intranet site for a one-word entry in the Address bar. -- If you enable this policy setting, Internet Explorer goes directly to an intranet site for a one-word entry in the Address bar, if it is available. +- If you enable this policy setting, Internet Explorer goes directly to an intranet site for a one-word entry in the Address bar, if it's available. -- If you disable or do not configure this policy setting, Internet Explorer does not go directly to an intranet site for a one-word entry in the Address bar. +- If you disable or don't configure this policy setting, Internet Explorer doesn't go directly to an intranet site for a one-word entry in the Address bar. @@ -1423,7 +1423,7 @@ This policy setting allows admins to enable "Save Target As" context menu in Int - If you enable this policy, "Save Target As" will show up in the Internet Explorer mode context menu and work the same as Internet Explorer. -- If you disable or do not configure this policy setting, "Save Target As" will not show up in the Internet Explorer mode context menu. +- If you disable or don't configure this policy setting, "Save Target As" won't show up in the Internet Explorer mode context menu. For more information, see @@ -1504,11 +1504,11 @@ Internet Explorer has 4 security zones, numbered 1-4, and these are used by this - If you enable this policy setting, you can enter a list of sites and their related zone numbers. The association of a site with a zone will ensure that the security settings for the specified zone are applied to the site. For each entry that you add to the list, enter the following information: -Valuename - A host for an intranet site, or a fully qualified domain name for other sites. The valuename may also include a specific protocol. For example, if you enter as the valuename, other protocols are not affected. If you enter just www.contoso.com, then all protocols are affected for that site, including http, https, ftp, and so on. The site may also be expressed as an IP address (e.g., 127.0.0.1) or range (e.g., 127.0.0.1-10). To avoid creating conflicting policies, do not include additional characters after the domain such as trailing slashes or URL path. For example, policy settings for www.contoso.com and www.contoso.com/mail would be treated as the same policy setting by Internet Explorer, and would therefore be in conflict. +Valuename - A host for an intranet site, or a fully qualified domain name for other sites. The valuename may also include a specific protocol. For example, if you enter as the valuename, other protocols aren't affected. If you enter just www.contoso.com, then all protocols are affected for that site, including http, https, ftp, and so on. The site may also be expressed as an IP address (e.g., 127.0.0.1) or range (e.g., 127.0.0.1-10). To avoid creating conflicting policies, don't include additional characters after the domain such as trailing slashes or URL path. For example, policy settings for www.contoso.com and www.contoso.com/mail would be treated as the same policy setting by Internet Explorer, and would therefore be in conflict. Value - A number indicating the zone with which this site should be associated for security settings. The Internet Explorer zones described above are 1-4. -- If you disable or do not configure this policy, users may choose their own site-to-zone assignments. +- If you disable or don't configure this policy, users may choose their own site-to-zone assignments. @@ -1601,11 +1601,11 @@ This template policy setting allows you to configure policy settings in this zon - If you disable this template policy setting, no security level is configured. -- If you do not configure this template policy setting, no security level is configured. +- If you don't configure this template policy setting, no security level is configured. Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the same change should be made to the Locked-Down equivalent. -Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets. +Note. It's recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets. @@ -1668,9 +1668,9 @@ This policy setting allows you to manage whether software, such as ActiveX contr - If you enable this policy setting, users will be prompted to install or run files with an invalid signature. -- If you disable this policy setting, users cannot run or install files with an invalid signature. +- If you disable this policy setting, users can't run or install files with an invalid signature. -- If you do not configure this policy, users can choose to run or install files with an invalid signature. +- If you don't configure this policy, users can choose to run or install files with an invalid signature. @@ -1735,11 +1735,11 @@ This template policy setting allows you to configure policy settings in this zon - If you disable this template policy setting, no security level is configured. -- If you do not configure this template policy setting, no security level is configured. +- If you don't configure this template policy setting, no security level is configured. Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the same change should be made to the Locked-Down equivalent. -Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets. +Note. It's recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets. @@ -1800,11 +1800,11 @@ Note. It is recommended to configure template policy settings in one Group Polic This policy setting controls the Suggested Sites feature, which recommends websites based on the user's browsing activity. Suggested Sites reports a user's browsing history to Microsoft to suggest sites that the user might want to visit. -- If you enable this policy setting, the user is not prompted to enable Suggested Sites. The user's browsing history is sent to Microsoft to produce suggestions. +- If you enable this policy setting, the user isn't prompted to enable Suggested Sites. The user's browsing history is sent to Microsoft to produce suggestions. - If you disable this policy setting, the entry points and functionality associated with this feature are turned off. -- If you do not configure this policy setting, the user can turn on and turn off the Suggested Sites feature. +- If you don't configure this policy setting, the user can turn on and turn off the Suggested Sites feature. @@ -1869,11 +1869,11 @@ This template policy setting allows you to configure policy settings in this zon - If you disable this template policy setting, no security level is configured. -- If you do not configure this template policy setting, no security level is configured. +- If you don't configure this template policy setting, no security level is configured. Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the same change should be made to the Locked-Down equivalent. -Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets. +Note. It's recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets. @@ -1932,13 +1932,13 @@ Note. It is recommended to configure template policy settings in one Group Polic -This policy setting allows you to manage whether Internet Explorer will check revocation status of servers' certificates. Certificates are revoked when they have been compromised or are no longer valid, and this option protects users from submitting confidential data to a site that may be fraudulent or not secure. +This policy setting allows you to manage whether Internet Explorer will check revocation status of servers' certificates. Certificates are revoked when they've been compromised or are no longer valid, and this option protects users from submitting confidential data to a site that may be fraudulent or not secure. - If you enable this policy setting, Internet Explorer will check to see if server certificates have been revoked. -- If you disable this policy setting, Internet Explorer will not check server certificates to see if they have been revoked. +- If you disable this policy setting, Internet Explorer won't check server certificates to see if they've been revoked. -- If you do not configure this policy setting, Internet Explorer will not check server certificates to see if they have been revoked. +- If you don't configure this policy setting, Internet Explorer won't check server certificates to see if they've been revoked. @@ -2001,9 +2001,9 @@ This policy setting allows you to manage whether Internet Explorer checks for di - If you enable this policy setting, Internet Explorer will check the digital signatures of executable programs and display their identities before downloading them to user computers. -- If you disable this policy setting, Internet Explorer will not check the digital signatures of executable programs or display their identities before downloading them to user computers. +- If you disable this policy setting, Internet Explorer won't check the digital signatures of executable programs or display their identities before downloading them to user computers. -- If you do not configure this policy, Internet Explorer will not check the digital signatures of executable programs or display their identities before downloading them to user computers. +- If you don't configure this policy, Internet Explorer won't check the digital signatures of executable programs or display their identities before downloading them to user computers. @@ -2062,7 +2062,7 @@ This policy setting allows you to manage whether Internet Explorer checks for di -Enables you to configure up to three versions of Microsoft Edge to open a redirected site (in order of preference). Use this policy if your environment is configured to redirect sites from Internet Explorer 11 to Microsoft Edge. If any of the chosen versions are not installed on the device, that preference will be bypassed. +Enables you to configure up to three versions of Microsoft Edge to open a redirected site (in order of preference). Use this policy if your environment is configured to redirect sites from Internet Explorer 11 to Microsoft Edge. If any of the chosen versions aren't installed on the device, that preference will be bypassed. If both the Windows Update for the next version of Microsoft Edge* and Microsoft Edge Stable channel are installed, the following behaviors occur: @@ -2073,7 +2073,7 @@ If both the Windows Update for the next version of Microsoft Edge* and Microsoft 3 = Microsoft Edge Dev version 77 or later 4 = Microsoft Edge Canary version 77 or later -If the Windows Update for the next version of Microsoft Edge* or Microsoft Edge Stable channel are not installed, the following behaviors occur: +If the Windows Update for the next version of Microsoft Edge* or Microsoft Edge Stable channel aren't installed, the following behaviors occur: - If you disable or don't configure this policy, Microsoft Edge version 45 or earlier is automatically used. This is the default behavior. - If you enable this policy, you can configure redirected sites to open in up to three of the following channels where: @@ -2354,9 +2354,9 @@ This policy setting determines whether Internet Explorer requires that all file- - If you enable this policy setting, Internet Explorer requires consistent MIME data for all received files. -- If you disable this policy setting, Internet Explorer will not require consistent MIME data for all received files. +- If you disable this policy setting, Internet Explorer won't require consistent MIME data for all received files. -- If you do not configure this policy setting, Internet Explorer requires consistent MIME data for all received files. +- If you don't configure this policy setting, Internet Explorer requires consistent MIME data for all received files. @@ -2479,7 +2479,7 @@ This policy setting determines whether the user can bypass warnings from SmartSc - If you enable this policy setting, SmartScreen Filter warnings block the user. -- If you disable or do not configure this policy setting, the user can bypass SmartScreen Filter warnings. +- If you disable or don't configure this policy setting, the user can bypass SmartScreen Filter warnings. @@ -2538,11 +2538,11 @@ This policy setting determines whether the user can bypass warnings from SmartSc -This policy setting determines whether the user can bypass warnings from SmartScreen Filter. SmartScreen Filter warns the user about executable files that Internet Explorer users do not commonly download from the Internet. +This policy setting determines whether the user can bypass warnings from SmartScreen Filter. SmartScreen Filter warns the user about executable files that Internet Explorer users don't commonly download from the Internet. - If you enable this policy setting, SmartScreen Filter warnings block the user. -- If you disable or do not configure this policy setting, the user can bypass SmartScreen Filter warnings. +- If you disable or don't configure this policy setting, the user can bypass SmartScreen Filter warnings. @@ -2603,9 +2603,9 @@ This policy setting determines whether the user can bypass warnings from SmartSc This policy setting controls the Compatibility View feature, which allows the user to fix website display problems that he or she may encounter while browsing. -- If you enable this policy setting, the user cannot use the Compatibility View button or manage the Compatibility View sites list. +- If you enable this policy setting, the user can't use the Compatibility View button or manage the Compatibility View sites list. -- If you disable or do not configure this policy setting, the user can use the Compatibility View button and manage the Compatibility View sites list. +- If you disable or don't configure this policy setting, the user can use the Compatibility View button and manage the Compatibility View sites list. @@ -2666,9 +2666,9 @@ This policy setting controls the Compatibility View feature, which allows the us This setting specifies the number of days that Internet Explorer tracks views of pages in the History List. To access the Temporary Internet Files and History Settings dialog box, from the Menu bar, on the Tools menu, click Internet Options, click the General tab, and then click Settings under Browsing history. -- If you enable this policy setting, a user cannot set the number of days that Internet Explorer tracks views of the pages in the History List. You must specify the number of days that Internet Explorer tracks views of pages in the History List. Users can not delete browsing history. +- If you enable this policy setting, a user can't set the number of days that Internet Explorer tracks views of the pages in the History List. You must specify the number of days that Internet Explorer tracks views of pages in the History List. Users can't delete browsing history. -- If you disable or do not configure this policy setting, a user can set the number of days that Internet Explorer tracks views of pages in the History list. Users can delete browsing history. +- If you disable or don't configure this policy setting, a user can set the number of days that Internet Explorer tracks views of pages in the History list. Users can delete browsing history. @@ -2731,7 +2731,7 @@ This policy setting allows you to manage the crash detection feature of add-on M - If you enable this policy setting, a crash in Internet Explorer will exhibit behavior found in Windows XP Professional Service Pack 1 and earlier, namely to invoke Windows Error Reporting. All policy settings for Windows Error Reporting continue to apply. -- If you disable or do not configure this policy setting, the crash detection feature for add-on management will be functional. +- If you disable or don't configure this policy setting, the crash detection feature for add-on management will be functional. @@ -2792,11 +2792,11 @@ This policy setting allows you to manage the crash detection feature of add-on M This policy setting prevents the user from participating in the Customer Experience Improvement Program (CEIP). -- If you enable this policy setting, the user cannot participate in the CEIP, and the Customer Feedback Options command does not appear on the Help menu. +- If you enable this policy setting, the user can't participate in the CEIP, and the Customer Feedback Options command doesn't appear on the Help menu. -- If you disable this policy setting, the user must participate in the CEIP, and the Customer Feedback Options command does not appear on the Help menu. +- If you disable this policy setting, the user must participate in the CEIP, and the Customer Feedback Options command doesn't appear on the Help menu. -- If you do not configure this policy setting, the user can choose to participate in the CEIP. +- If you don't configure this policy setting, the user can choose to participate in the CEIP. @@ -2861,7 +2861,7 @@ This policy setting prevents the user from deleting the history of websites that - If you disable this policy setting, websites that the user has visited are deleted when he or she clicks Delete. -- If you do not configure this policy setting, the user can choose whether to delete or preserve visited websites when he or she clicks Delete. +- If you don't configure this policy setting, the user can choose whether to delete or preserve visited websites when he or she clicks Delete. If the "Prevent access to Delete Browsing History" policy setting is enabled, this policy setting is enabled by default. @@ -2924,9 +2924,9 @@ If the "Prevent access to Delete Browsing History" policy setting is enabled, th This policy setting prevents the user from having enclosures (file attachments) downloaded from a feed to the user's computer. -- If you enable this policy setting, the user cannot set the Feed Sync Engine to download an enclosure through the Feed property page. A developer cannot change the download setting through the Feed APIs. +- If you enable this policy setting, the user can't set the Feed Sync Engine to download an enclosure through the Feed property page. A developer can't change the download setting through the Feed APIs. -- If you disable or do not configure this policy setting, the user can set the Feed Sync Engine to download an enclosure through the Feed property page. A developer can change the download setting through the Feed APIs. +- If you disable or don't configure this policy setting, the user can set the Feed Sync Engine to download an enclosure through the Feed property page. A developer can change the download setting through the Feed APIs. @@ -2987,9 +2987,9 @@ This policy setting prevents the user from having enclosures (file attachments) This policy setting allows you to turn off support for Transport Layer Security (TLS) 1.0, TLS 1.1, TLS 1.2, Secure Sockets Layer (SSL) 2.0, or SSL 3.0 in the browser. TLS and SSL are protocols that help protect communication between the browser and the target server. When the browser attempts to set up a protected communication with the target server, the browser and server negotiate which protocol and version to use. The browser and server attempt to match each other's list of supported protocols and versions, and they select the most preferred match. -- If you enable this policy setting, the browser negotiates or does not negotiate an encryption tunnel by using the encryption methods that you select from the drop-down list. +- If you enable this policy setting, the browser negotiates or doesn't negotiate an encryption tunnel by using the encryption methods that you select from the drop-down list. -- If you disable or do not configure this policy setting, the user can select which encryption method the browser supports. +- If you disable or don't configure this policy setting, the user can select which encryption method the browser supports. > [!NOTE] > SSL 2.0 is off by default and is no longer supported starting with Windows 10 Version 1607. SSL 2.0 is an outdated security protocol, and enabling SSL 2.0 impairs the performance and functionality of TLS 1.0. @@ -3054,7 +3054,7 @@ This policy setting controls whether to have background synchronization for feed - If you enable this policy setting, the ability to synchronize feeds and Web Slices in the background is turned off. -- If you disable or do not configure this policy setting, the user can synchronize feeds and Web Slices in the background. +- If you disable or don't configure this policy setting, the user can synchronize feeds and Web Slices in the background. @@ -3120,9 +3120,9 @@ This policy setting prevents Internet Explorer from running the First Run wizard - Skip the First Run wizard, and go directly to the user's home page. - Skip the First Run wizard, and go directly to the "Welcome to Internet Explorer" webpage. -Starting with Windows 8, the "Welcome to Internet Explorer" webpage is not available. The user's home page will display regardless of which option is chosen. +Starting with Windows 8, the "Welcome to Internet Explorer" webpage isn't available. The user's home page will display regardless of which option is chosen. -- If you disable or do not configure this policy setting, Internet Explorer may run the First Run wizard the first time the browser is started after installation. +- If you disable or don't configure this policy setting, Internet Explorer may run the First Run wizard the first time the browser is started after installation. @@ -3253,7 +3253,7 @@ This policy setting allows you to disable browser geolocation support. This will - If you disable this policy setting, browser geolocation support is turned on. -- If you do not configure this policy setting, browser geolocation support can be turned on or off in Internet Options on the Privacy tab. +- If you don't configure this policy setting, browser geolocation support can be turned on or off in Internet Options on the Privacy tab. @@ -3308,11 +3308,11 @@ This policy setting allows you to disable browser geolocation support. This will -The Home page specified on the General tab of the Internet Options dialog box is the default Web page that Internet Explorer loads whenever it is run. +The Home page specified on the General tab of the Internet Options dialog box is the default Web page that Internet Explorer loads whenever it's run. -- If you enable this policy setting, a user cannot set a custom default home page. You must specify which default home page should load on the user machine. For machines with at least Internet Explorer 7, the home page can be set within this policy to override other home page policies. +- If you enable this policy setting, a user can't set a custom default home page. You must specify which default home page should load on the user machine. For machines with at least Internet Explorer 7, the home page can be set within this policy to override other home page policies. -- If you disable or do not configure this policy setting, the Home page box is enabled and users can choose their own home page. +- If you disable or don't configure this policy setting, the Home page box is enabled and users can choose their own home page. @@ -3375,7 +3375,7 @@ This policy setting specifies if running the HTML Application (HTA file) is bloc - If you enable this policy setting, running the HTML Application (HTA file) will be blocked. -- If you disable or do not configure this policy setting, running the HTML Application (HTA file) is allowed. +- If you disable or don't configure this policy setting, running the HTML Application (HTA file) is allowed. @@ -3436,9 +3436,9 @@ This policy setting specifies if running the HTML Application (HTA file) is bloc This policy setting prevents the user from ignoring Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificate errors that interrupt browsing (such as "expired", "revoked", or "name mismatch" errors) in Internet Explorer. -- If you enable this policy setting, the user cannot continue browsing. +- If you enable this policy setting, the user can't continue browsing. -- If you disable or do not configure this policy setting, the user can choose to ignore certificate errors and continue browsing. +- If you disable or don't configure this policy setting, the user can choose to ignore certificate errors and continue browsing. @@ -3505,7 +3505,7 @@ InPrivate Browsing prevents Internet Explorer from storing data about a user's b - If you disable this policy setting, InPrivate Browsing is available for use. -- If you do not configure this policy setting, InPrivate Browsing can be turned on or off through the registry. +- If you don't configure this policy setting, InPrivate Browsing can be turned on or off through the registry. @@ -3727,9 +3727,9 @@ This policy setting determines whether Internet Explorer 11 uses 64-bit processe This policy setting specifies if a user can change proxy settings. -- If you enable this policy setting, the user will not be able to configure proxy settings. +- If you enable this policy setting, the user won't be able to configure proxy settings. -- If you disable or do not configure this policy setting, the user can configure proxy settings. +- If you disable or don't configure this policy setting, the user can configure proxy settings. @@ -3790,9 +3790,9 @@ This policy setting specifies if a user can change proxy settings. This policy setting prevents the user from changing the default search provider for the Address bar and the toolbar Search box. -- If you enable this policy setting, the user cannot change the default search provider. +- If you enable this policy setting, the user can't change the default search provider. -- If you disable or do not configure this policy setting, the user can change the default search provider. +- If you disable or don't configure this policy setting, the user can change the default search provider. @@ -3853,12 +3853,12 @@ This policy setting prevents the user from changing the default search provider Secondary home pages are the default Web pages that Internet Explorer loads in separate tabs from the home page whenever the browser is run. This policy setting allows you to set default secondary home pages. -- If you enable this policy setting, you can specify which default home pages should load as secondary home pages. The user cannot set custom default secondary home pages. +- If you enable this policy setting, you can specify which default home pages should load as secondary home pages. The user can't set custom default secondary home pages. -- If you disable or do not configure this policy setting, the user can add secondary home pages. +- If you disable or don't configure this policy setting, the user can add secondary home pages. > [!NOTE] -> If the "Disable Changing Home Page Settings" policy is enabled, the user cannot add secondary home pages. +> If the "Disable Changing Home Page Settings" policy is enabled, the user can't add secondary home pages. @@ -3920,7 +3920,7 @@ This policy setting turns off the Security Settings Check feature, which checks - If you enable this policy setting, the feature is turned off. -- If you disable or do not configure this policy setting, the feature is turned on. +- If you disable or don't configure this policy setting, the feature is turned on. @@ -3977,9 +3977,9 @@ This policy setting turns off the Security Settings Check feature, which checks Prevents Internet Explorer from checking whether a new version of the browser is available. -- If you enable this policy, it prevents Internet Explorer from checking to see whether it is the latest available browser version and notifying users if a new version is available. +- If you enable this policy, it prevents Internet Explorer from checking to see whether it's the latest available browser version and notifying users if a new version is available. -- If you disable this policy or do not configure it, Internet Explorer checks every 30 days by default, and then notifies users if a new version is available. +- If you disable this policy or don't configure it, Internet Explorer checks every 30 days by default, and then notifies users if a new version is available. This policy is intended to help the administrator maintain version control for Internet Explorer by preventing users from being notified about new versions of the browser. @@ -4042,11 +4042,11 @@ This policy is intended to help the administrator maintain version control for I This AutoComplete feature suggests possible matches when users are entering Web addresses in the browser address bar. -- If you enable this policy setting, user will not be suggested matches when entering Web addresses. The user cannot change the auto-complete for web-address setting. +- If you enable this policy setting, user won't be suggested matches when entering Web addresses. The user can't change the auto-complete for web-address setting. -- If you disable this policy setting, user will be suggested matches when entering Web addresses. The user cannot change the auto-complete for web-address setting. +- If you disable this policy setting, user will be suggested matches when entering Web addresses. The user can't change the auto-complete for web-address setting. -- If you do not configure this policy setting, a user will have the freedom to choose to turn the auto-complete setting for web-addresses on or off. +- If you don't configure this policy setting, a user will have the freedom to choose to turn the auto-complete setting for web-addresses on or off. @@ -4105,15 +4105,15 @@ This AutoComplete feature suggests possible matches when users are entering Web -This policy setting prevents ActiveX controls from running in Protected Mode when Enhanced Protected Mode is enabled. When a user has an ActiveX control installed that is not compatible with Enhanced Protected Mode and a website attempts to load the control, Internet Explorer notifies the user and gives the option to run the website in regular Protected Mode. This policy setting disables this notification and forces all websites to run in Enhanced Protected Mode. +This policy setting prevents ActiveX controls from running in Protected Mode when Enhanced Protected Mode is enabled. When a user has an ActiveX control installed that isn't compatible with Enhanced Protected Mode and a website attempts to load the control, Internet Explorer notifies the user and gives the option to run the website in regular Protected Mode. This policy setting disables this notification and forces all websites to run in Enhanced Protected Mode. Enhanced Protected Mode provides additional protection against malicious websites by using 64-bit processes on 64-bit versions of Windows. For computers running at least Windows 8, Enhanced Protected Mode also limits the locations Internet Explorer can read from in the registry and the file system. -When Enhanced Protected Mode is enabled, and a user encounters a website that attempts to load an ActiveX control that is not compatible with Enhanced Protected Mode, Internet Explorer notifies the user and gives the option to disable Enhanced Protected Mode for that particular website. +When Enhanced Protected Mode is enabled, and a user encounters a website that attempts to load an ActiveX control that isn't compatible with Enhanced Protected Mode, Internet Explorer notifies the user and gives the option to disable Enhanced Protected Mode for that particular website. -- If you enable this policy setting, Internet Explorer will not give the user the option to disable Enhanced Protected Mode. All Protected Mode websites will run in Enhanced Protected Mode. +- If you enable this policy setting, Internet Explorer won't give the user the option to disable Enhanced Protected Mode. All Protected Mode websites will run in Enhanced Protected Mode. -- If you disable or do not configure this policy setting, Internet Explorer notifies users and provides an option to run websites with incompatible ActiveX controls in regular Protected Mode. This is the default behavior. +- If you disable or don't configure this policy setting, Internet Explorer notifies users and provides an option to run websites with incompatible ActiveX controls in regular Protected Mode. This is the default behavior. @@ -4172,12 +4172,12 @@ Prevents users from adding or removing sites from security zones. A security zon - If you enable this policy, the site management settings for security zones are disabled. (To see the site management settings for security zones, in the Internet Options dialog box, click the Security tab, and then click the Sites button.) -- If you disable this policy or do not configure it, users can add Web sites to or remove sites from the Trusted Sites and Restricted Sites zones, and alter settings for the Local Intranet zone. +- If you disable this policy or don't configure it, users can add Web sites to or remove sites from the Trusted Sites and Restricted Sites zones, and alter settings for the Local Intranet zone. This policy prevents users from changing site management settings for security zones established by the administrator. > [!NOTE] -> The "Disable the Security page" policy (located in \User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel), which removes the Security tab from the interface, takes precedence over this policy. If it is enabled, this policy is ignored. +> The "Disable the Security page" policy (located in \User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel), which removes the Security tab from the interface, takes precedence over this policy. If it's enabled, this policy is ignored. Also, see the "Security zones: Use only machine settings" policy. @@ -4238,12 +4238,12 @@ Prevents users from changing security zone settings. A security zone is a group - If you enable this policy, the Custom Level button and security-level slider on the Security tab in the Internet Options dialog box are disabled. -- If you disable this policy or do not configure it, users can change the settings for security zones. +- If you disable this policy or don't configure it, users can change the settings for security zones. This policy prevents users from changing security zone settings established by the administrator. > [!NOTE] -> The "Disable the Security page" policy (located in \User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel), which removes the Security tab from Internet Explorer in Control Panel, takes precedence over this policy. If it is enabled, this policy is ignored. +> The "Disable the Security page" policy (located in \User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel), which removes the Security tab from Internet Explorer in Control Panel, takes precedence over this policy. If it's enabled, this policy is ignored. Also, see the "Security zones: Use only machine settings" policy. @@ -4443,7 +4443,7 @@ This policy setting lets admins enable extended Microsoft Edge Internet Explorer If you enable this policy, extended hotkey functionality is enabled in Internet Explorer mode and work the same as Internet Explorer. -If you disable, or don't configure this policy, extended hotkeys will not work in Internet Explorer mode. +If you disable, or don't configure this policy, extended hotkeys won't work in Internet Explorer mode. For more information, see @@ -4571,13 +4571,13 @@ To learn more about disabling Internet Explorer 11 as a standalone browser, see -This policy setting controls whether local sites which are not explicitly mapped into any Security Zone are forced into the local Intranet security zone. +This policy setting controls whether local sites which aren't explicitly mapped into any Security Zone are forced into the local Intranet security zone. -- If you enable this policy setting, local sites which are not explicitly mapped into a zone are considered to be in the Intranet Zone. +- If you enable this policy setting, local sites which aren't explicitly mapped into a zone are considered to be in the Intranet Zone. -- If you disable this policy setting, local sites which are not explicitly mapped into a zone will not be considered to be in the Intranet Zone (so would typically be in the Internet Zone). +- If you disable this policy setting, local sites which aren't explicitly mapped into a zone won't be considered to be in the Intranet Zone (so would typically be in the Internet Zone). -- If you do not configure this policy setting, users choose whether to force local sites into the Intranet Zone. +- If you don't configure this policy setting, users choose whether to force local sites into the Intranet Zone. @@ -4640,9 +4640,9 @@ This policy setting controls whether URLs representing UNCs are mapped into the - If you enable this policy setting, all network paths are mapped into the Intranet Zone. -- If you disable this policy setting, network paths are not necessarily mapped into the Intranet Zone (other rules might map one there). +- If you disable this policy setting, network paths aren't necessarily mapped into the Intranet Zone (other rules might map one there). -- If you do not configure this policy setting, users choose whether network paths are mapped into the Intranet Zone. +- If you don't configure this policy setting, users choose whether network paths are mapped into the Intranet Zone. @@ -4705,9 +4705,9 @@ This policy setting allows you to manage whether Internet Explorer can access da - If you enable this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone. -- If you disable this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone. +- If you disable this policy setting, users can't load a page in the zone that uses MSXML or ADO to access data from another site in the zone. -- If you do not configure this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone. +- If you don't configure this policy setting, users can't load a page in the zone that uses MSXML or ADO to access data from another site in the zone. @@ -4767,11 +4767,11 @@ This policy setting allows you to manage whether Internet Explorer can access da This policy setting manages whether users will be automatically prompted for ActiveX control installations. -- If you enable this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed. +- If you enable this policy setting, users will receive a prompt when a site instantiates an ActiveX control they don't have installed. - If you disable this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt. -- If you do not configure this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt. +- If you don't configure this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt. @@ -4833,7 +4833,7 @@ This policy setting determines whether users will be prompted for non user-initi - If you enable this setting, users will receive a file download dialog for automatic download attempts. -- If you disable or do not configure this setting, file downloads that are not user-initiated will be blocked, and users will see the Notification bar instead of the file download dialog. Users can then click the Notification bar to allow the file download prompt. +- If you disable or don't configure this setting, file downloads that aren't user-initiated will be blocked, and users will see the Notification bar instead of the file download dialog. Users can then click the Notification bar to allow the file download prompt. @@ -4897,9 +4897,9 @@ This policy setting allows you to manage whether scripts can perform a clipboard If you select Prompt in the drop-down box, users are queried as to whether to perform clipboard operations. -- If you disable this policy setting, a script cannot perform a clipboard operation. +- If you disable this policy setting, a script can't perform a clipboard operation. -- If you do not configure this policy setting, a script can perform a clipboard operation. +- If you don't configure this policy setting, a script can perform a clipboard operation. @@ -4963,7 +4963,7 @@ This policy setting allows you to manage whether users can drag files or copy an - If you disable this policy setting, users are prevented from dragging files or copying and pasting files from this zone. -- If you do not configure this policy setting, users can drag files or copy and paste files from this zone automatically. +- If you don't configure this policy setting, users can drag files or copy and paste files from this zone automatically. @@ -5029,7 +5029,7 @@ This policy setting allows you to manage whether pages of the zone may download - If you disable this policy setting, HTML fonts are prevented from downloading. -- If you do not configure this policy setting, HTML fonts can be downloaded automatically. +- If you don't configure this policy setting, HTML fonts can be downloaded automatically. @@ -5089,11 +5089,11 @@ This policy setting allows you to manage whether pages of the zone may download This policy setting allows you to manage whether Web sites from less privileged zones, such as Restricted Sites, can navigate into this zone. -- If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur. +- If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. The security zone will run without the added layer of security that's provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur. -- If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control. +- If you disable this policy setting, the possibly harmful navigations is prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control. -- If you do not configure this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. +- If you don't configure this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. @@ -5153,11 +5153,11 @@ This policy setting allows you to manage whether Web sites from less privileged This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation. -- If you enable this policy setting and set the drop-down box to Enable, XAML files are automatically loaded inside Internet Explorer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XAML files. +- If you enable this policy setting and set the drop-down box to Enable, XAML files are automatically loaded inside Internet Explorer. The user can't change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XAML files. -- If you disable this policy setting, XAML files are not loaded inside Internet Explorer. The user cannot change this behavior. +- If you disable this policy setting, XAML files aren't loaded inside Internet Explorer. The user can't change this behavior. -- If you do not configure this policy setting, the user can decide whether to load XAML files inside Internet Explorer. +- If you don't configure this policy setting, the user can decide whether to load XAML files inside Internet Explorer. @@ -5215,13 +5215,13 @@ This policy setting allows you to manage the loading of Extensible Application M -This policy setting allows you to manage whether . NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link. +This policy setting allows you to manage whether . NET Framework components that aren't signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link. - If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components. -- If you disable this policy setting, Internet Explorer will not execute unsigned managed components. +- If you disable this policy setting, Internet Explorer won't execute unsigned managed components. -- If you do not configure this policy setting, Internet Explorer will execute unsigned managed components. +- If you don't configure this policy setting, Internet Explorer will execute unsigned managed components. @@ -5283,7 +5283,7 @@ This policy setting controls whether or not the user is prompted to allow Active - If you enable this policy setting, the user is prompted before ActiveX controls can run from websites in this zone. The user can choose to allow the control to run from the current site or from all sites. -- If you disable this policy setting, the user does not see the per-site ActiveX prompt, and ActiveX controls can run from all sites in this zone. +- If you disable this policy setting, the user doesn't see the per-site ActiveX prompt, and ActiveX controls can run from all sites in this zone. @@ -5343,7 +5343,7 @@ This policy setting controls whether or not the user is prompted to allow Active This policy setting controls whether or not the user is allowed to run the TDC ActiveX control on websites. -- If you enable this policy setting, the TDC ActiveX control will not run from websites in this zone. +- If you enable this policy setting, the TDC ActiveX control won't run from websites in this zone. - If you disable this policy setting, the TDC Active X control will run from all sites in this zone. @@ -5407,9 +5407,9 @@ This policy setting determines whether a page can control embedded WebBrowser co - If you enable this policy setting, script access to the WebBrowser control is allowed. -- If you disable this policy setting, script access to the WebBrowser control is not allowed. +- If you disable this policy setting, script access to the WebBrowser control isn't allowed. -- If you do not configure this policy setting, the user can enable or disable script access to the WebBrowser control. By default, script access to the WebBrowser control is allowed only in the Local Machine and Intranet zones. +- If you don't configure this policy setting, the user can enable or disable script access to the WebBrowser control. By default, script access to the WebBrowser control is allowed only in the Local Machine and Intranet zones. @@ -5469,11 +5469,11 @@ This policy setting determines whether a page can control embedded WebBrowser co This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars. -- If you enable this policy setting, Windows Restrictions security will not apply in this zone. The security zone runs without the added layer of security provided by this feature. +- If you enable this policy setting, Windows Restrictions security won't apply in this zone. The security zone runs without the added layer of security provided by this feature. -- If you disable this policy setting, the possible harmful actions contained in script-initiated pop-up windows and windows that include the title and status bars cannot be run. This Internet Explorer security feature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the process. +- If you disable this policy setting, the possible harmful actions contained in script-initiated pop-up windows and windows that include the title and status bars can't be run. This Internet Explorer security feature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the process. -- If you do not configure this policy setting, the possible harmful actions contained in script-initiated pop-up windows and windows that include the title and status bars cannot be run. This Internet Explorer security feature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the process. +- If you don't configure this policy setting, the possible harmful actions contained in script-initiated pop-up windows and windows that include the title and status bars can't be run. This Internet Explorer security feature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the process. @@ -5535,9 +5535,9 @@ This policy setting allows you to manage whether the user can run scriptlets. - If you enable this policy setting, the user can run scriptlets. -- If you disable this policy setting, the user cannot run scriptlets. +- If you disable this policy setting, the user can't run scriptlets. -- If you do not configure this policy setting, the user can enable or disable scriptlets. +- If you don't configure this policy setting, the user can enable or disable scriptlets. @@ -5599,9 +5599,9 @@ This policy setting controls whether SmartScreen Filter scans pages in this zone - If you enable this policy setting, SmartScreen Filter scans pages in this zone for malicious content. -- If you disable this policy setting, SmartScreen Filter does not scan pages in this zone for malicious content. +- If you disable this policy setting, SmartScreen Filter doesn't scan pages in this zone for malicious content. -- If you do not configure this policy setting, the user can choose whether SmartScreen Filter scans pages in this zone for malicious content. +- If you don't configure this policy setting, the user can choose whether SmartScreen Filter scans pages in this zone for malicious content. > [!NOTE] > In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content. @@ -5666,7 +5666,7 @@ This policy setting allows you to manage whether script is allowed to update the - If you enable this policy setting, script is allowed to update the status bar. -- If you disable or do not configure this policy setting, script is not allowed to update the status bar. +- If you disable or don't configure this policy setting, script isn't allowed to update the status bar. @@ -5728,9 +5728,9 @@ This policy setting allows you to manage the preservation of information in the - If you enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. -- If you disable this policy setting, users cannot preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. +- If you disable this policy setting, users can't preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. -- If you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. +- If you don't configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. @@ -5796,7 +5796,7 @@ If you selected Prompt in the drop-down box, users are asked to choose whether t If you selected Disable in the drop-down box, VBScript is prevented from running. -If you do not configure or disable this policy setting, VBScript is prevented from running. +If you don't configure or disable this policy setting, VBScript is prevented from running. @@ -5922,9 +5922,9 @@ This policy setting allows you to manage whether users may download signed Activ - If you enable this policy, users can download signed controls without user intervention. If you select Prompt in the drop-down box, users are queried whether to download controls signed by publishers who aren't trusted. Code signed by trusted publishers is silently downloaded. -- If you disable the policy setting, signed controls cannot be downloaded. +- If you disable the policy setting, signed controls can't be downloaded. -- If you do not configure this policy setting, users are queried whether to download controls signed by publishers who aren't trusted. Code signed by trusted publishers is silently downloaded. +- If you don't configure this policy setting, users are queried whether to download controls signed by publishers who aren't trusted. Code signed by trusted publishers is silently downloaded. @@ -5986,9 +5986,9 @@ This policy setting allows you to manage whether users may download unsigned Act - If you enable this policy setting, users can run unsigned controls without user intervention. If you select Prompt in the drop-down box, users are queried to choose whether to allow the unsigned control to run. -- If you disable this policy setting, users cannot run unsigned controls. +- If you disable this policy setting, users can't run unsigned controls. -- If you do not configure this policy setting, users cannot run unsigned controls. +- If you don't configure this policy setting, users can't run unsigned controls. @@ -6110,13 +6110,13 @@ This policy controls whether or not the Cross-Site Scripting (XSS) Filter will d This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows. -If you enable this policy setting and click Enable, users can drag content from one domain to a different domain when the source and destination are in different windows. Users cannot change this setting. +If you enable this policy setting and click Enable, users can drag content from one domain to a different domain when the source and destination are in different windows. Users can't change this setting. -If you enable this policy setting and click Disable, users cannot drag content from one domain to a different domain when both the source and destination are in different windows. Users cannot change this setting. +If you enable this policy setting and click Disable, users can't drag content from one domain to a different domain when both the source and destination are in different windows. Users can't change this setting. -In Internet Explorer 10, if you disable this policy setting or do not configure it, users cannot drag content from one domain to a different domain when the source and destination are in different windows. Users can change this setting in the Internet Options dialog. +In Internet Explorer 10, if you disable this policy setting or don't configure it, users can't drag content from one domain to a different domain when the source and destination are in different windows. Users can change this setting in the Internet Options dialog. -In Internet Explorer 9 and earlier versions, if you disable this policy or do not configure it, users can drag content from one domain to a different domain when the source and destination are in different windows. Users cannot change this setting. +In Internet Explorer 9 and earlier versions, if you disable this policy or don't configure it, users can drag content from one domain to a different domain when the source and destination are in different windows. Users can't change this setting. @@ -6176,13 +6176,13 @@ In Internet Explorer 9 and earlier versions, if you disable this policy or do no This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window. -If you enable this policy setting and click Enable, users can drag content from one domain to a different domain when the source and destination are in the same window. Users cannot change this setting. +If you enable this policy setting and click Enable, users can drag content from one domain to a different domain when the source and destination are in the same window. Users can't change this setting. -If you enable this policy setting and click Disable, users cannot drag content from one domain to a different domain when the source and destination are in the same window. Users cannot change this setting in the Internet Options dialog. +If you enable this policy setting and click Disable, users can't drag content from one domain to a different domain when the source and destination are in the same window. Users can't change this setting in the Internet Options dialog. -In Internet Explorer 10, if you disable this policy setting or do not configure it, users cannot drag content from one domain to a different domain when the source and destination are in the same window. Users can change this setting in the Internet Options dialog. +In Internet Explorer 10, if you disable this policy setting or don't configure it, users can't drag content from one domain to a different domain when the source and destination are in the same window. Users can change this setting in the Internet Options dialog. -In Internet Explorer 9 and earlier versions, if you disable this policy setting or do not configure it, users can drag content from one domain to a different domain when the source and destination are in the same window. Users cannot change this setting in the Internet Options dialog. +In Internet Explorer 9 and earlier versions, if you disable this policy setting or don't configure it, users can drag content from one domain to a different domain when the source and destination are in the same window. Users can't change this setting in the Internet Options dialog. @@ -6242,11 +6242,11 @@ In Internet Explorer 9 and earlier versions, if you disable this policy setting This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature. -- If you enable this policy setting, the MIME Sniffing Safety Feature will not apply in this zone. The security zone will run without the added layer of security provided by this feature. +- If you enable this policy setting, the MIME Sniffing Safety Feature won't apply in this zone. The security zone will run without the added layer of security provided by this feature. -- If you disable this policy setting, the actions that may be harmful cannot run; this Internet Explorer security feature will be turned on in this zone, as dictated by the feature control setting for the process. +- If you disable this policy setting, the actions that may be harmful can't run; this Internet Explorer security feature will be turned on in this zone, as dictated by the feature control setting for the process. -- If you do not configure this policy setting, the MIME Sniffing Safety Feature will not apply in this zone. +- If you don't configure this policy setting, the MIME Sniffing Safety Feature won't apply in this zone. @@ -6306,11 +6306,11 @@ This policy setting allows you to manage MIME sniffing for file promotion from o This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system. -- If you enable this policy setting, Protected Mode is turned on. The user cannot turn off Protected Mode. +- If you enable this policy setting, Protected Mode is turned on. The user can't turn off Protected Mode. -- If you disable this policy setting, Protected Mode is turned off. The user cannot turn on Protected Mode. +- If you disable this policy setting, Protected Mode is turned off. The user can't turn on Protected Mode. -- If you do not configure this policy setting, the user can turn on or turn off Protected Mode. +- If you don't configure this policy setting, the user can turn on or turn off Protected Mode. @@ -6374,7 +6374,7 @@ This policy setting controls whether or not local path information is sent when - If you disable this policy setting, path information is removed when the user is uploading a file via an HTML form. -- If you do not configure this policy setting, the user can choose whether path information is sent when he or she is uploading a file via an HTML form. By default, path information is sent. +- If you don't configure this policy setting, the user can choose whether path information is sent when he or she is uploading a file via an HTML form. By default, path information is sent. @@ -6434,13 +6434,13 @@ This policy setting controls whether or not local path information is sent when This policy setting allows you to manage ActiveX controls not marked as safe. -- If you enable this policy setting, ActiveX controls are run, loaded with parameters, and scripted without setting object safety for untrusted data or scripts. This setting is not recommended, except for secure and administered zones. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scripting option. +- If you enable this policy setting, ActiveX controls are run, loaded with parameters, and scripted without setting object safety for untrusted data or scripts. This setting isn't recommended, except for secure and administered zones. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scripting option. - If you enable this policy setting and select Prompt in the drop-down box, users are queried whether to allow the control to be loaded with parameters or scripted. -- If you disable this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted. +- If you disable this policy setting, ActiveX controls that can't be made safe aren't loaded with parameters or scripted. -- If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted. +- If you don't configure this policy setting, ActiveX controls that can't be made safe aren't loaded with parameters or scripted. @@ -6504,13 +6504,13 @@ This policy setting allows you to manage permissions for Java applets. Low Safety enables applets to perform all operations. -Medium Safety enables applets to run in their sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure storage area on the client computer) and user-controlled file I/O. +Medium Safety enables applets to run in their sandbox (an area in memory outside of which the program can't make calls), plus capabilities like scratch space (a safe and secure storage area on the client computer) and user-controlled file I/O. High Safety enables applets to run in their sandbox. Disable Java to prevent any applets from running. -- If you disable this policy setting, Java applets cannot run. +- If you disable this policy setting, Java applets can't run. -- If you do not configure this policy setting, the permission is set to High Safety. +- If you don't configure this policy setting, the permission is set to High Safety. @@ -6574,7 +6574,7 @@ This policy setting allows you to manage whether applications may be run and fil - If you disable this policy setting, users are prevented from running applications and downloading files from IFRAMEs on the pages in this zone. -- If you do not configure this policy setting, users are queried to choose whether to run applications and download files from IFRAMEs on the pages in this zone. +- If you don't configure this policy setting, users are queried to choose whether to run applications and download files from IFRAMEs on the pages in this zone. @@ -6642,11 +6642,11 @@ Prompt for user name and password to query users for user IDs and passwords. Aft Automatic logon only in Intranet zone to query users for user IDs and passwords in other zones. After a user is queried, these values can be used silently for the remainder of the session. -Automatic logon with current user name and password to attempt logon using Windows NT Challenge Response (also known as NTLM authentication). If Windows NT Challenge Response is supported by the server, the logon uses the user's network user name and password for logon. If Windows NT Challenge Response is not supported by the server, the user is queried to provide the user name and password. +Automatic logon with current user name and password to attempt logon using Windows NT Challenge Response (also known as NTLM authentication). If Windows NT Challenge Response is supported by the server, the logon uses the user's network user name and password for logon. If Windows NT Challenge Response isn't supported by the server, the user is queried to provide the user name and password. - If you disable this policy setting, logon is set to Automatic logon only in Intranet zone. -- If you do not configure this policy setting, logon is set to Automatic logon only in Intranet zone. +- If you don't configure this policy setting, logon is set to Automatic logon only in Intranet zone. @@ -6708,9 +6708,9 @@ This policy setting allows you to manage the opening of windows and frames and a - If you enable this policy setting, users can open windows and frames from other domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow windows and frames to access applications from other domains. -- If you disable this policy setting, users cannot open windows and frames to access applications from different domains. +- If you disable this policy setting, users can't open windows and frames to access applications from different domains. -- If you do not configure this policy setting, users can open windows and frames from other domains and access applications from other domains. +- If you don't configure this policy setting, users can open windows and frames from other domains and access applications from other domains. @@ -6772,9 +6772,9 @@ This policy setting allows you to manage whether . NET Framework components that - If you enable this policy setting, Internet Explorer will execute signed managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute signed managed components. -- If you disable this policy setting, Internet Explorer will not execute signed managed components. +- If you disable this policy setting, Internet Explorer won't execute signed managed components. -- If you do not configure this policy setting, Internet Explorer will execute signed managed components. +- If you don't configure this policy setting, Internet Explorer will execute signed managed components. @@ -6836,9 +6836,9 @@ This policy setting controls whether or not the "Open File - Security Warning" m - If you enable this policy setting and set the drop-down box to Enable, these files open without a security warning. If you set the drop-down box to Prompt, a security warning appears before the files open. -- If you disable this policy setting, these files do not open. +- If you disable this policy setting, these files don't open. -- If you do not configure this policy setting, the user can configure how the computer handles these files. By default, these files are blocked in the Restricted zone, enabled in the Intranet and Local Computer zones, and set to prompt in the Internet and Trusted zones. +- If you don't configure this policy setting, the user can configure how the computer handles these files. By default, these files are blocked in the Restricted zone, enabled in the Intranet and Local Computer zones, and set to prompt in the Internet and Trusted zones. @@ -6896,13 +6896,13 @@ This policy setting controls whether or not the "Open File - Security Warning" m -This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked. +This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link aren't blocked. - If you enable this policy setting, most unwanted pop-up windows are prevented from appearing. -- If you disable this policy setting, pop-up windows are not prevented from appearing. +- If you disable this policy setting, pop-up windows aren't prevented from appearing. -- If you do not configure this policy setting, most unwanted pop-up windows are prevented from appearing. +- If you don't configure this policy setting, most unwanted pop-up windows are prevented from appearing. @@ -6964,9 +6964,9 @@ This policy setting allows you to manage whether Internet Explorer can access da - If you enable this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone. -- If you disable this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone. +- If you disable this policy setting, users can't load a page in the zone that uses MSXML or ADO to access data from another site in the zone. -- If you do not configure this policy setting, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone. +- If you don't configure this policy setting, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone. @@ -7026,11 +7026,11 @@ This policy setting allows you to manage whether Internet Explorer can access da This policy setting manages whether users will be automatically prompted for ActiveX control installations. -- If you enable this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed. +- If you enable this policy setting, users will receive a prompt when a site instantiates an ActiveX control they don't have installed. - If you disable this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt. -- If you do not configure this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed. +- If you don't configure this policy setting, users will receive a prompt when a site instantiates an ActiveX control they don't have installed. @@ -7092,7 +7092,7 @@ This policy setting determines whether users will be prompted for non user-initi - If you enable this setting, users will receive a file download dialog for automatic download attempts. -- If you disable or do not configure this setting, users will receive a file download dialog for automatic download attempts. +- If you disable or don't configure this setting, users will receive a file download dialog for automatic download attempts. @@ -7158,7 +7158,7 @@ This policy setting allows you to manage whether pages of the zone may download - If you disable this policy setting, HTML fonts are prevented from downloading. -- If you do not configure this policy setting, HTML fonts can be downloaded automatically. +- If you don't configure this policy setting, HTML fonts can be downloaded automatically. @@ -7218,11 +7218,11 @@ This policy setting allows you to manage whether pages of the zone may download This policy setting allows you to manage whether Web sites from less privileged zones, such as Restricted Sites, can navigate into this zone. -- If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur. +- If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. The security zone will run without the added layer of security that's provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur. -- If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control. +- If you disable this policy setting, the possibly harmful navigations is prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control. -- If you do not configure this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. +- If you don't configure this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. @@ -7280,13 +7280,13 @@ This policy setting allows you to manage whether Web sites from less privileged -This policy setting allows you to manage whether . NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link. +This policy setting allows you to manage whether . NET Framework components that aren't signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link. - If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components. -- If you disable this policy setting, Internet Explorer will not execute unsigned managed components. +- If you disable this policy setting, Internet Explorer won't execute unsigned managed components. -- If you do not configure this policy setting, Internet Explorer will execute unsigned managed components. +- If you don't configure this policy setting, Internet Explorer will execute unsigned managed components. @@ -7348,9 +7348,9 @@ This policy setting allows you to manage whether the user can run scriptlets. - If you enable this policy setting, the user can run scriptlets. -- If you disable this policy setting, the user cannot run scriptlets. +- If you disable this policy setting, the user can't run scriptlets. -- If you do not configure this policy setting, the user can enable or disable scriptlets. +- If you don't configure this policy setting, the user can enable or disable scriptlets. @@ -7412,9 +7412,9 @@ This policy setting controls whether SmartScreen Filter scans pages in this zone - If you enable this policy setting, SmartScreen Filter scans pages in this zone for malicious content. -- If you disable this policy setting, SmartScreen Filter does not scan pages in this zone for malicious content. +- If you disable this policy setting, SmartScreen Filter doesn't scan pages in this zone for malicious content. -- If you do not configure this policy setting, the user can choose whether SmartScreen Filter scans pages in this zone for malicious content. +- If you don't configure this policy setting, the user can choose whether SmartScreen Filter scans pages in this zone for malicious content. > [!NOTE] > In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content. @@ -7479,9 +7479,9 @@ This policy setting allows you to manage the preservation of information in the - If you enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. -- If you disable this policy setting, users cannot preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. +- If you disable this policy setting, users can't preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. -- If you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. +- If you don't configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. @@ -7605,13 +7605,13 @@ This policy setting determines whether Internet Explorer runs antimalware progra This policy setting allows you to manage ActiveX controls not marked as safe. -- If you enable this policy setting, ActiveX controls are run, loaded with parameters, and scripted without setting object safety for untrusted data or scripts. This setting is not recommended, except for secure and administered zones. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scripting option. +- If you enable this policy setting, ActiveX controls are run, loaded with parameters, and scripted without setting object safety for untrusted data or scripts. This setting isn't recommended, except for secure and administered zones. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scripting option. - If you enable this policy setting and select Prompt in the drop-down box, users are queried whether to allow the control to be loaded with parameters or scripted. -- If you disable this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted. +- If you disable this policy setting, ActiveX controls that can't be made safe aren't loaded with parameters or scripted. -- If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted. +- If you don't configure this policy setting, ActiveX controls that can't be made safe aren't loaded with parameters or scripted. @@ -7675,13 +7675,13 @@ This policy setting allows you to manage permissions for Java applets. Low Safety enables applets to perform all operations. -Medium Safety enables applets to run in their sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure storage area on the client computer) and user-controlled file I/O. +Medium Safety enables applets to run in their sandbox (an area in memory outside of which the program can't make calls), plus capabilities like scratch space (a safe and secure storage area on the client computer) and user-controlled file I/O. High Safety enables applets to run in their sandbox. Disable Java to prevent any applets from running. -- If you disable this policy setting, Java applets cannot run. +- If you disable this policy setting, Java applets can't run. -- If you do not configure this policy setting, the permission is set to Medium Safety. +- If you don't configure this policy setting, the permission is set to Medium Safety. @@ -7743,9 +7743,9 @@ This policy setting allows you to manage the opening of windows and frames and a - If you enable this policy setting, users can open windows and frames from other domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow windows and frames to access applications from other domains. -- If you disable this policy setting, users cannot open windows and frames to access applications from different domains. +- If you disable this policy setting, users can't open windows and frames to access applications from different domains. -- If you do not configure this policy setting, users can open windows and frames from other domains and access applications from other domains. +- If you don't configure this policy setting, users can open windows and frames from other domains and access applications from other domains. @@ -7967,9 +7967,9 @@ This policy setting allows you to manage whether Internet Explorer can access da - If you enable this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone. -- If you disable this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone. +- If you disable this policy setting, users can't load a page in the zone that uses MSXML or ADO to access data from another site in the zone. -- If you do not configure this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. +- If you don't configure this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. @@ -8029,11 +8029,11 @@ This policy setting allows you to manage whether Internet Explorer can access da This policy setting manages whether users will be automatically prompted for ActiveX control installations. -- If you enable this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed. +- If you enable this policy setting, users will receive a prompt when a site instantiates an ActiveX control they don't have installed. - If you disable this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt. -- If you do not configure this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed. +- If you don't configure this policy setting, users will receive a prompt when a site instantiates an ActiveX control they don't have installed. @@ -8095,7 +8095,7 @@ This policy setting determines whether users will be prompted for non user-initi - If you enable this setting, users will receive a file download dialog for automatic download attempts. -- If you disable or do not configure this setting, users will receive a file download dialog for automatic download attempts. +- If you disable or don't configure this setting, users will receive a file download dialog for automatic download attempts. @@ -8161,7 +8161,7 @@ This policy setting allows you to manage whether pages of the zone may download - If you disable this policy setting, HTML fonts are prevented from downloading. -- If you do not configure this policy setting, HTML fonts can be downloaded automatically. +- If you don't configure this policy setting, HTML fonts can be downloaded automatically. @@ -8221,11 +8221,11 @@ This policy setting allows you to manage whether pages of the zone may download This policy setting allows you to manage whether Web sites from less privileged zones, such as Internet sites, can navigate into this zone. -- If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur. +- If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. The security zone will run without the added layer of security that's provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur. -- If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control. +- If you disable this policy setting, the possibly harmful navigations is prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control. -- If you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control. +- If you don't configure this policy setting, the possibly harmful navigations is prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control. @@ -8283,13 +8283,13 @@ This policy setting allows you to manage whether Web sites from less privileged -This policy setting allows you to manage whether . NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link. +This policy setting allows you to manage whether . NET Framework components that aren't signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link. - If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components. -- If you disable this policy setting, Internet Explorer will not execute unsigned managed components. +- If you disable this policy setting, Internet Explorer won't execute unsigned managed components. -- If you do not configure this policy setting, Internet Explorer will not execute unsigned managed components. +- If you don't configure this policy setting, Internet Explorer won't execute unsigned managed components. @@ -8351,9 +8351,9 @@ This policy setting allows you to manage whether the user can run scriptlets. - If you enable this policy setting, the user can run scriptlets. -- If you disable this policy setting, the user cannot run scriptlets. +- If you disable this policy setting, the user can't run scriptlets. -- If you do not configure this policy setting, the user can enable or disable scriptlets. +- If you don't configure this policy setting, the user can enable or disable scriptlets. @@ -8415,9 +8415,9 @@ This policy setting controls whether SmartScreen Filter scans pages in this zone - If you enable this policy setting, SmartScreen Filter scans pages in this zone for malicious content. -- If you disable this policy setting, SmartScreen Filter does not scan pages in this zone for malicious content. +- If you disable this policy setting, SmartScreen Filter doesn't scan pages in this zone for malicious content. -- If you do not configure this policy setting, the user can choose whether SmartScreen Filter scans pages in this zone for malicious content. +- If you don't configure this policy setting, the user can choose whether SmartScreen Filter scans pages in this zone for malicious content. > [!NOTE] > In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content. @@ -8482,9 +8482,9 @@ This policy setting allows you to manage the preservation of information in the - If you enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. -- If you disable this policy setting, users cannot preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. +- If you disable this policy setting, users can't preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. -- If you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. +- If you don't configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. @@ -8608,13 +8608,13 @@ This policy setting determines whether Internet Explorer runs antimalware progra This policy setting allows you to manage ActiveX controls not marked as safe. -- If you enable this policy setting, ActiveX controls are run, loaded with parameters, and scripted without setting object safety for untrusted data or scripts. This setting is not recommended, except for secure and administered zones. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scripting option. +- If you enable this policy setting, ActiveX controls are run, loaded with parameters, and scripted without setting object safety for untrusted data or scripts. This setting isn't recommended, except for secure and administered zones. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scripting option. - If you enable this policy setting and select Prompt in the drop-down box, users are queried whether to allow the control to be loaded with parameters or scripted. -- If you disable this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted. +- If you disable this policy setting, ActiveX controls that can't be made safe aren't loaded with parameters or scripted. -- If you do not configure this policy setting, users are queried whether to allow the control to be loaded with parameters or scripted. +- If you don't configure this policy setting, users are queried whether to allow the control to be loaded with parameters or scripted. @@ -8678,13 +8678,13 @@ This policy setting allows you to manage permissions for Java applets. Low Safety enables applets to perform all operations. -Medium Safety enables applets to run in their sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure storage area on the client computer) and user-controlled file I/O. +Medium Safety enables applets to run in their sandbox (an area in memory outside of which the program can't make calls), plus capabilities like scratch space (a safe and secure storage area on the client computer) and user-controlled file I/O. High Safety enables applets to run in their sandbox. Disable Java to prevent any applets from running. -- If you disable this policy setting, Java applets cannot run. +- If you disable this policy setting, Java applets can't run. -- If you do not configure this policy setting, the permission is set to Medium Safety. +- If you don't configure this policy setting, the permission is set to Medium Safety. @@ -8746,9 +8746,9 @@ This policy setting allows you to manage the opening of windows and frames and a - If you enable this policy setting, users can open windows and frames from other domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow windows and frames to access applications from other domains. -- If you disable this policy setting, users cannot open windows and frames to access applications from different domains. +- If you disable this policy setting, users can't open windows and frames to access applications from different domains. -- If you do not configure this policy setting, users can open windows and frames from other domains and access applications from other domains. +- If you don't configure this policy setting, users can open windows and frames from other domains and access applications from other domains. @@ -8810,9 +8810,9 @@ This policy setting allows you to manage whether Internet Explorer can access da - If you enable this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone. -- If you disable this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone. +- If you disable this policy setting, users can't load a page in the zone that uses MSXML or ADO to access data from another site in the zone. -- If you do not configure this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone. +- If you don't configure this policy setting, users can't load a page in the zone that uses MSXML or ADO to access data from another site in the zone. @@ -8872,11 +8872,11 @@ This policy setting allows you to manage whether Internet Explorer can access da This policy setting manages whether users will be automatically prompted for ActiveX control installations. -- If you enable this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed. +- If you enable this policy setting, users will receive a prompt when a site instantiates an ActiveX control they don't have installed. - If you disable this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt. -- If you do not configure this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt. +- If you don't configure this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt. @@ -8938,7 +8938,7 @@ This policy setting determines whether users will be prompted for non user-initi - If you enable this setting, users will receive a file download dialog for automatic download attempts. -- If you disable or do not configure this setting, file downloads that are not user-initiated will be blocked, and users will see the Notification bar instead of the file download dialog. Users can then click the Notification bar to allow the file download prompt. +- If you disable or don't configure this setting, file downloads that aren't user-initiated will be blocked, and users will see the Notification bar instead of the file download dialog. Users can then click the Notification bar to allow the file download prompt. @@ -9004,7 +9004,7 @@ This policy setting allows you to manage whether pages of the zone may download - If you disable this policy setting, HTML fonts are prevented from downloading. -- If you do not configure this policy setting, HTML fonts can be downloaded automatically. +- If you don't configure this policy setting, HTML fonts can be downloaded automatically. @@ -9064,11 +9064,11 @@ This policy setting allows you to manage whether pages of the zone may download This policy setting allows you to manage whether Web sites from less privileged zones, such as Internet sites, can navigate into this zone. -- If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur. +- If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. The security zone will run without the added layer of security that's provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur. -- If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control. +- If you disable this policy setting, the possibly harmful navigations is prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control. -- If you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control. +- If you don't configure this policy setting, the possibly harmful navigations is prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control. @@ -9126,13 +9126,13 @@ This policy setting allows you to manage whether Web sites from less privileged -This policy setting allows you to manage whether . NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link. +This policy setting allows you to manage whether . NET Framework components that aren't signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link. - If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components. -- If you disable this policy setting, Internet Explorer will not execute unsigned managed components. +- If you disable this policy setting, Internet Explorer won't execute unsigned managed components. -- If you do not configure this policy setting, Internet Explorer will not execute unsigned managed components. +- If you don't configure this policy setting, Internet Explorer won't execute unsigned managed components. @@ -9194,9 +9194,9 @@ This policy setting allows you to manage whether the user can run scriptlets. - If you enable this policy setting, the user can run scriptlets. -- If you disable this policy setting, the user cannot run scriptlets. +- If you disable this policy setting, the user can't run scriptlets. -- If you do not configure this policy setting, the user can enable or disable scriptlets. +- If you don't configure this policy setting, the user can enable or disable scriptlets. @@ -9258,9 +9258,9 @@ This policy setting controls whether SmartScreen Filter scans pages in this zone - If you enable this policy setting, SmartScreen Filter scans pages in this zone for malicious content. -- If you disable this policy setting, SmartScreen Filter does not scan pages in this zone for malicious content. +- If you disable this policy setting, SmartScreen Filter doesn't scan pages in this zone for malicious content. -- If you do not configure this policy setting, the user can choose whether SmartScreen Filter scans pages in this zone for malicious content. +- If you don't configure this policy setting, the user can choose whether SmartScreen Filter scans pages in this zone for malicious content. > [!NOTE] > In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content. @@ -9325,9 +9325,9 @@ This policy setting allows you to manage the preservation of information in the - If you enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. -- If you disable this policy setting, users cannot preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. +- If you disable this policy setting, users can't preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. -- If you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. +- If you don't configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. @@ -9387,13 +9387,13 @@ This policy setting allows you to manage the preservation of information in the This policy setting allows you to manage ActiveX controls not marked as safe. -- If you enable this policy setting, ActiveX controls are run, loaded with parameters, and scripted without setting object safety for untrusted data or scripts. This setting is not recommended, except for secure and administered zones. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scripting option. +- If you enable this policy setting, ActiveX controls are run, loaded with parameters, and scripted without setting object safety for untrusted data or scripts. This setting isn't recommended, except for secure and administered zones. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scripting option. - If you enable this policy setting and select Prompt in the drop-down box, users are queried whether to allow the control to be loaded with parameters or scripted. -- If you disable this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted. +- If you disable this policy setting, ActiveX controls that can't be made safe aren't loaded with parameters or scripted. -- If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted. +- If you don't configure this policy setting, ActiveX controls that can't be made safe aren't loaded with parameters or scripted. @@ -9457,13 +9457,13 @@ This policy setting allows you to manage permissions for Java applets. Low Safety enables applets to perform all operations. -Medium Safety enables applets to run in their sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure storage area on the client computer) and user-controlled file I/O. +Medium Safety enables applets to run in their sandbox (an area in memory outside of which the program can't make calls), plus capabilities like scratch space (a safe and secure storage area on the client computer) and user-controlled file I/O. High Safety enables applets to run in their sandbox. Disable Java to prevent any applets from running. -- If you disable this policy setting, Java applets cannot run. +- If you disable this policy setting, Java applets can't run. -- If you do not configure this policy setting, Java applets are disabled. +- If you don't configure this policy setting, Java applets are disabled. @@ -9525,9 +9525,9 @@ This policy setting allows you to manage the opening of windows and frames and a - If you enable this policy setting, users can open windows and frames from other domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow windows and frames to access applications from other domains. -- If you disable this policy setting, users cannot open windows and frames to access applications from different domains. +- If you disable this policy setting, users can't open windows and frames to access applications from different domains. -- If you do not configure this policy setting, users can open windows and frames from other domains and access applications from other domains. +- If you don't configure this policy setting, users can open windows and frames from other domains and access applications from other domains. @@ -9591,13 +9591,13 @@ This policy setting allows you to manage permissions for Java applets. Low Safety enables applets to perform all operations. -Medium Safety enables applets to run in their sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure storage area on the client computer) and user-controlled file I/O. +Medium Safety enables applets to run in their sandbox (an area in memory outside of which the program can't make calls), plus capabilities like scratch space (a safe and secure storage area on the client computer) and user-controlled file I/O. High Safety enables applets to run in their sandbox. Disable Java to prevent any applets from running. -- If you disable this policy setting, Java applets cannot run. +- If you disable this policy setting, Java applets can't run. -- If you do not configure this policy setting, Java applets are disabled. +- If you don't configure this policy setting, Java applets are disabled. @@ -9659,9 +9659,9 @@ This policy setting allows you to manage whether Internet Explorer can access da - If you enable this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone. -- If you disable this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone. +- If you disable this policy setting, users can't load a page in the zone that uses MSXML or ADO to access data from another site in the zone. -- If you do not configure this policy setting, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone. +- If you don't configure this policy setting, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone. @@ -9721,11 +9721,11 @@ This policy setting allows you to manage whether Internet Explorer can access da This policy setting manages whether users will be automatically prompted for ActiveX control installations. -- If you enable this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed. +- If you enable this policy setting, users will receive a prompt when a site instantiates an ActiveX control they don't have installed. - If you disable this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt. -- If you do not configure this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt. +- If you don't configure this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt. @@ -9787,7 +9787,7 @@ This policy setting determines whether users will be prompted for non user-initi - If you enable this setting, users will receive a file download dialog for automatic download attempts. -- If you disable or do not configure this setting, file downloads that are not user-initiated will be blocked, and users will see the Notification bar instead of the file download dialog. Users can then click the Notification bar to allow the file download prompt. +- If you disable or don't configure this setting, file downloads that aren't user-initiated will be blocked, and users will see the Notification bar instead of the file download dialog. Users can then click the Notification bar to allow the file download prompt. @@ -9853,7 +9853,7 @@ This policy setting allows you to manage whether pages of the zone may download - If you disable this policy setting, HTML fonts are prevented from downloading. -- If you do not configure this policy setting, HTML fonts can be downloaded automatically. +- If you don't configure this policy setting, HTML fonts can be downloaded automatically. @@ -9913,11 +9913,11 @@ This policy setting allows you to manage whether pages of the zone may download This policy setting allows you to manage whether Web sites from less privileged zones, such as Internet sites, can navigate into this zone. -- If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur. +- If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. The security zone will run without the added layer of security that's provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur. -- If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control. +- If you disable this policy setting, the possibly harmful navigations is prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control. -- If you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control. +- If you don't configure this policy setting, the possibly harmful navigations is prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control. @@ -9975,13 +9975,13 @@ This policy setting allows you to manage whether Web sites from less privileged -This policy setting allows you to manage whether . NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link. +This policy setting allows you to manage whether . NET Framework components that aren't signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link. - If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components. -- If you disable this policy setting, Internet Explorer will not execute unsigned managed components. +- If you disable this policy setting, Internet Explorer won't execute unsigned managed components. -- If you do not configure this policy setting, Internet Explorer will not execute unsigned managed components. +- If you don't configure this policy setting, Internet Explorer won't execute unsigned managed components. @@ -10043,9 +10043,9 @@ This policy setting allows you to manage whether the user can run scriptlets. - If you enable this policy setting, the user can run scriptlets. -- If you disable this policy setting, the user cannot run scriptlets. +- If you disable this policy setting, the user can't run scriptlets. -- If you do not configure this policy setting, the user can enable or disable scriptlets. +- If you don't configure this policy setting, the user can enable or disable scriptlets. @@ -10107,9 +10107,9 @@ This policy setting controls whether SmartScreen Filter scans pages in this zone - If you enable this policy setting, SmartScreen Filter scans pages in this zone for malicious content. -- If you disable this policy setting, SmartScreen Filter does not scan pages in this zone for malicious content. +- If you disable this policy setting, SmartScreen Filter doesn't scan pages in this zone for malicious content. -- If you do not configure this policy setting, the user can choose whether SmartScreen Filter scans pages in this zone for malicious content. +- If you don't configure this policy setting, the user can choose whether SmartScreen Filter scans pages in this zone for malicious content. > [!NOTE] > In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content. @@ -10174,9 +10174,9 @@ This policy setting allows you to manage the preservation of information in the - If you enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. -- If you disable this policy setting, users cannot preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. +- If you disable this policy setting, users can't preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. -- If you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. +- If you don't configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. @@ -10236,13 +10236,13 @@ This policy setting allows you to manage the preservation of information in the This policy setting allows you to manage ActiveX controls not marked as safe. -- If you enable this policy setting, ActiveX controls are run, loaded with parameters, and scripted without setting object safety for untrusted data or scripts. This setting is not recommended, except for secure and administered zones. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scripting option. +- If you enable this policy setting, ActiveX controls are run, loaded with parameters, and scripted without setting object safety for untrusted data or scripts. This setting isn't recommended, except for secure and administered zones. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scripting option. - If you enable this policy setting and select Prompt in the drop-down box, users are queried whether to allow the control to be loaded with parameters or scripted. -- If you disable this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted. +- If you disable this policy setting, ActiveX controls that can't be made safe aren't loaded with parameters or scripted. -- If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted. +- If you don't configure this policy setting, ActiveX controls that can't be made safe aren't loaded with parameters or scripted. @@ -10304,9 +10304,9 @@ This policy setting allows you to manage the opening of windows and frames and a - If you enable this policy setting, users can open windows and frames from other domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow windows and frames to access applications from other domains. -- If you disable this policy setting, users cannot open windows and frames to access applications from different domains. +- If you disable this policy setting, users can't open windows and frames to access applications from different domains. -- If you do not configure this policy setting, users can open windows and frames from other domains and access applications from other domains. +- If you don't configure this policy setting, users can open windows and frames from other domains and access applications from other domains. @@ -10368,9 +10368,9 @@ This policy setting allows you to manage whether Internet Explorer can access da - If you enable this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone. -- If you disable this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone. +- If you disable this policy setting, users can't load a page in the zone that uses MSXML or ADO to access data from another site in the zone. -- If you do not configure this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. +- If you don't configure this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. @@ -10430,11 +10430,11 @@ This policy setting allows you to manage whether Internet Explorer can access da This policy setting manages whether users will be automatically prompted for ActiveX control installations. -- If you enable this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed. +- If you enable this policy setting, users will receive a prompt when a site instantiates an ActiveX control they don't have installed. - If you disable this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt. -- If you do not configure this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt. +- If you don't configure this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt. @@ -10496,7 +10496,7 @@ This policy setting determines whether users will be prompted for non user-initi - If you enable this setting, users will receive a file download dialog for automatic download attempts. -- If you disable or do not configure this setting, file downloads that are not user-initiated will be blocked, and users will see the Notification bar instead of the file download dialog. Users can then click the Notification bar to allow the file download prompt. +- If you disable or don't configure this setting, file downloads that aren't user-initiated will be blocked, and users will see the Notification bar instead of the file download dialog. Users can then click the Notification bar to allow the file download prompt. @@ -10562,7 +10562,7 @@ This policy setting allows you to manage whether pages of the zone may download - If you disable this policy setting, HTML fonts are prevented from downloading. -- If you do not configure this policy setting, HTML fonts can be downloaded automatically. +- If you don't configure this policy setting, HTML fonts can be downloaded automatically. @@ -10622,11 +10622,11 @@ This policy setting allows you to manage whether pages of the zone may download This policy setting allows you to manage whether Web sites from less privileged zones, such as Internet sites, can navigate into this zone. -- If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur. +- If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. The security zone will run without the added layer of security that's provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur. -- If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control. +- If you disable this policy setting, the possibly harmful navigations is prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control. -- If you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control. +- If you don't configure this policy setting, the possibly harmful navigations is prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control. @@ -10684,13 +10684,13 @@ This policy setting allows you to manage whether Web sites from less privileged -This policy setting allows you to manage whether . NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link. +This policy setting allows you to manage whether . NET Framework components that aren't signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link. - If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components. -- If you disable this policy setting, Internet Explorer will not execute unsigned managed components. +- If you disable this policy setting, Internet Explorer won't execute unsigned managed components. -- If you do not configure this policy setting, Internet Explorer will not execute unsigned managed components. +- If you don't configure this policy setting, Internet Explorer won't execute unsigned managed components. @@ -10752,9 +10752,9 @@ This policy setting allows you to manage whether the user can run scriptlets. - If you enable this policy setting, the user can run scriptlets. -- If you disable this policy setting, the user cannot run scriptlets. +- If you disable this policy setting, the user can't run scriptlets. -- If you do not configure this policy setting, the user can enable or disable scriptlets. +- If you don't configure this policy setting, the user can enable or disable scriptlets. @@ -10816,9 +10816,9 @@ This policy setting controls whether SmartScreen Filter scans pages in this zone - If you enable this policy setting, SmartScreen Filter scans pages in this zone for malicious content. -- If you disable this policy setting, SmartScreen Filter does not scan pages in this zone for malicious content. +- If you disable this policy setting, SmartScreen Filter doesn't scan pages in this zone for malicious content. -- If you do not configure this policy setting, the user can choose whether SmartScreen Filter scans pages in this zone for malicious content. +- If you don't configure this policy setting, the user can choose whether SmartScreen Filter scans pages in this zone for malicious content. > [!NOTE] > In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content. @@ -10883,9 +10883,9 @@ This policy setting allows you to manage the preservation of information in the - If you enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. -- If you disable this policy setting, users cannot preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. +- If you disable this policy setting, users can't preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. -- If you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. +- If you don't configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. @@ -10945,13 +10945,13 @@ This policy setting allows you to manage the preservation of information in the This policy setting allows you to manage ActiveX controls not marked as safe. -- If you enable this policy setting, ActiveX controls are run, loaded with parameters, and scripted without setting object safety for untrusted data or scripts. This setting is not recommended, except for secure and administered zones. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scripting option. +- If you enable this policy setting, ActiveX controls are run, loaded with parameters, and scripted without setting object safety for untrusted data or scripts. This setting isn't recommended, except for secure and administered zones. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scripting option. - If you enable this policy setting and select Prompt in the drop-down box, users are queried whether to allow the control to be loaded with parameters or scripted. -- If you disable this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted. +- If you disable this policy setting, ActiveX controls that can't be made safe aren't loaded with parameters or scripted. -- If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted. +- If you don't configure this policy setting, ActiveX controls that can't be made safe aren't loaded with parameters or scripted. @@ -11015,13 +11015,13 @@ This policy setting allows you to manage permissions for Java applets. Low Safety enables applets to perform all operations. -Medium Safety enables applets to run in their sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure storage area on the client computer) and user-controlled file I/O. +Medium Safety enables applets to run in their sandbox (an area in memory outside of which the program can't make calls), plus capabilities like scratch space (a safe and secure storage area on the client computer) and user-controlled file I/O. High Safety enables applets to run in their sandbox. Disable Java to prevent any applets from running. -- If you disable this policy setting, Java applets cannot run. +- If you disable this policy setting, Java applets can't run. -- If you do not configure this policy setting, Java applets are disabled. +- If you don't configure this policy setting, Java applets are disabled. @@ -11083,9 +11083,9 @@ This policy setting allows you to manage the opening of windows and frames and a - If you enable this policy setting, users can open windows and frames from other domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow windows and frames to access applications from other domains. -- If you disable this policy setting, users cannot open windows and frames to access applications from different domains. +- If you disable this policy setting, users can't open windows and frames to access applications from different domains. -- If you do not configure this policy setting, users can open windows and frames from other domains and access applications from other domains. +- If you don't configure this policy setting, users can open windows and frames from other domains and access applications from other domains. @@ -11147,9 +11147,9 @@ This policy setting allows you to manage whether Internet Explorer can access da - If you enable this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone. -- If you disable this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone. +- If you disable this policy setting, users can't load a page in the zone that uses MSXML or ADO to access data from another site in the zone. -- If you do not configure this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone. +- If you don't configure this policy setting, users can't load a page in the zone that uses MSXML or ADO to access data from another site in the zone. @@ -11209,11 +11209,11 @@ This policy setting allows you to manage whether Internet Explorer can access da This policy setting manages whether users will be automatically prompted for ActiveX control installations. -- If you enable this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed. +- If you enable this policy setting, users will receive a prompt when a site instantiates an ActiveX control they don't have installed. - If you disable this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt. -- If you do not configure this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt. +- If you don't configure this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt. @@ -11275,7 +11275,7 @@ This policy setting determines whether users will be prompted for non user-initi - If you enable this setting, users will receive a file download dialog for automatic download attempts. -- If you disable or do not configure this setting, file downloads that are not user-initiated will be blocked, and users will see the Notification bar instead of the file download dialog. Users can then click the Notification bar to allow the file download prompt. +- If you disable or don't configure this setting, file downloads that aren't user-initiated will be blocked, and users will see the Notification bar instead of the file download dialog. Users can then click the Notification bar to allow the file download prompt. @@ -11341,7 +11341,7 @@ This policy setting allows you to manage whether pages of the zone may download - If you disable this policy setting, HTML fonts are prevented from downloading. -- If you do not configure this policy setting, users are queried whether to allow HTML fonts to download. +- If you don't configure this policy setting, users are queried whether to allow HTML fonts to download. @@ -11401,11 +11401,11 @@ This policy setting allows you to manage whether pages of the zone may download This policy setting allows you to manage whether Web sites from less privileged zones, such as Internet sites, can navigate into this zone. -- If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur. +- If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. The security zone will run without the added layer of security that's provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur. -- If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control. +- If you disable this policy setting, the possibly harmful navigations is prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control. -- If you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control. +- If you don't configure this policy setting, the possibly harmful navigations is prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control. @@ -11463,13 +11463,13 @@ This policy setting allows you to manage whether Web sites from less privileged -This policy setting allows you to manage whether . NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link. +This policy setting allows you to manage whether . NET Framework components that aren't signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link. - If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components. -- If you disable this policy setting, Internet Explorer will not execute unsigned managed components. +- If you disable this policy setting, Internet Explorer won't execute unsigned managed components. -- If you do not configure this policy setting, Internet Explorer will not execute unsigned managed components. +- If you don't configure this policy setting, Internet Explorer won't execute unsigned managed components. @@ -11531,9 +11531,9 @@ This policy setting allows you to manage whether the user can run scriptlets. - If you enable this policy setting, the user can run scriptlets. -- If you disable this policy setting, the user cannot run scriptlets. +- If you disable this policy setting, the user can't run scriptlets. -- If you do not configure this policy setting, the user can enable or disable scriptlets. +- If you don't configure this policy setting, the user can enable or disable scriptlets. @@ -11595,9 +11595,9 @@ This policy setting controls whether SmartScreen Filter scans pages in this zone - If you enable this policy setting, SmartScreen Filter scans pages in this zone for malicious content. -- If you disable this policy setting, SmartScreen Filter does not scan pages in this zone for malicious content. +- If you disable this policy setting, SmartScreen Filter doesn't scan pages in this zone for malicious content. -- If you do not configure this policy setting, the user can choose whether SmartScreen Filter scans pages in this zone for malicious content. +- If you don't configure this policy setting, the user can choose whether SmartScreen Filter scans pages in this zone for malicious content. > [!NOTE] > In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content. @@ -11662,9 +11662,9 @@ This policy setting allows you to manage the preservation of information in the - If you enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. -- If you disable this policy setting, users cannot preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. +- If you disable this policy setting, users can't preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. -- If you do not configure this policy setting, users cannot preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. +- If you don't configure this policy setting, users can't preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. @@ -11724,13 +11724,13 @@ This policy setting allows you to manage the preservation of information in the This policy setting allows you to manage ActiveX controls not marked as safe. -- If you enable this policy setting, ActiveX controls are run, loaded with parameters, and scripted without setting object safety for untrusted data or scripts. This setting is not recommended, except for secure and administered zones. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scripting option. +- If you enable this policy setting, ActiveX controls are run, loaded with parameters, and scripted without setting object safety for untrusted data or scripts. This setting isn't recommended, except for secure and administered zones. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scripting option. - If you enable this policy setting and select Prompt in the drop-down box, users are queried whether to allow the control to be loaded with parameters or scripted. -- If you disable this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted. +- If you disable this policy setting, ActiveX controls that can't be made safe aren't loaded with parameters or scripted. -- If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted. +- If you don't configure this policy setting, ActiveX controls that can't be made safe aren't loaded with parameters or scripted. @@ -11794,13 +11794,13 @@ This policy setting allows you to manage permissions for Java applets. Low Safety enables applets to perform all operations. -Medium Safety enables applets to run in their sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure storage area on the client computer) and user-controlled file I/O. +Medium Safety enables applets to run in their sandbox (an area in memory outside of which the program can't make calls), plus capabilities like scratch space (a safe and secure storage area on the client computer) and user-controlled file I/O. High Safety enables applets to run in their sandbox. Disable Java to prevent any applets from running. -- If you disable this policy setting, Java applets cannot run. +- If you disable this policy setting, Java applets can't run. -- If you do not configure this policy setting, Java applets are disabled. +- If you don't configure this policy setting, Java applets are disabled. @@ -11862,9 +11862,9 @@ This policy setting allows you to manage the opening of windows and frames and a - If you enable this policy setting, users can open additional windows and frames from other domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow additional windows and frames to access applications from other domains. -- If you disable this policy setting, users cannot open other windows and frames from other domains or access applications from different domains. +- If you disable this policy setting, users can't open other windows and frames from other domains or access applications from different domains. -- If you do not configure this policy setting, users cannot open other windows and frames from different domains or access applications from different domains. +- If you don't configure this policy setting, users can't open other windows and frames from different domains or access applications from different domains. @@ -11926,9 +11926,9 @@ This policy setting allows you to manage whether Internet Explorer can access da - If you enable this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone. -- If you disable this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone. +- If you disable this policy setting, users can't load a page in the zone that uses MSXML or ADO to access data from another site in the zone. -- If you do not configure this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. +- If you don't configure this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. @@ -11988,11 +11988,11 @@ This policy setting allows you to manage whether Internet Explorer can access da This policy setting manages whether users will be automatically prompted for ActiveX control installations. -- If you enable this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed. +- If you enable this policy setting, users will receive a prompt when a site instantiates an ActiveX control they don't have installed. - If you disable this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt. -- If you do not configure this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt. +- If you don't configure this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt. @@ -12054,7 +12054,7 @@ This policy setting determines whether users will be prompted for non user-initi - If you enable this setting, users will receive a file download dialog for automatic download attempts. -- If you disable or do not configure this setting, file downloads that are not user-initiated will be blocked, and users will see the Notification bar instead of the file download dialog. Users can then click the Notification bar to allow the file download prompt. +- If you disable or don't configure this setting, file downloads that aren't user-initiated will be blocked, and users will see the Notification bar instead of the file download dialog. Users can then click the Notification bar to allow the file download prompt. @@ -12120,7 +12120,7 @@ This policy setting allows you to manage whether pages of the zone may download - If you disable this policy setting, HTML fonts are prevented from downloading. -- If you do not configure this policy setting, HTML fonts can be downloaded automatically. +- If you don't configure this policy setting, HTML fonts can be downloaded automatically. @@ -12180,11 +12180,11 @@ This policy setting allows you to manage whether pages of the zone may download This policy setting allows you to manage whether Web sites from less privileged zones, such as Internet sites, can navigate into this zone. -- If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur. +- If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. The security zone will run without the added layer of security that's provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur. -- If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control. +- If you disable this policy setting, the possibly harmful navigations is prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control. -- If you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control. +- If you don't configure this policy setting, the possibly harmful navigations is prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control. @@ -12242,13 +12242,13 @@ This policy setting allows you to manage whether Web sites from less privileged -This policy setting allows you to manage whether . NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link. +This policy setting allows you to manage whether . NET Framework components that aren't signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link. - If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components. -- If you disable this policy setting, Internet Explorer will not execute unsigned managed components. +- If you disable this policy setting, Internet Explorer won't execute unsigned managed components. -- If you do not configure this policy setting, Internet Explorer will not execute unsigned managed components. +- If you don't configure this policy setting, Internet Explorer won't execute unsigned managed components. @@ -12310,9 +12310,9 @@ This policy setting allows you to manage whether the user can run scriptlets. - If you enable this policy setting, the user can run scriptlets. -- If you disable this policy setting, the user cannot run scriptlets. +- If you disable this policy setting, the user can't run scriptlets. -- If you do not configure this policy setting, the user can enable or disable scriptlets. +- If you don't configure this policy setting, the user can enable or disable scriptlets. @@ -12374,9 +12374,9 @@ This policy setting controls whether SmartScreen Filter scans pages in this zone - If you enable this policy setting, SmartScreen Filter scans pages in this zone for malicious content. -- If you disable this policy setting, SmartScreen Filter does not scan pages in this zone for malicious content. +- If you disable this policy setting, SmartScreen Filter doesn't scan pages in this zone for malicious content. -- If you do not configure this policy setting, the user can choose whether SmartScreen Filter scans pages in this zone for malicious content. +- If you don't configure this policy setting, the user can choose whether SmartScreen Filter scans pages in this zone for malicious content. > [!NOTE] > In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content. @@ -12441,9 +12441,9 @@ This policy setting allows you to manage the preservation of information in the - If you enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. -- If you disable this policy setting, users cannot preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. +- If you disable this policy setting, users can't preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. -- If you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. +- If you don't configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. @@ -12503,13 +12503,13 @@ This policy setting allows you to manage the preservation of information in the This policy setting allows you to manage ActiveX controls not marked as safe. -- If you enable this policy setting, ActiveX controls are run, loaded with parameters, and scripted without setting object safety for untrusted data or scripts. This setting is not recommended, except for secure and administered zones. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scripting option. +- If you enable this policy setting, ActiveX controls are run, loaded with parameters, and scripted without setting object safety for untrusted data or scripts. This setting isn't recommended, except for secure and administered zones. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scripting option. - If you enable this policy setting and select Prompt in the drop-down box, users are queried whether to allow the control to be loaded with parameters or scripted. -- If you disable this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted. +- If you disable this policy setting, ActiveX controls that can't be made safe aren't loaded with parameters or scripted. -- If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted. +- If you don't configure this policy setting, ActiveX controls that can't be made safe aren't loaded with parameters or scripted. @@ -12573,13 +12573,13 @@ This policy setting allows you to manage permissions for Java applets. Low Safety enables applets to perform all operations. -Medium Safety enables applets to run in their sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure storage area on the client computer) and user-controlled file I/O. +Medium Safety enables applets to run in their sandbox (an area in memory outside of which the program can't make calls), plus capabilities like scratch space (a safe and secure storage area on the client computer) and user-controlled file I/O. High Safety enables applets to run in their sandbox. Disable Java to prevent any applets from running. -- If you disable this policy setting, Java applets cannot run. +- If you disable this policy setting, Java applets can't run. -- If you do not configure this policy setting, Java applets are disabled. +- If you don't configure this policy setting, Java applets are disabled. @@ -12641,9 +12641,9 @@ This policy setting allows you to manage the opening of windows and frames and a - If you enable this policy setting, users can open windows and frames from other domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow windows and frames to access applications from other domains. -- If you disable this policy setting, users cannot open windows and frames to access applications from different domains. +- If you disable this policy setting, users can't open windows and frames to access applications from different domains. -- If you do not configure this policy setting, users can open windows and frames from other domains and access applications from other domains. +- If you don't configure this policy setting, users can open windows and frames from other domains and access applications from other domains. @@ -12707,7 +12707,7 @@ This policy setting determines whether Internet Explorer MIME sniffing will prev - If you disable this policy setting, Internet Explorer processes will allow a MIME sniff promoting a file of one type to a more dangerous file type. -- If you do not configure this policy setting, MIME sniffing will never promote a file of one type to a more dangerous file type. +- If you don't configure this policy setting, MIME sniffing will never promote a file of one type to a more dangerous file type. @@ -12771,7 +12771,7 @@ The MK Protocol Security Restriction policy setting reduces attack surface area - If you disable this policy setting, applications can use the MK protocol API. Resources hosted on the MK protocol will work for the File Explorer and Internet Explorer processes. -- If you do not configure this policy setting, the MK Protocol is prevented for File Explorer and Internet Explorer, and resources hosted on the MK protocol will fail. +- If you don't configure this policy setting, the MK Protocol is prevented for File Explorer and Internet Explorer, and resources hosted on the MK protocol will fail. @@ -12829,11 +12829,11 @@ The MK Protocol Security Restriction policy setting reduces attack surface area -This policy setting allows you to specify what is displayed when the user opens a new tab. +This policy setting allows you to specify what's displayed when the user opens a new tab. - If you enable this policy setting, you can choose which page to display when the user opens a new tab: blank page (about:blank), the first home page, the new tab page or the new tab page with my news feed. -- If you disable or do not configure this policy setting, the user can select his or her preference for this behavior. +- If you disable or don't configure this policy setting, the user can select his or her preference for this behavior. @@ -12895,9 +12895,9 @@ This policy setting allows you to manage whether the Notification bar is display - If you enable this policy setting, the Notification bar will be displayed for Internet Explorer Processes. -- If you disable this policy setting, the Notification bar will not be displayed for Internet Explorer processes. +- If you disable this policy setting, the Notification bar won't be displayed for Internet Explorer processes. -- If you do not configure this policy setting, the Notification bar will be displayed for Internet Explorer Processes. +- If you don't configure this policy setting, the Notification bar will be displayed for Internet Explorer Processes. @@ -12957,9 +12957,9 @@ This policy setting allows you to manage whether the Notification bar is display This policy setting prevents the user from managing SmartScreen Filter, which warns the user if the website being visited is known for fraudulent attempts to gather personal information through "phishing," or is known to host malware. -- If you enable this policy setting, the user is not prompted to turn on SmartScreen Filter. All website addresses that are not on the filter's allow list are sent automatically to Microsoft without prompting the user. +- If you enable this policy setting, the user isn't prompted to turn on SmartScreen Filter. All website addresses that aren't on the filter's allow list are sent automatically to Microsoft without prompting the user. -- If you disable or do not configure this policy setting, the user is prompted to decide whether to turn on SmartScreen Filter during the first-run experience. +- If you disable or don't configure this policy setting, the user is prompted to decide whether to turn on SmartScreen Filter during the first-run experience. @@ -13019,9 +13019,9 @@ This policy setting prevents the user from managing SmartScreen Filter, which wa This policy setting allows you to prevent the installation of ActiveX controls on a per-user basis. -- If you enable this policy setting, ActiveX controls cannot be installed on a per-user basis. +- If you enable this policy setting, ActiveX controls can't be installed on a per-user basis. -- If you disable or do not configure this policy setting, ActiveX controls can be installed on a per-user basis. +- If you disable or don't configure this policy setting, ActiveX controls can be installed on a per-user basis. @@ -13086,7 +13086,7 @@ Internet Explorer places restrictions on each Web page it opens. The restriction - If you disable this policy setting, no zone receives such protection for Internet Explorer processes. -- If you do not configure this policy setting, any zone can be protected from zone elevation by Internet Explorer processes. +- If you don't configure this policy setting, any zone can be protected from zone elevation by Internet Explorer processes. @@ -13211,7 +13211,7 @@ For more information, see "Outdated ActiveX Controls" in the Internet Explorer T This policy setting lets admins reset zoom to default for HTML dialogs in Internet Explorer mode. -If you enable this policy, the zoom of an HTML dialog in Internet Explorer mode will not get propagated from its parent page. +If you enable this policy, the zoom of an HTML dialog in Internet Explorer mode won't get propagated from its parent page. If you disable, or don't configure this policy, the zoom of an HTML dialog in Internet Explorer mode will be set based on the zoom of it's parent page. @@ -13278,9 +13278,9 @@ This policy setting enables blocking of ActiveX control installation prompts for - If you enable this policy setting, prompting for ActiveX control installations will be blocked for Internet Explorer processes. -- If you disable this policy setting, prompting for ActiveX control installations will not be blocked for Internet Explorer processes. +- If you disable this policy setting, prompting for ActiveX control installations won't be blocked for Internet Explorer processes. -- If you do not configure this policy setting, the user's preference will be used to determine whether to block ActiveX control installations for Internet Explorer processes. +- If you don't configure this policy setting, the user's preference will be used to determine whether to block ActiveX control installations for Internet Explorer processes. @@ -13342,9 +13342,9 @@ This policy setting allows you to manage whether Internet Explorer can access da - If you enable this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone. -- If you disable this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone. +- If you disable this policy setting, users can't load a page in the zone that uses MSXML or ADO to access data from another site in the zone. -- If you do not configure this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone. +- If you don't configure this policy setting, users can't load a page in the zone that uses MSXML or ADO to access data from another site in the zone. @@ -13408,7 +13408,7 @@ This policy setting allows you to manage whether script code on pages in the zon - If you disable this policy setting, script code on pages in the zone is prevented from running. -- If you do not configure this policy setting, script code on pages in the zone is prevented from running. +- If you don't configure this policy setting, script code on pages in the zone is prevented from running. @@ -13468,11 +13468,11 @@ This policy setting allows you to manage whether script code on pages in the zon This policy setting manages whether users will be automatically prompted for ActiveX control installations. -- If you enable this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed. +- If you enable this policy setting, users will receive a prompt when a site instantiates an ActiveX control they don't have installed. - If you disable this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt. -- If you do not configure this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt. +- If you don't configure this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt. @@ -13534,7 +13534,7 @@ This policy setting determines whether users will be prompted for non user-initi - If you enable this setting, users will receive a file download dialog for automatic download attempts. -- If you disable or do not configure this setting, file downloads that are not user-initiated will be blocked, and users will see the Notification bar instead of the file download dialog. Users can then click the Notification bar to allow the file download prompt. +- If you disable or don't configure this setting, file downloads that aren't user-initiated will be blocked, and users will see the Notification bar instead of the file download dialog. Users can then click the Notification bar to allow the file download prompt. @@ -13596,9 +13596,9 @@ This policy setting allows you to manage dynamic binary and script behaviors: co - If you enable this policy setting, binary and script behaviors are available. If you select Administrator approved in the drop-down box, only behaviors listed in the Admin-approved Behaviors under Binary Behaviors Security Restriction policy are available. -- If you disable this policy setting, binary and script behaviors are not available unless applications have implemented a custom security manager. +- If you disable this policy setting, binary and script behaviors aren't available unless applications have implemented a custom security manager. -- If you do not configure this policy setting, binary and script behaviors are not available unless applications have implemented a custom security manager. +- If you don't configure this policy setting, binary and script behaviors aren't available unless applications have implemented a custom security manager. @@ -13662,9 +13662,9 @@ This policy setting allows you to manage whether scripts can perform a clipboard If you select Prompt in the drop-down box, users are queried as to whether to perform clipboard operations. -- If you disable this policy setting, a script cannot perform a clipboard operation. +- If you disable this policy setting, a script can't perform a clipboard operation. -- If you do not configure this policy setting, a script cannot perform a clipboard operation. +- If you don't configure this policy setting, a script can't perform a clipboard operation. @@ -13728,7 +13728,7 @@ This policy setting allows you to manage whether users can drag files or copy an - If you disable this policy setting, users are prevented from dragging files or copying and pasting files from this zone. -- If you do not configure this policy setting, users are queried to choose whether to drag or copy files from this zone. +- If you don't configure this policy setting, users are queried to choose whether to drag or copy files from this zone. @@ -13792,7 +13792,7 @@ This policy setting allows you to manage whether file downloads are permitted fr - If you disable this policy setting, files are prevented from being downloaded from the zone. -- If you do not configure this policy setting, files are prevented from being downloaded from the zone. +- If you don't configure this policy setting, files are prevented from being downloaded from the zone. @@ -13858,7 +13858,7 @@ This policy setting allows you to manage whether pages of the zone may download - If you disable this policy setting, HTML fonts are prevented from downloading. -- If you do not configure this policy setting, users are queried whether to allow HTML fonts to download. +- If you don't configure this policy setting, users are queried whether to allow HTML fonts to download. @@ -13918,11 +13918,11 @@ This policy setting allows you to manage whether pages of the zone may download This policy setting allows you to manage whether Web sites from less privileged zones, such as Internet sites, can navigate into this zone. -- If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur. +- If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. The security zone will run without the added layer of security that's provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur. -- If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control. +- If you disable this policy setting, the possibly harmful navigations is prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control. -- If you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control. +- If you don't configure this policy setting, the possibly harmful navigations is prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control. @@ -13982,11 +13982,11 @@ This policy setting allows you to manage whether Web sites from less privileged This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation. -- If you enable this policy setting and set the drop-down box to Enable, XAML files are automatically loaded inside Internet Explorer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XAML files. +- If you enable this policy setting and set the drop-down box to Enable, XAML files are automatically loaded inside Internet Explorer. The user can't change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XAML files. -- If you disable this policy setting, XAML files are not loaded inside Internet Explorer. The user cannot change this behavior. +- If you disable this policy setting, XAML files aren't loaded inside Internet Explorer. The user can't change this behavior. -- If you do not configure this policy setting, the user can decide whether to load XAML files inside Internet Explorer. +- If you don't configure this policy setting, the user can decide whether to load XAML files inside Internet Explorer. @@ -14048,9 +14048,9 @@ This policy setting allows you to manage whether a user's browser can be redirec - If you enable this policy setting, a user's browser that loads a page containing an active Meta Refresh setting can be redirected to another Web page. -- If you disable this policy setting, a user's browser that loads a page containing an active Meta Refresh setting cannot be redirected to another Web page. +- If you disable this policy setting, a user's browser that loads a page containing an active Meta Refresh setting can't be redirected to another Web page. -- If you do not configure this policy setting, a user's browser that loads a page containing an active Meta Refresh setting cannot be redirected to another Web page. +- If you don't configure this policy setting, a user's browser that loads a page containing an active Meta Refresh setting can't be redirected to another Web page. @@ -14108,13 +14108,13 @@ This policy setting allows you to manage whether a user's browser can be redirec -This policy setting allows you to manage whether . NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link. +This policy setting allows you to manage whether . NET Framework components that aren't signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link. - If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components. -- If you disable this policy setting, Internet Explorer will not execute unsigned managed components. +- If you disable this policy setting, Internet Explorer won't execute unsigned managed components. -- If you do not configure this policy setting, Internet Explorer will not execute unsigned managed components. +- If you don't configure this policy setting, Internet Explorer won't execute unsigned managed components. @@ -14176,7 +14176,7 @@ This policy setting controls whether or not the user is prompted to allow Active - If you enable this policy setting, the user is prompted before ActiveX controls can run from websites in this zone. The user can choose to allow the control to run from the current site or from all sites. -- If you disable this policy setting, the user does not see the per-site ActiveX prompt, and ActiveX controls can run from all sites in this zone. +- If you disable this policy setting, the user doesn't see the per-site ActiveX prompt, and ActiveX controls can run from all sites in this zone. @@ -14236,7 +14236,7 @@ This policy setting controls whether or not the user is prompted to allow Active This policy setting controls whether or not the user is allowed to run the TDC ActiveX control on websites. -- If you enable this policy setting, the TDC ActiveX control will not run from websites in this zone. +- If you enable this policy setting, the TDC ActiveX control won't run from websites in this zone. - If you disable this policy setting, the TDC Active X control will run from all sites in this zone. @@ -14300,9 +14300,9 @@ This policy setting determines whether a page can control embedded WebBrowser co - If you enable this policy setting, script access to the WebBrowser control is allowed. -- If you disable this policy setting, script access to the WebBrowser control is not allowed. +- If you disable this policy setting, script access to the WebBrowser control isn't allowed. -- If you do not configure this policy setting, the user can enable or disable script access to the WebBrowser control. By default, script access to the WebBrowser control is allowed only in the Local Machine and Intranet zones. +- If you don't configure this policy setting, the user can enable or disable script access to the WebBrowser control. By default, script access to the WebBrowser control is allowed only in the Local Machine and Intranet zones. @@ -14362,11 +14362,11 @@ This policy setting determines whether a page can control embedded WebBrowser co This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars. -- If you enable this policy setting, Windows Restrictions security will not apply in this zone. The security zone runs without the added layer of security provided by this feature. +- If you enable this policy setting, Windows Restrictions security won't apply in this zone. The security zone runs without the added layer of security provided by this feature. -- If you disable this policy setting, the possible harmful actions contained in script-initiated pop-up windows and windows that include the title and status bars cannot be run. This Internet Explorer security feature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the process. +- If you disable this policy setting, the possible harmful actions contained in script-initiated pop-up windows and windows that include the title and status bars can't be run. This Internet Explorer security feature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the process. -- If you do not configure this policy setting, the possible harmful actions contained in script-initiated pop-up windows and windows that include the title and status bars cannot be run. This Internet Explorer security feature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the process. +- If you don't configure this policy setting, the possible harmful actions contained in script-initiated pop-up windows and windows that include the title and status bars can't be run. This Internet Explorer security feature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the process. @@ -14428,9 +14428,9 @@ This policy setting allows you to manage whether the user can run scriptlets. - If you enable this policy setting, the user can run scriptlets. -- If you disable this policy setting, the user cannot run scriptlets. +- If you disable this policy setting, the user can't run scriptlets. -- If you do not configure this policy setting, the user can enable or disable scriptlets. +- If you don't configure this policy setting, the user can enable or disable scriptlets. @@ -14492,9 +14492,9 @@ This policy setting controls whether SmartScreen Filter scans pages in this zone - If you enable this policy setting, SmartScreen Filter scans pages in this zone for malicious content. -- If you disable this policy setting, SmartScreen Filter does not scan pages in this zone for malicious content. +- If you disable this policy setting, SmartScreen Filter doesn't scan pages in this zone for malicious content. -- If you do not configure this policy setting, the user can choose whether SmartScreen Filter scans pages in this zone for malicious content. +- If you don't configure this policy setting, the user can choose whether SmartScreen Filter scans pages in this zone for malicious content. > [!NOTE] > In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content. @@ -14559,7 +14559,7 @@ This policy setting allows you to manage whether script is allowed to update the - If you enable this policy setting, script is allowed to update the status bar. -- If you disable or do not configure this policy setting, script is not allowed to update the status bar. +- If you disable or don't configure this policy setting, script isn't allowed to update the status bar. @@ -14621,9 +14621,9 @@ This policy setting allows you to manage the preservation of information in the - If you enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. -- If you disable this policy setting, users cannot preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. +- If you disable this policy setting, users can't preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. -- If you do not configure this policy setting, users cannot preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. +- If you don't configure this policy setting, users can't preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. @@ -14689,7 +14689,7 @@ If you selected Prompt in the drop-down box, users are asked to choose whether t If you selected Disable in the drop-down box, VBScript is prevented from running. -If you do not configure or disable this policy setting, VBScript is prevented from running. +If you don't configure or disable this policy setting, VBScript is prevented from running. @@ -14815,9 +14815,9 @@ This policy setting allows you to manage whether users may download signed Activ - If you enable this policy, users can download signed controls without user intervention. If you select Prompt in the drop-down box, users are queried whether to download controls signed by publishers who aren't trusted. Code signed by trusted publishers is silently downloaded. -- If you disable the policy setting, signed controls cannot be downloaded. +- If you disable the policy setting, signed controls can't be downloaded. -- If you do not configure this policy setting, signed controls cannot be downloaded. +- If you don't configure this policy setting, signed controls can't be downloaded. @@ -14879,9 +14879,9 @@ This policy setting allows you to manage whether users may download unsigned Act - If you enable this policy setting, users can run unsigned controls without user intervention. If you select Prompt in the drop-down box, users are queried to choose whether to allow the unsigned control to run. -- If you disable this policy setting, users cannot run unsigned controls. +- If you disable this policy setting, users can't run unsigned controls. -- If you do not configure this policy setting, users cannot run unsigned controls. +- If you don't configure this policy setting, users can't run unsigned controls. @@ -15003,13 +15003,13 @@ This policy controls whether or not the Cross-Site Scripting (XSS) Filter will d This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows. -If you enable this policy setting and click Enable, users can drag content from one domain to a different domain when the source and destination are in different windows. Users cannot change this setting. +If you enable this policy setting and click Enable, users can drag content from one domain to a different domain when the source and destination are in different windows. Users can't change this setting. -If you enable this policy setting and click Disable, users cannot drag content from one domain to a different domain when both the source and destination are in different windows. Users cannot change this setting. +If you enable this policy setting and click Disable, users can't drag content from one domain to a different domain when both the source and destination are in different windows. Users can't change this setting. -In Internet Explorer 10, if you disable this policy setting or do not configure it, users cannot drag content from one domain to a different domain when the source and destination are in different windows. Users can change this setting in the Internet Options dialog. +In Internet Explorer 10, if you disable this policy setting or don't configure it, users can't drag content from one domain to a different domain when the source and destination are in different windows. Users can change this setting in the Internet Options dialog. -In Internet Explorer 9 and earlier versions, if you disable this policy or do not configure it, users can drag content from one domain to a different domain when the source and destination are in different windows. Users cannot change this setting. +In Internet Explorer 9 and earlier versions, if you disable this policy or don't configure it, users can drag content from one domain to a different domain when the source and destination are in different windows. Users can't change this setting. @@ -15069,13 +15069,13 @@ In Internet Explorer 9 and earlier versions, if you disable this policy or do no This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window. -If you enable this policy setting and click Enable, users can drag content from one domain to a different domain when the source and destination are in the same window. Users cannot change this setting. +If you enable this policy setting and click Enable, users can drag content from one domain to a different domain when the source and destination are in the same window. Users can't change this setting. -If you enable this policy setting and click Disable, users cannot drag content from one domain to a different domain when the source and destination are in the same window. Users cannot change this setting in the Internet Options dialog. +If you enable this policy setting and click Disable, users can't drag content from one domain to a different domain when the source and destination are in the same window. Users can't change this setting in the Internet Options dialog. -In Internet Explorer 10, if you disable this policy setting or do not configure it, users cannot drag content from one domain to a different domain when the source and destination are in the same window. Users can change this setting in the Internet Options dialog. +In Internet Explorer 10, if you disable this policy setting or don't configure it, users can't drag content from one domain to a different domain when the source and destination are in the same window. Users can change this setting in the Internet Options dialog. -In Internet Explorer 9 and earlier versions, if you disable this policy setting or do not configure it, users can drag content from one domain to a different domain when the source and destination are in the same window. Users cannot change this setting in the Internet Options dialog. +In Internet Explorer 9 and earlier versions, if you disable this policy setting or don't configure it, users can drag content from one domain to a different domain when the source and destination are in the same window. Users can't change this setting in the Internet Options dialog. @@ -15135,11 +15135,11 @@ In Internet Explorer 9 and earlier versions, if you disable this policy setting This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature. -- If you enable this policy setting, the MIME Sniffing Safety Feature will not apply in this zone. The security zone will run without the added layer of security provided by this feature. +- If you enable this policy setting, the MIME Sniffing Safety Feature won't apply in this zone. The security zone will run without the added layer of security provided by this feature. -- If you disable this policy setting, the actions that may be harmful cannot run; this Internet Explorer security feature will be turned on in this zone, as dictated by the feature control setting for the process. +- If you disable this policy setting, the actions that may be harmful can't run; this Internet Explorer security feature will be turned on in this zone, as dictated by the feature control setting for the process. -- If you do not configure this policy setting, the actions that may be harmful cannot run; this Internet Explorer security feature will be turned on in this zone, as dictated by the feature control setting for the process. +- If you don't configure this policy setting, the actions that may be harmful can't run; this Internet Explorer security feature will be turned on in this zone, as dictated by the feature control setting for the process. @@ -15203,7 +15203,7 @@ This policy setting controls whether or not local path information is sent when - If you disable this policy setting, path information is removed when the user is uploading a file via an HTML form. -- If you do not configure this policy setting, the user can choose whether path information is sent when he or she is uploading a file via an HTML form. By default, path information is sent. +- If you don't configure this policy setting, the user can choose whether path information is sent when he or she is uploading a file via an HTML form. By default, path information is sent. @@ -15263,13 +15263,13 @@ This policy setting controls whether or not local path information is sent when This policy setting allows you to manage ActiveX controls not marked as safe. -- If you enable this policy setting, ActiveX controls are run, loaded with parameters, and scripted without setting object safety for untrusted data or scripts. This setting is not recommended, except for secure and administered zones. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scripting option. +- If you enable this policy setting, ActiveX controls are run, loaded with parameters, and scripted without setting object safety for untrusted data or scripts. This setting isn't recommended, except for secure and administered zones. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scripting option. - If you enable this policy setting and select Prompt in the drop-down box, users are queried whether to allow the control to be loaded with parameters or scripted. -- If you disable this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted. +- If you disable this policy setting, ActiveX controls that can't be made safe aren't loaded with parameters or scripted. -- If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted. +- If you don't configure this policy setting, ActiveX controls that can't be made safe aren't loaded with parameters or scripted. @@ -15333,13 +15333,13 @@ This policy setting allows you to manage permissions for Java applets. Low Safety enables applets to perform all operations. -Medium Safety enables applets to run in their sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure storage area on the client computer) and user-controlled file I/O. +Medium Safety enables applets to run in their sandbox (an area in memory outside of which the program can't make calls), plus capabilities like scratch space (a safe and secure storage area on the client computer) and user-controlled file I/O. High Safety enables applets to run in their sandbox. Disable Java to prevent any applets from running. -- If you disable this policy setting, Java applets cannot run. +- If you disable this policy setting, Java applets can't run. -- If you do not configure this policy setting, Java applets are disabled. +- If you don't configure this policy setting, Java applets are disabled. @@ -15403,7 +15403,7 @@ This policy setting allows you to manage whether applications may be run and fil - If you disable this policy setting, users are prevented from running applications and downloading files from IFRAMEs on the pages in this zone. -- If you do not configure this policy setting, users are prevented from running applications and downloading files from IFRAMEs on the pages in this zone. +- If you don't configure this policy setting, users are prevented from running applications and downloading files from IFRAMEs on the pages in this zone. @@ -15471,11 +15471,11 @@ Prompt for user name and password to query users for user IDs and passwords. Aft Automatic logon only in Intranet zone to query users for user IDs and passwords in other zones. After a user is queried, these values can be used silently for the remainder of the session. -Automatic logon with current user name and password to attempt logon using Windows NT Challenge Response (also known as NTLM authentication). If Windows NT Challenge Response is supported by the server, the logon uses the user's network user name and password for logon. If Windows NT Challenge Response is not supported by the server, the user is queried to provide the user name and password. +Automatic logon with current user name and password to attempt logon using Windows NT Challenge Response (also known as NTLM authentication). If Windows NT Challenge Response is supported by the server, the logon uses the user's network user name and password for logon. If Windows NT Challenge Response isn't supported by the server, the user is queried to provide the user name and password. - If you disable this policy setting, logon is set to Automatic logon only in Intranet zone. -- If you do not configure this policy setting, logon is set to Prompt for username and password. +- If you don't configure this policy setting, logon is set to Prompt for username and password. @@ -15537,9 +15537,9 @@ This policy setting allows you to manage the opening of windows and frames and a - If you enable this policy setting, users can open additional windows and frames from other domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow additional windows and frames to access applications from other domains. -- If you disable this policy setting, users cannot open other windows and frames from other domains or access applications from different domains. +- If you disable this policy setting, users can't open other windows and frames from other domains or access applications from different domains. -- If you do not configure this policy setting, users cannot open other windows and frames from different domains or access applications from different domains. +- If you don't configure this policy setting, users can't open other windows and frames from different domains or access applications from different domains. @@ -15605,7 +15605,7 @@ If you selected Prompt in the drop-down box, users are asked to choose whether t - If you disable this policy setting, controls and plug-ins are prevented from running. -- If you do not configure this policy setting, controls and plug-ins are prevented from running. +- If you don't configure this policy setting, controls and plug-ins are prevented from running. @@ -15667,9 +15667,9 @@ This policy setting allows you to manage whether . NET Framework components that - If you enable this policy setting, Internet Explorer will execute signed managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute signed managed components. -- If you disable this policy setting, Internet Explorer will not execute signed managed components. +- If you disable this policy setting, Internet Explorer won't execute signed managed components. -- If you do not configure this policy setting, Internet Explorer will not execute signed managed components. +- If you don't configure this policy setting, Internet Explorer won't execute signed managed components. @@ -15735,7 +15735,7 @@ If you select Prompt in the drop-down box, users are queried to choose whether t - If you disable this policy setting, script interaction is prevented from occurring. -- If you do not configure this policy setting, script interaction is prevented from occurring. +- If you don't configure this policy setting, script interaction is prevented from occurring. @@ -15801,7 +15801,7 @@ If you select Prompt in the drop-down box, users are queried to choose whether t - If you disable this policy setting, scripts are prevented from accessing applets. -- If you do not configure this policy setting, scripts are prevented from accessing applets. +- If you don't configure this policy setting, scripts are prevented from accessing applets. @@ -15863,9 +15863,9 @@ This policy setting controls whether or not the "Open File - Security Warning" m - If you enable this policy setting and set the drop-down box to Enable, these files open without a security warning. If you set the drop-down box to Prompt, a security warning appears before the files open. -- If you disable this policy setting, these files do not open. +- If you disable this policy setting, these files don't open. -- If you do not configure this policy setting, the user can configure how the computer handles these files. By default, these files are blocked in the Restricted zone, enabled in the Intranet and Local Computer zones, and set to prompt in the Internet and Trusted zones. +- If you don't configure this policy setting, the user can configure how the computer handles these files. By default, these files are blocked in the Restricted zone, enabled in the Intranet and Local Computer zones, and set to prompt in the Internet and Trusted zones. @@ -15925,11 +15925,11 @@ This policy setting controls whether or not the "Open File - Security Warning" m This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system. -- If you enable this policy setting, Protected Mode is turned on. The user cannot turn off Protected Mode. +- If you enable this policy setting, Protected Mode is turned on. The user can't turn off Protected Mode. -- If you disable this policy setting, Protected Mode is turned off. The user cannot turn on Protected Mode. +- If you disable this policy setting, Protected Mode is turned off. The user can't turn on Protected Mode. -- If you do not configure this policy setting, the user can turn on or turn off Protected Mode. +- If you don't configure this policy setting, the user can turn on or turn off Protected Mode. @@ -15987,13 +15987,13 @@ This policy setting allows you to turn on Protected Mode. Protected Mode helps p -This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked. +This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link aren't blocked. - If you enable this policy setting, most unwanted pop-up windows are prevented from appearing. -- If you disable this policy setting, pop-up windows are not prevented from appearing. +- If you disable this policy setting, pop-up windows aren't prevented from appearing. -- If you do not configure this policy setting, most unwanted pop-up windows are prevented from appearing. +- If you don't configure this policy setting, most unwanted pop-up windows are prevented from appearing. @@ -16051,13 +16051,13 @@ This policy setting allows you to manage whether unwanted pop-up windows appear. -This policy setting enables blocking of file download prompts that are not user initiated. +This policy setting enables blocking of file download prompts that aren't user initiated. -- If you enable this policy setting, file download prompts that are not user initiated will be blocked for Internet Explorer processes. +- If you enable this policy setting, file download prompts that aren't user initiated will be blocked for Internet Explorer processes. -- If you disable this policy setting, prompting will occur for file downloads that are not user initiated for Internet Explorer processes. +- If you disable this policy setting, prompting will occur for file downloads that aren't user initiated for Internet Explorer processes. -- If you do not configure this policy setting, the user's preference determines whether to prompt for file downloads that are not user initiated for Internet Explorer processes. +- If you don't configure this policy setting, the user's preference determines whether to prompt for file downloads that aren't user initiated for Internet Explorer processes. @@ -16115,13 +16115,13 @@ This policy setting enables blocking of file download prompts that are not user -Internet Explorer allows scripts to programmatically open, resize, and reposition windows of various types. The Window Restrictions security feature restricts popup windows and prohibits scripts from displaying windows in which the title and status bars are not visible to the user or obfuscate other Windows' title and status bars. +Internet Explorer allows scripts to programmatically open, resize, and reposition windows of various types. The Window Restrictions security feature restricts popup windows and prohibits scripts from displaying windows in which the title and status bars aren't visible to the user or obfuscate other Windows' title and status bars. - If you enable this policy setting, popup windows and other restrictions apply for File Explorer and Internet Explorer processes. - If you disable this policy setting, scripts can continue to create popup windows and windows that obfuscate other windows. -- If you do not configure this policy setting, popup windows and other restrictions apply for File Explorer and Internet Explorer processes. +- If you don't configure this policy setting, popup windows and other restrictions apply for File Explorer and Internet Explorer processes. @@ -16181,12 +16181,12 @@ Internet Explorer allows scripts to programmatically open, resize, and repositio This policy setting allows you to restrict the search providers that appear in the Search box in Internet Explorer to those defined in the list of policy keys for search providers (found under [HKCU or HKLM\Software\policies\Microsoft\Internet Explorer\SearchScopes]). Normally, search providers can be added from third-party toolbars or in Setup, but the user can also add them from a search provider's website. -- If you enable this policy setting, the user cannot configure the list of search providers on his or her computer, and any default providers installed do not appear (including providers installed from other applications). The only providers that appear are those in the list of policy keys for search providers. +- If you enable this policy setting, the user can't configure the list of search providers on his or her computer, and any default providers installed don't appear (including providers installed from other applications). The only providers that appear are those in the list of policy keys for search providers. > [!NOTE] > This list can be created through a custom administrative template file. For information about creating this custom administrative template file, see the Internet Explorer documentation on search providers. -- If you disable or do not configure this policy setting, the user can configure his or her list of search providers. +- If you disable or don't configure this policy setting, the user can configure his or her list of search providers. @@ -16245,11 +16245,11 @@ Applies security zone information to all users of the same computer. A security - If you enable this policy, changes that the user makes to a security zone will apply to all users of that computer. -- If you disable this policy or do not configure it, users of the same computer can establish their own security zone settings. +- If you disable this policy or don't configure it, users of the same computer can establish their own security zone settings. -This policy is intended to ensure that security zone settings apply uniformly to the same computer and do not vary from user to user. +This policy is intended to ensure that security zone settings apply uniformly to the same computer and don't vary from user to user. -Also, see the "Security zones: Do not allow users to change policies" policy. +Also, see the "Security zones: Don't allow users to change policies" policy. @@ -16403,7 +16403,7 @@ This policy setting allows you to specify how ActiveX controls are installed. - If you enable this policy setting, ActiveX controls are installed only if the ActiveX Installer Service is present and has been configured to allow the installation of ActiveX controls. -- If you disable or do not configure this policy setting, ActiveX controls, including per-user controls, are installed through the standard installation process. +- If you disable or don't configure this policy setting, ActiveX controls, including per-user controls, are installed through the standard installation process. @@ -16466,9 +16466,9 @@ This policy setting allows you to manage whether Internet Explorer can access da - If you enable this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone. -- If you disable this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone. +- If you disable this policy setting, users can't load a page in the zone that uses MSXML or ADO to access data from another site in the zone. -- If you do not configure this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. +- If you don't configure this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. @@ -16528,11 +16528,11 @@ This policy setting allows you to manage whether Internet Explorer can access da This policy setting manages whether users will be automatically prompted for ActiveX control installations. -- If you enable this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed. +- If you enable this policy setting, users will receive a prompt when a site instantiates an ActiveX control they don't have installed. - If you disable this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt. -- If you do not configure this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed. +- If you don't configure this policy setting, users will receive a prompt when a site instantiates an ActiveX control they don't have installed. @@ -16594,7 +16594,7 @@ This policy setting determines whether users will be prompted for non user-initi - If you enable this setting, users will receive a file download dialog for automatic download attempts. -- If you disable or do not configure this setting, users will receive a file download dialog for automatic download attempts. +- If you disable or don't configure this setting, users will receive a file download dialog for automatic download attempts. @@ -16660,7 +16660,7 @@ This policy setting allows you to manage whether pages of the zone may download - If you disable this policy setting, HTML fonts are prevented from downloading. -- If you do not configure this policy setting, HTML fonts can be downloaded automatically. +- If you don't configure this policy setting, HTML fonts can be downloaded automatically. @@ -16720,11 +16720,11 @@ This policy setting allows you to manage whether pages of the zone may download This policy setting allows you to manage whether Web sites from less privileged zones, such as Restricted Sites, can navigate into this zone. -- If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur. +- If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. The security zone will run without the added layer of security that's provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur. -- If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control. +- If you disable this policy setting, the possibly harmful navigations is prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control. -- If you do not configure this policy setting, a warning is issued to the user that potentially risky navigation is about to occur. +- If you don't configure this policy setting, a warning is issued to the user that potentially risky navigation is about to occur. @@ -16782,13 +16782,13 @@ This policy setting allows you to manage whether Web sites from less privileged -This policy setting allows you to manage whether . NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link. +This policy setting allows you to manage whether . NET Framework components that aren't signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link. - If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components. -- If you disable this policy setting, Internet Explorer will not execute unsigned managed components. +- If you disable this policy setting, Internet Explorer won't execute unsigned managed components. -- If you do not configure this policy setting, Internet Explorer will execute unsigned managed components. +- If you don't configure this policy setting, Internet Explorer will execute unsigned managed components. @@ -16850,9 +16850,9 @@ This policy setting allows you to manage whether the user can run scriptlets. - If you enable this policy setting, the user can run scriptlets. -- If you disable this policy setting, the user cannot run scriptlets. +- If you disable this policy setting, the user can't run scriptlets. -- If you do not configure this policy setting, the user can enable or disable scriptlets. +- If you don't configure this policy setting, the user can enable or disable scriptlets. @@ -16914,9 +16914,9 @@ This policy setting controls whether SmartScreen Filter scans pages in this zone - If you enable this policy setting, SmartScreen Filter scans pages in this zone for malicious content. -- If you disable this policy setting, SmartScreen Filter does not scan pages in this zone for malicious content. +- If you disable this policy setting, SmartScreen Filter doesn't scan pages in this zone for malicious content. -- If you do not configure this policy setting, the user can choose whether SmartScreen Filter scans pages in this zone for malicious content. +- If you don't configure this policy setting, the user can choose whether SmartScreen Filter scans pages in this zone for malicious content. > [!NOTE] > In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content. @@ -16981,9 +16981,9 @@ This policy setting allows you to manage the preservation of information in the - If you enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. -- If you disable this policy setting, users cannot preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. +- If you disable this policy setting, users can't preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. -- If you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. +- If you don't configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. @@ -17107,13 +17107,13 @@ This policy setting determines whether Internet Explorer runs antimalware progra This policy setting allows you to manage ActiveX controls not marked as safe. -- If you enable this policy setting, ActiveX controls are run, loaded with parameters, and scripted without setting object safety for untrusted data or scripts. This setting is not recommended, except for secure and administered zones. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scripting option. +- If you enable this policy setting, ActiveX controls are run, loaded with parameters, and scripted without setting object safety for untrusted data or scripts. This setting isn't recommended, except for secure and administered zones. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scripting option. - If you enable this policy setting and select Prompt in the drop-down box, users are queried whether to allow the control to be loaded with parameters or scripted. -- If you disable this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted. +- If you disable this policy setting, ActiveX controls that can't be made safe aren't loaded with parameters or scripted. -- If you do not configure this policy setting, users are queried whether to allow the control to be loaded with parameters or scripted. +- If you don't configure this policy setting, users are queried whether to allow the control to be loaded with parameters or scripted. @@ -17177,13 +17177,13 @@ This policy setting allows you to manage permissions for Java applets. Low Safety enables applets to perform all operations. -Medium Safety enables applets to run in their sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure storage area on the client computer) and user-controlled file I/O. +Medium Safety enables applets to run in their sandbox (an area in memory outside of which the program can't make calls), plus capabilities like scratch space (a safe and secure storage area on the client computer) and user-controlled file I/O. High Safety enables applets to run in their sandbox. Disable Java to prevent any applets from running. -- If you disable this policy setting, Java applets cannot run. +- If you disable this policy setting, Java applets can't run. -- If you do not configure this policy setting, the permission is set to Low Safety. +- If you don't configure this policy setting, the permission is set to Low Safety. @@ -17245,9 +17245,9 @@ This policy setting allows you to manage the opening of windows and frames and a - If you enable this policy setting, users can open windows and frames from other domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow windows and frames to access applications from other domains. -- If you disable this policy setting, users cannot open windows and frames to access applications from different domains. +- If you disable this policy setting, users can't open windows and frames to access applications from different domains. -- If you do not configure this policy setting, users can open windows and frames from other domains and access applications from other domains. +- If you don't configure this policy setting, users can open windows and frames from other domains and access applications from other domains. diff --git a/windows/client-management/mdm/policy-csp-kerberos.md b/windows/client-management/mdm/policy-csp-kerberos.md index 013665a0e7..2b2d6da783 100644 --- a/windows/client-management/mdm/policy-csp-kerberos.md +++ b/windows/client-management/mdm/policy-csp-kerberos.md @@ -41,9 +41,9 @@ ms.topic: reference This policy setting defines the list of trusting forests that the Kerberos client searches when attempting to resolve two-part service principal names (SPNs). -- If you enable this policy setting, the Kerberos client searches the forests in this list, if it is unable to resolve a two-part SPN. If a match is found, the Kerberos client requests a referral ticket to the appropriate domain. +- If you enable this policy setting, the Kerberos client searches the forests in this list, if it's unable to resolve a two-part SPN. If a match is found, the Kerberos client requests a referral ticket to the appropriate domain. -- If you disable or do not configure this policy setting, the Kerberos client does not search the listed forests to resolve the SPN. If the Kerberos client is unable to resolve the SPN because the name is not found, NTLM authentication might be used. +- If you disable or don't configure this policy setting, the Kerberos client doesn't search the listed forests to resolve the SPN. If the Kerberos client is unable to resolve the SPN because the name isn't found, NTLM authentication might be used. @@ -100,7 +100,7 @@ This policy setting defines the list of trusting forests that the Kerberos clien This policy setting allows retrieving the Azure AD Kerberos Ticket Granting Ticket during logon. -- If you disable or do not configure this policy setting, the Azure AD Kerberos Ticket Granting Ticket is not retrieved during logon. +- If you disable or don't configure this policy setting, the Azure AD Kerberos Ticket Granting Ticket isn't retrieved during logon. - If you enable this policy setting, the Azure AD Kerberos Ticket Granting Ticket is retrieved during logon. @@ -169,7 +169,7 @@ This policy setting controls whether a device will request claims and compound a - If you enable this policy setting, the client computers will request claims, provide information required to create compounded authentication and armor Kerberos messages in domains which support claims and compound authentication for Dynamic Access Control and Kerberos armoring. -- If you disable or do not configure this policy setting, the client devices will not request claims, provide information required to create compounded authentication and armor Kerberos messages. Services hosted on the device will not be able to retrieve claims for clients using Kerberos protocol transition. +- If you disable or don't configure this policy setting, the client devices won't request claims, provide information required to create compounded authentication and armor Kerberos messages. Services hosted on the device won't be able to retrieve claims for clients using Kerberos protocol transition. @@ -232,11 +232,11 @@ This policy setting controls hash or checksum algorithms used by the Kerberos cl - "Supported" enables usage of the algorithm. Enabling algorithms that have been disabled by default may reduce your security. -- "Audited" enables usage of the algorithm and reports an event (ID 206) every time it is used. This state is intended to verify that the algorithm is not being used and can be safely disabled. +- "Audited" enables usage of the algorithm and reports an event (ID 206) every time it's used. This state is intended to verify that the algorithm isn't being used and can be safely disabled. - "Not Supported" disables usage of the algorithm. This state is intended for algorithms that are deemed to be insecure. -- If you disable or do not configure this policy, each algorithm will assume the "Default" state. +- If you disable or don't configure this policy, each algorithm will assume the "Default" state. Events generated by this configuration: 205, 206, 207, 208. @@ -596,14 +596,14 @@ If you don't configure this policy, the SHA512 algorithm will assume the **Defau This policy setting controls whether a computer requires that Kerberos message exchanges be armored when communicating with a domain controller. > [!WARNING] -> When a domain does not support Kerberos armoring by enabling "Support Dynamic Access Control and Kerberos armoring", then all authentication for all its users will fail from computers with this policy setting enabled. +> When a domain doesn't support Kerberos armoring by enabling "Support Dynamic Access Control and Kerberos armoring", then all authentication for all its users will fail from computers with this policy setting enabled. - If you enable this policy setting, the client computers in the domain enforce the use of Kerberos armoring in only authentication service (AS) and ticket-granting service (TGS) message exchanges with the domain controllers. > [!NOTE] > The Kerberos Group Policy "Kerberos client support for claims, compound authentication and Kerberos armoring" must also be enabled to support Kerberos armoring. -- If you disable or do not configure this policy setting, the client computers in the domain enforce the use of Kerberos armoring when possible as supported by the target domain. +- If you disable or don't configure this policy setting, the client computers in the domain enforce the use of Kerberos armoring when possible as supported by the target domain. @@ -660,9 +660,9 @@ This policy setting controls whether a computer requires that Kerberos message e This policy setting controls the Kerberos client's behavior in validating the KDC certificate for smart card and system certificate logon. -- If you enable this policy setting, the Kerberos client requires that the KDC's X.509 certificate contains the KDC key purpose object identifier in the Extended Key Usage (EKU) extensions, and that the KDC's X.509 certificate contains a dNSName subjectAltName (SAN) extension that matches the DNS name of the domain. If the computer is joined to a domain, the Kerberos client requires that the KDC's X.509 certificate must be signed by a Certificate Authority (CA) in the NTAuth store. If the computer is not joined to a domain, the Kerberos client allows the root CA certificate on the smart card to be used in the path validation of the KDC's X.509 certificate. +- If you enable this policy setting, the Kerberos client requires that the KDC's X.509 certificate contains the KDC key purpose object identifier in the Extended Key Usage (EKU) extensions, and that the KDC's X.509 certificate contains a dNSName subjectAltName (SAN) extension that matches the DNS name of the domain. If the computer is joined to a domain, the Kerberos client requires that the KDC's X.509 certificate must be signed by a Certificate Authority (CA) in the NTAuth store. If the computer isn't joined to a domain, the Kerberos client allows the root CA certificate on the smart card to be used in the path validation of the KDC's X.509 certificate. -- If you disable or do not configure this policy setting, the Kerberos client requires only that the KDC certificate contain the Server Authentication purpose object identifier in the EKU extensions which can be issued to any server. +- If you disable or don't configure this policy setting, the Kerberos client requires only that the KDC certificate contains the Server Authentication purpose object identifier in the EKU extensions which can be issued to any server. @@ -723,10 +723,10 @@ The size of the context token buffer determines the maximum size of SSPI context - If you enable this policy setting, the Kerberos client or server uses the configured value, or the locally allowed maximum value, whichever is smaller. -- If you disable or do not configure this policy setting, the Kerberos client or server uses the locally configured value or the default value. +- If you disable or don't configure this policy setting, the Kerberos client or server uses the locally configured value or the default value. > [!NOTE] -> This policy setting configures the existing MaxTokenSize registry value in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters, which was added in Windows XP and Windows Server 2003, with a default value of 12,000 bytes. Beginning with Windows 8 the default is 48,000 bytes. Due to HTTP's base64 encoding of authentication context tokens, it is not advised to set this value more than 48,000 bytes. +> This policy setting configures the existing MaxTokenSize registry value in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters, which was added in Windows XP and Windows Server 2003, with a default value of 12,000 bytes. Beginning with Windows 8 the default is 48,000 bytes. Due to HTTP's base64 encoding of authentication context tokens, it isn't advised to set this value more than 48,000 bytes. @@ -782,7 +782,7 @@ The size of the context token buffer determines the maximum size of SSPI context Devices joined to Azure Active Directory in a hybrid environment need to interact with Active Directory Domain Controllers, but they lack the built-in ability to find a Domain Controller that a domain-joined device has. This can cause failures when such a device needs to resolve an AAD UPN into an Active Directory Principal. -This parameter adds a list of domains that an Azure Active Directory joined device should attempt to contact if it is otherwise unable to resolve a UPN to a principal. +This parameter adds a list of domains that an Azure Active Directory joined device should attempt to contact if it's otherwise unable to resolve a UPN to a principal. diff --git a/windows/client-management/mdm/policy-csp-kioskbrowser.md b/windows/client-management/mdm/policy-csp-kioskbrowser.md index f63c4c1992..28662221fb 100644 --- a/windows/client-management/mdm/policy-csp-kioskbrowser.md +++ b/windows/client-management/mdm/policy-csp-kioskbrowser.md @@ -87,7 +87,7 @@ List of exceptions to the blocked website URLs (with wildcard support). This is -List of blocked website URLs (with wildcard support). This is used to configure blocked URLs kiosk browsers can not navigate to. +List of blocked website URLs (with wildcard support). This is used to configure blocked URLs kiosk browsers can't navigate to. diff --git a/windows/client-management/mdm/policy-csp-lanmanworkstation.md b/windows/client-management/mdm/policy-csp-lanmanworkstation.md index c508f0c37a..e76faff2df 100644 --- a/windows/client-management/mdm/policy-csp-lanmanworkstation.md +++ b/windows/client-management/mdm/policy-csp-lanmanworkstation.md @@ -39,11 +39,11 @@ ms.topic: reference This policy setting determines if the SMB client will allow insecure guest logons to an SMB server. -- If you enable this policy setting or if you do not configure this policy setting, the SMB client will allow insecure guest logons. +- If you enable this policy setting or if you don't configure this policy setting, the SMB client will allow insecure guest logons. - If you disable this policy setting, the SMB client will reject insecure guest logons. -Insecure guest logons are used by file servers to allow unauthenticated access to shared folders. While uncommon in an enterprise environment, insecure guest logons are frequently used by consumer Network Attached Storage (NAS) appliances acting as file servers. Windows file servers require authentication and do not use insecure guest logons by default. Since insecure guest logons are unauthenticated, important security features such as SMB Signing and SMB Encryption are disabled. As a result, clients that allow insecure guest logons are vulnerable to a variety of man-in-the-middle attacks that can result in data loss, data corruption, and exposure to malware. Additionally, any data written to a file server using an insecure guest logon is potentially accessible to anyone on the network. Microsoft recommends disabling insecure guest logons and configuring file servers to require authenticated access." +Insecure guest logons are used by file servers to allow unauthenticated access to shared folders. While uncommon in an enterprise environment, insecure guest logons are frequently used by consumer Network Attached Storage (NAS) appliances acting as file servers. Windows file servers require authentication and don't use insecure guest logons by default. Since insecure guest logons are unauthenticated, important security features such as SMB Signing and SMB Encryption are disabled. As a result, clients that allow insecure guest logons are vulnerable to a variety of man-in-the-middle attacks that can result in data loss, data corruption, and exposure to malware. Additionally, any data written to a file server using an insecure guest logon is potentially accessible to anyone on the network. Microsoft recommends disabling insecure guest logons and configuring file servers to require authenticated access." diff --git a/windows/client-management/mdm/policy-csp-licensing.md b/windows/client-management/mdm/policy-csp-licensing.md index e7688d4418..48bbbb7152 100644 --- a/windows/client-management/mdm/policy-csp-licensing.md +++ b/windows/client-management/mdm/policy-csp-licensing.md @@ -41,7 +41,7 @@ This policy setting controls whether OS Reactivation is blocked on a device. Policy Options: - Not Configured (default -- Windows registration and reactivation is allowed) - - Disabled (Windows registration and reactivation is not allowed) + - Disabled (Windows registration and reactivation isn't allowed) - Enabled (Windows registration is allowed) @@ -106,12 +106,12 @@ Policy Options: This policy setting lets you opt-out of sending KMS client activation data to Microsoft automatically. Enabling this setting prevents this computer from sending data to Microsoft regarding its activation state. -If you disable or do not configure this policy setting, KMS client activation data will be sent to Microsoft services when this device activates. +If you disable or don't configure this policy setting, KMS client activation data will be sent to Microsoft services when this device activates. Policy Options: - Not Configured (default -- data will be automatically sent to Microsoft) - Disabled (data will be automatically sent to Microsoft) - - Enabled (data will not be sent to Microsoft) + - Enabled (data won't be sent to Microsoft) diff --git a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md index f739324c11..8af0dde209 100644 --- a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md +++ b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md @@ -41,7 +41,7 @@ ms.topic: reference -This policy setting prevents users from adding new Microsoft accounts on this computer. If you select the "Users can't add Microsoft accounts" option, users will not be able to create new Microsoft accounts on this computer, switch a local account to a Microsoft account, or connect a domain account to a Microsoft account. This is the preferred option if you need to limit the use of Microsoft accounts in your enterprise. If you select the "Users can't add or log on with Microsoft accounts" option, existing Microsoft account users will not be able to log on to Windows. Selecting this option might make it impossible for an existing administrator on this computer to log on and manage the system. If you disable or do not configure this policy (recommended), users will be able to use Microsoft accounts with Windows. +This policy setting prevents users from adding new Microsoft accounts on this computer. If you select the "Users can't add Microsoft accounts" option, users won't be able to create new Microsoft accounts on this computer, switch a local account to a Microsoft account, or connect a domain account to a Microsoft account. This is the preferred option if you need to limit the use of Microsoft accounts in your enterprise. If you select the "Users can't add or log on with Microsoft accounts" option, existing Microsoft account users won't be able to log on to Windows. Selecting this option might make it impossible for an existing administrator on this computer to log on and manage the system. If you disable or don't configure this policy (recommended), users will be able to use Microsoft accounts with Windows. @@ -103,7 +103,7 @@ This policy setting prevents users from adding new Microsoft accounts on this co This security setting determines whether the local Administrator account is enabled or disabled. > [!NOTE] -> If you try to reenable the Administrator account after it has been disabled, and if the current Administrator password does not meet the password requirements, you cannot reenable the account. In this case, an alternative member of the Administrators group must reset the password on the Administrator account. For information about how to reset a password, see To reset a password. Disabling the Administrator account can become a maintenance issue under certain circumstances. Under Safe Mode boot, the disabled Administrator account will only be enabled if the machine is non-domain joined and there are no other local active administrator accounts. If the computer is domain joined the disabled administrator will not be enabled. Default: Disabled. +> If you try to reenable the Administrator account after it has been disabled, and if the current Administrator password doesn't meet the password requirements, you can't reenable the account. In this case, an alternative member of the Administrators group must reset the password on the Administrator account. For information about how to reset a password, see To reset a password. Disabling the Administrator account can become a maintenance issue under certain circumstances. Under Safe Mode boot, the disabled Administrator account will only be enabled if the machine is non-domain joined and there are no other local active administrator accounts. If the computer is domain joined the disabled administrator won't be enabled. Default: Disabled. @@ -222,13 +222,13 @@ This security setting determines if the Guest account is enabled or disabled. De -Accounts: Limit local account use of blank passwords to console logon only This security setting determines whether local accounts that are not password protected can be used to log on from locations other than the physical computer console. If enabled, local accounts that are not password protected will only be able to log on at the computer's keyboard. Default: Enabled. +Accounts: Limit local account use of blank passwords to console logon only This security setting determines whether local accounts that aren't password protected can be used to log on from locations other than the physical computer console. If enabled, local accounts that aren't password protected will only be able to log on at the computer's keyboard. Default: Enabled. > [!WARNING] -> Computers that are not in physically secure locations should always enforce strong password policies for all local user accounts. Otherwise, anyone with physical access to the computer can log on by using a user account that does not have a password. This is especially important for portable computers. If you apply this security policy to the Everyone group, no one will be able to log on through Remote Desktop Services. +> Computers that aren't in physically secure locations should always enforce strong password policies for all local user accounts. Otherwise, anyone with physical access to the computer can log on by using a user account that doesn't have a password. This is especially important for portable computers. If you apply this security policy to the Everyone group, no one will be able to log on through Remote Desktop Services. > [!NOTE] -> This setting does not affect logons that use domain accounts. It is possible for applications that use remote interactive logons to bypass this setting. +> This setting doesn't affect logons that use domain accounts. It's possible for applications that use remote interactive logons to bypass this setting. @@ -384,7 +384,7 @@ Accounts: Rename guest account This security setting determines whether a differ -Devices: Allowed to format and eject removable media This security setting determines who is allowed to format and eject removable NTFS media. This capability can be given to: Administrators Administrators and Interactive Users Default: This policy is not defined and only Administrators have this ability. +Devices: Allowed to format and eject removable media This security setting determines who is allowed to format and eject removable NTFS media. This capability can be given to: Administrators Administrators and Interactive Users Default: This policy isn't defined and only Administrators have this ability. @@ -433,7 +433,7 @@ Devices: Allowed to format and eject removable media This security setting deter -Devices: Allow undock without having to log on This security setting determines whether a portable computer can be undocked without having to log on. If this policy is enabled, logon is not required and an external hardware eject button can be used to undock the computer. If disabled, a user must log on and have the Remove computer from docking station privilege to undock the computer. Default: Enabled. +Devices: Allow undock without having to log on This security setting determines whether a portable computer can be undocked without having to log on. If this policy is enabled, logon isn't required and an external hardware eject button can be used to undock the computer. If disabled, a user must log on and have the Remove computer from docking station privilege to undock the computer. Default: Enabled. > [!CAUTION] > Disabling this policy may tempt users to try and physically remove the laptop from its docking station using methods other than the external hardware eject button. Since this may cause damage to the hardware, this setting, in general, should only be disabled on laptop configurations that are physically securable. @@ -497,7 +497,7 @@ Devices: Allow undock without having to log on This security setting determines Devices: Prevent users from installing printer drivers when connecting to shared printers For a computer to print to a shared printer, the driver for that shared printer must be installed on the local computer. This security setting determines who is allowed to install a printer driver as part of connecting to a shared printer. - If this setting is enabled, only Administrators can install a printer driver as part of connecting to a shared printer. -- If this setting is disabled, any user can install a printer driver as part of connecting to a shared printer. Default on servers: Enabled. Default on workstations: Disabled Notes This setting does not affect the ability to add a local printer. This setting does not affect Administrators. +- If this setting is disabled, any user can install a printer driver as part of connecting to a shared printer. Default on servers: Enabled. Default on workstations: Disabled Notes This setting doesn't affect the ability to add a local printer. This setting doesn't affect Administrators. @@ -555,7 +555,7 @@ Devices: Prevent users from installing printer drivers when connecting to shared -Devices: Restrict CD-ROM access to locally logged-on user only This security setting determines whether a CD-ROM is accessible to both local and remote users simultaneously. If this policy is enabled, it allows only the interactively logged-on user to access removable CD-ROM media. If this policy is enabled and no one is logged on interactively, the CD-ROM can be accessed over the network. Default: This policy is not defined and CD-ROM access is not restricted to the locally logged-on user. +Devices: Restrict CD-ROM access to locally logged-on user only This security setting determines whether a CD-ROM is accessible to both local and remote users simultaneously. If this policy is enabled, it allows only the interactively logged-on user to access removable CD-ROM media. If this policy is enabled and no one is logged-on interactively, the CD-ROM can be accessed over the network. Default: This policy isn't defined and CD-ROM access isn't restricted to the locally logged-on user. @@ -604,7 +604,7 @@ Devices: Restrict CD-ROM access to locally logged-on user only This security set -Interactive Logon:Display user information when the session is locked User display name, domain and user names (1) User display name only (2) Do not display user information (3) Domain and user names only (4) +Interactive Logon:Display user information when the session is locked User display name, domain and user names (1) User display name only (2) Don't display user information (3) Domain and user names only (4) @@ -628,7 +628,7 @@ Interactive Logon:Display user information when the session is locked User displ |:--|:--| | 1 (Default) | User display name, domain and user names. | | 2 | User display name only. | -| 3 | Do not display user information. | +| 3 | Don't display user information. | | 4 | Domain and user names only. | @@ -664,7 +664,7 @@ Interactive Logon:Display user information when the session is locked User displ -Interactive logon: Don't display last signed-in This security setting determines whether the Windows sign-in screen will show the username of the last person who signed in on this PC. If this policy is enabled, the username will not be shown. If this policy is disabled, the username will be shown. Default: Disabled. +Interactive logon: Don't display last signed-in This security setting determines whether the Windows sign-in screen will show the username of the last person who signed in on this PC. If this policy is enabled, the username won't be shown. If this policy is disabled, the username will be shown. Default: Disabled. @@ -687,7 +687,7 @@ Interactive logon: Don't display last signed-in This security setting determines | Value | Description | |:--|:--| | 0 (Default) | Disabled (username will be shown). | -| 1 | Enabled (username will not be shown). | +| 1 | Enabled (username won't be shown). | @@ -722,7 +722,7 @@ Interactive logon: Don't display last signed-in This security setting determines -Interactive logon: Don't display username at sign-in This security setting determines whether the username of the person signing in to this PC appears at Windows sign-in, after credentials are entered, and before the PC desktop is shown. If this policy is enabled, the username will not be shown. If this policy is disabled, the username will be shown. Default: Disabled. +Interactive logon: Don't display username at sign-in This security setting determines whether the username of the person signing in to this PC appears at Windows sign-in, after credentials are entered, and before the PC desktop is shown. If this policy is enabled, the username won't be shown. If this policy is disabled, the username will be shown. Default: Disabled. @@ -745,7 +745,7 @@ Interactive logon: Don't display username at sign-in This security setting deter | Value | Description | |:--|:--| | 0 | Disabled (username will be shown). | -| 1 (Default) | Enabled (username will not be shown). | +| 1 (Default) | Enabled (username won't be shown). | @@ -780,7 +780,7 @@ Interactive logon: Don't display username at sign-in This security setting deter -Interactive logon: Do not require CTRL+ALT+DEL This security setting determines whether pressing CTRL+ALT+DEL is required before a user can log on. If this policy is enabled on a computer, a user is not required to press CTRL+ALT+DEL to log on. Not having to press CTRL+ALT+DEL leaves users susceptible to attacks that attempt to intercept the users' passwords. Requiring CTRL+ALT+DEL before users log on ensures that users are communicating by means of a trusted path when entering their passwords. If this policy is disabled, any user is required to press CTRL+ALT+DEL before logging on to Windows. Default on domain-computers: Enabled: At least Windows 8/Disabled: Windows 7 or earlier. Default on stand-alone computers: Enabled. +Interactive logon: Don't require CTRL+ALT+DEL This security setting determines whether pressing CTRL+ALT+DEL is required before a user can log on. If this policy is enabled on a computer, a user isn't required to press CTRL+ALT+DEL to log on. Not having to press CTRL+ALT+DEL leaves users susceptible to attacks that attempt to intercept the users' passwords. Requiring CTRL+ALT+DEL before users log on ensures that users are communicating by means of a trusted path when entering their passwords. If this policy is disabled, any user is required to press CTRL+ALT+DEL before logging on to Windows. Default on domain-computers: Enabled: At least Windows 8/Disabled: Windows 7 or earlier. Default on stand-alone computers: Enabled. @@ -803,7 +803,7 @@ Interactive logon: Do not require CTRL+ALT+DEL This security setting determines | Value | Description | |:--|:--| | 0 | Disabled. | -| 1 (Default) | Enabled (a user is not required to press CTRL+ALT+DEL to log on). | +| 1 (Default) | Enabled (a user isn't required to press CTRL+ALT+DEL to log on). | @@ -811,7 +811,7 @@ Interactive logon: Do not require CTRL+ALT+DEL This security setting determines | Name | Value | |:--|:--| -| Name | Interactive logon: Do not require CTRL+ALT+DEL | +| Name | Interactive logon: Don't require CTRL+ALT+DEL | | Path | Windows Settings > Security Settings > Local Policies > Security Options | @@ -891,7 +891,7 @@ Valid values: From 0 to 599940, where the value is the amount of inactivity time -Interactive logon: Message text for users attempting to log on This security setting specifies a text message that is displayed to users when they log on. This text is often used for legal reasons, for example, to warn users about the ramifications of misusing company information or to warn them that their actions may be audited. Default: No message. +Interactive logon: Message text for users attempting to log on This security setting specifies a text message that's displayed to users when they log on. This text is often used for legal reasons, for example, to warn users about the ramifications of misusing company information or to warn them that their actions may be audited. Default: No message. @@ -991,7 +991,7 @@ Interactive logon: Message title for users attempting to log on This security se Interactive logon: Smart card removal behavior This security setting determines what happens when the smart card for a logged-on user is removed from the smart card reader. The options are: No Action Lock Workstation Force Logoff Disconnect if a Remote Desktop Services session If you click Lock Workstation in the Properties dialog box for this policy, the workstation is locked when the smart card is removed, allowing users to leave the area, take their smart card with them, and still maintain a protected session. If you click Force Logoff in the Properties dialog box for this policy, the user is automatically logged off when the smart card is removed. If you click Disconnect if a Remote Desktop Services session, removal of the smart card disconnects the session without logging the user off. This allows the user to insert the smart card and resume the session later, or at another smart card reader-equipped computer, without having to log on again. If the session is local, this policy functions identically to Lock Workstation. > [!NOTE] -> Remote Desktop Services was called Terminal Services in previous versions of Windows Server. Default: This policy is not defined, which means that the system treats it as No action. On Windows Vista and above: For this setting to work, the Smart Card Removal Policy service must be started. +> Remote Desktop Services was called Terminal Services in previous versions of Windows Server. Default: This policy isn't defined, which means that the system treats it as No action. On Windows Vista and above: For this setting to work, the Smart Card Removal Policy service must be started. @@ -1053,7 +1053,7 @@ Interactive logon: Smart card removal behavior This security setting determines Microsoft network client: Digitally sign communications (always) This security setting determines whether packet signing is required by the SMB client component. The server message block (SMB) protocol provides the basis for Microsoft file and print sharing and many other networking operations, such as remote Windows administration. To prevent man-in-the-middle attacks that modify SMB packets in transit, the SMB protocol supports the digital signing of SMB packets. This policy setting determines whether SMB packet signing must be negotiated before further communication with an SMB server is permitted. -- If this setting is enabled, the Microsoft network client will not communicate with a Microsoft network server unless that server agrees to perform SMB packet signing. +- If this setting is enabled, the Microsoft network client won't communicate with a Microsoft network server unless that server agrees to perform SMB packet signing. - If this policy is disabled, SMB packet signing is negotiated between the client and server. Default: Disabled. > [!IMPORTANT] @@ -1182,7 +1182,7 @@ Microsoft network client: Digitally sign communications (if server agrees) This -Microsoft network client: Send unencrypted password to connect to third-party SMB servers If this security setting is enabled, the Server Message Block (SMB) redirector is allowed to send plaintext passwords to non-Microsoft SMB servers that do not support password encryption during authentication. Sending unencrypted passwords is a security risk. Default: Disabled. +Microsoft network client: Send unencrypted password to connect to third-party SMB servers If this security setting is enabled, the Server Message Block (SMB) redirector is allowed to send plaintext passwords to non-Microsoft SMB servers that don't support password encryption during authentication. Sending unencrypted passwords is a security risk. Default: Disabled. @@ -1242,11 +1242,11 @@ Microsoft network client: Send unencrypted password to connect to third-party SM Microsoft network server: Digitally sign communications (always) This security setting determines whether packet signing is required by the SMB server component. The server message block (SMB) protocol provides the basis for Microsoft file and print sharing and many other networking operations, such as remote Windows administration. To prevent man-in-the-middle attacks that modify SMB packets in transit, the SMB protocol supports the digital signing of SMB packets. This policy setting determines whether SMB packet signing must be negotiated before further communication with an SMB client is permitted. -- If this setting is enabled, the Microsoft network server will not communicate with a Microsoft network client unless that client agrees to perform SMB packet signing. +- If this setting is enabled, the Microsoft network server won't communicate with a Microsoft network client unless that client agrees to perform SMB packet signing. - If this setting is disabled, SMB packet signing is negotiated between the client and server. Default: Disabled for member servers. Enabled for domain controllers. > [!NOTE] -> All Windows operating systems support both a client-side SMB component and a server-side SMB component. On Windows 2000 and later, enabling or requiring packet signing for client and server-side SMB components is controlled by the following four policy settings: Microsoft network client: Digitally sign communications (always) - Controls whether or not the client-side SMB component requires packet signing. Microsoft network client: Digitally sign communications (if server agrees) - Controls whether or not the client-side SMB component has packet signing enabled. Microsoft network server: Digitally sign communications (always) - Controls whether or not the server-side SMB component requires packet signing. Microsoft network server: Digitally sign communications (if client agrees) - Controls whether or not the server-side SMB component has packet signing enabled. Similarly, if client-side SMB signing is required, that client will not be able to establish a session with servers that do not have packet signing enabled. By default, server-side SMB signing is enabled only on domain controllers. If server-side SMB signing is enabled, SMB packet signing will be negotiated with clients that have client-side SMB signing enabled. SMB packet signing can significantly degrade SMB performance, depending on dialect version, OS version, file sizes, processor offloading capabilities, and application IO behaviors. +> All Windows operating systems support both a client-side SMB component and a server-side SMB component. On Windows 2000 and later, enabling or requiring packet signing for client and server-side SMB components is controlled by the following four policy settings: Microsoft network client: Digitally sign communications (always) - Controls whether or not the client-side SMB component requires packet signing. Microsoft network client: Digitally sign communications (if server agrees) - Controls whether or not the client-side SMB component has packet signing enabled. Microsoft network server: Digitally sign communications (always) - Controls whether or not the server-side SMB component requires packet signing. Microsoft network server: Digitally sign communications (if client agrees) - Controls whether or not the server-side SMB component has packet signing enabled. Similarly, if client-side SMB signing is required, that client won't be able to establish a session with servers that don't have packet signing enabled. By default, server-side SMB signing is enabled only on domain controllers. If server-side SMB signing is enabled, SMB packet signing will be negotiated with clients that have client-side SMB signing enabled. SMB packet signing can significantly degrade SMB performance, depending on dialect version, OS version, file sizes, processor offloading capabilities, and application IO behaviors. > [!IMPORTANT] > For this policy to take effect on computers running Windows 2000, server-side packet signing must also be enabled. To enable server-side SMB packet signing, set the following policy: Microsoft network server: Digitally sign communications (if server agrees) For Windows 2000 servers to negotiate signing with Windows NT 4.0 clients, the following registry value must be set to 1 on the Windows 2000 server: HKLM\System\CurrentControlSet\Services\lanmanserver\parameters\enableW9xsecuritysignature For more information, reference:< https://go.microsoft.com/fwlink/?LinkID=787136>. @@ -1373,7 +1373,7 @@ Microsoft network server: Digitally sign communications (if client agrees) This Network access: Allow anonymous SID/name translation This policy setting determines whether an anonymous user can request security identifier (SID) attributes for another user. - If this policy is enabled, an anonymous user can request the SID attribute for another user. An anonymous user with knowledge of an administrator's SID could contact a computer that has this policy enabled and use the SID to get the administrator's name. This setting affects both the SID-to-name translation as well as the name-to-SID translation. -- If this policy setting is disabled, an anonymous user cannot request the SID attribute for another user. Default on workstations and member servers: Disabled. Default on domain controllers running Windows Server 2008 or later: Disabled. Default on domain controllers running Windows Server 2003 R2 or earlier: Enabled. +- If this policy setting is disabled, an anonymous user can't request the SID attribute for another user. Default on workstations and member servers: Disabled. Default on domain controllers running Windows Server 2008 or later: Disabled. Default on domain controllers running Windows Server 2003 R2 or earlier: Enabled. @@ -1431,7 +1431,7 @@ Network access: Allow anonymous SID/name translation This policy setting determi -Network access: Do not allow anonymous enumeration of SAM accounts This security setting determines what additional permissions will be granted for anonymous connections to the computer. Windows allows anonymous users to perform certain activities, such as enumerating the names of domain accounts and network shares. This is convenient, for example, when an administrator wants to grant access to users in a trusted domain that does not maintain a reciprocal trust. This security option allows additional restrictions to be placed on anonymous connections as follows: Enabled: Do not allow enumeration of SAM accounts. This option replaces Everyone with Authenticated Users in the security permissions for resources. Disabled: No additional restrictions. Rely on default permissions. Default on workstations: Enabled. Default on server:Enabled. +Network access: Don't allow anonymous enumeration of SAM accounts This security setting determines what additional permissions will be granted for anonymous connections to the computer. Windows allows anonymous users to perform certain activities, such as enumerating the names of domain accounts and network shares. This is convenient, for example, when an administrator wants to grant access to users in a trusted domain that doesn't maintain a reciprocal trust. This security option allows additional restrictions to be placed on anonymous connections as follows: Enabled: Don't allow enumeration of SAM accounts. This option replaces Everyone with Authenticated Users in the security permissions for resources. Disabled: No additional restrictions. Rely on default permissions. Default on workstations: Enabled. Default on server:Enabled. > [!IMPORTANT] > This policy has no impact on domain controllers. @@ -1465,7 +1465,7 @@ Network access: Do not allow anonymous enumeration of SAM accounts This security | Name | Value | |:--|:--| -| Name | Network access: Do not allow anonymous enumeration of SAM accounts | +| Name | Network access: Don't allow anonymous enumeration of SAM accounts | | Path | Windows Settings > Security Settings > Local Policies > Security Options | @@ -1492,7 +1492,7 @@ Network access: Do not allow anonymous enumeration of SAM accounts This security -Network access: Do not allow anonymous enumeration of SAM accounts and shares This security setting determines whether anonymous enumeration of SAM accounts and shares is allowed. Windows allows anonymous users to perform certain activities, such as enumerating the names of domain accounts and network shares. This is convenient, for example, when an administrator wants to grant access to users in a trusted domain that does not maintain a reciprocal trust. If you do not want to allow anonymous enumeration of SAM accounts and shares, then enable this policy. Default: Disabled. +Network access: Don't allow anonymous enumeration of SAM accounts and shares This security setting determines whether anonymous enumeration of SAM accounts and shares is allowed. Windows allows anonymous users to perform certain activities, such as enumerating the names of domain accounts and network shares. This is convenient, for example, when an administrator wants to grant access to users in a trusted domain that doesn't maintain a reciprocal trust. If you don't want to allow anonymous enumeration of SAM accounts and shares, then enable this policy. Default: Disabled. @@ -1523,7 +1523,7 @@ Network access: Do not allow anonymous enumeration of SAM accounts and shares Th | Name | Value | |:--|:--| -| Name | Network access: Do not allow anonymous enumeration of SAM accounts and shares | +| Name | Network access: Don't allow anonymous enumeration of SAM accounts and shares | | Path | Windows Settings > Security Settings > Local Policies > Security Options | @@ -1662,7 +1662,7 @@ Network security: Allow Local System to use computer identity for NTLM This poli - If you disable this policy setting, services running as Local System that use Negotiate when reverting to NTLM authentication will authenticate anonymously. By default, this policy is enabled on Windows 7 and above. By default, this policy is disabled on Windows Vista. This policy is supported on at least Windows Vista or Windows Server 2008. > [!NOTE] -> Windows Vista or Windows Server 2008 do not expose this setting in Group Policy. +> Windows Vista or Windows Server 2008 don't expose this setting in Group Policy. @@ -1783,7 +1783,7 @@ Network security: Allow PKU2U authentication requests to this computer to use on -Network security: Do not store LAN Manager hash value on next password change This security setting determines if, at the next password change, the LAN Manager (LM) hash value for the new password is stored. The LM hash is relatively weak and prone to attack, as compared with the cryptographically stronger Windows NT hash. Since the LM hash is stored on the local computer in the security database the passwords can be compromised if the security database is attacked. Default on Windows Vista and above: Enabled Default on Windows XP: Disabled. +Network security: Don't store LAN Manager hash value on next password change This security setting determines if, at the next password change, the LAN Manager (LM) hash value for the new password is stored. The LM hash is relatively weak and prone to attack, as compared with the cryptographically stronger Windows NT hash. Since the LM hash is stored on the local computer in the security database the passwords can be compromised if the security database is attacked. Default on Windows Vista and above: Enabled Default on Windows XP: Disabled. > [!IMPORTANT] > Windows 2000 Service Pack 2 (SP2) and above offer compatibility with authentication to previous versions of Windows, such as Microsoft Windows NT 4.0. This setting can affect the ability of computers running Windows 2000 Server, Windows 2000 Professional, Windows XP, and the Windows Server 2003 family to communicate with computers running Windows 95 and Windows 98. @@ -1817,7 +1817,7 @@ Network security: Do not store LAN Manager hash value on next password change Th | Name | Value | |:--|:--| -| Name | Network security: Do not store LAN Manager hash value on next password change | +| Name | Network security: Don't store LAN Manager hash value on next password change | | Path | Windows Settings > Security Settings > Local Policies > Security Options | @@ -1847,7 +1847,7 @@ Network security: Do not store LAN Manager hash value on next password change Th Network security: Force logoff when logon hours expire This security setting determines whether to disconnect users who are connected to the local computer outside their user account's valid logon hours. This setting affects the Server Message Block (SMB) component. When this policy is enabled, it causes client sessions with the SMB server to be forcibly disconnected when the client's logon hours expire. If this policy is disabled, an established client session is allowed to be maintained after the client's logon hours have expired. Default: Enabled. > [!NOTE] -> This security setting behaves as an account policy. For domain accounts, there can be only one account policy. The account policy must be defined in the Default Domain Policy, and it is enforced by the domain controllers that make up the domain. A domain controller always pulls the account policy from the Default Domain Policy Group Policy object (GPO), even if there is a different account policy applied to the organizational unit that contains the domain controller. By default, workstations and servers that are joined to a domain (for example, member computers) also receive the same account policy for their local accounts. However, local account policies for member computers can be different from the domain account policy by defining an account policy for the organizational unit that contains the member computers. Kerberos settings are not applied to member computers. +> This security setting behaves as an account policy. For domain accounts, there can be only one account policy. The account policy must be defined in the Default Domain Policy, and it's enforced by the domain controllers that make up the domain. A domain controller always pulls the account policy from the Default Domain Policy Group Policy object (GPO), even if there is a different account policy applied to the organizational unit that contains the domain controller. By default, workstations and servers that are joined to a domain (for example, member computers) also receive the same account policy for their local accounts. However, local account policies for member computers can be different from the domain account policy by defining an account policy for the organizational unit that contains the member computers. Kerberos settings aren't applied to member computers. @@ -1908,7 +1908,7 @@ Network security: Force logoff when logon hours expire This security setting det Network security LAN Manager authentication level This security setting determines which challenge/response authentication protocol is used for network logons. This choice affects the level of authentication protocol used by clients, the level of session security negotiated, and the level of authentication accepted by servers as follows: Send LM and NTLM responses: Clients use LM and NTLM authentication and never use NTLMv2 session security; domain controllers accept LM, NTLM, and NTLMv2 authentication. Send LM and NTLM - use NTLMv2 session security if negotiated: Clients use LM and NTLM authentication and use NTLMv2 session security if the server supports it; domain controllers accept LM, NTLM, and NTLMv2 authentication. Send NTLM response only: Clients use NTLM authentication only and use NTLMv2 session security if the server supports it; domain controllers accept LM, NTLM, and NTLMv2 authentication. Send NTLMv2 response only: Clients use NTLMv2 authentication only and use NTLMv2 session security if the server supports it; domain controllers accept LM, NTLM, and NTLMv2 authentication. Send NTLMv2 response only\refuse LM: Clients use NTLMv2 authentication only and use NTLMv2 session security if the server supports it; domain controllers refuse LM (accept only NTLM and NTLMv2 authentication). Send NTLMv2 response only\refuse LM and NTLM: Clients use NTLMv2 authentication only and use NTLMv2 session security if the server supports it; domain controllers refuse LM and NTLM (accept only NTLMv2 authentication). > [!IMPORTANT] -> This setting can affect the ability of computers running Windows 2000 Server, Windows 2000 Professional, Windows XP Professional, and the Windows Server 2003 family to communicate with computers running Windows NT 4.0 and earlier over the network. For example, at the time of this writing, computers running Windows NT 4.0 SP4 and earlier did not support NTLMv2. Computers running Windows 95 and Windows 98 did not support NTLM. Default: Windows 2000 and windows XP: send LM and NTLM responses Windows Server 2003: Send NTLM response only Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2: Send NTLMv2 response only. +> This setting can affect the ability of computers running Windows 2000 Server, Windows 2000 Professional, Windows XP Professional, and the Windows Server 2003 family to communicate with computers running Windows NT 4.0 and earlier over the network. For example, at the time of this writing, computers running Windows NT 4.0 SP4 and earlier didn't support NTLMv2. Computers running Windows 95 and Windows 98 didn't support NTLM. Default: Windows 2000 and windows XP: send LM and NTLM responses Windows Server 2003: Send NTLM response only Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2: Send NTLMv2 response only. @@ -1970,7 +1970,7 @@ Network security LAN Manager authentication level This security setting determin -Network security: Minimum session security for NTLM SSP based (including secure RPC) clients This security setting allows a client to require the negotiation of 128-bit encryption and/or NTLMv2 session security. These values are dependent on the LAN Manager Authentication Level security setting value. The options are: Require NTLMv2 session security: The connection will fail if NTLMv2 protocol is not negotiated. Require 128-bit encryption: The connection will fail if strong encryption (128-bit) is not negotiated. Default: Windows XP, Windows Vista, Windows 2000 Server, Windows Server 2003, and Windows Server 2008: No requirements. Windows 7 and Windows Server 2008 R2: Require 128-bit encryption. +Network security: Minimum session security for NTLM SSP based (including secure RPC) clients This security setting allows a client to require the negotiation of 128-bit encryption and/or NTLMv2 session security. These values are dependent on the LAN Manager Authentication Level security setting value. The options are: Require NTLMv2 session security: The connection will fail if NTLMv2 protocol isn't negotiated. Require 128-bit encryption: The connection will fail if strong encryption (128-bit) isn't negotiated. Default: Windows XP, Windows Vista, Windows 2000 Server, Windows Server 2003, and Windows Server 2008: No requirements. Windows 7 and Windows Server 2008 R2: Require 128-bit encryption. @@ -2030,7 +2030,7 @@ Network security: Minimum session security for NTLM SSP based (including secure -Network security: Minimum session security for NTLM SSP based (including secure RPC) servers This security setting allows a server to require the negotiation of 128-bit encryption and/or NTLMv2 session security. These values are dependent on the LAN Manager Authentication Level security setting value. The options are: Require NTLMv2 session security: The connection will fail if message integrity is not negotiated. Require 128-bit encryption. The connection will fail if strong encryption (128-bit) is not negotiated. Default: Windows XP, Windows Vista, Windows 2000 Server, Windows Server 2003, and Windows Server 2008: No requirements. Windows 7 and Windows Server 2008 R2: Require 128-bit encryption. +Network security: Minimum session security for NTLM SSP based (including secure RPC) servers This security setting allows a server to require the negotiation of 128-bit encryption and/or NTLMv2 session security. These values are dependent on the LAN Manager Authentication Level security setting value. The options are: Require NTLMv2 session security: The connection will fail if message integrity isn't negotiated. Require 128-bit encryption. The connection will fail if strong encryption (128-bit) isn't negotiated. Default: Windows XP, Windows Vista, Windows 2000 Server, Windows Server 2003, and Windows Server 2008: No requirements. Windows 7 and Windows Server 2008 R2: Require 128-bit encryption. @@ -2092,7 +2092,7 @@ Network security: Minimum session security for NTLM SSP based (including secure Network security: Restrict NTLM: Add remote server exceptions for NTLM authentication This policy setting allows you to create an exception list of remote servers to which clients are allowed to use NTLM authentication if the "Network Security: Restrict NTLM: Outgoing NTLM traffic to remote servers" policy setting is configured. - If you configure this policy setting, you can define a list of remote servers to which clients are allowed to use NTLM authentication. -- If you do not configure this policy setting, no exceptions will be applied. The naming format for servers on this exception list is the fully qualified domain name (FQDN) or NetBIOS server name used by the application, listed one per line. To ensure exceptions the name used by all applications needs to be in the list, and to ensure an exception is accurate, the server name should be listed in both naming formats . A single asterisk (*) can be used anywhere in the string as a wildcard character. +- If you don't configure this policy setting, no exceptions will be applied. The naming format for servers on this exception list is the fully qualified domain name (FQDN) or NetBIOS server name used by the application, listed one per line. To ensure exceptions the name used by all applications needs to be in the list, and to ensure an exception is accurate, the server name should be listed in both naming formats . A single asterisk (*) can be used anywhere in the string as a wildcard character. @@ -2141,7 +2141,7 @@ Network security: Restrict NTLM: Add remote server exceptions for NTLM authentic -Network security: Restrict NTLM: Audit Incoming NTLM Traffic This policy setting allows you to audit incoming NTLM traffic. If you select "Disable", or do not configure this policy setting, the server will not log events for incoming NTLM traffic. If you select "Enable auditing for domain accounts", the server will log events for NTLM pass-through authentication requests that would be blocked when the "Network Security: Restrict NTLM: Incoming NTLM traffic" policy setting is set to the "Deny all domain accounts" option. If you select "Enable auditing for all accounts", the server will log events for all NTLM authentication requests that would be blocked when the "Network Security: Restrict NTLM: Incoming NTLM traffic" policy setting is set to the "Deny all accounts" option. This policy is supported on at least Windows 7 or Windows Server 2008 R2. +Network security: Restrict NTLM: Audit Incoming NTLM Traffic This policy setting allows you to audit incoming NTLM traffic. If you select "Disable", or don't configure this policy setting, the server won't log events for incoming NTLM traffic. If you select "Enable auditing for domain accounts", the server will log events for NTLM pass-through authentication requests that would be blocked when the "Network Security: Restrict NTLM: Incoming NTLM traffic" policy setting is set to the "Deny all domain accounts" option. If you select "Enable auditing for all accounts", the server will log events for all NTLM authentication requests that would be blocked when the "Network Security: Restrict NTLM: Incoming NTLM traffic" policy setting is set to the "Deny all accounts" option. This policy is supported on at least Windows 7 or Windows Server 2008 R2. > [!NOTE] > Audit events are recorded on this computer in the "Operational" Log located under the Applications and Services Log/Microsoft/Windows/NTLM. @@ -2203,7 +2203,7 @@ Network security: Restrict NTLM: Audit Incoming NTLM Traffic This policy setting -Network security: Restrict NTLM: Incoming NTLM traffic This policy setting allows you to deny or allow incoming NTLM traffic. If you select "Allow all" or do not configure this policy setting, the server will allow all NTLM authentication requests. If you select "Deny all domain accounts," the server will deny NTLM authentication requests for domain logon and display an NTLM blocked error, but allow local account logon. If you select "Deny all accounts," the server will deny NTLM authentication requests from incoming traffic and display an NTLM blocked error. This policy is supported on at least Windows 7 or Windows Server 2008 R2. +Network security: Restrict NTLM: Incoming NTLM traffic This policy setting allows you to deny or allow incoming NTLM traffic. If you select "Allow all" or don't configure this policy setting, the server will allow all NTLM authentication requests. If you select "Deny all domain accounts," the server will deny NTLM authentication requests for domain logon and display an NTLM blocked error, but allow local account logon. If you select "Deny all accounts," the server will deny NTLM authentication requests from incoming traffic and display an NTLM blocked error. This policy is supported on at least Windows 7 or Windows Server 2008 R2. > [!NOTE] > Block events are recorded on this computer in the "Operational" Log located under the Applications and Services Log/Microsoft/Windows/NTLM. @@ -2265,7 +2265,7 @@ Network security: Restrict NTLM: Incoming NTLM traffic This policy setting allow -Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers This policy setting allows you to deny or audit outgoing NTLM traffic from this Windows 7 or this Windows Server 2008 R2 computer to any Windows remote server. If you select "Allow all" or do not configure this policy setting, the client computer can authenticate identities to a remote server by using NTLM authentication. If you select "Audit all," the client computer logs an event for each NTLM authentication request to a remote server. This allows you to identify those servers receiving NTLM authentication requests from the client computer. If you select "Deny all," the client computer cannot authenticate identities to a remote server by using NTLM authentication. You can use the "Network security: Restrict NTLM: Add remote server exceptions for NTLM authentication" policy setting to define a list of remote servers to which clients are allowed to use NTLM authentication. This policy is supported on at least Windows 7 or Windows Server 2008 R2. +Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers This policy setting allows you to deny or audit outgoing NTLM traffic from this Windows 7 or this Windows Server 2008 R2 computer to any Windows remote server. If you select "Allow all" or don't configure this policy setting, the client computer can authenticate identities to a remote server by using NTLM authentication. If you select "Audit all," the client computer logs an event for each NTLM authentication request to a remote server. This allows you to identify those servers receiving NTLM authentication requests from the client computer. If you select "Deny all," the client computer can't authenticate identities to a remote server by using NTLM authentication. You can use the "Network security: Restrict NTLM: Add remote server exceptions for NTLM authentication" policy setting to define a list of remote servers to which clients are allowed to use NTLM authentication. This policy is supported on at least Windows 7 or Windows Server 2008 R2. > [!NOTE] > Audit and block events are recorded on this computer in the "Operational" Log located under the Applications and Services Log/Microsoft/Windows/NTLM. @@ -2327,7 +2327,7 @@ Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers This po -Shutdown: Allow system to be shut down without having to log on This security setting determines whether a computer can be shut down without having to log on to Windows. When this policy is enabled, the Shut Down command is available on the Windows logon screen. When this policy is disabled, the option to shut down the computer does not appear on the Windows logon screen. In this case, users must be able to log on to the computer successfully and have the Shut down the system user right before they can perform a system shutdown. Default on workstations: Enabled. Default on servers: Disabled. +Shutdown: Allow system to be shut down without having to log on This security setting determines whether a computer can be shut down without having to log on to Windows. When this policy is enabled, the Shut Down command is available on the Windows logon screen. When this policy is disabled, the option to shut down the computer doesn't appear on the Windows logon screen. In this case, users must be able to log on to the computer successfully and have the Shut down the system user right before they can perform a system shutdown. Default on workstations: Enabled. Default on servers: Disabled. @@ -2385,7 +2385,7 @@ Shutdown: Allow system to be shut down without having to log on This security se -Shutdown: Clear virtual memory pagefile This security setting determines whether the virtual memory pagefile is cleared when the system is shut down. Virtual memory support uses a system pagefile to swap pages of memory to disk when they are not used. On a running system, this pagefile is opened exclusively by the operating system, and it is well protected. However, systems that are configured to allow booting to other operating systems might have to make sure that the system pagefile is wiped clean when this system shuts down. This ensures that sensitive information from process memory that might go into the pagefile is not available to an unauthorized user who manages to directly access the pagefile. When this policy is enabled, it causes the system pagefile to be cleared upon clean shutdown. If you enable this security option, the hibernation file (hiberfil.sys) is also zeroed out when hibernation is disabled. Default: Disabled. +Shutdown: Clear virtual memory pagefile This security setting determines whether the virtual memory pagefile is cleared when the system is shut down. Virtual memory support uses a system pagefile to swap pages of memory to disk when they aren't used. On a running system, this pagefile is opened exclusively by the operating system, and it's well protected. However, systems that are configured to allow booting to other operating systems might have to make sure that the system pagefile is wiped clean when this system shuts down. This ensures that sensitive information from process memory that might go into the pagefile isn't available to an unauthorized user who manages to directly access the pagefile. When this policy is enabled, it causes the system pagefile to be cleared upon clean shutdown. If you enable this security option, the hibernation file (hiberfil.sys) is also zeroed out when hibernation is disabled. Default: Disabled. @@ -2443,7 +2443,7 @@ Shutdown: Clear virtual memory pagefile This security setting determines whether -User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop. This policy setting controls whether User Interface Accessibility (UIAccess or UIA) programs can automatically disable the secure desktop for elevation prompts used by a standard user. - Enabled: UIA programs, including Windows Remote Assistance, automatically disable the secure desktop for elevation prompts. If you do not disable the "User Account Control: Switch to the secure desktop when prompting for elevation" policy setting, the prompts appear on the interactive user's desktop instead of the secure desktop. - Disabled: (Default) The secure desktop can be disabled only by the user of the interactive desktop or by disabling the "User Account Control: Switch to the secure desktop when prompting for elevation" policy setting. +User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop. This policy setting controls whether User Interface Accessibility (UIAccess or UIA) programs can automatically disable the secure desktop for elevation prompts used by a standard user. - Enabled: UIA programs, including Windows Remote Assistance, automatically disable the secure desktop for elevation prompts. If you don't disable the "User Account Control: Switch to the secure desktop when prompting for elevation" policy setting, the prompts appear on the interactive user's desktop instead of the secure desktop. - Disabled: (Default) The secure desktop can be disabled only by the user of the interactive desktop or by disabling the "User Account Control: Switch to the secure desktop when prompting for elevation" policy setting. @@ -2566,7 +2566,7 @@ User Account Control: Behavior of the elevation prompt for administrators in Adm -User Account Control: Behavior of the elevation prompt for standard users This policy setting controls the behavior of the elevation prompt for standard users. The options are: - Prompt for credentials: (Default) When an operation requires elevation of privilege, the user is prompted to enter an administrative user name and password. If the user enters valid credentials, the operation continues with the applicable privilege. - Automatically deny elevation requests: When an operation requires elevation of privilege, a configurable access denied error message is displayed. An enterprise that is running desktops as standard user may choose this setting to reduce help desk calls. - Prompt for credentials on the secure desktop: When an operation requires elevation of privilege, the user is prompted on the secure desktop to enter a different user name and password. If the user enters valid credentials, the operation continues with the applicable privilege. +User Account Control: Behavior of the elevation prompt for standard users This policy setting controls the behavior of the elevation prompt for standard users. The options are: - Prompt for credentials: (Default) When an operation requires elevation of privilege, the user is prompted to enter an administrative user name and password. If the user enters valid credentials, the operation continues with the applicable privilege. - Automatically deny elevation requests: When an operation requires elevation of privilege, a configurable access denied error message is displayed. An enterprise that's running desktops as standard user may choose this setting to reduce help desk calls. - Prompt for credentials on the secure desktop: When an operation requires elevation of privilege, the user is prompted on the secure desktop to enter a different user name and password. If the user enters valid credentials, the operation continues with the applicable privilege. @@ -2625,7 +2625,7 @@ User Account Control: Behavior of the elevation prompt for standard users This p -User Account Control: Detect application installations and prompt for elevation This policy setting controls the behavior of application installation detection for the computer. The options are: Enabled: (Default) When an application installation package is detected that requires elevation of privilege, the user is prompted to enter an administrative user name and password. If the user enters valid credentials, the operation continues with the applicable privilege. Disabled: Application installation packages are not detected and prompted for elevation. Enterprises that are running standard user desktops and use delegated installation technologies such as Group Policy Software Installation or Systems Management Server (SMS) should disable this policy setting. In this case, installer detection is unnecessary. +User Account Control: Detect application installations and prompt for elevation This policy setting controls the behavior of application installation detection for the computer. The options are: Enabled: (Default) When an application installation package is detected that requires elevation of privilege, the user is prompted to enter an administrative user name and password. If the user enters valid credentials, the operation continues with the applicable privilege. Disabled: Application installation packages aren't detected and prompted for elevation. Enterprises that are running standard user desktops and use delegated installation technologies such as Group Policy Software Installation or Systems Management Server (SMS) should disable this policy setting. In this case, installer detection is unnecessary. @@ -2683,7 +2683,7 @@ User Account Control: Detect application installations and prompt for elevation -User Account Control: Only elevate executable files that are signed and validated This policy setting enforces public key infrastructure (PKI) signature checks for any interactive applications that request elevation of privilege. Enterprise administrators can control which applications are allowed to run by adding certificates to the Trusted Publishers certificate store on local computers. The options are: - Enabled: Enforces the PKI certification path validation for a given executable file before it is permitted to run. - Disabled: (Default) Does not enforce PKI certification path validation before a given executable file is permitted to run. +User Account Control: Only elevate executable files that are signed and validated This policy setting enforces public key infrastructure (PKI) signature checks for any interactive applications that request elevation of privilege. Enterprise administrators can control which applications are allowed to run by adding certificates to the Trusted Publishers certificate store on local computers. The options are: - Enabled: Enforces the PKI certification path validation for a given executable file before it's permitted to run. - Disabled: (Default) Does not enforce PKI certification path validation before a given executable file is permitted to run. @@ -2741,7 +2741,7 @@ User Account Control: Only elevate executable files that are signed and validate -User Account Control: Only elevate UIAccess applications that are installed in secure locations This policy setting controls whether applications that request to run with a User Interface Accessibility (UIAccess) integrity level must reside in a secure location in the file system. Secure locations are limited to the following: - ...\Program Files\, including subfolders - ...\Windows\system32\ - ...\Program Files (x86)\, including subfolders for 64-bit versions of Windows Note: Windows enforces a public key infrastructure (PKI) signature check on any interactive application that requests to run with a UIAccess integrity level regardless of the state of this security setting. The options are: - Enabled: (Default) If an application resides in a secure location in the file system, it runs only with UIAccess integrity. - Disabled: An application runs with UIAccess integrity even if it does not reside in a secure location in the file system. +User Account Control: Only elevate UIAccess applications that are installed in secure locations This policy setting controls whether applications that request to run with a User Interface Accessibility (UIAccess) integrity level must reside in a secure location in the file system. Secure locations are limited to the following: - ...\Program Files\, including subfolders - ...\Windows\system32\ - ...\Program Files (x86)\, including subfolders for 64-bit versions of Windows Note: Windows enforces a public key infrastructure (PKI) signature check on any interactive application that requests to run with a UIAccess integrity level regardless of the state of this security setting. The options are: - Enabled: (Default) If an application resides in a secure location in the file system, it runs only with UIAccess integrity. - Disabled: An application runs with UIAccess integrity even if it doesn't reside in a secure location in the file system. @@ -2763,7 +2763,7 @@ User Account Control: Only elevate UIAccess applications that are installed in s | Value | Description | |:--|:--| -| 0 | Disabled: Application runs with UIAccess integrity even if it does not reside in a secure location. | +| 0 | Disabled: Application runs with UIAccess integrity even if it doesn't reside in a secure location. | | 1 (Default) | Enabled: Application runs with UIAccess integrity only if it resides in secure location. | diff --git a/windows/client-management/mdm/policy-csp-localusersandgroups.md b/windows/client-management/mdm/policy-csp-localusersandgroups.md index 116a29e6ce..cc236267c3 100644 --- a/windows/client-management/mdm/policy-csp-localusersandgroups.md +++ b/windows/client-management/mdm/policy-csp-localusersandgroups.md @@ -41,12 +41,12 @@ This Setting allows an administrator to manage local groups on a Device. Possible settings: 1. Update Group Membership: Update a group and add and/or remove members though the 'U' action. -When using Update, existing group members that are not specified in the policy remain untouched. +When using Update, existing group members that aren't specified in the policy remain untouched. 2. Replace Group Membership: Restrict a group by replacing group membership through the 'R' action. When using Replace, existing group membership is replaced by the list of members specified in the add member section. This option works in the same way as a Restricted Group and any group -members that are not specified in the policy are removed. +members that aren't specified in the policy are removed. > [!CAUTION] > If the same group is configured with both Replace and Update, then Replace will win. diff --git a/windows/client-management/mdm/policy-csp-lockdown.md b/windows/client-management/mdm/policy-csp-lockdown.md index 0061b7380c..401457470e 100644 --- a/windows/client-management/mdm/policy-csp-lockdown.md +++ b/windows/client-management/mdm/policy-csp-lockdown.md @@ -37,9 +37,9 @@ ms.topic: reference -- If you disable this policy setting, users will not be able to invoke any system UI by swiping in from any screen edge. +- If you disable this policy setting, users won't be able to invoke any system UI by swiping in from any screen edge. -- If you enable or do not configure this policy setting, users will be able to invoke system UI by swiping in from the screen edges. +- If you enable or don't configure this policy setting, users will be able to invoke system UI by swiping in from the screen edges. diff --git a/windows/client-management/mdm/policy-csp-lsa.md b/windows/client-management/mdm/policy-csp-lsa.md index f756e459bf..0cbc03d1cb 100644 --- a/windows/client-management/mdm/policy-csp-lsa.md +++ b/windows/client-management/mdm/policy-csp-lsa.md @@ -41,9 +41,9 @@ ms.topic: reference This policy controls the configuration under which LSASS loads custom SSPs and APs. -- If you enable this setting or do not configure it, LSA allows custom SSPs and APs to be loaded. +- If you enable this setting or don't configure it, LSA allows custom SSPs and APs to be loaded. -- If you disable this setting, LSA does not load custom SSPs and APs. +- If you disable this setting, LSA doesn't load custom SSPs and APs. @@ -100,13 +100,13 @@ This policy controls the configuration under which LSASS loads custom SSPs and A This policy controls the configuration under which LSASS is run. -- If you do not configure this policy and there is no current setting in the registry, LSA will run as protected process for clean installed, HVCI capable, client SKUs that are domain or cloud domain joined devices. This configuration is not UEFI locked. This can be overridden if the policy is configured. +- If you don't configure this policy and there is no current setting in the registry, LSA will run as protected process for clean installed, HVCI capable, client SKUs that are domain or cloud domain joined devices. This configuration isn't UEFI locked. This can be overridden if the policy is configured. -- If you configure and set this policy setting to "Disabled", LSA will not run as a protected process. +- If you configure and set this policy setting to "Disabled", LSA won't run as a protected process. - If you configure and set this policy setting to "EnabledWithUEFILock," LSA will run as a protected process and this configuration is UEFI locked. -- If you configure and set this policy setting to "EnabledWithoutUEFILock", LSA will run as a protected process and this configuration is not UEFI locked. +- If you configure and set this policy setting to "EnabledWithoutUEFILock", LSA will run as a protected process and this configuration isn't UEFI locked. @@ -128,9 +128,9 @@ This policy controls the configuration under which LSASS is run. | Value | Description | |:--|:--| -| 0 (Default) | Disabled. Default value. LSA will not run as protected process. | +| 0 (Default) | Disabled. Default value. LSA won't run as protected process. | | 1 | Enabled with UEFI lock. LSA will run as protected process and this configuration is UEFI locked. | -| 2 | Enabled without UEFI lock. LSA will run as protected process and this configuration is not UEFI locked. | +| 2 | Enabled without UEFI lock. LSA will run as protected process and this configuration isn't UEFI locked. | diff --git a/windows/client-management/mdm/policy-csp-messaging.md b/windows/client-management/mdm/policy-csp-messaging.md index 0a17aa2d46..e4c4f04b6a 100644 --- a/windows/client-management/mdm/policy-csp-messaging.md +++ b/windows/client-management/mdm/policy-csp-messaging.md @@ -61,7 +61,7 @@ Disable this feature to avoid information being stored on servers outside of you | Value | Description | |:--|:--| -| 0 | Message sync is not allowed and cannot be changed by the user. | +| 0 | Message sync isn't allowed and can't be changed by the user. | | 1 (Default) | Message sync is allowed. The user can change this setting. | diff --git a/windows/client-management/mdm/policy-csp-mixedreality.md b/windows/client-management/mdm/policy-csp-mixedreality.md index 5711be78d6..a3113f2aed 100644 --- a/windows/client-management/mdm/policy-csp-mixedreality.md +++ b/windows/client-management/mdm/policy-csp-mixedreality.md @@ -117,7 +117,7 @@ This opt-in policy can help with the setup of new devices in new areas or new us | Value | Description | |:--|:--| -| 0 (Default) | Displaying captive portal is not allowed. | +| 0 (Default) | Displaying captive portal isn't allowed. | | 1 | Displaying captive portal is allowed. | @@ -169,7 +169,7 @@ For more information on the Launcher API, see [Launcher Class (Windows.System) - | Value | Description | |:--|:--| -| 0 (Default) | Applications are not allowed to be launched with Launcher API, when in single app kiosk mode. | +| 0 (Default) | Applications aren't allowed to be launched with Launcher API, when in single app kiosk mode. | | 1 | Applications are allowed to be launched with Launcher API, when in single app kiosk mode. | @@ -245,7 +245,7 @@ On a device where you configure this policy, the user specified in the policy ne -This policy controls if the HoloLens displays will be automatically adjusted for your eyes to improve hologram visual quality when an user wears the device. When this feature is enabled, a new user upon wearing the device will not be prompted to calibrate and yet the displays will be adjusted to suite them automatically. However if an immersive application is launched that depends on eye tracking interactions, the user will be prompted to perform the calibration. +This policy controls if the HoloLens displays will be automatically adjusted for your eyes to improve hologram visual quality when a user wears the device. When this feature is enabled, a new user upon wearing the device won't be prompted to calibrate and yet the displays will be adjusted to suite them automatically. However if an immersive application is launched that depends on eye tracking interactions, the user will be prompted to perform the calibration. @@ -317,7 +317,7 @@ This policy setting controls if pressing the brightness button changes the brigh | Value | Description | |:--|:--| | 0 (Default) | Brightness can be changed with press of brightness button. | -| 1 | Brightness cannot be changed with press of brightness button. | +| 1 | Brightness can't be changed with press of brightness button. | @@ -367,8 +367,8 @@ For more information, see [Moving platform mode on low dynamic motion moving pla | Value | Description | |:--|:--| | 0 (Default) | Last set user's preference. Initial state is OFF and after that user's preference is persisted across reboots and is used to initialize the system. | -| 1 | Moving platform is disabled and cannot be changed by user. | -| 2 | Moving platform is enabled and cannot be changed by user. | +| 1 | Moving platform is disabled and can't be changed by user. | +| 2 | Moving platform is enabled and can't be changed by user. | @@ -398,7 +398,7 @@ This policy setting specifies a set of parameters for controlling the Windows NT - If you enable this policy setting, you can specify the following parameters for the Windows NTP Client. -- If you disable or do not configure this policy setting, the Windows NTP Client uses the defaults of each of the following parameters. +- If you disable or don't configure this policy setting, the Windows NTP Client uses the defaults of each of the following parameters. NtpServer The Domain Name System (DNS) name or IP address of an NTP time source. This value is in the form of "dnsName,flags" where "flags" is a hexadecimal bitmask of the flags for that host. For more information, see the NTP Client Group Policy Settings Associated with Windows Time section of the Windows Time Service Group Policy Settings. The default value is "time.windows.com,0x09". @@ -407,7 +407,7 @@ Type This value controls the authentication that W32time uses. The default value is NT5DS. CrossSiteSyncFlags -This value, expressed as a bitmask, controls how W32time chooses time sources outside its own site. The possible values are 0, 1, and 2. Setting this value to 0 (None) indicates that the time client should not attempt to synchronize time outside its site. Setting this value to 1 (PdcOnly) indicates that only the computers that function as primary domain controller (PDC) emulator operations masters in other domains can be used as synchronization partners when the client has to synchronize time with a partner outside its own site. Setting a value of 2 (All) indicates that any synchronization partner can be used. This value is ignored if the NT5DS value is not set. The default value is 2 decimal (0x02 hexadecimal). +This value, expressed as a bitmask, controls how W32time chooses time sources outside its own site. The possible values are 0, 1, and 2. Setting this value to 0 (None) indicates that the time client shouldn't attempt to synchronize time outside its site. Setting this value to 1 (PdcOnly) indicates that only the computers that function as primary domain controller (PDC) emulator operations masters in other domains can be used as synchronization partners when the client has to synchronize time with a partner outside its own site. Setting a value of 2 (All) indicates that any synchronization partner can be used. This value is ignored if the NT5DS value isn't set. The default value is 2 decimal (0x02 hexadecimal). ResolvePeerBackoffMinutes This value, expressed in minutes, controls how long W32time waits before it attempts to resolve a DNS name when a previous attempt failed. The default value is 15 minutes. @@ -416,10 +416,10 @@ ResolvePeerBackoffMaxTimes This value controls how many times W32time attempts to resolve a DNS name before the discovery process is restarted. Each time DNS name resolution fails, the amount of time to wait before the next attempt will be twice the previous amount. The default value is seven attempts. SpecialPollInterval -This NTP client value, expressed in seconds, controls how often a manually configured time source is polled when the time source is configured to use a special polling interval. If the SpecialInterval flag is enabled on the NTPServer setting, the client uses the value that is set as the SpecialPollInterval, instead of a variable interval between MinPollInterval and MaxPollInterval values, to determine how frequently to poll the time source. SpecialPollInterval must be in the range of [MinPollInterval, MaxPollInterval], else the nearest value of the range is picked. Default: 1024 seconds. +This NTP client value, expressed in seconds, controls how often a manually configured time source is polled when the time source is configured to use a special polling interval. If the SpecialInterval flag is enabled on the NTPServer setting, the client uses the value that's set as the SpecialPollInterval, instead of a variable interval between MinPollInterval and MaxPollInterval values, to determine how frequently to poll the time source. SpecialPollInterval must be in the range of [MinPollInterval, MaxPollInterval], else the nearest value of the range is picked. Default: 1024 seconds. EventLogFlags -This value is a bitmask that controls events that may be logged to the System log in Event Viewer. Setting this value to 0x1 indicates that W32time will create an event whenever a time jump is detected. Setting this value to 0x2 indicates that W32time will create an event whenever a time source change is made. Because it is a bitmask value, setting 0x3 (the addition of 0x1 and 0x2) indicates that both time jumps and time source changes will be logged. +This value is a bitmask that controls events that may be logged to the System log in Event Viewer. Setting this value to 0x1 indicates that W32time will create an event whenever a time jump is detected. Setting this value to 0x2 indicates that W32time will create an event whenever a time source change is made. Because it's a bitmask value, setting 0x3 (the addition of 0x1 and 0x2) indicates that both time jumps and time source changes will be logged. @@ -619,7 +619,7 @@ This policy setting controls, when and if diagnostic logs can be collected using | Value | Description | |:--|:--| -| 0 | Not allowed. Diagnostic logs cannot be collected by pressing the button combination. | +| 0 | Not allowed. Diagnostic logs can't be collected by pressing the button combination. | | 1 | Allowed for device owners only. Diagnostics logs can be collected by pressing the button combination only if signed-in user is considered as device owner. | | 2 (Default) | Allowed for all users. Diagnostic logs can be collected by pressing the button combination. | @@ -718,7 +718,7 @@ When the system automatically determines the down direction, it's using the meas | Value | Description | |:--|:--| | 0 (Default) | User is allowed to manually change down direction. | -| 1 | User is not allowed to manually change down direction. | +| 1 | User isn't allowed to manually change down direction. | @@ -767,7 +767,7 @@ This policy setting controls whether microphone on HoloLens 2 is disabled or not | Value | Description | |:--|:--| | 0 (Default) | Microphone can be used for voice. | -| 1 | Microphone cannot be used for voice. | +| 1 | Microphone can't be used for voice. | @@ -799,7 +799,7 @@ Enabling the Windows NTP Client allows your computer to synchronize its computer - If you enable this policy setting, you can set the local computer clock to synchronize time with NTP servers. -- If you disable or do not configure this policy setting, the local computer clock does not synchronize time with NTP servers. +- If you disable or don't configure this policy setting, the local computer clock doesn't synchronize time with NTP servers. @@ -862,7 +862,7 @@ The following example XML string shows the value to enable this policy: -This policy configures whether the device will take the user through the eye tracking calibration process during device setup and first time user setup. If this policy is enabled, the device will not show the eye tracking calibration process during device setup and first time user setup. Note that until the user goes through the calibration process, eye tracking will not work on the device. If an app requires eye tracking and the user has not gone through the calibration process, the user will be prompted to do so. +This policy configures whether the device will take the user through the eye tracking calibration process during device setup and first time user setup. If this policy is enabled, the device won't show the eye tracking calibration process during device setup and first time user setup. Note that until the user goes through the calibration process, eye tracking won't work on the device. If an app requires eye tracking and the user hasn't gone through the calibration process, the user will be prompted to do so. @@ -887,7 +887,7 @@ This policy configures whether the device will take the user through the eye tra | Value | Description | |:--|:--| | 0 (Default) | Eye tracking calibration process will be shown during device setup and first time user setup. | -| 1 | Eye tracking calibration process will not be shown during device setup and first time user setup. | +| 1 | Eye tracking calibration process won't be shown during device setup and first time user setup. | @@ -913,7 +913,7 @@ This policy configures whether the device will take the user through the eye tra -This policy configures whether the device will take the user through a training process during device setup and first time user setup. If this policy is enabled, the device will not show the training process during device setup and first time user setup. If the user wishes to go through that training process, the user can launch the Tips app. +This policy configures whether the device will take the user through a training process during device setup and first time user setup. If this policy is enabled, the device won't show the training process during device setup and first time user setup. If the user wishes to go through that training process, the user can launch the Tips app. @@ -937,7 +937,7 @@ It skips the training experience of interactions with the hummingbird and Start | Value | Description | |:--|:--| | 0 (Default) | Training process will be shown during device setup and first time user setup. | -| 1 | Training process will not be shown during device setup and first time user setup. | +| 1 | Training process won't be shown during device setup and first time user setup. | @@ -985,7 +985,7 @@ This policy controls whether a visitor user will be automatically logged in. Vis | Value | Description | |:--|:--| -| 0 (Default) | Visitor user will not be signed in automatically. | +| 0 (Default) | Visitor user won't be signed in automatically. | | 1 | Visitor user will be signed in automatically. | @@ -1035,7 +1035,7 @@ This policy setting controls if pressing the volume button changes the volume or | Value | Description | |:--|:--| | 0 (Default) | Volume can be changed with press of the volume button. | -| 1 | Volume cannot be changed with press of the volume button. | +| 1 | Volume can't be changed with press of the volume button. | diff --git a/windows/client-management/mdm/policy-csp-networkisolation.md b/windows/client-management/mdm/policy-csp-networkisolation.md index 8936eb9ae7..2d2008a5b7 100644 --- a/windows/client-management/mdm/policy-csp-networkisolation.md +++ b/windows/client-management/mdm/policy-csp-networkisolation.md @@ -37,7 +37,7 @@ ms.topic: reference -This setting does not apply to desktop apps. +This setting doesn't apply to desktop apps. A pipe-separated list of domain cloud resources. Each cloud resource can also be paired optionally with an internal proxy server by using a trailing comma followed by the proxy address. @@ -101,13 +101,13 @@ For more information see: -This setting does not apply to desktop apps. +This setting doesn't apply to desktop apps. A semicolon-separated list of intranet proxy server IP addresses. These addresses are categorized as private by Windows Network Isolation and are accessible to apps that have the Home/Work Networking capability. - If you enable this policy setting, it allows an administrator to configure a set of proxies that provide access to intranet resources. -- If you disable or do not configure this policy setting, Windows Network Isolation attempts to discover proxies and configures them as Internet nodes. +- If you disable or don't configure this policy setting, Windows Network Isolation attempts to discover proxies and configures them as Internet nodes. This setting should NOT be used to configure Internet proxies. @@ -167,7 +167,7 @@ For more information see: -This setting does not apply to desktop apps. +This setting doesn't apply to desktop apps. A comma-separated list of IP address ranges that are in your corporate network. @@ -177,7 +177,7 @@ Windows Network Isolation attempts to automatically discover private network hos To ensure that these addresses are the only addresses ever classified as private, enable the "Subnet definitions are authoritative" policy setting. -- If you disable or do not configure this policy setting, Windows Network Isolation attempts to automatically discover your private network hosts. +- If you disable or don't configure this policy setting, Windows Network Isolation attempts to automatically discover your private network hosts. Example: 3efe:1092::/96,18.1.1.1/10 @@ -245,13 +245,13 @@ fd00::-fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff -This setting does not apply to desktop apps. +This setting doesn't apply to desktop apps. Turns off Windows Network Isolation's automatic discovery of private network hosts in the domain corporate environment. - If you enable this policy setting, it turns off Windows Network Isolation's automatic discovery of private network hosts in the domain corporate environment. Only network hosts within the address ranges configured via Group Policy will be classified as private. -- If you disable or do not configure this policy setting, Windows Network Isolation attempts to automatically discover your private network hosts in the domain corporate environment. +- If you disable or don't configure this policy setting, Windows Network Isolation attempts to automatically discover your private network hosts in the domain corporate environment. For more information see: @@ -316,7 +316,7 @@ For more information see: -This is the list of domains that comprise the boundaries of the enterprise. Data from one of these domains that is sent to a device will be considered enterprise data and protected These locations will be considered a safe destination for enterprise data to be shared to. This is a comma-separated list of domains, for example contoso. sharepoint. com, Fabrikam. com. +This is the list of domains that comprise the boundaries of the enterprise. Data from one of these domains that's sent to a device will be considered enterprise data and protected These locations will be considered a safe destination for enterprise data to be shared to. This is a comma-separated list of domains, for example contoso. sharepoint. com, Fabrikam. com. > [!NOTE] > The client requires domain name to be canonical, otherwise the setting will be rejected by the client. Here are the steps to create canonical domain names:Transform the ASCII characters (A-Z only) to lower case. For example, Microsoft. COM -> microsoft. com. Call IdnToAscii with IDN_USE_STD3_ASCII_RULES as the flags. Call IdnToUnicode with no flags set (dwFlags = 0). @@ -364,13 +364,13 @@ For more information, see the following APIs: -This setting does not apply to desktop apps. +This setting doesn't apply to desktop apps. A semicolon-separated list of Internet proxy server IP addresses. These addresses are categorized as Internet by Windows Network Isolation and are accessible to apps that have the Internet Client or Internet Client/Server capabilities. - If you enable this policy setting, apps on proxied networks can access the Internet without relying on the Private Network capability. However, in most situations Windows Network Isolation will be able to correctly discover proxies. By default, any proxies configured with this setting are merged with proxies that are auto-discovered. To make this policy configuration the sole list of allowed proxies, enable the "Proxy definitions are authoritative" setting. -- If you disable or do not configure this policy setting, apps will use the Internet proxies auto-discovered by Windows Network Isolation. +- If you disable or don't configure this policy setting, apps will use the Internet proxies auto-discovered by Windows Network Isolation. Example: [3efe:3022::1000];18.0.0.1;18.0.0.2 @@ -428,13 +428,13 @@ For more information see: -This setting does not apply to desktop apps. +This setting doesn't apply to desktop apps. Turns off Windows Network Isolation's automatic proxy discovery in the domain corporate environment. - If you enable this policy setting, it turns off Windows Network Isolation's automatic proxy discovery in the domain corporate environment. Only proxies configured with Group Policy are authoritative. This applies to both Internet and intranet proxies. -- If you disable or do not configure this policy setting, Windows Network Isolation attempts to automatically discover your proxy server addresses. +- If you disable or don't configure this policy setting, Windows Network Isolation attempts to automatically discover your proxy server addresses. For more information see: @@ -499,7 +499,7 @@ For more information see: -This setting does not apply to desktop apps. +This setting doesn't apply to desktop apps. A comma-separated list of domain names that can be used as both work or personal resource. diff --git a/windows/client-management/mdm/policy-csp-notifications.md b/windows/client-management/mdm/policy-csp-notifications.md index 45942077f7..9baca25d58 100644 --- a/windows/client-management/mdm/policy-csp-notifications.md +++ b/windows/client-management/mdm/policy-csp-notifications.md @@ -39,11 +39,11 @@ ms.topic: reference This policy setting blocks applications from using the network to send notifications to update tiles, tile badges, toast, or raw notifications. This policy setting turns off the connection between Windows and the Windows Push Notification Service (WNS). This policy setting also stops applications from being able to poll application services to update tiles. -- If you enable this policy setting, applications and system features will not be able receive notifications from the network from WNS or via notification polling APIs. +- If you enable this policy setting, applications and system features won't be able receive notifications from the network from WNS or via notification polling APIs. - If you enable this policy setting, notifications can still be raised by applications running on the machine via local API calls from within the application. -- If you disable or do not configure this policy setting, the client computer will connect to WNS at user login and applications will be allowed to poll for tile notification updates in the background. +- If you disable or don't configure this policy setting, the client computer will connect to WNS at user login and applications will be allowed to poll for tile notification updates in the background. No reboots or service restarts are required for this policy setting to take effect. @@ -121,9 +121,9 @@ To validate the configuration: This policy setting turns off notification mirroring. -- If you enable this policy setting, notifications from applications and system will not be mirrored to your other devices. +- If you enable this policy setting, notifications from applications and system won't be mirrored to your other devices. -- If you disable or do not configure this policy setting, notifications will be mirrored, and can be turned off by the administrator or user. +- If you disable or don't configure this policy setting, notifications will be mirrored, and can be turned off by the administrator or user. No reboots or service restarts are required for this policy setting to take effect. @@ -192,9 +192,9 @@ This feature can be turned off by apps that don't want to participate in notific This policy setting turns off tile notifications. -- If you enable this policy setting, applications and system features will not be able to update their tiles and tile badges in the Start screen. +- If you enable this policy setting, applications and system features won't be able to update their tiles and tile badges in the Start screen. -- If you disable or do not configure this policy setting, tile and badge notifications are enabled and can be turned off by the administrator or user. +- If you disable or don't configure this policy setting, tile and badge notifications are enabled and can be turned off by the administrator or user. No reboots or service restarts are required for this policy setting to take effect. @@ -262,7 +262,7 @@ No reboots or service restarts are required for this policy setting to take effe This policy setting turns on multiple expanded toast notifications in action center. - If you enable this policy setting, the first three notifications of each application will be expanded by default in action center. -- If you disable or do not configure this policy setting, only the first notification of each application will be expanded by default in action center. Windows 10 only. This will be immediately deprecated for Windows 11. No reboots or service restarts are required for this policy setting to take effect. +- If you disable or don't configure this policy setting, only the first notification of each application will be expanded by default in action center. Windows 10 only. This will be immediately deprecated for Windows 11. No reboots or service restarts are required for this policy setting to take effect. diff --git a/windows/client-management/mdm/policy-csp-power.md b/windows/client-management/mdm/policy-csp-power.md index 3de93912e8..496798b187 100644 --- a/windows/client-management/mdm/policy-csp-power.md +++ b/windows/client-management/mdm/policy-csp-power.md @@ -90,9 +90,9 @@ This policy setting decides if hibernate on the machine is allowed or not. Suppo This policy setting manages whether or not Windows is allowed to use standby states when putting the computer in a sleep state. -- If you enable or do not configure this policy setting, Windows uses standby states to put the computer in a sleep state. +- If you enable or don't configure this policy setting, Windows uses standby states to put the computer in a sleep state. -- If you disable this policy setting, standby states (S1-S3) are not allowed. +- If you disable this policy setting, standby states (S1-S3) aren't allowed. @@ -149,9 +149,9 @@ This policy setting manages whether or not Windows is allowed to use standby sta This policy setting manages whether or not Windows is allowed to use standby states when putting the computer in a sleep state. -- If you enable or do not configure this policy setting, Windows uses standby states to put the computer in a sleep state. +- If you enable or don't configure this policy setting, Windows uses standby states to put the computer in a sleep state. -- If you disable this policy setting, standby states (S1-S3) are not allowed. +- If you disable this policy setting, standby states (S1-S3) aren't allowed. @@ -210,7 +210,7 @@ This policy setting allows you to specify the period of inactivity before Window - If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows turns off the display. -- If you disable or do not configure this policy setting, users control this setting. +- If you disable or don't configure this policy setting, users control this setting. If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the display from turning off. The "Prevent enabling lock screen slide show" policy setting can be used to disable the slide show feature. @@ -270,7 +270,7 @@ This policy setting allows you to specify the period of inactivity before Window - If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows turns off the display. -- If you disable or do not configure this policy setting, users control this setting. +- If you disable or don't configure this policy setting, users control this setting. If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the display from turning off. The "Prevent enabling lock screen slide show" policy setting can be used to disable the slide show feature. @@ -330,7 +330,7 @@ This policy setting allows you to specify battery charge level at which Energy S - If you enable this policy setting, you must provide a percent value, indicating the battery charge level. Energy Saver will be automatically turned on at (and below) the specified level. -- If you disable or do not configure this policy setting, users control this setting. +- If you disable or don't configure this policy setting, users control this setting. @@ -389,7 +389,7 @@ This policy setting allows you to specify battery charge level at which Energy S - If you enable this policy setting, you must provide a percent value, indicating the battery charge level. Energy Saver will be automatically turned on at (and below) the specified level. -- If you disable or do not configure this policy setting, users control this setting. +- If you disable or don't configure this policy setting, users control this setting. @@ -448,7 +448,7 @@ This policy setting allows you to specify the period of inactivity before Window - If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows transitions to hibernate. -- If you disable or do not configure this policy setting, users control this setting. +- If you disable or don't configure this policy setting, users control this setting. If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the sleep transition from occuring. The "Prevent enabling lock screen slide show" policy setting can be used to disable the slide show feature. @@ -508,7 +508,7 @@ This policy setting allows you to specify the period of inactivity before Window - If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows transitions to hibernate. -- If you disable or do not configure this policy setting, users control this setting. +- If you disable or don't configure this policy setting, users control this setting. If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the sleep transition from occuring. The "Prevent enabling lock screen slide show" policy setting can be used to disable the slide show feature. @@ -566,9 +566,9 @@ If the user has configured a slide show to run on the lock screen when the machi This policy setting specifies whether or not the user is prompted for a password when the system resumes from sleep. -- If you enable or do not configure this policy setting, the user is prompted for a password when the system resumes from sleep. +- If you enable or don't configure this policy setting, the user is prompted for a password when the system resumes from sleep. -- If you disable this policy setting, the user is not prompted for a password when the system resumes from sleep. +- If you disable this policy setting, the user isn't prompted for a password when the system resumes from sleep. @@ -625,9 +625,9 @@ This policy setting specifies whether or not the user is prompted for a password This policy setting specifies whether or not the user is prompted for a password when the system resumes from sleep. -- If you enable or do not configure this policy setting, the user is prompted for a password when the system resumes from sleep. +- If you enable or don't configure this policy setting, the user is prompted for a password when the system resumes from sleep. -- If you disable this policy setting, the user is not prompted for a password when the system resumes from sleep. +- If you disable this policy setting, the user isn't prompted for a password when the system resumes from sleep. @@ -693,7 +693,7 @@ Possible actions include: - If you enable this policy setting, you must select the desired action. -- If you disable this policy setting or do not configure it, users can see and change this setting. +- If you disable this policy setting or don't configure it, users can see and change this setting. @@ -769,7 +769,7 @@ Possible actions include: - If you enable this policy setting, you must select the desired action. -- If you disable this policy setting or do not configure it, users can see and change this setting. +- If you disable this policy setting or don't configure it, users can see and change this setting. @@ -845,7 +845,7 @@ Possible actions include: - If you enable this policy setting, you must select the desired action. -- If you disable this policy setting or do not configure it, users can see and change this setting. +- If you disable this policy setting or don't configure it, users can see and change this setting. @@ -921,7 +921,7 @@ Possible actions include: - If you enable this policy setting, you must select the desired action. -- If you disable this policy setting or do not configure it, users can see and change this setting. +- If you disable this policy setting or don't configure it, users can see and change this setting. @@ -997,7 +997,7 @@ Possible actions include: - If you enable this policy setting, you must select the desired action. -- If you disable this policy setting or do not configure it, users can see and change this setting. +- If you disable this policy setting or don't configure it, users can see and change this setting. @@ -1073,7 +1073,7 @@ Possible actions include: - If you enable this policy setting, you must select the desired action. -- If you disable this policy setting or do not configure it, users can see and change this setting. +- If you disable this policy setting or don't configure it, users can see and change this setting. @@ -1142,7 +1142,7 @@ This policy setting allows you to specify the period of inactivity before Window - If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows transitions to sleep. -- If you disable or do not configure this policy setting, users control this setting. +- If you disable or don't configure this policy setting, users control this setting. If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the sleep transition from occuring. The "Prevent enabling lock screen slide show" policy setting can be used to disable the slide show feature. @@ -1202,7 +1202,7 @@ This policy setting allows you to specify the period of inactivity before Window - If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows transitions to sleep. -- If you disable or do not configure this policy setting, users control this setting. +- If you disable or don't configure this policy setting, users control this setting. If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the sleep transition from occuring. The "Prevent enabling lock screen slide show" policy setting can be used to disable the slide show feature. @@ -1260,9 +1260,9 @@ If the user has configured a slide show to run on the lock screen when the machi This policy setting allows you to turn off hybrid sleep. -- If you enable this policy setting, a hiberfile is not generated when the system transitions to sleep (Stand By). +- If you enable this policy setting, a hiberfile isn't generated when the system transitions to sleep (Stand By). -- If you disable or do not configure this policy setting, users control this setting. +- If you disable or don't configure this policy setting, users control this setting. @@ -1327,9 +1327,9 @@ This policy setting allows you to turn off hybrid sleep. This policy setting allows you to turn off hybrid sleep. -- If you enable this policy setting, a hiberfile is not generated when the system transitions to sleep (Stand By). +- If you enable this policy setting, a hiberfile isn't generated when the system transitions to sleep (Stand By). -- If you disable or do not configure this policy setting, users control this setting. +- If you disable or don't configure this policy setting, users control this setting. @@ -1392,11 +1392,11 @@ This policy setting allows you to turn off hybrid sleep. -This policy setting allows you to specify the period of inactivity before Windows transitions to sleep automatically when a user is not present at the computer. +This policy setting allows you to specify the period of inactivity before Windows transitions to sleep automatically when a user isn't present at the computer. -- If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows automatically transitions to sleep when left unattended. If you specify 0 seconds, Windows does not automatically transition to sleep. +- If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows automatically transitions to sleep when left unattended. If you specify 0 seconds, Windows doesn't automatically transition to sleep. -- If you disable or do not configure this policy setting, users control this setting. +- If you disable or don't configure this policy setting, users control this setting. If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the sleep transition from occuring. The "Prevent enabling lock screen slide show" policy setting can be used to disable the slide show feature. @@ -1453,11 +1453,11 @@ If the user has configured a slide show to run on the lock screen when the machi -This policy setting allows you to specify the period of inactivity before Windows transitions to sleep automatically when a user is not present at the computer. +This policy setting allows you to specify the period of inactivity before Windows transitions to sleep automatically when a user isn't present at the computer. -- If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows automatically transitions to sleep when left unattended. If you specify 0 seconds, Windows does not automatically transition to sleep. +- If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows automatically transitions to sleep when left unattended. If you specify 0 seconds, Windows doesn't automatically transition to sleep. -- If you disable or do not configure this policy setting, users control this setting. +- If you disable or don't configure this policy setting, users control this setting. If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the sleep transition from occuring. The "Prevent enabling lock screen slide show" policy setting can be used to disable the slide show feature. diff --git a/windows/client-management/mdm/policy-csp-printers.md b/windows/client-management/mdm/policy-csp-printers.md index 1777863e8e..a21ad776d3 100644 --- a/windows/client-management/mdm/policy-csp-printers.md +++ b/windows/client-management/mdm/policy-csp-printers.md @@ -161,7 +161,7 @@ Manages how Queue-specific files are processed during printer installation. At p You can enable this setting to change the default behavior involving queue-specific files. To use this setting, select one of the options below from the "Manage processing of Queue-specific files" box. -If you disable or do not configure this policy setting, the default behavior is "Limit Queue-specific files to Color profiles". +If you disable or don't configure this policy setting, the default behavior is "Limit Queue-specific files to Color profiles". - "Do not allow Queue-specific files" specifies that no queue-specific files will be allowed/processed during print queue/printer connection installation. @@ -226,13 +226,13 @@ The following are the supported values: -This policy setting controls the print driver signature validation mechanism. This policy controls the type of digital signature that is required for a print driver to be considered valid and installed on the system. +This policy setting controls the print driver signature validation mechanism. This policy controls the type of digital signature that's required for a print driver to be considered valid and installed on the system. As part of this validation the catalog/embedded signature is verified and all files in the driver must be a part of the catalog or have their own embedded signature that can be used for validation. You can enable this setting to change the default signature validation method. To use this setting, select one of the options below from the "Select the driver signature mechanism for this computer" box. -If you disable or do not configure this policy setting, the default method is "Allow all validly signed drivers". +If you disable or don't configure this policy setting, the default method is "Allow all validly signed drivers". - "Require inbox signed drivers" specifies only drivers that are shipped as part of a Windows image are allowed on this computer. @@ -246,7 +246,7 @@ If you disable or do not configure this policy setting, the default method is "A The 'PrintDrivers' certificate store needs to be created by an administrator under the local machine store location. -The 'Trusted Publishers' certificate store can contain certificates from sources that are not related to print drivers. +The 'Trusted Publishers' certificate store can contain certificates from sources that aren't related to print drivers. @@ -309,11 +309,11 @@ The following are the supported values: Determines whether to always send page count information for accounting purposes for printers using the Microsoft IPP Class Driver. -By default, pages are sent to the printer as soon as they are rendered and page count information is not sent to the printer unless pages must be reordered. +By default, pages are sent to the printer as soon as they're rendered and page count information isn't sent to the printer unless pages must be reordered. - If you enable this setting the system will render all print job pages up front and send the printer the total page count for the print job. -- If you disable this setting or do not configure it, pages are printed as soon as they are rendered and page counts are only sent when page reordering is required to process the job. +- If you disable this setting or don't configure it, pages are printed as soon as they're rendered and page counts are only sent when page reordering is required to process the job. @@ -376,15 +376,15 @@ Determines whether Redirection Guard is enabled for the print spooler. You can enable this setting to configure the Redirection Guard policy being applied to spooler. -- If you disable or do not configure this policy setting, Redirection Guard will default to being 'enabled'. +- If you disable or don't configure this policy setting, Redirection Guard will default to being 'enabled'. - If you enable this setting you may select the following options: - Enabled: Redirection Guard will prevent any file redirections from being followed -- Disabled: Redirection Guard will not be enabled and file redirections may be used within the spooler process +- Disabled: Redirection Guard won't be enabled and file redirections may be used within the spooler process -- Audit: Redirection Guard will log events as though it were enabled but will not actually prevent file redirections from being used within the spooler. +- Audit: Redirection Guard will log events as though it were enabled but won't actually prevent file redirections from being used within the spooler. @@ -506,9 +506,9 @@ Use authentication for outgoing RPC over named pipes connections: - "Default": By default domain joined computers enable RPC authentication for RPC over named pipes while non domain joined computers disable RPC authentication for RPC over named pipes - "Authentication enabled": RPC authentication will be used for outgoing RPC over named pipes connections - - "Authentication disabled": RPC authentication will not be used for outgoing RPC over named pipes connections + - "Authentication disabled": RPC authentication won't be used for outgoing RPC over named pipes connections -If you disable or do not configure this policy setting, the above defaults will be used. +If you disable or don't configure this policy setting, the above defaults will be used. @@ -577,7 +577,7 @@ Authentication protocol to use for incoming RPC connections: - "Negotiate": Use the Negotiate authentication protocol (the default option) - "Kerberos": Use the Kerberos authentication protocol -If you disable or do not configure this policy setting, the above defaults will be used. +If you disable or don't configure this policy setting, the above defaults will be used. @@ -639,7 +639,7 @@ RPC over TCP port: - The port to use for RPC over TCP. A value of 0 is the default and indicates that dynamic TCP ports will be used -If you disable or do not configure this policy setting, dynamic TCP ports are used. +If you disable or don't configure this policy setting, dynamic TCP ports are used. @@ -699,7 +699,7 @@ By default, there are no restrictions to printing based on connection type or pr - If you enable this setting, the computer will restrict printing to printer connections on the corporate network or approved USB-connected printers. -- If you disable this setting or do not configure it, there are no restrictions to printing based on connection type or printer Make/Model. +- If you disable this setting or don't configure it, there are no restrictions to printing based on connection type or printer Make/Model. @@ -760,7 +760,7 @@ By default, there are no restrictions to printing based on connection type or pr - If you enable this setting, the computer will restrict printing to printer connections on the corporate network or approved USB-connected printers. -- If you disable this setting or do not configure it, there are no restrictions to printing based on connection type or printer Make/Model. +- If you disable this setting or don't configure it, there are no restrictions to printing based on connection type or printer Make/Model. @@ -815,13 +815,13 @@ By default, there are no restrictions to printing based on connection type or pr -This policy setting controls the print driver exclusion list. The exclusion list allows an administrator to curate a list of printer drivers that are not allowed to be installed on the system. +This policy setting controls the print driver exclusion list. The exclusion list allows an administrator to curate a list of printer drivers that aren't allowed to be installed on the system. This checks outranks the signature check and allows drivers that have a valid signature level for the Print Driver signature validation policy to be excluded. Entries in the exclusion list consist of a SHA256 hash (or SHA1 hash for Win7) of the INF file and/or main driver DLL file of the driver and the name of the file. -If you disable or do not configure this policy setting, the registry key and values associated with this policy setting will be deleted, if currently set to a value. +If you disable or don't configure this policy setting, the registry key and values associated with this policy setting will be deleted, if currently set to a value. @@ -879,10 +879,10 @@ This policy setting controls the client Point and Print behavior, including the - If you enable this policy setting: --Windows XP and later clients will only download print driver components from a list of explicitly named servers. If a compatible print driver is available on the client, a printer connection will be made. If a compatible print driver is not available on the client, no connection will be made. --You can configure Windows Vista clients so that security warnings and elevated command prompts do not appear when users Point and Print, or when printer connection drivers need to be updated. +-Windows XP and later clients will only download print driver components from a list of explicitly named servers. If a compatible print driver is available on the client, a printer connection will be made. If a compatible print driver isn't available on the client, no connection will be made. +-You can configure Windows Vista clients so that security warnings and elevated command prompts don't appear when users Point and Print, or when printer connection drivers need to be updated. -- If you do not configure this policy setting: +- If you don't configure this policy setting: -Windows Vista client computers can point and print to any server. -Windows Vista computers will show a warning and an elevated command prompt when users create a printer connection to any server using Point and Print. @@ -892,8 +892,8 @@ This policy setting controls the client Point and Print behavior, including the - If you disable this policy setting: -Windows Vista client computers can create a printer connection to any server using Point and Print. --Windows Vista computers will not show a warning or an elevated command prompt when users create a printer connection to any server using Point and Print. --Windows Vista computers will not show a warning or an elevated command prompt when an existing printer connection driver needs to be updated. +-Windows Vista computers won't show a warning or an elevated command prompt when users create a printer connection to any server using Point and Print. +-Windows Vista computers won't show a warning or an elevated command prompt when an existing printer connection driver needs to be updated. -Windows Server 2003 and Windows XP client computers can create a printer connection to any server using Point and Print. -The "Users can only point and print to computers in their forest" setting applies only to Windows Server 2003 and Windows XP SP1 (and later service packs). @@ -954,10 +954,10 @@ This policy setting controls the client Point and Print behavior, including the - If you enable this policy setting: --Windows XP and later clients will only download print driver components from a list of explicitly named servers. If a compatible print driver is available on the client, a printer connection will be made. If a compatible print driver is not available on the client, no connection will be made. --You can configure Windows Vista clients so that security warnings and elevated command prompts do not appear when users Point and Print, or when printer connection drivers need to be updated. +-Windows XP and later clients will only download print driver components from a list of explicitly named servers. If a compatible print driver is available on the client, a printer connection will be made. If a compatible print driver isn't available on the client, no connection will be made. +-You can configure Windows Vista clients so that security warnings and elevated command prompts don't appear when users Point and Print, or when printer connection drivers need to be updated. -- If you do not configure this policy setting: +- If you don't configure this policy setting: -Windows Vista client computers can point and print to any server. -Windows Vista computers will show a warning and an elevated command prompt when users create a printer connection to any server using Point and Print. @@ -967,8 +967,8 @@ This policy setting controls the client Point and Print behavior, including the - If you disable this policy setting: -Windows Vista client computers can create a printer connection to any server using Point and Print. --Windows Vista computers will not show a warning or an elevated command prompt when users create a printer connection to any server using Point and Print. --Windows Vista computers will not show a warning or an elevated command prompt when an existing printer connection driver needs to be updated. +-Windows Vista computers won't show a warning or an elevated command prompt when users create a printer connection to any server using Point and Print. +-Windows Vista computers won't show a warning or an elevated command prompt when an existing printer connection driver needs to be updated. -Windows Server 2003 and Windows XP client computers can create a printer connection to any server using Point and Print. -The "Users can only point and print to computers in their forest" setting applies only to Windows Server 2003 and Windows XP SP1 (and later service packs). @@ -1027,9 +1027,9 @@ This policy setting controls the client Point and Print behavior, including the Determines whether the computer's shared printers can be published in Active Directory. -- If you enable this setting or do not configure it, users can use the "List in directory" option in the Printer's Properties' Sharing tab to publish shared printers in Active Directory. +- If you enable this setting or don't configure it, users can use the "List in directory" option in the Printer's Properties' Sharing tab to publish shared printers in Active Directory. -- If you disable this setting, this computer's shared printers cannot be published in Active Directory, and the "List in directory" option is not available. +- If you disable this setting, this computer's shared printers can't be published in Active Directory, and the "List in directory" option isn't available. > [!NOTE] > This settings takes priority over the setting "Automatically publish new printers in the Active Directory". @@ -1091,7 +1091,7 @@ Determines whether users that aren't Administrators can install print drivers on By default, users that aren't Administrators can't install print drivers on this computer. -- If you enable this setting or do not configure it, the system will limit installation of print drivers to Administrators of this computer. +- If you enable this setting or don't configure it, the system will limit installation of print drivers to Administrators of this computer. - If you disable this setting, the system won't limit installation of print drivers to this computer. diff --git a/windows/client-management/mdm/policy-csp-privacy.md b/windows/client-management/mdm/policy-csp-privacy.md index c0cf8e14bf..be4b3f472d 100644 --- a/windows/client-management/mdm/policy-csp-privacy.md +++ b/windows/client-management/mdm/policy-csp-privacy.md @@ -92,7 +92,7 @@ Allows or disallows the automatic acceptance of the pairing and privacy user con This policy setting determines whether Clipboard contents can be synchronized across devices. - If you enable this policy setting, Clipboard contents are allowed to be synchronized across devices logged in under the same Microsoft account or Azure AD account. -- If you disable this policy setting, Clipboard contents cannot be shared to other devices. +- If you disable this policy setting, Clipboard contents can't be shared to other devices. Policy change takes effect immediately. @@ -162,7 +162,7 @@ This policy specifies whether users on the device have the option to enable onli If this policy is enabled or not configured, control is deferred to users, and users may choose whether to enable speech services via settings. -If this policy is disabled, speech services will be disabled, and users cannot enable speech services via settings. +If this policy is disabled, speech services will be disabled, and users can't enable speech services via settings. @@ -235,7 +235,7 @@ This policy setting turns off the advertising ID, preventing apps from using the - If you enable this policy setting, the advertising ID is turned off. Apps can't use the ID for experiences across apps. -- If you disable or do not configure this policy setting, users can control whether apps can use the advertising ID for experiences across apps. +- If you disable or don't configure this policy setting, users can control whether apps can use the advertising ID for experiences across apps. @@ -305,9 +305,9 @@ This policy setting turns off the advertising ID, preventing apps from using the When logging into a new user account for the first time or after an upgrade in some scenarios, that user may be presented with a screen or series of screens that prompts the user to choose privacy settings for their account. Enable this policy to prevent this experience from launching. -If this policy is enabled, the privacy experience will not launch for newly-created user accounts or for accounts that would have been prompted to choose their privacy settings after an upgrade. +If this policy is enabled, the privacy experience won't launch for newly created user accounts or for accounts that would've been prompted to choose their privacy settings after an upgrade. -If this policy is disabled or not configured, then the privacy experience may launch for newly-created user accounts or for accounts that should be prompted to choose their privacy settings after an upgrade. +If this policy is disabled or not configured, then the privacy experience may launch for newly created user accounts or for accounts that should be prompted to choose their privacy settings after an upgrade. @@ -332,7 +332,7 @@ In some managed environments, the privacy settings may be set by other policies. | Value | Description | |:--|:--| | 0 (Default) | Allow the 'choose privacy settings for your device' screen for a new user during their first logon or when an existing user logs in for the first time after an upgrade. | -| 1 | Do not allow the 'choose privacy settings for your device' screen when a new user logs in or an existing user logs in for the first time after an upgrade. | +| 1 | Don't allow the 'choose privacy settings for your device' screen when a new user logs in or an existing user logs in for the first time after an upgrade. | @@ -445,11 +445,11 @@ You can specify either a default setting for all apps or a per-app setting by sp If you choose the "User is in control" option, employees in your organization can decide whether Windows apps can access account information by using Settings > Privacy on the device. -If you choose the "Force Allow" option, Windows apps are allowed to access account information and employees in your organization cannot change it. +If you choose the "Force Allow" option, Windows apps are allowed to access account information and employees in your organization can't change it. -If you choose the "Force Deny" option, Windows apps are not allowed to access account information and employees in your organization cannot change it. +If you choose the "Force Deny" option, Windows apps aren't allowed to access account information and employees in your organization can't change it. -If you disable or do not configure this policy setting, employees in your organization can decide whether Windows apps can access account information by using Settings > Privacy on the device. +If you disable or don't configure this policy setting, employees in your organization can decide whether Windows apps can access account information by using Settings > Privacy on the device. If an app is open when this Group Policy object is applied on a device, employees must restart the app or device for the policy changes to be applied to the app. @@ -523,11 +523,11 @@ You can specify either a default setting for all apps or a per-app setting by sp If you choose the "User is in control" option, employees in your organization can decide whether Windows apps can access account information by using Settings > Privacy on the device. -If you choose the "Force Allow" option, Windows apps are allowed to access account information and employees in your organization cannot change it. +If you choose the "Force Allow" option, Windows apps are allowed to access account information and employees in your organization can't change it. -If you choose the "Force Deny" option, Windows apps are not allowed to access account information and employees in your organization cannot change it. +If you choose the "Force Deny" option, Windows apps aren't allowed to access account information and employees in your organization can't change it. -If you disable or do not configure this policy setting, employees in your organization can decide whether Windows apps can access account information by using Settings > Privacy on the device. +If you disable or don't configure this policy setting, employees in your organization can decide whether Windows apps can access account information by using Settings > Privacy on the device. If an app is open when this Group Policy object is applied on a device, employees must restart the app or device for the policy changes to be applied to the app. @@ -588,11 +588,11 @@ You can specify either a default setting for all apps or a per-app setting by sp If you choose the "User is in control" option, employees in your organization can decide whether Windows apps can access account information by using Settings > Privacy on the device. -If you choose the "Force Allow" option, Windows apps are allowed to access account information and employees in your organization cannot change it. +If you choose the "Force Allow" option, Windows apps are allowed to access account information and employees in your organization can't change it. -If you choose the "Force Deny" option, Windows apps are not allowed to access account information and employees in your organization cannot change it. +If you choose the "Force Deny" option, Windows apps aren't allowed to access account information and employees in your organization can't change it. -If you disable or do not configure this policy setting, employees in your organization can decide whether Windows apps can access account information by using Settings > Privacy on the device. +If you disable or don't configure this policy setting, employees in your organization can decide whether Windows apps can access account information by using Settings > Privacy on the device. If an app is open when this Group Policy object is applied on a device, employees must restart the app or device for the policy changes to be applied to the app. @@ -653,11 +653,11 @@ You can specify either a default setting for all apps or a per-app setting by sp If you choose the "User is in control" option, employees in your organization can decide whether Windows apps can access account information by using Settings > Privacy on the device. -If you choose the "Force Allow" option, Windows apps are allowed to access account information and employees in your organization cannot change it. +If you choose the "Force Allow" option, Windows apps are allowed to access account information and employees in your organization can't change it. -If you choose the "Force Deny" option, Windows apps are not allowed to access account information and employees in your organization cannot change it. +If you choose the "Force Deny" option, Windows apps aren't allowed to access account information and employees in your organization can't change it. -If you disable or do not configure this policy setting, employees in your organization can decide whether Windows apps can access account information by using Settings > Privacy on the device. +If you disable or don't configure this policy setting, employees in your organization can decide whether Windows apps can access account information by using Settings > Privacy on the device. If an app is open when this Group Policy object is applied on a device, employees must restart the app or device for the policy changes to be applied to the app. @@ -898,11 +898,11 @@ You can specify either a default setting for all apps or a per-app setting by sp If you choose the "User is in control" option, employees in your organization can decide whether Windows apps can access the calendar by using Settings > Privacy on the device. -If you choose the "Force Allow" option, Windows apps are allowed to access the calendar and employees in your organization cannot change it. +If you choose the "Force Allow" option, Windows apps are allowed to access the calendar and employees in your organization can't change it. -If you choose the "Force Deny" option, Windows apps are not allowed to access the calendar and employees in your organization cannot change it. +If you choose the "Force Deny" option, Windows apps aren't allowed to access the calendar and employees in your organization can't change it. -If you disable or do not configure this policy setting, employees in your organization can decide whether Windows apps can access the calendar by using Settings > Privacy on the device. +If you disable or don't configure this policy setting, employees in your organization can decide whether Windows apps can access the calendar by using Settings > Privacy on the device. If an app is open when this Group Policy object is applied on a device, employees must restart the app or device for the policy changes to be applied to the app. @@ -976,11 +976,11 @@ You can specify either a default setting for all apps or a per-app setting by sp If you choose the "User is in control" option, employees in your organization can decide whether Windows apps can access the calendar by using Settings > Privacy on the device. -If you choose the "Force Allow" option, Windows apps are allowed to access the calendar and employees in your organization cannot change it. +If you choose the "Force Allow" option, Windows apps are allowed to access the calendar and employees in your organization can't change it. -If you choose the "Force Deny" option, Windows apps are not allowed to access the calendar and employees in your organization cannot change it. +If you choose the "Force Deny" option, Windows apps aren't allowed to access the calendar and employees in your organization can't change it. -If you disable or do not configure this policy setting, employees in your organization can decide whether Windows apps can access the calendar by using Settings > Privacy on the device. +If you disable or don't configure this policy setting, employees in your organization can decide whether Windows apps can access the calendar by using Settings > Privacy on the device. If an app is open when this Group Policy object is applied on a device, employees must restart the app or device for the policy changes to be applied to the app. @@ -1041,11 +1041,11 @@ You can specify either a default setting for all apps or a per-app setting by sp If you choose the "User is in control" option, employees in your organization can decide whether Windows apps can access the calendar by using Settings > Privacy on the device. -If you choose the "Force Allow" option, Windows apps are allowed to access the calendar and employees in your organization cannot change it. +If you choose the "Force Allow" option, Windows apps are allowed to access the calendar and employees in your organization can't change it. -If you choose the "Force Deny" option, Windows apps are not allowed to access the calendar and employees in your organization cannot change it. +If you choose the "Force Deny" option, Windows apps aren't allowed to access the calendar and employees in your organization can't change it. -If you disable or do not configure this policy setting, employees in your organization can decide whether Windows apps can access the calendar by using Settings > Privacy on the device. +If you disable or don't configure this policy setting, employees in your organization can decide whether Windows apps can access the calendar by using Settings > Privacy on the device. If an app is open when this Group Policy object is applied on a device, employees must restart the app or device for the policy changes to be applied to the app. @@ -1106,11 +1106,11 @@ You can specify either a default setting for all apps or a per-app setting by sp If you choose the "User is in control" option, employees in your organization can decide whether Windows apps can access the calendar by using Settings > Privacy on the device. -If you choose the "Force Allow" option, Windows apps are allowed to access the calendar and employees in your organization cannot change it. +If you choose the "Force Allow" option, Windows apps are allowed to access the calendar and employees in your organization can't change it. -If you choose the "Force Deny" option, Windows apps are not allowed to access the calendar and employees in your organization cannot change it. +If you choose the "Force Deny" option, Windows apps aren't allowed to access the calendar and employees in your organization can't change it. -If you disable or do not configure this policy setting, employees in your organization can decide whether Windows apps can access the calendar by using Settings > Privacy on the device. +If you disable or don't configure this policy setting, employees in your organization can decide whether Windows apps can access the calendar by using Settings > Privacy on the device. If an app is open when this Group Policy object is applied on a device, employees must restart the app or device for the policy changes to be applied to the app. @@ -1171,11 +1171,11 @@ You can specify either a default setting for all apps or a per-app setting by sp If you choose the "User is in control" option, employees in your organization can decide whether Windows apps can access call history by using Settings > Privacy on the device. -If you choose the "Force Allow" option, Windows apps are allowed to access the call history and employees in your organization cannot change it. +If you choose the "Force Allow" option, Windows apps are allowed to access the call history and employees in your organization can't change it. -If you choose the "Force Deny" option, Windows apps are not allowed to access the call history and employees in your organization cannot change it. +If you choose the "Force Deny" option, Windows apps aren't allowed to access the call history and employees in your organization can't change it. -If you disable or do not configure this policy setting, employees in your organization can decide whether Windows apps can access the call history by using Settings > Privacy on the device. +If you disable or don't configure this policy setting, employees in your organization can decide whether Windows apps can access the call history by using Settings > Privacy on the device. If an app is open when this Group Policy object is applied on a device, employees must restart the app or device for the policy changes to be applied to the app. @@ -1249,11 +1249,11 @@ You can specify either a default setting for all apps or a per-app setting by sp If you choose the "User is in control" option, employees in your organization can decide whether Windows apps can access call history by using Settings > Privacy on the device. -If you choose the "Force Allow" option, Windows apps are allowed to access the call history and employees in your organization cannot change it. +If you choose the "Force Allow" option, Windows apps are allowed to access the call history and employees in your organization can't change it. -If you choose the "Force Deny" option, Windows apps are not allowed to access the call history and employees in your organization cannot change it. +If you choose the "Force Deny" option, Windows apps aren't allowed to access the call history and employees in your organization can't change it. -If you disable or do not configure this policy setting, employees in your organization can decide whether Windows apps can access the call history by using Settings > Privacy on the device. +If you disable or don't configure this policy setting, employees in your organization can decide whether Windows apps can access the call history by using Settings > Privacy on the device. If an app is open when this Group Policy object is applied on a device, employees must restart the app or device for the policy changes to be applied to the app. @@ -1314,11 +1314,11 @@ You can specify either a default setting for all apps or a per-app setting by sp If you choose the "User is in control" option, employees in your organization can decide whether Windows apps can access call history by using Settings > Privacy on the device. -If you choose the "Force Allow" option, Windows apps are allowed to access the call history and employees in your organization cannot change it. +If you choose the "Force Allow" option, Windows apps are allowed to access the call history and employees in your organization can't change it. -If you choose the "Force Deny" option, Windows apps are not allowed to access the call history and employees in your organization cannot change it. +If you choose the "Force Deny" option, Windows apps aren't allowed to access the call history and employees in your organization can't change it. -If you disable or do not configure this policy setting, employees in your organization can decide whether Windows apps can access the call history by using Settings > Privacy on the device. +If you disable or don't configure this policy setting, employees in your organization can decide whether Windows apps can access the call history by using Settings > Privacy on the device. If an app is open when this Group Policy object is applied on a device, employees must restart the app or device for the policy changes to be applied to the app. @@ -1379,11 +1379,11 @@ You can specify either a default setting for all apps or a per-app setting by sp If you choose the "User is in control" option, employees in your organization can decide whether Windows apps can access call history by using Settings > Privacy on the device. -If you choose the "Force Allow" option, Windows apps are allowed to access the call history and employees in your organization cannot change it. +If you choose the "Force Allow" option, Windows apps are allowed to access the call history and employees in your organization can't change it. -If you choose the "Force Deny" option, Windows apps are not allowed to access the call history and employees in your organization cannot change it. +If you choose the "Force Deny" option, Windows apps aren't allowed to access the call history and employees in your organization can't change it. -If you disable or do not configure this policy setting, employees in your organization can decide whether Windows apps can access the call history by using Settings > Privacy on the device. +If you disable or don't configure this policy setting, employees in your organization can decide whether Windows apps can access the call history by using Settings > Privacy on the device. If an app is open when this Group Policy object is applied on a device, employees must restart the app or device for the policy changes to be applied to the app. @@ -1444,11 +1444,11 @@ You can specify either a default setting for all apps or a per-app setting by sp If you choose the "User is in control" option, employees in your organization can decide whether Windows apps can access the camera by using Settings > Privacy on the device. -If you choose the "Force Allow" option, Windows apps are allowed to access the camera and employees in your organization cannot change it. +If you choose the "Force Allow" option, Windows apps are allowed to access the camera and employees in your organization can't change it. -If you choose the "Force Deny" option, Windows apps are not allowed to access the camera and employees in your organization cannot change it. +If you choose the "Force Deny" option, Windows apps aren't allowed to access the camera and employees in your organization can't change it. -If you disable or do not configure this policy setting, employees in your organization can decide whether Windows apps can access the camera by using Settings > Privacy on the device. +If you disable or don't configure this policy setting, employees in your organization can decide whether Windows apps can access the camera by using Settings > Privacy on the device. If an app is open when this Group Policy object is applied on a device, employees must restart the app or device for the policy changes to be applied to the app. @@ -1522,11 +1522,11 @@ You can specify either a default setting for all apps or a per-app setting by sp If you choose the "User is in control" option, employees in your organization can decide whether Windows apps can access the camera by using Settings > Privacy on the device. -If you choose the "Force Allow" option, Windows apps are allowed to access the camera and employees in your organization cannot change it. +If you choose the "Force Allow" option, Windows apps are allowed to access the camera and employees in your organization can't change it. -If you choose the "Force Deny" option, Windows apps are not allowed to access the camera and employees in your organization cannot change it. +If you choose the "Force Deny" option, Windows apps aren't allowed to access the camera and employees in your organization can't change it. -If you disable or do not configure this policy setting, employees in your organization can decide whether Windows apps can access the camera by using Settings > Privacy on the device. +If you disable or don't configure this policy setting, employees in your organization can decide whether Windows apps can access the camera by using Settings > Privacy on the device. If an app is open when this Group Policy object is applied on a device, employees must restart the app or device for the policy changes to be applied to the app. @@ -1587,11 +1587,11 @@ You can specify either a default setting for all apps or a per-app setting by sp If you choose the "User is in control" option, employees in your organization can decide whether Windows apps can access the camera by using Settings > Privacy on the device. -If you choose the "Force Allow" option, Windows apps are allowed to access the camera and employees in your organization cannot change it. +If you choose the "Force Allow" option, Windows apps are allowed to access the camera and employees in your organization can't change it. -If you choose the "Force Deny" option, Windows apps are not allowed to access the camera and employees in your organization cannot change it. +If you choose the "Force Deny" option, Windows apps aren't allowed to access the camera and employees in your organization can't change it. -If you disable or do not configure this policy setting, employees in your organization can decide whether Windows apps can access the camera by using Settings > Privacy on the device. +If you disable or don't configure this policy setting, employees in your organization can decide whether Windows apps can access the camera by using Settings > Privacy on the device. If an app is open when this Group Policy object is applied on a device, employees must restart the app or device for the policy changes to be applied to the app. @@ -1652,11 +1652,11 @@ You can specify either a default setting for all apps or a per-app setting by sp If you choose the "User is in control" option, employees in your organization can decide whether Windows apps can access the camera by using Settings > Privacy on the device. -If you choose the "Force Allow" option, Windows apps are allowed to access the camera and employees in your organization cannot change it. +If you choose the "Force Allow" option, Windows apps are allowed to access the camera and employees in your organization can't change it. -If you choose the "Force Deny" option, Windows apps are not allowed to access the camera and employees in your organization cannot change it. +If you choose the "Force Deny" option, Windows apps aren't allowed to access the camera and employees in your organization can't change it. -If you disable or do not configure this policy setting, employees in your organization can decide whether Windows apps can access the camera by using Settings > Privacy on the device. +If you disable or don't configure this policy setting, employees in your organization can decide whether Windows apps can access the camera by using Settings > Privacy on the device. If an app is open when this Group Policy object is applied on a device, employees must restart the app or device for the policy changes to be applied to the app. @@ -1717,11 +1717,11 @@ You can specify either a default setting for all apps or a per-app setting by sp If you choose the "User is in control" option, employees in your organization can decide whether Windows apps can access contacts by using Settings > Privacy on the device. -If you choose the "Force Allow" option, Windows apps are allowed to access contacts and employees in your organization cannot change it. +If you choose the "Force Allow" option, Windows apps are allowed to access contacts and employees in your organization can't change it. -If you choose the "Force Deny" option, Windows apps are not allowed to access contacts and employees in your organization cannot change it. +If you choose the "Force Deny" option, Windows apps aren't allowed to access contacts and employees in your organization can't change it. -If you disable or do not configure this policy setting, employees in your organization can decide whether Windows apps can access contacts by using Settings > Privacy on the device. +If you disable or don't configure this policy setting, employees in your organization can decide whether Windows apps can access contacts by using Settings > Privacy on the device. If an app is open when this Group Policy object is applied on a device, employees must restart the app or device for the policy changes to be applied to the app. @@ -1795,11 +1795,11 @@ You can specify either a default setting for all apps or a per-app setting by sp If you choose the "User is in control" option, employees in your organization can decide whether Windows apps can access contacts by using Settings > Privacy on the device. -If you choose the "Force Allow" option, Windows apps are allowed to access contacts and employees in your organization cannot change it. +If you choose the "Force Allow" option, Windows apps are allowed to access contacts and employees in your organization can't change it. -If you choose the "Force Deny" option, Windows apps are not allowed to access contacts and employees in your organization cannot change it. +If you choose the "Force Deny" option, Windows apps aren't allowed to access contacts and employees in your organization can't change it. -If you disable or do not configure this policy setting, employees in your organization can decide whether Windows apps can access contacts by using Settings > Privacy on the device. +If you disable or don't configure this policy setting, employees in your organization can decide whether Windows apps can access contacts by using Settings > Privacy on the device. If an app is open when this Group Policy object is applied on a device, employees must restart the app or device for the policy changes to be applied to the app. @@ -1860,11 +1860,11 @@ You can specify either a default setting for all apps or a per-app setting by sp If you choose the "User is in control" option, employees in your organization can decide whether Windows apps can access contacts by using Settings > Privacy on the device. -If you choose the "Force Allow" option, Windows apps are allowed to access contacts and employees in your organization cannot change it. +If you choose the "Force Allow" option, Windows apps are allowed to access contacts and employees in your organization can't change it. -If you choose the "Force Deny" option, Windows apps are not allowed to access contacts and employees in your organization cannot change it. +If you choose the "Force Deny" option, Windows apps aren't allowed to access contacts and employees in your organization can't change it. -If you disable or do not configure this policy setting, employees in your organization can decide whether Windows apps can access contacts by using Settings > Privacy on the device. +If you disable or don't configure this policy setting, employees in your organization can decide whether Windows apps can access contacts by using Settings > Privacy on the device. If an app is open when this Group Policy object is applied on a device, employees must restart the app or device for the policy changes to be applied to the app. @@ -1925,11 +1925,11 @@ You can specify either a default setting for all apps or a per-app setting by sp If you choose the "User is in control" option, employees in your organization can decide whether Windows apps can access contacts by using Settings > Privacy on the device. -If you choose the "Force Allow" option, Windows apps are allowed to access contacts and employees in your organization cannot change it. +If you choose the "Force Allow" option, Windows apps are allowed to access contacts and employees in your organization can't change it. -If you choose the "Force Deny" option, Windows apps are not allowed to access contacts and employees in your organization cannot change it. +If you choose the "Force Deny" option, Windows apps aren't allowed to access contacts and employees in your organization can't change it. -If you disable or do not configure this policy setting, employees in your organization can decide whether Windows apps can access contacts by using Settings > Privacy on the device. +If you disable or don't configure this policy setting, employees in your organization can decide whether Windows apps can access contacts by using Settings > Privacy on the device. If an app is open when this Group Policy object is applied on a device, employees must restart the app or device for the policy changes to be applied to the app. @@ -1990,11 +1990,11 @@ You can specify either a default setting for all apps or a per-app setting by sp If you choose the "User is in control" option, employees in your organization can decide whether Windows apps can access email by using Settings > Privacy on the device. -If you choose the "Force Allow" option, Windows apps are allowed to access email and employees in your organization cannot change it. +If you choose the "Force Allow" option, Windows apps are allowed to access email and employees in your organization can't change it. -If you choose the "Force Deny" option, Windows apps are not allowed to access email and employees in your organization cannot change it. +If you choose the "Force Deny" option, Windows apps aren't allowed to access email and employees in your organization can't change it. -If you disable or do not configure this policy setting, employees in your organization can decide whether Windows apps can access email by using Settings > Privacy on the device. +If you disable or don't configure this policy setting, employees in your organization can decide whether Windows apps can access email by using Settings > Privacy on the device. If an app is open when this Group Policy object is applied on a device, employees must restart the app or device for the policy changes to be applied to the app. @@ -2068,11 +2068,11 @@ You can specify either a default setting for all apps or a per-app setting by sp If you choose the "User is in control" option, employees in your organization can decide whether Windows apps can access email by using Settings > Privacy on the device. -If you choose the "Force Allow" option, Windows apps are allowed to access email and employees in your organization cannot change it. +If you choose the "Force Allow" option, Windows apps are allowed to access email and employees in your organization can't change it. -If you choose the "Force Deny" option, Windows apps are not allowed to access email and employees in your organization cannot change it. +If you choose the "Force Deny" option, Windows apps aren't allowed to access email and employees in your organization can't change it. -If you disable or do not configure this policy setting, employees in your organization can decide whether Windows apps can access email by using Settings > Privacy on the device. +If you disable or don't configure this policy setting, employees in your organization can decide whether Windows apps can access email by using Settings > Privacy on the device. If an app is open when this Group Policy object is applied on a device, employees must restart the app or device for the policy changes to be applied to the app. @@ -2133,11 +2133,11 @@ You can specify either a default setting for all apps or a per-app setting by sp If you choose the "User is in control" option, employees in your organization can decide whether Windows apps can access email by using Settings > Privacy on the device. -If you choose the "Force Allow" option, Windows apps are allowed to access email and employees in your organization cannot change it. +If you choose the "Force Allow" option, Windows apps are allowed to access email and employees in your organization can't change it. -If you choose the "Force Deny" option, Windows apps are not allowed to access email and employees in your organization cannot change it. +If you choose the "Force Deny" option, Windows apps aren't allowed to access email and employees in your organization can't change it. -If you disable or do not configure this policy setting, employees in your organization can decide whether Windows apps can access email by using Settings > Privacy on the device. +If you disable or don't configure this policy setting, employees in your organization can decide whether Windows apps can access email by using Settings > Privacy on the device. If an app is open when this Group Policy object is applied on a device, employees must restart the app or device for the policy changes to be applied to the app. @@ -2198,11 +2198,11 @@ You can specify either a default setting for all apps or a per-app setting by sp If you choose the "User is in control" option, employees in your organization can decide whether Windows apps can access email by using Settings > Privacy on the device. -If you choose the "Force Allow" option, Windows apps are allowed to access email and employees in your organization cannot change it. +If you choose the "Force Allow" option, Windows apps are allowed to access email and employees in your organization can't change it. -If you choose the "Force Deny" option, Windows apps are not allowed to access email and employees in your organization cannot change it. +If you choose the "Force Deny" option, Windows apps aren't allowed to access email and employees in your organization can't change it. -If you disable or do not configure this policy setting, employees in your organization can decide whether Windows apps can access email by using Settings > Privacy on the device. +If you disable or don't configure this policy setting, employees in your organization can decide whether Windows apps can access email by using Settings > Privacy on the device. If an app is open when this Group Policy object is applied on a device, employees must restart the app or device for the policy changes to be applied to the app. @@ -2424,11 +2424,11 @@ You can specify either a default setting for all apps or a per-app setting by sp If you choose the "User is in control" option, employees in your organization can decide whether Windows apps can take screenshots of various windows or displays by using Settings > Privacy on the device. -If you choose the "Force Allow" option, Windows apps are allowed to take screenshots of various windows or displays and employees in your organization cannot change it. +If you choose the "Force Allow" option, Windows apps are allowed to take screenshots of various windows or displays and employees in your organization can't change it. -If you choose the "Force Deny" option, Windows apps are not allowed to take screenshots of various windows or displays and employees in your organization cannot change it. +If you choose the "Force Deny" option, Windows apps aren't allowed to take screenshots of various windows or displays and employees in your organization can't change it. -If you disable or do not configure this policy setting, employees in your organization can decide whether Windows apps can take screenshots of various windows or displays by using Settings > Privacy on the device. +If you disable or don't configure this policy setting, employees in your organization can decide whether Windows apps can take screenshots of various windows or displays by using Settings > Privacy on the device. If an app is open when this Group Policy object is applied on a device, employees must restart the app or device for the policy changes to be applied to the app. @@ -2490,11 +2490,11 @@ You can specify either a default setting for all apps or a per-app setting by sp If you choose the "User is in control" option, employees in your organization can decide whether Windows apps can take screenshots of various windows or displays by using Settings > Privacy on the device. -If you choose the "Force Allow" option, Windows apps are allowed to take screenshots of various windows or displays and employees in your organization cannot change it. +If you choose the "Force Allow" option, Windows apps are allowed to take screenshots of various windows or displays and employees in your organization can't change it. -If you choose the "Force Deny" option, Windows apps are not allowed to take screenshots of various windows or displays and employees in your organization cannot change it. +If you choose the "Force Deny" option, Windows apps aren't allowed to take screenshots of various windows or displays and employees in your organization can't change it. -If you disable or do not configure this policy setting, employees in your organization can decide whether Windows apps can take screenshots of various windows or displays by using Settings > Privacy on the device. +If you disable or don't configure this policy setting, employees in your organization can decide whether Windows apps can take screenshots of various windows or displays by using Settings > Privacy on the device. If an app is open when this Group Policy object is applied on a device, employees must restart the app or device for the policy changes to be applied to the app. @@ -2555,11 +2555,11 @@ You can specify either a default setting for all apps or a per-app setting by sp If you choose the "User is in control" option, employees in your organization can decide whether Windows apps can take screenshots of various windows or displays by using Settings > Privacy on the device. -If you choose the "Force Allow" option, Windows apps are allowed to take screenshots of various windows or displays and employees in your organization cannot change it. +If you choose the "Force Allow" option, Windows apps are allowed to take screenshots of various windows or displays and employees in your organization can't change it. -If you choose the "Force Deny" option, Windows apps are not allowed to take screenshots of various windows or displays and employees in your organization cannot change it. +If you choose the "Force Deny" option, Windows apps aren't allowed to take screenshots of various windows or displays and employees in your organization can't change it. -If you disable or do not configure this policy setting, employees in your organization can decide whether Windows apps can take screenshots of various windows or displays by using Settings > Privacy on the device. +If you disable or don't configure this policy setting, employees in your organization can decide whether Windows apps can take screenshots of various windows or displays by using Settings > Privacy on the device. If an app is open when this Group Policy object is applied on a device, employees must restart the app or device for the policy changes to be applied to the app. @@ -2620,11 +2620,11 @@ You can specify either a default setting for all apps or a per-app setting by sp If you choose the "User is in control" option, employees in your organization can decide whether Windows apps can take screenshots of various windows or displays by using Settings > Privacy on the device. -If you choose the "Force Allow" option, Windows apps are allowed to take screenshots of various windows or displays and employees in your organization cannot change it. +If you choose the "Force Allow" option, Windows apps are allowed to take screenshots of various windows or displays and employees in your organization can't change it. -If you choose the "Force Deny" option, Windows apps are not allowed to take screenshots of various windows or displays and employees in your organization cannot change it. +If you choose the "Force Deny" option, Windows apps aren't allowed to take screenshots of various windows or displays and employees in your organization can't change it. -If you disable or do not configure this policy setting, employees in your organization can decide whether Windows apps can take screenshots of various windows or displays by using Settings > Privacy on the device. +If you disable or don't configure this policy setting, employees in your organization can decide whether Windows apps can take screenshots of various windows or displays by using Settings > Privacy on the device. If an app is open when this Group Policy object is applied on a device, employees must restart the app or device for the policy changes to be applied to the app. @@ -2685,11 +2685,11 @@ You can specify either a default setting for all apps or a per-app setting by sp If you choose the "User is in control" option, employees in your organization can decide whether Windows apps can turn off the screenshot border by using Settings > Privacy on the device. -If you choose the "Force Allow" option, Windows apps are allowed to turn off the screenshot border and employees in your organization cannot change it. +If you choose the "Force Allow" option, Windows apps are allowed to turn off the screenshot border and employees in your organization can't change it. -If you choose the "Force Deny" option, Windows apps are not allowed to turn off the screenshot border and employees in your organization cannot change it. +If you choose the "Force Deny" option, Windows apps aren't allowed to turn off the screenshot border and employees in your organization can't change it. -If you disable or do not configure this policy setting, employees in your organization can decide whether Windows apps can turn off the screenshot border by using Settings > Privacy on the device. +If you disable or don't configure this policy setting, employees in your organization can decide whether Windows apps can turn off the screenshot border by using Settings > Privacy on the device. If an app is open when this Group Policy object is applied on a device, employees must restart the app or device for the policy changes to be applied to the app. @@ -2752,11 +2752,11 @@ You can specify either a default setting for all apps or a per-app setting by sp If you choose the "User is in control" option, employees in your organization can decide whether Windows apps can turn off the screenshot border by using Settings > Privacy on the device. -If you choose the "Force Allow" option, Windows apps are allowed to turn off the screenshot border and employees in your organization cannot change it. +If you choose the "Force Allow" option, Windows apps are allowed to turn off the screenshot border and employees in your organization can't change it. -If you choose the "Force Deny" option, Windows apps are not allowed to turn off the screenshot border and employees in your organization cannot change it. +If you choose the "Force Deny" option, Windows apps aren't allowed to turn off the screenshot border and employees in your organization can't change it. -If you disable or do not configure this policy setting, employees in your organization can decide whether Windows apps can turn off the screenshot border by using Settings > Privacy on the device. +If you disable or don't configure this policy setting, employees in your organization can decide whether Windows apps can turn off the screenshot border by using Settings > Privacy on the device. If an app is open when this Group Policy object is applied on a device, employees must restart the app or device for the policy changes to be applied to the app. @@ -2817,11 +2817,11 @@ You can specify either a default setting for all apps or a per-app setting by sp If you choose the "User is in control" option, employees in your organization can decide whether Windows apps can turn off the screenshot border by using Settings > Privacy on the device. -If you choose the "Force Allow" option, Windows apps are allowed to turn off the screenshot border and employees in your organization cannot change it. +If you choose the "Force Allow" option, Windows apps are allowed to turn off the screenshot border and employees in your organization can't change it. -If you choose the "Force Deny" option, Windows apps are not allowed to turn off the screenshot border and employees in your organization cannot change it. +If you choose the "Force Deny" option, Windows apps aren't allowed to turn off the screenshot border and employees in your organization can't change it. -If you disable or do not configure this policy setting, employees in your organization can decide whether Windows apps can turn off the screenshot border by using Settings > Privacy on the device. +If you disable or don't configure this policy setting, employees in your organization can decide whether Windows apps can turn off the screenshot border by using Settings > Privacy on the device. If an app is open when this Group Policy object is applied on a device, employees must restart the app or device for the policy changes to be applied to the app. @@ -2882,11 +2882,11 @@ You can specify either a default setting for all apps or a per-app setting by sp If you choose the "User is in control" option, employees in your organization can decide whether Windows apps can turn off the screenshot border by using Settings > Privacy on the device. -If you choose the "Force Allow" option, Windows apps are allowed to turn off the screenshot border and employees in your organization cannot change it. +If you choose the "Force Allow" option, Windows apps are allowed to turn off the screenshot border and employees in your organization can't change it. -If you choose the "Force Deny" option, Windows apps are not allowed to turn off the screenshot border and employees in your organization cannot change it. +If you choose the "Force Deny" option, Windows apps aren't allowed to turn off the screenshot border and employees in your organization can't change it. -If you disable or do not configure this policy setting, employees in your organization can decide whether Windows apps can turn off the screenshot border by using Settings > Privacy on the device. +If you disable or don't configure this policy setting, employees in your organization can decide whether Windows apps can turn off the screenshot border by using Settings > Privacy on the device. If an app is open when this Group Policy object is applied on a device, employees must restart the app or device for the policy changes to be applied to the app. @@ -3157,11 +3157,11 @@ You can specify either a default setting for all apps or a per-app setting by sp If you choose the "User is in control" option, employees in your organization can decide whether Windows apps can access location by using Settings > Privacy on the device. -If you choose the "Force Allow" option, Windows apps are allowed to access location and employees in your organization cannot change it. +If you choose the "Force Allow" option, Windows apps are allowed to access location and employees in your organization can't change it. -If you choose the "Force Deny" option, Windows apps are not allowed to access location and employees in your organization cannot change it. +If you choose the "Force Deny" option, Windows apps aren't allowed to access location and employees in your organization can't change it. -If you disable or do not configure this policy setting, employees in your organization can decide whether Windows apps can access location by using Settings > Privacy on the device. +If you disable or don't configure this policy setting, employees in your organization can decide whether Windows apps can access location by using Settings > Privacy on the device. If an app is open when this Group Policy object is applied on a device, employees must restart the app or device for the policy changes to be applied to the app. @@ -3235,11 +3235,11 @@ You can specify either a default setting for all apps or a per-app setting by sp If you choose the "User is in control" option, employees in your organization can decide whether Windows apps can access location by using Settings > Privacy on the device. -If you choose the "Force Allow" option, Windows apps are allowed to access location and employees in your organization cannot change it. +If you choose the "Force Allow" option, Windows apps are allowed to access location and employees in your organization can't change it. -If you choose the "Force Deny" option, Windows apps are not allowed to access location and employees in your organization cannot change it. +If you choose the "Force Deny" option, Windows apps aren't allowed to access location and employees in your organization can't change it. -If you disable or do not configure this policy setting, employees in your organization can decide whether Windows apps can access location by using Settings > Privacy on the device. +If you disable or don't configure this policy setting, employees in your organization can decide whether Windows apps can access location by using Settings > Privacy on the device. If an app is open when this Group Policy object is applied on a device, employees must restart the app or device for the policy changes to be applied to the app. @@ -3300,11 +3300,11 @@ You can specify either a default setting for all apps or a per-app setting by sp If you choose the "User is in control" option, employees in your organization can decide whether Windows apps can access location by using Settings > Privacy on the device. -If you choose the "Force Allow" option, Windows apps are allowed to access location and employees in your organization cannot change it. +If you choose the "Force Allow" option, Windows apps are allowed to access location and employees in your organization can't change it. -If you choose the "Force Deny" option, Windows apps are not allowed to access location and employees in your organization cannot change it. +If you choose the "Force Deny" option, Windows apps aren't allowed to access location and employees in your organization can't change it. -If you disable or do not configure this policy setting, employees in your organization can decide whether Windows apps can access location by using Settings > Privacy on the device. +If you disable or don't configure this policy setting, employees in your organization can decide whether Windows apps can access location by using Settings > Privacy on the device. If an app is open when this Group Policy object is applied on a device, employees must restart the app or device for the policy changes to be applied to the app. @@ -3365,11 +3365,11 @@ You can specify either a default setting for all apps or a per-app setting by sp If you choose the "User is in control" option, employees in your organization can decide whether Windows apps can access location by using Settings > Privacy on the device. -If you choose the "Force Allow" option, Windows apps are allowed to access location and employees in your organization cannot change it. +If you choose the "Force Allow" option, Windows apps are allowed to access location and employees in your organization can't change it. -If you choose the "Force Deny" option, Windows apps are not allowed to access location and employees in your organization cannot change it. +If you choose the "Force Deny" option, Windows apps aren't allowed to access location and employees in your organization can't change it. -If you disable or do not configure this policy setting, employees in your organization can decide whether Windows apps can access location by using Settings > Privacy on the device. +If you disable or don't configure this policy setting, employees in your organization can decide whether Windows apps can access location by using Settings > Privacy on the device. If an app is open when this Group Policy object is applied on a device, employees must restart the app or device for the policy changes to be applied to the app. @@ -3430,11 +3430,11 @@ You can specify either a default setting for all apps or a per-app setting by sp If you choose the "User is in control" option, employees in your organization can decide whether Windows apps can read or send messages by using Settings > Privacy on the device. -If you choose the "Force Allow" option, Windows apps can read or send messages and employees in your organization cannot change it. +If you choose the "Force Allow" option, Windows apps can read or send messages and employees in your organization can't change it. -If you choose the "Force Deny" option, Windows apps cannot read or send messages and employees in your organization cannot change it. +If you choose the "Force Deny" option, Windows apps can't read or send messages and employees in your organization can't change it. -If you disable or do not configure this policy setting, employees in your organization can decide whether Windows apps can read or send messages by using Settings > Privacy on the device. +If you disable or don't configure this policy setting, employees in your organization can decide whether Windows apps can read or send messages by using Settings > Privacy on the device. If an app is open when this Group Policy object is applied on a device, employees must restart the app or device for the policy changes to be applied to the app. @@ -3508,11 +3508,11 @@ You can specify either a default setting for all apps or a per-app setting by sp If you choose the "User is in control" option, employees in your organization can decide whether Windows apps can read or send messages by using Settings > Privacy on the device. -If you choose the "Force Allow" option, Windows apps can read or send messages and employees in your organization cannot change it. +If you choose the "Force Allow" option, Windows apps can read or send messages and employees in your organization can't change it. -If you choose the "Force Deny" option, Windows apps cannot read or send messages and employees in your organization cannot change it. +If you choose the "Force Deny" option, Windows apps can't read or send messages and employees in your organization can't change it. -If you disable or do not configure this policy setting, employees in your organization can decide whether Windows apps can read or send messages by using Settings > Privacy on the device. +If you disable or don't configure this policy setting, employees in your organization can decide whether Windows apps can read or send messages by using Settings > Privacy on the device. If an app is open when this Group Policy object is applied on a device, employees must restart the app or device for the policy changes to be applied to the app. @@ -3573,11 +3573,11 @@ You can specify either a default setting for all apps or a per-app setting by sp If you choose the "User is in control" option, employees in your organization can decide whether Windows apps can read or send messages by using Settings > Privacy on the device. -If you choose the "Force Allow" option, Windows apps can read or send messages and employees in your organization cannot change it. +If you choose the "Force Allow" option, Windows apps can read or send messages and employees in your organization can't change it. -If you choose the "Force Deny" option, Windows apps cannot read or send messages and employees in your organization cannot change it. +If you choose the "Force Deny" option, Windows apps can't read or send messages and employees in your organization can't change it. -If you disable or do not configure this policy setting, employees in your organization can decide whether Windows apps can read or send messages by using Settings > Privacy on the device. +If you disable or don't configure this policy setting, employees in your organization can decide whether Windows apps can read or send messages by using Settings > Privacy on the device. If an app is open when this Group Policy object is applied on a device, employees must restart the app or device for the policy changes to be applied to the app. @@ -3638,11 +3638,11 @@ You can specify either a default setting for all apps or a per-app setting by sp If you choose the "User is in control" option, employees in your organization can decide whether Windows apps can read or send messages by using Settings > Privacy on the device. -If you choose the "Force Allow" option, Windows apps can read or send messages and employees in your organization cannot change it. +If you choose the "Force Allow" option, Windows apps can read or send messages and employees in your organization can't change it. -If you choose the "Force Deny" option, Windows apps cannot read or send messages and employees in your organization cannot change it. +If you choose the "Force Deny" option, Windows apps can't read or send messages and employees in your organization can't change it. -If you disable or do not configure this policy setting, employees in your organization can decide whether Windows apps can read or send messages by using Settings > Privacy on the device. +If you disable or don't configure this policy setting, employees in your organization can decide whether Windows apps can read or send messages by using Settings > Privacy on the device. If an app is open when this Group Policy object is applied on a device, employees must restart the app or device for the policy changes to be applied to the app. @@ -3703,11 +3703,11 @@ You can specify either a default setting for all apps or a per-app setting by sp If you choose the "User is in control" option, employees in your organization can decide whether Windows apps can access the microphone by using Settings > Privacy on the device. -If you choose the "Force Allow" option, Windows apps are allowed to access the microphone and employees in your organization cannot change it. +If you choose the "Force Allow" option, Windows apps are allowed to access the microphone and employees in your organization can't change it. -If you choose the "Force Deny" option, Windows apps are not allowed to access the microphone and employees in your organization cannot change it. +If you choose the "Force Deny" option, Windows apps aren't allowed to access the microphone and employees in your organization can't change it. -If you disable or do not configure this policy setting, employees in your organization can decide whether Windows apps can access the microphone by using Settings > Privacy on the device. +If you disable or don't configure this policy setting, employees in your organization can decide whether Windows apps can access the microphone by using Settings > Privacy on the device. If an app is open when this Group Policy object is applied on a device, employees must restart the app or device for the policy changes to be applied to the app. @@ -3781,11 +3781,11 @@ You can specify either a default setting for all apps or a per-app setting by sp If you choose the "User is in control" option, employees in your organization can decide whether Windows apps can access the microphone by using Settings > Privacy on the device. -If you choose the "Force Allow" option, Windows apps are allowed to access the microphone and employees in your organization cannot change it. +If you choose the "Force Allow" option, Windows apps are allowed to access the microphone and employees in your organization can't change it. -If you choose the "Force Deny" option, Windows apps are not allowed to access the microphone and employees in your organization cannot change it. +If you choose the "Force Deny" option, Windows apps aren't allowed to access the microphone and employees in your organization can't change it. -If you disable or do not configure this policy setting, employees in your organization can decide whether Windows apps can access the microphone by using Settings > Privacy on the device. +If you disable or don't configure this policy setting, employees in your organization can decide whether Windows apps can access the microphone by using Settings > Privacy on the device. If an app is open when this Group Policy object is applied on a device, employees must restart the app or device for the policy changes to be applied to the app. @@ -3846,11 +3846,11 @@ You can specify either a default setting for all apps or a per-app setting by sp If you choose the "User is in control" option, employees in your organization can decide whether Windows apps can access the microphone by using Settings > Privacy on the device. -If you choose the "Force Allow" option, Windows apps are allowed to access the microphone and employees in your organization cannot change it. +If you choose the "Force Allow" option, Windows apps are allowed to access the microphone and employees in your organization can't change it. -If you choose the "Force Deny" option, Windows apps are not allowed to access the microphone and employees in your organization cannot change it. +If you choose the "Force Deny" option, Windows apps aren't allowed to access the microphone and employees in your organization can't change it. -If you disable or do not configure this policy setting, employees in your organization can decide whether Windows apps can access the microphone by using Settings > Privacy on the device. +If you disable or don't configure this policy setting, employees in your organization can decide whether Windows apps can access the microphone by using Settings > Privacy on the device. If an app is open when this Group Policy object is applied on a device, employees must restart the app or device for the policy changes to be applied to the app. @@ -3911,11 +3911,11 @@ You can specify either a default setting for all apps or a per-app setting by sp If you choose the "User is in control" option, employees in your organization can decide whether Windows apps can access the microphone by using Settings > Privacy on the device. -If you choose the "Force Allow" option, Windows apps are allowed to access the microphone and employees in your organization cannot change it. +If you choose the "Force Allow" option, Windows apps are allowed to access the microphone and employees in your organization can't change it. -If you choose the "Force Deny" option, Windows apps are not allowed to access the microphone and employees in your organization cannot change it. +If you choose the "Force Deny" option, Windows apps aren't allowed to access the microphone and employees in your organization can't change it. -If you disable or do not configure this policy setting, employees in your organization can decide whether Windows apps can access the microphone by using Settings > Privacy on the device. +If you disable or don't configure this policy setting, employees in your organization can decide whether Windows apps can access the microphone by using Settings > Privacy on the device. If an app is open when this Group Policy object is applied on a device, employees must restart the app or device for the policy changes to be applied to the app. @@ -3976,11 +3976,11 @@ You can specify either a default setting for all apps or a per-app setting by sp If you choose the "User is in control" option, employees in your organization can decide whether Windows apps can access motion data by using Settings > Privacy on the device. -If you choose the "Force Allow" option, Windows apps are allowed to access motion data and employees in your organization cannot change it. +If you choose the "Force Allow" option, Windows apps are allowed to access motion data and employees in your organization can't change it. -If you choose the "Force Deny" option, Windows apps are not allowed to access motion data and employees in your organization cannot change it. +If you choose the "Force Deny" option, Windows apps aren't allowed to access motion data and employees in your organization can't change it. -If you disable or do not configure this policy setting, employees in your organization can decide whether Windows apps can access motion data by using Settings > Privacy on the device. +If you disable or don't configure this policy setting, employees in your organization can decide whether Windows apps can access motion data by using Settings > Privacy on the device. If an app is open when this Group Policy object is applied on a device, employees must restart the app or device for the policy changes to be applied to the app. @@ -4054,11 +4054,11 @@ You can specify either a default setting for all apps or a per-app setting by sp If you choose the "User is in control" option, employees in your organization can decide whether Windows apps can access motion data by using Settings > Privacy on the device. -If you choose the "Force Allow" option, Windows apps are allowed to access motion data and employees in your organization cannot change it. +If you choose the "Force Allow" option, Windows apps are allowed to access motion data and employees in your organization can't change it. -If you choose the "Force Deny" option, Windows apps are not allowed to access motion data and employees in your organization cannot change it. +If you choose the "Force Deny" option, Windows apps aren't allowed to access motion data and employees in your organization can't change it. -If you disable or do not configure this policy setting, employees in your organization can decide whether Windows apps can access motion data by using Settings > Privacy on the device. +If you disable or don't configure this policy setting, employees in your organization can decide whether Windows apps can access motion data by using Settings > Privacy on the device. If an app is open when this Group Policy object is applied on a device, employees must restart the app or device for the policy changes to be applied to the app. @@ -4119,11 +4119,11 @@ You can specify either a default setting for all apps or a per-app setting by sp If you choose the "User is in control" option, employees in your organization can decide whether Windows apps can access motion data by using Settings > Privacy on the device. -If you choose the "Force Allow" option, Windows apps are allowed to access motion data and employees in your organization cannot change it. +If you choose the "Force Allow" option, Windows apps are allowed to access motion data and employees in your organization can't change it. -If you choose the "Force Deny" option, Windows apps are not allowed to access motion data and employees in your organization cannot change it. +If you choose the "Force Deny" option, Windows apps aren't allowed to access motion data and employees in your organization can't change it. -If you disable or do not configure this policy setting, employees in your organization can decide whether Windows apps can access motion data by using Settings > Privacy on the device. +If you disable or don't configure this policy setting, employees in your organization can decide whether Windows apps can access motion data by using Settings > Privacy on the device. If an app is open when this Group Policy object is applied on a device, employees must restart the app or device for the policy changes to be applied to the app. @@ -4184,11 +4184,11 @@ You can specify either a default setting for all apps or a per-app setting by sp If you choose the "User is in control" option, employees in your organization can decide whether Windows apps can access motion data by using Settings > Privacy on the device. -If you choose the "Force Allow" option, Windows apps are allowed to access motion data and employees in your organization cannot change it. +If you choose the "Force Allow" option, Windows apps are allowed to access motion data and employees in your organization can't change it. -If you choose the "Force Deny" option, Windows apps are not allowed to access motion data and employees in your organization cannot change it. +If you choose the "Force Deny" option, Windows apps aren't allowed to access motion data and employees in your organization can't change it. -If you disable or do not configure this policy setting, employees in your organization can decide whether Windows apps can access motion data by using Settings > Privacy on the device. +If you disable or don't configure this policy setting, employees in your organization can decide whether Windows apps can access motion data by using Settings > Privacy on the device. If an app is open when this Group Policy object is applied on a device, employees must restart the app or device for the policy changes to be applied to the app. @@ -4249,11 +4249,11 @@ You can specify either a default setting for all apps or a per-app setting by sp If you choose the "User is in control" option, employees in your organization can decide whether Windows apps can access notifications by using Settings > Privacy on the device. -If you choose the "Force Allow" option, Windows apps are allowed to access notifications and employees in your organization cannot change it. +If you choose the "Force Allow" option, Windows apps are allowed to access notifications and employees in your organization can't change it. -If you choose the "Force Deny" option, Windows apps are not allowed to access notifications and employees in your organization cannot change it. +If you choose the "Force Deny" option, Windows apps aren't allowed to access notifications and employees in your organization can't change it. -If you disable or do not configure this policy setting, employees in your organization can decide whether Windows apps can access notifications by using Settings > Privacy on the device. +If you disable or don't configure this policy setting, employees in your organization can decide whether Windows apps can access notifications by using Settings > Privacy on the device. If an app is open when this Group Policy object is applied on a device, employees must restart the app or device for the policy changes to be applied to the app. @@ -4327,11 +4327,11 @@ You can specify either a default setting for all apps or a per-app setting by sp If you choose the "User is in control" option, employees in your organization can decide whether Windows apps can access notifications by using Settings > Privacy on the device. -If you choose the "Force Allow" option, Windows apps are allowed to access notifications and employees in your organization cannot change it. +If you choose the "Force Allow" option, Windows apps are allowed to access notifications and employees in your organization can't change it. -If you choose the "Force Deny" option, Windows apps are not allowed to access notifications and employees in your organization cannot change it. +If you choose the "Force Deny" option, Windows apps aren't allowed to access notifications and employees in your organization can't change it. -If you disable or do not configure this policy setting, employees in your organization can decide whether Windows apps can access notifications by using Settings > Privacy on the device. +If you disable or don't configure this policy setting, employees in your organization can decide whether Windows apps can access notifications by using Settings > Privacy on the device. If an app is open when this Group Policy object is applied on a device, employees must restart the app or device for the policy changes to be applied to the app. @@ -4392,11 +4392,11 @@ You can specify either a default setting for all apps or a per-app setting by sp If you choose the "User is in control" option, employees in your organization can decide whether Windows apps can access notifications by using Settings > Privacy on the device. -If you choose the "Force Allow" option, Windows apps are allowed to access notifications and employees in your organization cannot change it. +If you choose the "Force Allow" option, Windows apps are allowed to access notifications and employees in your organization can't change it. -If you choose the "Force Deny" option, Windows apps are not allowed to access notifications and employees in your organization cannot change it. +If you choose the "Force Deny" option, Windows apps aren't allowed to access notifications and employees in your organization can't change it. -If you disable or do not configure this policy setting, employees in your organization can decide whether Windows apps can access notifications by using Settings > Privacy on the device. +If you disable or don't configure this policy setting, employees in your organization can decide whether Windows apps can access notifications by using Settings > Privacy on the device. If an app is open when this Group Policy object is applied on a device, employees must restart the app or device for the policy changes to be applied to the app. @@ -4457,11 +4457,11 @@ You can specify either a default setting for all apps or a per-app setting by sp If you choose the "User is in control" option, employees in your organization can decide whether Windows apps can access notifications by using Settings > Privacy on the device. -If you choose the "Force Allow" option, Windows apps are allowed to access notifications and employees in your organization cannot change it. +If you choose the "Force Allow" option, Windows apps are allowed to access notifications and employees in your organization can't change it. -If you choose the "Force Deny" option, Windows apps are not allowed to access notifications and employees in your organization cannot change it. +If you choose the "Force Deny" option, Windows apps aren't allowed to access notifications and employees in your organization can't change it. -If you disable or do not configure this policy setting, employees in your organization can decide whether Windows apps can access notifications by using Settings > Privacy on the device. +If you disable or don't configure this policy setting, employees in your organization can decide whether Windows apps can access notifications by using Settings > Privacy on the device. If an app is open when this Group Policy object is applied on a device, employees must restart the app or device for the policy changes to be applied to the app. @@ -4522,11 +4522,11 @@ You can specify either a default setting for all apps or a per-app setting by sp If you choose the "User is in control" option, employees in your organization can decide whether Windows apps can make phone calls by using Settings > Privacy on the device. -If you choose the "Force Allow" option, Windows apps are allowed to make phone calls and employees in your organization cannot change it. +If you choose the "Force Allow" option, Windows apps are allowed to make phone calls and employees in your organization can't change it. -If you choose the "Force Deny" option, Windows apps are not allowed to make phone calls and employees in your organization cannot change it. +If you choose the "Force Deny" option, Windows apps aren't allowed to make phone calls and employees in your organization can't change it. -If you disable or do not configure this policy setting, employees in your organization can decide whether Windows apps can make phone calls by using Settings > Privacy on the device. +If you disable or don't configure this policy setting, employees in your organization can decide whether Windows apps can make phone calls by using Settings > Privacy on the device. If an app is open when this Group Policy object is applied on a device, employees must restart the app or device for the policy changes to be applied to the app. @@ -4600,11 +4600,11 @@ You can specify either a default setting for all apps or a per-app setting by sp If you choose the "User is in control" option, employees in your organization can decide whether Windows apps can make phone calls by using Settings > Privacy on the device. -If you choose the "Force Allow" option, Windows apps are allowed to make phone calls and employees in your organization cannot change it. +If you choose the "Force Allow" option, Windows apps are allowed to make phone calls and employees in your organization can't change it. -If you choose the "Force Deny" option, Windows apps are not allowed to make phone calls and employees in your organization cannot change it. +If you choose the "Force Deny" option, Windows apps aren't allowed to make phone calls and employees in your organization can't change it. -If you disable or do not configure this policy setting, employees in your organization can decide whether Windows apps can make phone calls by using Settings > Privacy on the device. +If you disable or don't configure this policy setting, employees in your organization can decide whether Windows apps can make phone calls by using Settings > Privacy on the device. If an app is open when this Group Policy object is applied on a device, employees must restart the app or device for the policy changes to be applied to the app. @@ -4665,11 +4665,11 @@ You can specify either a default setting for all apps or a per-app setting by sp If you choose the "User is in control" option, employees in your organization can decide whether Windows apps can make phone calls by using Settings > Privacy on the device. -If you choose the "Force Allow" option, Windows apps are allowed to make phone calls and employees in your organization cannot change it. +If you choose the "Force Allow" option, Windows apps are allowed to make phone calls and employees in your organization can't change it. -If you choose the "Force Deny" option, Windows apps are not allowed to make phone calls and employees in your organization cannot change it. +If you choose the "Force Deny" option, Windows apps aren't allowed to make phone calls and employees in your organization can't change it. -If you disable or do not configure this policy setting, employees in your organization can decide whether Windows apps can make phone calls by using Settings > Privacy on the device. +If you disable or don't configure this policy setting, employees in your organization can decide whether Windows apps can make phone calls by using Settings > Privacy on the device. If an app is open when this Group Policy object is applied on a device, employees must restart the app or device for the policy changes to be applied to the app. @@ -4730,11 +4730,11 @@ You can specify either a default setting for all apps or a per-app setting by sp If you choose the "User is in control" option, employees in your organization can decide whether Windows apps can make phone calls by using Settings > Privacy on the device. -If you choose the "Force Allow" option, Windows apps are allowed to make phone calls and employees in your organization cannot change it. +If you choose the "Force Allow" option, Windows apps are allowed to make phone calls and employees in your organization can't change it. -If you choose the "Force Deny" option, Windows apps are not allowed to make phone calls and employees in your organization cannot change it. +If you choose the "Force Deny" option, Windows apps aren't allowed to make phone calls and employees in your organization can't change it. -If you disable or do not configure this policy setting, employees in your organization can decide whether Windows apps can make phone calls by using Settings > Privacy on the device. +If you disable or don't configure this policy setting, employees in your organization can decide whether Windows apps can make phone calls by using Settings > Privacy on the device. If an app is open when this Group Policy object is applied on a device, employees must restart the app or device for the policy changes to be applied to the app. @@ -4795,11 +4795,11 @@ You can specify either a default setting for all apps or a per-app setting by sp If you choose the "User is in control" option, employees in your organization can decide whether Windows apps have access to control radios by using Settings > Privacy on the device. -If you choose the "Force Allow" option, Windows apps will have access to control radios and employees in your organization cannot change it. +If you choose the "Force Allow" option, Windows apps will have access to control radios and employees in your organization can't change it. -If you choose the "Force Deny" option, Windows apps will not have access to control radios and employees in your organization cannot change it. +If you choose the "Force Deny" option, Windows apps won't have access to control radios and employees in your organization can't change it. -If you disable or do not configure this policy setting, employees in your organization can decide whether Windows apps have access to control radios by using Settings > Privacy on the device. +If you disable or don't configure this policy setting, employees in your organization can decide whether Windows apps have access to control radios by using Settings > Privacy on the device. If an app is open when this Group Policy object is applied on a device, employees must restart the app or device for the policy changes to be applied to the app. @@ -4873,11 +4873,11 @@ You can specify either a default setting for all apps or a per-app setting by sp If you choose the "User is in control" option, employees in your organization can decide whether Windows apps have access to control radios by using Settings > Privacy on the device. -If you choose the "Force Allow" option, Windows apps will have access to control radios and employees in your organization cannot change it. +If you choose the "Force Allow" option, Windows apps will have access to control radios and employees in your organization can't change it. -If you choose the "Force Deny" option, Windows apps will not have access to control radios and employees in your organization cannot change it. +If you choose the "Force Deny" option, Windows apps won't have access to control radios and employees in your organization can't change it. -If you disable or do not configure this policy setting, employees in your organization can decide whether Windows apps have access to control radios by using Settings > Privacy on the device. +If you disable or don't configure this policy setting, employees in your organization can decide whether Windows apps have access to control radios by using Settings > Privacy on the device. If an app is open when this Group Policy object is applied on a device, employees must restart the app or device for the policy changes to be applied to the app. @@ -4938,11 +4938,11 @@ You can specify either a default setting for all apps or a per-app setting by sp If you choose the "User is in control" option, employees in your organization can decide whether Windows apps have access to control radios by using Settings > Privacy on the device. -If you choose the "Force Allow" option, Windows apps will have access to control radios and employees in your organization cannot change it. +If you choose the "Force Allow" option, Windows apps will have access to control radios and employees in your organization can't change it. -If you choose the "Force Deny" option, Windows apps will not have access to control radios and employees in your organization cannot change it. +If you choose the "Force Deny" option, Windows apps won't have access to control radios and employees in your organization can't change it. -If you disable or do not configure this policy setting, employees in your organization can decide whether Windows apps have access to control radios by using Settings > Privacy on the device. +If you disable or don't configure this policy setting, employees in your organization can decide whether Windows apps have access to control radios by using Settings > Privacy on the device. If an app is open when this Group Policy object is applied on a device, employees must restart the app or device for the policy changes to be applied to the app. @@ -5003,11 +5003,11 @@ You can specify either a default setting for all apps or a per-app setting by sp If you choose the "User is in control" option, employees in your organization can decide whether Windows apps have access to control radios by using Settings > Privacy on the device. -If you choose the "Force Allow" option, Windows apps will have access to control radios and employees in your organization cannot change it. +If you choose the "Force Allow" option, Windows apps will have access to control radios and employees in your organization can't change it. -If you choose the "Force Deny" option, Windows apps will not have access to control radios and employees in your organization cannot change it. +If you choose the "Force Deny" option, Windows apps won't have access to control radios and employees in your organization can't change it. -If you disable or do not configure this policy setting, employees in your organization can decide whether Windows apps have access to control radios by using Settings > Privacy on the device. +If you disable or don't configure this policy setting, employees in your organization can decide whether Windows apps have access to control radios by using Settings > Privacy on the device. If an app is open when this Group Policy object is applied on a device, employees must restart the app or device for the policy changes to be applied to the app. @@ -5068,11 +5068,11 @@ You can specify either a default setting for all apps or a per-app setting by sp If you choose the "User is in control" option, employees in your organization can decide whether Windows apps can access tasks by using Settings > Privacy on the device. -If you choose the "Force Allow" option, Windows apps are allowed to access tasks and employees in your organization cannot change it. +If you choose the "Force Allow" option, Windows apps are allowed to access tasks and employees in your organization can't change it. -If you choose the "Force Deny" option, Windows apps are not allowed to access tasks and employees in your organization cannot change it. +If you choose the "Force Deny" option, Windows apps aren't allowed to access tasks and employees in your organization can't change it. -If you disable or do not configure this policy setting, employees in your organization can decide whether Windows apps can access tasks by using Settings > Privacy on the device. +If you disable or don't configure this policy setting, employees in your organization can decide whether Windows apps can access tasks by using Settings > Privacy on the device. If an app is open when this Group Policy object is applied on a device, employees must restart the app or device for the policy changes to be applied to the app. @@ -5135,11 +5135,11 @@ You can specify either a default setting for all apps or a per-app setting by sp If you choose the "User is in control" option, employees in your organization can decide whether Windows apps can access tasks by using Settings > Privacy on the device. -If you choose the "Force Allow" option, Windows apps are allowed to access tasks and employees in your organization cannot change it. +If you choose the "Force Allow" option, Windows apps are allowed to access tasks and employees in your organization can't change it. -If you choose the "Force Deny" option, Windows apps are not allowed to access tasks and employees in your organization cannot change it. +If you choose the "Force Deny" option, Windows apps aren't allowed to access tasks and employees in your organization can't change it. -If you disable or do not configure this policy setting, employees in your organization can decide whether Windows apps can access tasks by using Settings > Privacy on the device. +If you disable or don't configure this policy setting, employees in your organization can decide whether Windows apps can access tasks by using Settings > Privacy on the device. If an app is open when this Group Policy object is applied on a device, employees must restart the app or device for the policy changes to be applied to the app. @@ -5200,11 +5200,11 @@ You can specify either a default setting for all apps or a per-app setting by sp If you choose the "User is in control" option, employees in your organization can decide whether Windows apps can access tasks by using Settings > Privacy on the device. -If you choose the "Force Allow" option, Windows apps are allowed to access tasks and employees in your organization cannot change it. +If you choose the "Force Allow" option, Windows apps are allowed to access tasks and employees in your organization can't change it. -If you choose the "Force Deny" option, Windows apps are not allowed to access tasks and employees in your organization cannot change it. +If you choose the "Force Deny" option, Windows apps aren't allowed to access tasks and employees in your organization can't change it. -If you disable or do not configure this policy setting, employees in your organization can decide whether Windows apps can access tasks by using Settings > Privacy on the device. +If you disable or don't configure this policy setting, employees in your organization can decide whether Windows apps can access tasks by using Settings > Privacy on the device. If an app is open when this Group Policy object is applied on a device, employees must restart the app or device for the policy changes to be applied to the app. @@ -5265,11 +5265,11 @@ You can specify either a default setting for all apps or a per-app setting by sp If you choose the "User is in control" option, employees in your organization can decide whether Windows apps can access tasks by using Settings > Privacy on the device. -If you choose the "Force Allow" option, Windows apps are allowed to access tasks and employees in your organization cannot change it. +If you choose the "Force Allow" option, Windows apps are allowed to access tasks and employees in your organization can't change it. -If you choose the "Force Deny" option, Windows apps are not allowed to access tasks and employees in your organization cannot change it. +If you choose the "Force Deny" option, Windows apps aren't allowed to access tasks and employees in your organization can't change it. -If you disable or do not configure this policy setting, employees in your organization can decide whether Windows apps can access tasks by using Settings > Privacy on the device. +If you disable or don't configure this policy setting, employees in your organization can decide whether Windows apps can access tasks by using Settings > Privacy on the device. If an app is open when this Group Policy object is applied on a device, employees must restart the app or device for the policy changes to be applied to the app. @@ -5330,11 +5330,11 @@ You can specify either a default setting for all apps or a per-app setting by sp If you choose the "User is in control" option, employees in your organization can decide whether Windows apps can access trusted devices by using Settings > Privacy on the device. -If you choose the "Force Allow" option, Windows apps are allowed to access trusted devices and employees in your organization cannot change it. +If you choose the "Force Allow" option, Windows apps are allowed to access trusted devices and employees in your organization can't change it. -If you choose the "Force Deny" option, Windows apps are not allowed to access trusted devices and employees in your organization cannot change it. +If you choose the "Force Deny" option, Windows apps aren't allowed to access trusted devices and employees in your organization can't change it. -If you disable or do not configure this policy setting, employees in your organization can decide whether Windows apps can access trusted devices by using Settings > Privacy on the device. +If you disable or don't configure this policy setting, employees in your organization can decide whether Windows apps can access trusted devices by using Settings > Privacy on the device. If an app is open when this Group Policy object is applied on a device, employees must restart the app or device for the policy changes to be applied to the app. @@ -5408,11 +5408,11 @@ You can specify either a default setting for all apps or a per-app setting by sp If you choose the "User is in control" option, employees in your organization can decide whether Windows apps can access trusted devices by using Settings > Privacy on the device. -If you choose the "Force Allow" option, Windows apps are allowed to access trusted devices and employees in your organization cannot change it. +If you choose the "Force Allow" option, Windows apps are allowed to access trusted devices and employees in your organization can't change it. -If you choose the "Force Deny" option, Windows apps are not allowed to access trusted devices and employees in your organization cannot change it. +If you choose the "Force Deny" option, Windows apps aren't allowed to access trusted devices and employees in your organization can't change it. -If you disable or do not configure this policy setting, employees in your organization can decide whether Windows apps can access trusted devices by using Settings > Privacy on the device. +If you disable or don't configure this policy setting, employees in your organization can decide whether Windows apps can access trusted devices by using Settings > Privacy on the device. If an app is open when this Group Policy object is applied on a device, employees must restart the app or device for the policy changes to be applied to the app. @@ -5473,11 +5473,11 @@ You can specify either a default setting for all apps or a per-app setting by sp If you choose the "User is in control" option, employees in your organization can decide whether Windows apps can access trusted devices by using Settings > Privacy on the device. -If you choose the "Force Allow" option, Windows apps are allowed to access trusted devices and employees in your organization cannot change it. +If you choose the "Force Allow" option, Windows apps are allowed to access trusted devices and employees in your organization can't change it. -If you choose the "Force Deny" option, Windows apps are not allowed to access trusted devices and employees in your organization cannot change it. +If you choose the "Force Deny" option, Windows apps aren't allowed to access trusted devices and employees in your organization can't change it. -If you disable or do not configure this policy setting, employees in your organization can decide whether Windows apps can access trusted devices by using Settings > Privacy on the device. +If you disable or don't configure this policy setting, employees in your organization can decide whether Windows apps can access trusted devices by using Settings > Privacy on the device. If an app is open when this Group Policy object is applied on a device, employees must restart the app or device for the policy changes to be applied to the app. @@ -5538,11 +5538,11 @@ You can specify either a default setting for all apps or a per-app setting by sp If you choose the "User is in control" option, employees in your organization can decide whether Windows apps can access trusted devices by using Settings > Privacy on the device. -If you choose the "Force Allow" option, Windows apps are allowed to access trusted devices and employees in your organization cannot change it. +If you choose the "Force Allow" option, Windows apps are allowed to access trusted devices and employees in your organization can't change it. -If you choose the "Force Deny" option, Windows apps are not allowed to access trusted devices and employees in your organization cannot change it. +If you choose the "Force Deny" option, Windows apps aren't allowed to access trusted devices and employees in your organization can't change it. -If you disable or do not configure this policy setting, employees in your organization can decide whether Windows apps can access trusted devices by using Settings > Privacy on the device. +If you disable or don't configure this policy setting, employees in your organization can decide whether Windows apps can access trusted devices by using Settings > Privacy on the device. If an app is open when this Group Policy object is applied on a device, employees must restart the app or device for the policy changes to be applied to the app. @@ -5601,11 +5601,11 @@ This policy setting specifies whether Windows apps can be activated by voice. If you choose the "User is in control" option, employees in your organization can decide whether Windows apps can be activated with a voice keyword by using Settings > Privacy on the device. -If you choose the "Force Allow" option, Windows apps are allowed to be activated with a voice keyword and employees in your organization cannot change it. +If you choose the "Force Allow" option, Windows apps are allowed to be activated with a voice keyword and employees in your organization can't change it. -If you choose the "Force Deny" option, Windows apps are not allowed to be activated with a voice keyword and employees in your organization cannot change it. +If you choose the "Force Deny" option, Windows apps aren't allowed to be activated with a voice keyword and employees in your organization can't change it. -If you disable or do not configure this policy setting, employees in your organization can decide whether Windows apps can be activated with a voice keyword by using Settings > Privacy on the device. +If you disable or don't configure this policy setting, employees in your organization can decide whether Windows apps can be activated with a voice keyword by using Settings > Privacy on the device. This policy is applied to Windows apps and Cortana. @@ -5630,8 +5630,8 @@ This policy is applied to Windows apps and Cortana. | Value | Description | |:--|:--| | 0 (Default) | User in control. Users can decide if Windows apps can be activated by voice using Settings > Privacy options on the device. | -| 1 | Force allow. Windows apps can be activated by voice and users cannot change it. | -| 2 | Force deny. Windows apps cannot be activated by voice and users cannot change it. | +| 1 | Force allow. Windows apps can be activated by voice and users can't change it. | +| 2 | Force deny. Windows apps can't be activated by voice and users can't change it. | @@ -5675,11 +5675,11 @@ This policy setting specifies whether Windows apps can be activated by voice whi If you choose the "User is in control" option, employees in your organization can decide whether users can interact with applications using speech while the system is locked by using Settings > Privacy on the device. -If you choose the "Force Allow" option, users can interact with applications using speech while the system is locked and employees in your organization cannot change it. +If you choose the "Force Allow" option, users can interact with applications using speech while the system is locked and employees in your organization can't change it. -If you choose the "Force Deny" option, users cannot interact with applications using speech while the system is locked and employees in your organization cannot change it. +If you choose the "Force Deny" option, users can't interact with applications using speech while the system is locked and employees in your organization can't change it. -If you disable or do not configure this policy setting, employees in your organization can decide whether users can interact with applications using speech while the system is locked by using Settings > Privacy on the device. +If you disable or don't configure this policy setting, employees in your organization can decide whether users can interact with applications using speech while the system is locked by using Settings > Privacy on the device. This policy is applied to Windows apps and Cortana. It takes precedence of the "Allow Cortana above lock" policy. This policy is applicable only when "Allow voice activation" policy is configured to allow applications to be activated with voice. @@ -5704,8 +5704,8 @@ This policy is applied to Windows apps and Cortana. It takes precedence of the " | Value | Description | |:--|:--| | 0 (Default) | User in control. Users can decide if Windows apps can be activated by voice while the screen is locked using Settings > Privacy options on the device. | -| 1 | Force allow. Windows apps can be activated by voice while the screen is locked, and users cannot change it. | -| 2 | Force deny. Windows apps cannot be activated by voice while the screen is locked, and users cannot change it. | +| 1 | Force allow. Windows apps can be activated by voice while the screen is locked, and users can't change it. | +| 2 | Force deny. Windows apps can't be activated by voice while the screen is locked, and users can't change it. | @@ -5751,11 +5751,11 @@ You can specify either a default setting for all apps or a per-app setting by sp If you choose the "User is in control" option, employees in your organization can decide whether Windows apps can get diagnostic information about other apps using Settings > Privacy on the device. -If you choose the "Force Allow" option, Windows apps are allowed to get diagnostic information about other apps and employees in your organization cannot change it. +If you choose the "Force Allow" option, Windows apps are allowed to get diagnostic information about other apps and employees in your organization can't change it. -If you choose the "Force Deny" option, Windows apps are not allowed to get diagnostic information about other apps and employees in your organization cannot change it. +If you choose the "Force Deny" option, Windows apps aren't allowed to get diagnostic information about other apps and employees in your organization can't change it. -If you disable or do not configure this policy setting, employees in your organization can decide whether Windows apps can get diagnostic information about other apps by using Settings > Privacy on the device. +If you disable or don't configure this policy setting, employees in your organization can decide whether Windows apps can get diagnostic information about other apps by using Settings > Privacy on the device. If an app is open when this Group Policy object is applied on a device, employees must restart the app or device for the policy changes to be applied to the app. @@ -5829,11 +5829,11 @@ You can specify either a default setting for all apps or a per-app setting by sp If you choose the "User is in control" option, employees in your organization can decide whether Windows apps can get diagnostic information about other apps using Settings > Privacy on the device. -If you choose the "Force Allow" option, Windows apps are allowed to get diagnostic information about other apps and employees in your organization cannot change it. +If you choose the "Force Allow" option, Windows apps are allowed to get diagnostic information about other apps and employees in your organization can't change it. -If you choose the "Force Deny" option, Windows apps are not allowed to get diagnostic information about other apps and employees in your organization cannot change it. +If you choose the "Force Deny" option, Windows apps aren't allowed to get diagnostic information about other apps and employees in your organization can't change it. -If you disable or do not configure this policy setting, employees in your organization can decide whether Windows apps can get diagnostic information about other apps by using Settings > Privacy on the device. +If you disable or don't configure this policy setting, employees in your organization can decide whether Windows apps can get diagnostic information about other apps by using Settings > Privacy on the device. If an app is open when this Group Policy object is applied on a device, employees must restart the app or device for the policy changes to be applied to the app. @@ -5894,11 +5894,11 @@ You can specify either a default setting for all apps or a per-app setting by sp If you choose the "User is in control" option, employees in your organization can decide whether Windows apps can get diagnostic information about other apps using Settings > Privacy on the device. -If you choose the "Force Allow" option, Windows apps are allowed to get diagnostic information about other apps and employees in your organization cannot change it. +If you choose the "Force Allow" option, Windows apps are allowed to get diagnostic information about other apps and employees in your organization can't change it. -If you choose the "Force Deny" option, Windows apps are not allowed to get diagnostic information about other apps and employees in your organization cannot change it. +If you choose the "Force Deny" option, Windows apps aren't allowed to get diagnostic information about other apps and employees in your organization can't change it. -If you disable or do not configure this policy setting, employees in your organization can decide whether Windows apps can get diagnostic information about other apps by using Settings > Privacy on the device. +If you disable or don't configure this policy setting, employees in your organization can decide whether Windows apps can get diagnostic information about other apps by using Settings > Privacy on the device. If an app is open when this Group Policy object is applied on a device, employees must restart the app or device for the policy changes to be applied to the app. @@ -5959,11 +5959,11 @@ You can specify either a default setting for all apps or a per-app setting by sp If you choose the "User is in control" option, employees in your organization can decide whether Windows apps can get diagnostic information about other apps using Settings > Privacy on the device. -If you choose the "Force Allow" option, Windows apps are allowed to get diagnostic information about other apps and employees in your organization cannot change it. +If you choose the "Force Allow" option, Windows apps are allowed to get diagnostic information about other apps and employees in your organization can't change it. -If you choose the "Force Deny" option, Windows apps are not allowed to get diagnostic information about other apps and employees in your organization cannot change it. +If you choose the "Force Deny" option, Windows apps aren't allowed to get diagnostic information about other apps and employees in your organization can't change it. -If you disable or do not configure this policy setting, employees in your organization can decide whether Windows apps can get diagnostic information about other apps by using Settings > Privacy on the device. +If you disable or don't configure this policy setting, employees in your organization can decide whether Windows apps can get diagnostic information about other apps by using Settings > Privacy on the device. If an app is open when this Group Policy object is applied on a device, employees must restart the app or device for the policy changes to be applied to the app. @@ -6024,11 +6024,11 @@ You can specify either a default setting for all apps or a per-app setting by sp If you choose the "User is in control" option, employees in your organization can decide whether Windows apps can run in the background by using Settings > Privacy on the device. -If you choose the "Force Allow" option, Windows apps are allowed to run in the background and employees in your organization cannot change it. +If you choose the "Force Allow" option, Windows apps are allowed to run in the background and employees in your organization can't change it. -If you choose the "Force Deny" option, Windows apps are not allowed to run in the background and employees in your organization cannot change it. +If you choose the "Force Deny" option, Windows apps aren't allowed to run in the background and employees in your organization can't change it. -If you disable or do not configure this policy setting, employees in your organization can decide whether Windows apps can run in the background by using Settings > Privacy on the device. +If you disable or don't configure this policy setting, employees in your organization can decide whether Windows apps can run in the background by using Settings > Privacy on the device. If an app is open when this Group Policy object is applied on a device, employees must restart the app or device for the policy changes to be applied to the app. @@ -6104,11 +6104,11 @@ You can specify either a default setting for all apps or a per-app setting by sp If you choose the "User is in control" option, employees in your organization can decide whether Windows apps can run in the background by using Settings > Privacy on the device. -If you choose the "Force Allow" option, Windows apps are allowed to run in the background and employees in your organization cannot change it. +If you choose the "Force Allow" option, Windows apps are allowed to run in the background and employees in your organization can't change it. -If you choose the "Force Deny" option, Windows apps are not allowed to run in the background and employees in your organization cannot change it. +If you choose the "Force Deny" option, Windows apps aren't allowed to run in the background and employees in your organization can't change it. -If you disable or do not configure this policy setting, employees in your organization can decide whether Windows apps can run in the background by using Settings > Privacy on the device. +If you disable or don't configure this policy setting, employees in your organization can decide whether Windows apps can run in the background by using Settings > Privacy on the device. If an app is open when this Group Policy object is applied on a device, employees must restart the app or device for the policy changes to be applied to the app. @@ -6169,11 +6169,11 @@ You can specify either a default setting for all apps or a per-app setting by sp If you choose the "User is in control" option, employees in your organization can decide whether Windows apps can run in the background by using Settings > Privacy on the device. -If you choose the "Force Allow" option, Windows apps are allowed to run in the background and employees in your organization cannot change it. +If you choose the "Force Allow" option, Windows apps are allowed to run in the background and employees in your organization can't change it. -If you choose the "Force Deny" option, Windows apps are not allowed to run in the background and employees in your organization cannot change it. +If you choose the "Force Deny" option, Windows apps aren't allowed to run in the background and employees in your organization can't change it. -If you disable or do not configure this policy setting, employees in your organization can decide whether Windows apps can run in the background by using Settings > Privacy on the device. +If you disable or don't configure this policy setting, employees in your organization can decide whether Windows apps can run in the background by using Settings > Privacy on the device. If an app is open when this Group Policy object is applied on a device, employees must restart the app or device for the policy changes to be applied to the app. @@ -6234,11 +6234,11 @@ You can specify either a default setting for all apps or a per-app setting by sp If you choose the "User is in control" option, employees in your organization can decide whether Windows apps can run in the background by using Settings > Privacy on the device. -If you choose the "Force Allow" option, Windows apps are allowed to run in the background and employees in your organization cannot change it. +If you choose the "Force Allow" option, Windows apps are allowed to run in the background and employees in your organization can't change it. -If you choose the "Force Deny" option, Windows apps are not allowed to run in the background and employees in your organization cannot change it. +If you choose the "Force Deny" option, Windows apps aren't allowed to run in the background and employees in your organization can't change it. -If you disable or do not configure this policy setting, employees in your organization can decide whether Windows apps can run in the background by using Settings > Privacy on the device. +If you disable or don't configure this policy setting, employees in your organization can decide whether Windows apps can run in the background by using Settings > Privacy on the device. If an app is open when this Group Policy object is applied on a device, employees must restart the app or device for the policy changes to be applied to the app. @@ -6299,11 +6299,11 @@ You can specify either a default setting for all apps or a per-app setting by sp If you choose the "User is in control" option, employees in your organization can decide whether Windows apps can communicate with unpaired wireless devices by using Settings > Privacy on the device. -If you choose the "Force Allow" option, Windows apps are allowed to communicate with unpaired wireless devices and employees in your organization cannot change it. +If you choose the "Force Allow" option, Windows apps are allowed to communicate with unpaired wireless devices and employees in your organization can't change it. -If you choose the "Force Deny" option, Windows apps are not allowed to communicate with unpaired wireless devices and employees in your organization cannot change it. +If you choose the "Force Deny" option, Windows apps aren't allowed to communicate with unpaired wireless devices and employees in your organization can't change it. -If you disable or do not configure this policy setting, employees in your organization can decide whether Windows apps can communicate with unpaired wireless devices by using Settings > Privacy on the device. +If you disable or don't configure this policy setting, employees in your organization can decide whether Windows apps can communicate with unpaired wireless devices by using Settings > Privacy on the device. If an app is open when this Group Policy object is applied on a device, employees must restart the app or device for the policy changes to be applied to the app. @@ -6377,11 +6377,11 @@ You can specify either a default setting for all apps or a per-app setting by sp If you choose the "User is in control" option, employees in your organization can decide whether Windows apps can communicate with unpaired wireless devices by using Settings > Privacy on the device. -If you choose the "Force Allow" option, Windows apps are allowed to communicate with unpaired wireless devices and employees in your organization cannot change it. +If you choose the "Force Allow" option, Windows apps are allowed to communicate with unpaired wireless devices and employees in your organization can't change it. -If you choose the "Force Deny" option, Windows apps are not allowed to communicate with unpaired wireless devices and employees in your organization cannot change it. +If you choose the "Force Deny" option, Windows apps aren't allowed to communicate with unpaired wireless devices and employees in your organization can't change it. -If you disable or do not configure this policy setting, employees in your organization can decide whether Windows apps can communicate with unpaired wireless devices by using Settings > Privacy on the device. +If you disable or don't configure this policy setting, employees in your organization can decide whether Windows apps can communicate with unpaired wireless devices by using Settings > Privacy on the device. If an app is open when this Group Policy object is applied on a device, employees must restart the app or device for the policy changes to be applied to the app. @@ -6442,11 +6442,11 @@ You can specify either a default setting for all apps or a per-app setting by sp If you choose the "User is in control" option, employees in your organization can decide whether Windows apps can communicate with unpaired wireless devices by using Settings > Privacy on the device. -If you choose the "Force Allow" option, Windows apps are allowed to communicate with unpaired wireless devices and employees in your organization cannot change it. +If you choose the "Force Allow" option, Windows apps are allowed to communicate with unpaired wireless devices and employees in your organization can't change it. -If you choose the "Force Deny" option, Windows apps are not allowed to communicate with unpaired wireless devices and employees in your organization cannot change it. +If you choose the "Force Deny" option, Windows apps aren't allowed to communicate with unpaired wireless devices and employees in your organization can't change it. -If you disable or do not configure this policy setting, employees in your organization can decide whether Windows apps can communicate with unpaired wireless devices by using Settings > Privacy on the device. +If you disable or don't configure this policy setting, employees in your organization can decide whether Windows apps can communicate with unpaired wireless devices by using Settings > Privacy on the device. If an app is open when this Group Policy object is applied on a device, employees must restart the app or device for the policy changes to be applied to the app. @@ -6507,11 +6507,11 @@ You can specify either a default setting for all apps or a per-app setting by sp If you choose the "User is in control" option, employees in your organization can decide whether Windows apps can communicate with unpaired wireless devices by using Settings > Privacy on the device. -If you choose the "Force Allow" option, Windows apps are allowed to communicate with unpaired wireless devices and employees in your organization cannot change it. +If you choose the "Force Allow" option, Windows apps are allowed to communicate with unpaired wireless devices and employees in your organization can't change it. -If you choose the "Force Deny" option, Windows apps are not allowed to communicate with unpaired wireless devices and employees in your organization cannot change it. +If you choose the "Force Deny" option, Windows apps aren't allowed to communicate with unpaired wireless devices and employees in your organization can't change it. -If you disable or do not configure this policy setting, employees in your organization can decide whether Windows apps can communicate with unpaired wireless devices by using Settings > Privacy on the device. +If you disable or don't configure this policy setting, employees in your organization can decide whether Windows apps can communicate with unpaired wireless devices by using Settings > Privacy on the device. If an app is open when this Group Policy object is applied on a device, employees must restart the app or device for the policy changes to be applied to the app. @@ -6569,7 +6569,7 @@ If an app is open when this Group Policy object is applied on a device, employee This policy setting determines whether User Activities can be published. - If you enable this policy setting, activities of type User Activity are allowed to be published. -- If you disable this policy setting, activities of type User Activity are not allowed to be published. +- If you disable this policy setting, activities of type User Activity aren't allowed to be published. Policy change takes effect immediately. @@ -6638,7 +6638,7 @@ For more information, see [Windows activity history and your privacy](https://su This policy setting determines whether published User Activities can be uploaded. - If you enable this policy setting, activities of type User Activity are allowed to be uploaded. -- If you disable this policy setting, activities of type User Activity are not allowed to be uploaded. +- If you disable this policy setting, activities of type User Activity aren't allowed to be uploaded. Deletion of activities of type User Activity are independent of this setting. Policy change takes effect immediately. diff --git a/windows/client-management/mdm/policy-csp-remoteassistance.md b/windows/client-management/mdm/policy-csp-remoteassistance.md index f461aaea70..91aca6c11a 100644 --- a/windows/client-management/mdm/policy-csp-remoteassistance.md +++ b/windows/client-management/mdm/policy-csp-remoteassistance.md @@ -45,11 +45,11 @@ The "Display warning message before sharing control" policy setting allows you t The "Display warning message before connecting" policy setting allows you to specify a custom message to display before a user allows a connection to his or her computer. -- If you enable this policy setting, the warning message you specify overrides the default message that is seen by the novice. +- If you enable this policy setting, the warning message you specify overrides the default message that's seen by the novice. - If you disable this policy setting, the user sees the default warning message. -- If you do not configure this policy setting, the user sees the default warning message. +- If you don't configure this policy setting, the user sees the default warning message. @@ -108,9 +108,9 @@ This policy setting allows you to turn logging on or off. Log files are located - If you enable this policy setting, log files are generated. -- If you disable this policy setting, log files are not generated. +- If you disable this policy setting, log files aren't generated. -- If you do not configure this setting, application-based settings are used. +- If you don't configure this setting, application-based settings are used. @@ -169,15 +169,15 @@ This policy setting allows you to turn on or turn off Solicited (Ask for) Remote - If you enable this policy setting, users on this computer can use email or file transfer to ask someone for help. Also, users can use instant messaging programs to allow connections to this computer, and you can configure additional Remote Assistance settings. -- If you disable this policy setting, users on this computer cannot use email or file transfer to ask someone for help. Also, users cannot use instant messaging programs to allow connections to this computer. +- If you disable this policy setting, users on this computer can't use email or file transfer to ask someone for help. Also, users can't use instant messaging programs to allow connections to this computer. -- If you do not configure this policy setting, users can turn on or turn off Solicited (Ask for) Remote Assistance themselves in System Properties in Control Panel. Users can also configure Remote Assistance settings. +- If you don't configure this policy setting, users can turn on or turn off Solicited (Ask for) Remote Assistance themselves in System Properties in Control Panel. Users can also configure Remote Assistance settings. - If you enable this policy setting, you have two ways to allow helpers to provide Remote Assistance: "Allow helpers to only view the computer" or "Allow helpers to remotely control the computer." The "Maximum ticket time" policy setting sets a limit on the amount of time that a Remote Assistance invitation created by using email or file transfer can remain open. -The "Select the method for sending email invitations" setting specifies which email standard to use to send Remote Assistance invitations. Depending on your email program, you can use either the Mailto standard (the invitation recipient connects through an Internet link) or the SMAPI (Simple MAPI) standard (the invitation is attached to your email message). This policy setting is not available in Windows Vista since SMAPI is the only method supported. +The "Select the method for sending email invitations" setting specifies which email standard to use to send Remote Assistance invitations. Depending on your email program, you can use either the Mailto standard (the invitation recipient connects through an Internet link) or the SMAPI (Simple MAPI) standard (the invitation is attached to your email message). This policy setting isn't available in Windows Vista since SMAPI is the only method supported. - If you enable this policy setting you should also enable appropriate firewall exceptions to allow Remote Assistance communications. @@ -238,9 +238,9 @@ This policy setting allows you to turn on or turn off Offer (Unsolicited) Remote - If you enable this policy setting, users on this computer can get help from their corporate technical support staff using Offer (Unsolicited) Remote Assistance. -- If you disable this policy setting, users on this computer cannot get help from their corporate technical support staff using Offer (Unsolicited) Remote Assistance. +- If you disable this policy setting, users on this computer can't get help from their corporate technical support staff using Offer (Unsolicited) Remote Assistance. -- If you do not configure this policy setting, users on this computer cannot get help from their corporate technical support staff using Offer (Unsolicited) Remote Assistance. +- If you don't configure this policy setting, users on this computer can't get help from their corporate technical support staff using Offer (Unsolicited) Remote Assistance. - If you enable this policy setting, you have two ways to allow helpers to provide Remote Assistance: "Allow helpers to only view the computer" or "Allow helpers to remotely control the computer." When you configure this policy setting, you also specify the list of users or user groups that are allowed to offer remote assistance. diff --git a/windows/client-management/mdm/policy-csp-remotedesktopservices.md b/windows/client-management/mdm/policy-csp-remotedesktopservices.md index 239739fed5..a8fd231e77 100644 --- a/windows/client-management/mdm/policy-csp-remotedesktopservices.md +++ b/windows/client-management/mdm/policy-csp-remotedesktopservices.md @@ -43,9 +43,9 @@ This policy setting allows you to configure remote access to computers by using - If you enable this policy setting, users who are members of the Remote Desktop Users group on the target computer can connect remotely to the target computer by using Remote Desktop Services. -- If you disable this policy setting, users cannot connect remotely to the target computer by using Remote Desktop Services. The target computer will maintain any current connections, but will not accept any new incoming connections. +- If you disable this policy setting, users can't connect remotely to the target computer by using Remote Desktop Services. The target computer will maintain any current connections, but won't accept any new incoming connections. -- If you do not configure this policy setting, Remote Desktop Services uses the Remote Desktop setting on the target computer to determine whether the remote connection is allowed. This setting is found on the Remote tab in the System properties sheet. By default, remote connections are not allowed. +- If you don't configure this policy setting, Remote Desktop Services uses the Remote Desktop setting on the target computer to determine whether the remote connection is allowed. This setting is found on the Remote tab in the System properties sheet. By default, remote connections aren't allowed. > [!NOTE] > You can limit which clients are able to connect remotely by using Remote Desktop Services by configuring the policy setting at Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security\Require user authentication for remote connections by using Network Level Authentication. @@ -104,17 +104,17 @@ You can limit the number of users who can connect simultaneously by configuring -Specifies whether to require the use of a specific encryption level to secure communications between client computers and RD Session Host servers during Remote Desktop Protocol (RDP) connections. This policy only applies when you are using native RDP encryption. However, native RDP encryption (as opposed to SSL encryption) is not recommended. This policy does not apply to SSL encryption. +Specifies whether to require the use of a specific encryption level to secure communications between client computers and RD Session Host servers during Remote Desktop Protocol (RDP) connections. This policy only applies when you are using native RDP encryption. However, native RDP encryption (as opposed to SSL encryption) isn't recommended. This policy doesn't apply to SSL encryption. - If you enable this policy setting, all communications between clients and RD Session Host servers during remote connections must use the encryption method specified in this setting. By default, the encryption level is set to High. The following encryption methods are available: -* High: The High setting encrypts data sent from the client to the server and from the server to the client by using strong 128-bit encryption. Use this encryption level in environments that contain only 128-bit clients (for example, clients that run Remote Desktop Connection). Clients that do not support this encryption level cannot connect to RD Session Host servers. +* High: The High setting encrypts data sent from the client to the server and from the server to the client by using strong 128-bit encryption. Use this encryption level in environments that contain only 128-bit clients (for example, clients that run Remote Desktop Connection). Clients that don't support this encryption level can't connect to RD Session Host servers. -* Client Compatible: The Client Compatible setting encrypts data sent between the client and the server at the maximum key strength supported by the client. Use this encryption level in environments that include clients that do not support 128-bit encryption. +* Client Compatible: The Client Compatible setting encrypts data sent between the client and the server at the maximum key strength supported by the client. Use this encryption level in environments that include clients that don't support 128-bit encryption. * Low: The Low setting encrypts only data sent from the client to the server by using 56-bit encryption. -- If you disable or do not configure this setting, the encryption level to be used for remote connections to RD Session Host servers is not enforced through Group Policy. +- If you disable or don't configure this setting, the encryption level to be used for remote connections to RD Session Host servers isn't enforced through Group Policy. Important @@ -176,11 +176,11 @@ This policy setting specifies whether to prevent the mapping of client drives in By default, an RD Session Host server maps client drives automatically upon connection. Mapped drives appear in the session folder tree in File Explorer or Computer in the format `` on ``. You can use this policy setting to override this behavior. -- If you enable this policy setting, client drive redirection is not allowed in Remote Desktop Services sessions, and Clipboard file copy redirection is not allowed on computers running Windows XP, Windows Server 2003, Windows Server 2012 (and later) or Windows 8 (and later). +- If you enable this policy setting, client drive redirection isn't allowed in Remote Desktop Services sessions, and Clipboard file copy redirection isn't allowed on computers running Windows XP, Windows Server 2003, Windows Server 2012 (and later) or Windows 8 (and later). - If you disable this policy setting, client drive redirection is always allowed. In addition, Clipboard file copy redirection is always allowed if Clipboard redirection is allowed. -- If you do not configure this policy setting, client drive redirection and Clipboard file copy redirection are not specified at the Group Policy level. +- If you don't configure this policy setting, client drive redirection and Clipboard file copy redirection aren't specified at the Group Policy level. @@ -300,7 +300,7 @@ By default, Remote Desktop allows redirection of WebAuthn requests. - If you enable this policy setting, users can't use their local authenticator inside the Remote Desktop session. -- If you disable or do not configure this policy setting, users can use local authenticators inside the Remote Desktop session. +- If you disable or don't configure this policy setting, users can use local authenticators inside the Remote Desktop session. @@ -361,11 +361,11 @@ You can use this setting to enforce a password prompt for users logging on to Re By default, Remote Desktop Services allows users to automatically log on by entering a password in the Remote Desktop Connection client. -- If you enable this policy setting, users cannot automatically log on to Remote Desktop Services by supplying their passwords in the Remote Desktop Connection client. They are prompted for a password to log on. +- If you enable this policy setting, users can't automatically log on to Remote Desktop Services by supplying their passwords in the Remote Desktop Connection client. They are prompted for a password to log on. - If you disable this policy setting, users can always log on to Remote Desktop Services automatically by supplying their passwords in the Remote Desktop Connection client. -- If you do not configure this policy setting, automatic logon is not specified at the Group Policy level. +- If you don't configure this policy setting, automatic logon isn't specified at the Group Policy level. @@ -424,9 +424,9 @@ Specifies whether a Remote Desktop Session Host server requires secure RPC commu You can use this setting to strengthen the security of RPC communication with clients by allowing only authenticated and encrypted requests. -If the status is set to Enabled, Remote Desktop Services accepts requests from RPC clients that support secure requests, and does not allow unsecured communication with untrusted clients. +If the status is set to Enabled, Remote Desktop Services accepts requests from RPC clients that support secure requests, and doesn't allow unsecured communication with untrusted clients. -If the status is set to Disabled, Remote Desktop Services always requests security for all RPC traffic. However, unsecured communication is allowed for RPC clients that do not respond to the request. +If the status is set to Disabled, Remote Desktop Services always requests security for all RPC traffic. However, unsecured communication is allowed for RPC clients that don't respond to the request. If the status is set to Not Configured, unsecured communication is allowed. diff --git a/windows/client-management/mdm/policy-csp-remotemanagement.md b/windows/client-management/mdm/policy-csp-remotemanagement.md index 79e8cdf2e6..f4e0321dcb 100644 --- a/windows/client-management/mdm/policy-csp-remotemanagement.md +++ b/windows/client-management/mdm/policy-csp-remotemanagement.md @@ -43,7 +43,7 @@ This policy setting allows you to manage whether the Windows Remote Management ( - If you enable this policy setting, the WinRM client uses Basic authentication. If WinRM is configured to use HTTP transport, the user name and password are sent over the network as clear text. -- If you disable or do not configure this policy setting, the WinRM client does not use Basic authentication. +- If you disable or don't configure this policy setting, the WinRM client doesn't use Basic authentication. @@ -102,7 +102,7 @@ This policy setting allows you to manage whether the Windows Remote Management ( - If you enable this policy setting, the WinRM service accepts Basic authentication from a remote client. -- If you disable or do not configure this policy setting, the WinRM service does not accept Basic authentication from a remote client. +- If you disable or don't configure this policy setting, the WinRM service doesn't accept Basic authentication from a remote client. @@ -161,7 +161,7 @@ This policy setting allows you to manage whether the Windows Remote Management ( - If you enable this policy setting, the WinRM client uses CredSSP authentication. -- If you disable or do not configure this policy setting, the WinRM client does not use CredSSP authentication. +- If you disable or don't configure this policy setting, the WinRM client doesn't use CredSSP authentication. @@ -220,7 +220,7 @@ This policy setting allows you to manage whether the Windows Remote Management ( - If you enable this policy setting, the WinRM service accepts CredSSP authentication from a remote client. -- If you disable or do not configure this policy setting, the WinRM service does not accept CredSSP authentication from a remote client. +- If you disable or don't configure this policy setting, the WinRM service doesn't accept CredSSP authentication from a remote client. @@ -281,11 +281,11 @@ This policy setting allows you to manage whether the Windows Remote Management ( To allow WinRM service to receive requests over the network, configure the Windows Firewall policy setting with exceptions for Port 5985 (default port for HTTP). -- If you disable or do not configure this policy setting, the WinRM service will not respond to requests from a remote computer, regardless of whether or not any WinRM listeners are configured. +- If you disable or don't configure this policy setting, the WinRM service won't respond to requests from a remote computer, regardless of whether or not any WinRM listeners are configured. The service listens on the addresses specified by the IPv4 and IPv6 filters. The IPv4 filter specifies one or more ranges of IPv4 addresses, and the IPv6 filter specifies one or more ranges of IPv6addresses. If specified, the service enumerates the available IP addresses on the computer and uses only addresses that fall within one of the filter ranges. -You should use an asterisk (*) to indicate that the service listens on all available IP addresses on the computer. When * is used, other ranges in the filter are ignored. If the filter is left blank, the service does not listen on any addresses. +You should use an asterisk (*) to indicate that the service listens on all available IP addresses on the computer. When * is used, other ranges in the filter are ignored. If the filter is left blank, the service doesn't listen on any addresses. For example, if you want the service to listen only on IPv4 addresses, leave the IPv6 filter empty. @@ -351,7 +351,7 @@ This policy setting allows you to manage whether the Windows Remote Management ( - If you enable this policy setting, the WinRM client sends and receives unencrypted messages over the network. -- If you disable or do not configure this policy setting, the WinRM client sends or receives only encrypted messages over the network. +- If you disable or don't configure this policy setting, the WinRM client sends or receives only encrypted messages over the network. @@ -410,7 +410,7 @@ This policy setting allows you to manage whether the Windows Remote Management ( - If you enable this policy setting, the WinRM client sends and receives unencrypted messages over the network. -- If you disable or do not configure this policy setting, the WinRM client sends or receives only encrypted messages over the network. +- If you disable or don't configure this policy setting, the WinRM client sends or receives only encrypted messages over the network. @@ -467,9 +467,9 @@ This policy setting allows you to manage whether the Windows Remote Management ( This policy setting allows you to manage whether the Windows Remote Management (WinRM) client uses Digest authentication. -- If you enable this policy setting, the WinRM client does not use Digest authentication. +- If you enable this policy setting, the WinRM client doesn't use Digest authentication. -- If you disable or do not configure this policy setting, the WinRM client uses Digest authentication. +- If you disable or don't configure this policy setting, the WinRM client uses Digest authentication. @@ -526,9 +526,9 @@ This policy setting allows you to manage whether the Windows Remote Management ( This policy setting allows you to manage whether the Windows Remote Management (WinRM) client uses Negotiate authentication. -- If you enable this policy setting, the WinRM client does not use Negotiate authentication. +- If you enable this policy setting, the WinRM client doesn't use Negotiate authentication. -- If you disable or do not configure this policy setting, the WinRM client uses Negotiate authentication. +- If you disable or don't configure this policy setting, the WinRM client uses Negotiate authentication. @@ -585,9 +585,9 @@ This policy setting allows you to manage whether the Windows Remote Management ( This policy setting allows you to manage whether the Windows Remote Management (WinRM) service accepts Negotiate authentication from a remote client. -- If you enable this policy setting, the WinRM service does not accept Negotiate authentication from a remote client. +- If you enable this policy setting, the WinRM service doesn't accept Negotiate authentication from a remote client. -- If you disable or do not configure this policy setting, the WinRM service accepts Negotiate authentication from a remote client. +- If you disable or don't configure this policy setting, the WinRM service accepts Negotiate authentication from a remote client. @@ -642,11 +642,11 @@ This policy setting allows you to manage whether the Windows Remote Management ( -This policy setting allows you to manage whether the Windows Remote Management (WinRM) service will not allow RunAs credentials to be stored for any plug-ins. +This policy setting allows you to manage whether the Windows Remote Management (WinRM) service won't allow RunAs credentials to be stored for any plug-ins. -- If you enable this policy setting, the WinRM service will not allow the RunAsUser or RunAsPassword configuration values to be set for any plug-ins. If a plug-in has already set the RunAsUser and RunAsPassword configuration values, the RunAsPassword configuration value will be erased from the credential store on this computer. +- If you enable this policy setting, the WinRM service won't allow the RunAsUser or RunAsPassword configuration values to be set for any plug-ins. If a plug-in has already set the RunAsUser and RunAsPassword configuration values, the RunAsPassword configuration value will be erased from the credential store on this computer. -- If you disable or do not configure this policy setting, the WinRM service will allow the RunAsUser and RunAsPassword configuration values to be set for plug-ins and the RunAsPassword value will be stored securely. +- If you disable or don't configure this policy setting, the WinRM service will allow the RunAsUser and RunAsPassword configuration values to be set for plug-ins and the RunAsPassword value will be stored securely. If you enable and then disable this policy setting,any values that were previously configured for RunAsPassword will need to be reset. @@ -707,13 +707,13 @@ This policy setting allows you to set the hardening level of the Windows Remote - If you enable this policy setting, the WinRM service uses the level specified in HardeningLevel to determine whether or not to accept a received request, based on a supplied channel binding token. -- If you disable or do not configure this policy setting, you can configure the hardening level locally on each computer. +- If you disable or don't configure this policy setting, you can configure the hardening level locally on each computer. If HardeningLevel is set to Strict, any request not containing a valid channel binding token is rejected. -If HardeningLevel is set to Relaxed (default value), any request containing an invalid channel binding token is rejected. However, a request that does not contain a channel binding token is accepted (though it is not protected from credential-forwarding attacks). +If HardeningLevel is set to Relaxed (default value), any request containing an invalid channel binding token is rejected. However, a request that doesn't contain a channel binding token is accepted (though it isn't protected from credential-forwarding attacks). -If HardeningLevel is set to None, all requests are accepted (though they are not protected from credential-forwarding attacks). +If HardeningLevel is set to None, all requests are accepted (though they aren't protected from credential-forwarding attacks). @@ -772,7 +772,7 @@ This policy setting allows you to manage whether the Windows Remote Management ( - If you enable this policy setting, the WinRM client uses the list specified in TrustedHostsList to determine if the destination host is a trusted entity. The WinRM client uses this list when neither HTTPS nor Kerberos are used to authenticate the identity of the host. -- If you disable or do not configure this policy setting and the WinRM client needs to use the list of trusted hosts, you must configure the list of trusted hosts locally on each computer. +- If you disable or don't configure this policy setting and the WinRM client needs to use the list of trusted hosts, you must configure the list of trusted hosts locally on each computer. @@ -831,7 +831,7 @@ This policy setting turns on or turns off an HTTP listener created for backward - If you enable this policy setting, the HTTP listener always appears. -- If you disable or do not configure this policy setting, the HTTP listener never appears. +- If you disable or don't configure this policy setting, the HTTP listener never appears. When certain port 80 listeners are migrated to WinRM 2.0, the listener port number changes to 5985. @@ -894,7 +894,7 @@ This policy setting turns on or turns off an HTTPS listener created for backward - If you enable this policy setting, the HTTPS listener always appears. -- If you disable or do not configure this policy setting, the HTTPS listener never appears. +- If you disable or don't configure this policy setting, the HTTPS listener never appears. When certain port 443 listeners are migrated to WinRM 2.0, the listener port number changes to 5986. diff --git a/windows/client-management/mdm/policy-csp-remoteprocedurecall.md b/windows/client-management/mdm/policy-csp-remoteprocedurecall.md index 441e1e3670..80c58897c8 100644 --- a/windows/client-management/mdm/policy-csp-remoteprocedurecall.md +++ b/windows/client-management/mdm/policy-csp-remoteprocedurecall.md @@ -45,7 +45,7 @@ This policy setting impacts all RPC applications. In a domain environment this p - If you disable this policy setting, the RPC server runtime uses the value of "Authenticated" on Windows Client, and the value of "None" on Windows Server versions that support this policy setting. -- If you do not configure this policy setting, it remains disabled. The RPC server runtime will behave as though it was enabled with the value of "Authenticated" used for Windows Client and the value of "None" used for Server SKUs that support this policy setting. +- If you don't configure this policy setting, it remains disabled. The RPC server runtime will behave as though it was enabled with the value of "Authenticated" used for Windows Client and the value of "None" used for Server SKUs that support this policy setting. - If you enable this policy setting, it directs the RPC server runtime to restrict unauthenticated RPC clients connecting to RPC servers running on a machine. A client will be considered an authenticated client if it uses a named pipe to communicate with the server or if it uses RPC Security. RPC Interfaces that have specifically requested to be accessible by unauthenticated clients may be exempt from this restriction, depending on the selected value for this policy setting. @@ -56,7 +56,7 @@ This policy setting impacts all RPC applications. In a domain environment this p - "Authenticated without exceptions" allows only authenticated RPC Clients (per the definition above) to connect to RPC Servers running on the machine on which the policy setting is applied. No exceptions are allowed. > [!NOTE] -> This policy setting will not be applied until the system is rebooted. +> This policy setting won't be applied until the system is rebooted. @@ -110,16 +110,16 @@ This policy setting impacts all RPC applications. In a domain environment this p -This policy setting controls whether RPC clients authenticate with the Endpoint Mapper Service when the call they are making contains authentication information. The Endpoint Mapper Service on computers running Windows NT4 (all service packs) cannot process authentication information supplied in this manner. +This policy setting controls whether RPC clients authenticate with the Endpoint Mapper Service when the call they're making contains authentication information. The Endpoint Mapper Service on computers running Windows NT4 (all service packs) can't process authentication information supplied in this manner. -- If you disable this policy setting, RPC clients will not authenticate to the Endpoint Mapper Service, but they will be able to communicate with the Endpoint Mapper Service on Windows NT4 Server. +- If you disable this policy setting, RPC clients won't authenticate to the Endpoint Mapper Service, but they will be able to communicate with the Endpoint Mapper Service on Windows NT4 Server. -- If you enable this policy setting, RPC clients will authenticate to the Endpoint Mapper Service for calls that contain authentication information. Clients making such calls will not be able to communicate with the Windows NT4 Server Endpoint Mapper Service. +- If you enable this policy setting, RPC clients will authenticate to the Endpoint Mapper Service for calls that contain authentication information. Clients making such calls won't be able to communicate with the Windows NT4 Server Endpoint Mapper Service. -- If you do not configure this policy setting, it remains disabled. RPC clients will not authenticate to the Endpoint Mapper Service, but they will be able to communicate with the Windows NT4 Server Endpoint Mapper Service. +- If you don't configure this policy setting, it remains disabled. RPC clients won't authenticate to the Endpoint Mapper Service, but they will be able to communicate with the Windows NT4 Server Endpoint Mapper Service. > [!NOTE] -> This policy will not be applied until the system is rebooted. +> This policy won't be applied until the system is rebooted. diff --git a/windows/client-management/mdm/policy-csp-remoteshell.md b/windows/client-management/mdm/policy-csp-remoteshell.md index 47b67eaf8a..44a9a553c4 100644 --- a/windows/client-management/mdm/policy-csp-remoteshell.md +++ b/windows/client-management/mdm/policy-csp-remoteshell.md @@ -41,7 +41,7 @@ ms.topic: reference This policy setting configures access to remote shells. -If you enable or do not configure this policy setting, new remote shell connections are accepted by the server. +If you enable or don't configure this policy setting, new remote shell connections are accepted by the server. If you set this policy to 'disabled', new remote shell connections are rejected by the server. @@ -104,7 +104,7 @@ The value can be any number from 1 to 100. - If you enable this policy setting, the new shell connections are rejected if they exceed the specified limit. -- If you disable or do not configure this policy setting, the default number is five users. +- If you disable or don't configure this policy setting, the default number is five users. @@ -158,13 +158,13 @@ The value can be any number from 1 to 100. -This policy setting configures the maximum time in milliseconds remote shell will stay open without any user activity until it is automatically deleted. +This policy setting configures the maximum time in milliseconds remote shell will stay open without any user activity until it's automatically deleted. Any value from 0 to 0x7FFFFFFF can be set. A minimum of 60000 milliseconds (1 minute) is used for smaller values. - If you enable this policy setting, the server will wait for the specified amount of time since the last received message from the client before terminating the open shell. -- If you do not configure or disable this policy setting, the default value of 900000 or 15 min will be used. +- If you don't configure or disable this policy setting, the default value of 900000 or 15 min will be used. @@ -224,7 +224,7 @@ Any value from 0 to 0x7FFFFFFF can be set, where 0 equals unlimited memory, whic - If you enable this policy setting, the remote operation is terminated when a new allocation exceeds the specified quota. -- If you disable or do not configure this policy setting, the value 150 is used by default. +- If you disable or don't configure this policy setting, the value 150 is used by default. @@ -282,7 +282,7 @@ This policy setting configures the maximum number of processes a remote shell is - If you enable this policy setting, you can specify any number from 0 to 0x7FFFFFFF to set the maximum number of process per shell. Zero (0) means unlimited number of processes. -- If you disable or do not configure this policy setting, the limit is five processes per shell. +- If you disable or don't configure this policy setting, the limit's five processes per shell. @@ -340,9 +340,9 @@ This policy setting configures the maximum number of concurrent shells any user Any number from 0 to 0x7FFFFFFF cand be set, where 0 means unlimited number of shells. -- If you enable this policy setting, the user cannot open new remote shells if the count exceeds the specified limit. +- If you enable this policy setting, the user can't open new remote shells if the count exceeds the specified limit. -- If you disable or do not configure this policy setting, by default the limit is set to two remote shells per user. +- If you disable or don't configure this policy setting, by default the limit's set to two remote shells per user. diff --git a/windows/client-management/mdm/policy-csp-restrictedgroups.md b/windows/client-management/mdm/policy-csp-restrictedgroups.md index 24a1da37ef..2cdf2bb1cc 100644 --- a/windows/client-management/mdm/policy-csp-restrictedgroups.md +++ b/windows/client-management/mdm/policy-csp-restrictedgroups.md @@ -42,7 +42,7 @@ ms.topic: reference -This security setting allows an administrator to define the members of a security-sensitive (restricted) group. When a Restricted Groups Policy is enforced, any current member of a restricted group that is not on the Members list is removed. Any user on the Members list who is not currently a member of the restricted group is added. You can use Restricted Groups policy to control group membership. Using the policy, you can specify what members are part of a group. Any members that are not specified in the policy are removed during configuration or refresh. For example, you can create a Restricted Groups policy to only allow specified users (for example, Alice and John) to be members of the Administrators group. When policy is refreshed, only Alice and John will remain as members of the Administrators group. +This security setting allows an administrator to define the members of a security-sensitive (restricted) group. When a Restricted Groups Policy is enforced, any current member of a restricted group that isn't on the Members list is removed. Any user on the Members list who isn't currently a member of the restricted group is added. You can use Restricted Groups policy to control group membership. Using the policy, you can specify what members are part of a group. Any members that aren't specified in the policy are removed during configuration or refresh. For example, you can create a Restricted Groups policy to only allow specified users (for example, Alice and John) to be members of the Administrators group. When policy is refreshed, only Alice and John will remain as members of the Administrators group. > [!CAUTION] > If a Restricted Groups policy is applied, any current member not on the Restricted Groups policy members list is removed. This can include default members, such as administrators. Restricted Groups should be used primarily to configure membership of local groups on workstation or member servers. An empty Members list means that the restricted group has no members. diff --git a/windows/client-management/mdm/policy-csp-search.md b/windows/client-management/mdm/policy-csp-search.md index 6b860a78dc..20898c239f 100644 --- a/windows/client-management/mdm/policy-csp-search.md +++ b/windows/client-management/mdm/policy-csp-search.md @@ -124,7 +124,7 @@ Allow the cortana opt-in page during windows setup out of the box experience. | Value | Description | |:--|:--| -| 0 (Default) | Not allowed. The Cortana consent page will not appear in AAD OOBE during setup. | +| 0 (Default) | Not allowed. The Cortana consent page won't appear in AAD OOBE during setup. | | 1 | Allowed. The Cortana consent page will appear in Azure AAD OOBE during setup. | @@ -228,8 +228,8 @@ This policy controls whether the user can configure search to *Find My Files* mo This policy setting allows encrypted items to be indexed. - If you enable this policy setting, indexing will attempt to decrypt and index the content (access restrictions will still apply). -- If you disable this policy setting, the search service components (including non-Microsoft components) are expected not to index encrypted items or encrypted stores. This policy setting is not configured by default. -- If you do not configure this policy setting, the local setting, configured through Control Panel, will be used. By default, the Control Panel setting is set to not index encrypted content. +- If you disable this policy setting, the search service components (including non-Microsoft components) are expected not to index encrypted items or encrypted stores. This policy setting isn't configured by default. +- If you don't configure this policy setting, the local setting, configured through Control Panel, will be used. By default, the Control Panel setting is set to not index encrypted content. When this setting is enabled or disabled, the index is rebuilt completely. @@ -483,8 +483,8 @@ This policy has been deprecated. This policy setting allows words that contain diacritic characters to be treated as separate words. - If you enable this policy setting, words that only differ in diacritics are treated as different words. -- If you disable this policy setting, words with diacritics and words without diacritics are treated as identical words. This policy setting is not configured by default. -- If you do not configure this policy setting, the local setting, configured through Control Panel, will be used. +- If you disable this policy setting, words with diacritics and words without diacritics are treated as identical words. This policy setting isn't configured by default. +- If you don't configure this policy setting, the local setting, configured through Control Panel, will be used. > [!NOTE] > By default, the Control Panel setting is set to treat words that differ only because of diacritics as the same word. @@ -596,7 +596,7 @@ Allow Windows indexer. Value type is integer. This policy setting determines when Windows uses automatic language detection results, and when it relies on indexing history. - If you enable this policy setting, Windows will always use automatic language detection to index (as it did in Windows 7). Using automatic language detection can increase memory usage. We recommend enabling this policy setting only on PCs where documents are stored in many languages. -- If you disable or do not configure this policy setting, Windows will use automatic language detection only when it can determine the language of a document with high confidence. +- If you disable or don't configure this policy setting, Windows will use automatic language detection only when it can determine the language of a document with high confidence. @@ -663,15 +663,15 @@ The most restrictive value is `0` to now allow automatic language detection. This policy setting allows you to configure search on the taskbar. -- If you enable this policy setting and set it to hide, search on taskbar will be hidden by default. Users cannot change it in Settings. +- If you enable this policy setting and set it to hide, search on taskbar will be hidden by default. Users can't change it in Settings. -- If you enable this policy setting and set it to search icon only, the search icon will be displayed on the taskbar by default. Users cannot change it in Settings. +- If you enable this policy setting and set it to search icon only, the search icon will be displayed on the taskbar by default. Users can't change it in Settings. -- If you enable this policy setting and set it to search icon and label, the search icon and label will be displayed on the taskbar by default. Users cannot change it in Settings. +- If you enable this policy setting and set it to search icon and label, the search icon and label will be displayed on the taskbar by default. Users can't change it in Settings. -- If you enable this policy setting and set it to search box, the search box will be displayed on the taskbar by default. Users cannot change it in Settings. +- If you enable this policy setting and set it to search box, the search box will be displayed on the taskbar by default. Users can't change it in Settings. -- If you disable or do not configure this policy setting, search on taskbar will be configured according to the defaults for your Windows edition. Users will be able to change search on taskbar in Settings. +- If you disable or don't configure this policy setting, search on taskbar will be configured according to the defaults for your Windows edition. Users will be able to change search on taskbar in Settings. @@ -801,9 +801,9 @@ If enabled, the search indexer backoff feature will be disabled. Indexing will c This policy setting configures whether or not locations on removable drives can be added to libraries. -- If you enable this policy setting, locations on removable drives cannot be added to libraries. In addition, locations on removable drives cannot be indexed. +- If you enable this policy setting, locations on removable drives can't be added to libraries. In addition, locations on removable drives can't be indexed. -- If you disable or do not configure this policy setting, locations on removable drives can be added to libraries. In addition, locations on removable drives can be indexed. +- If you disable or don't configure this policy setting, locations on removable drives can be added to libraries. In addition, locations on removable drives can be indexed. @@ -891,7 +891,7 @@ This policy setting configures whether or not locations on removable drives can | Value | Description | |:--|:--| -| 0 (Default) | Do not disable. | +| 0 (Default) | Don't disable. | | 1 | Disable. | @@ -934,7 +934,7 @@ This policy setting configures whether or not locations on removable drives can This policy setting allows you to control whether or not Search can perform queries on the web, if web results are displayed in Search, and if search highlights are shown in the search box and in search home. -- If you enable this policy setting, queries won't be performed on the web, web results won't be displayed when a user performs a query in Search, and search highlights will not be shown in the search box and in search home. +- If you enable this policy setting, queries won't be performed on the web, web results won't be displayed when a user performs a query in Search, and search highlights won't be shown in the search box and in search home. - If you disable this policy setting, queries will be performed on the web, web results will be displayed when a user performs a query in Search, and search highlights will be shown in the search box and in search home. @@ -1063,7 +1063,7 @@ Enabling this policy prevents indexing from continuing after less than the speci -If enabled, clients will be unable to query this computer's index remotely. Thus, when they are browsing network shares that are stored on this computer, they will not search them using the index. If disabled, client search requests will use this computer's index. . +If enabled, clients will be unable to query this computer's index remotely. Thus, when they're browsing network shares that are stored on this computer, they won't search them using the index. If disabled, client search requests will use this computer's index. . diff --git a/windows/client-management/mdm/policy-csp-security.md b/windows/client-management/mdm/policy-csp-security.md index fc91e1eb56..e4f0dfb401 100644 --- a/windows/client-management/mdm/policy-csp-security.md +++ b/windows/client-management/mdm/policy-csp-security.md @@ -454,7 +454,7 @@ The following table shows what behavior is expected for the policy settings with |:--|:--| | 0 (Default) | Current) behavior. | | 1 | RequireAuthentication: Admin Authentication is always required for components in RecoveryEnvironment. | -| 2 | NoRequireAuthentication: Admin Authentication is not required for components in RecoveryEnvironment. | +| 2 | NoRequireAuthentication: Admin Authentication isn't required for components in RecoveryEnvironment. | @@ -480,7 +480,7 @@ The following table shows what behavior is expected for the policy settings with -Allows enterprise to turn on internal storage encryption. Most restricted value is 1. Important. If encryption has been enabled, it cannot be turned off by using this policy. +Allows enterprise to turn on internal storage encryption. Most restricted value is 1. Important. If encryption has been enabled, it can't be turned off by using this policy. @@ -502,7 +502,7 @@ Allows enterprise to turn on internal storage encryption. Most restricted value | Value | Description | |:--|:--| -| 0 (Default) | Encryption is not required. | +| 0 (Default) | Encryption isn't required. | | 1 | Encryption is required. | diff --git a/windows/client-management/mdm/policy-csp-servicecontrolmanager.md b/windows/client-management/mdm/policy-csp-servicecontrolmanager.md index 4aed2782cb..9154d2d243 100644 --- a/windows/client-management/mdm/policy-csp-servicecontrolmanager.md +++ b/windows/client-management/mdm/policy-csp-servicecontrolmanager.md @@ -45,7 +45,7 @@ This policy setting enables process mitigation options on svchost.exe processes. This includes a policy requiring all binaries loaded in these processes to be signed by microsoft, as well as a policy disallowing dynamically-generated code. -- If you disable or do not configure this policy setting, these stricter security settings will not be applied. +- If you disable or don't configure this policy setting, these stricter security settings won't be applied. diff --git a/windows/client-management/mdm/policy-csp-settings.md b/windows/client-management/mdm/policy-csp-settings.md index 579400ce44..c4560c25f4 100644 --- a/windows/client-management/mdm/policy-csp-settings.md +++ b/windows/client-management/mdm/policy-csp-settings.md @@ -40,7 +40,7 @@ ms.topic: reference Allows the user to change Auto Play settings. > [!NOTE] -> Setting this policy to 0 (Not allowed) does not affect the autoplay dialog box that appears when a device is connected. +> Setting this policy to 0 (Not allowed) doesn't affect the autoplay dialog box that appears when a device is connected. @@ -290,7 +290,7 @@ Allows the user to change the language settings. Enables or disables the retrieval of online tips and help for the Settings app. -If disabled, Settings will not contact Microsoft content services to retrieve tips and help content. +If disabled, Settings won't contact Microsoft content services to retrieve tips and help content. @@ -651,9 +651,9 @@ By default, the calendar is set according to the locale of the operating system, - If you enable this policy setting, users can show an additional calendar in either Simplified Chinese (Lunar) or Traditional Chinese (Lunar), regardless of the locale. -- If you disable this policy setting, users cannot show an additional calendar, regardless of the locale. +- If you disable this policy setting, users can't show an additional calendar, regardless of the locale. -- If you do not configure this policy setting, the calendar will be set according to the default logic. +- If you don't configure this policy setting, the calendar will be set according to the default logic. @@ -724,9 +724,9 @@ By default, the calendar is set according to the locale of the operating system, Specifies the list of pages to show or hide from the System Settings app. -This policy allows an administrator to block a given set of pages from the System Settings app. Blocked pages will not be visible in the app, and if all pages in a category are blocked the category will be hidden as well. Direct navigation to a blocked page via URI, context menu in Explorer or other means will result in the front page of Settings being shown instead. +This policy allows an administrator to block a given set of pages from the System Settings app. Blocked pages won't be visible in the app, and if all pages in a category are blocked the category will be hidden as well. Direct navigation to a blocked page via URI, context menu in Explorer or other means will result in the front page of Settings being shown instead. -This policy has two modes: it can either specify a list of settings pages to show or a list of pages to hide. To specify a list of pages to show, the policy string must begin with "showonly:" (without quotes), and to specify a list of pages to hide, it must begin with "hide:". If a page in a showonly list would normally be hidden for other reasons (such as a missing hardware device), this policy will not force that page to appear. After this, the policy string must contain a semicolon-delimited list of settings page identifiers. The identifier for any given settings page is the published URI for that page, minus the "ms-settings:" protocol part. +This policy has two modes: it can either specify a list of settings pages to show or a list of pages to hide. To specify a list of pages to show, the policy string must begin with "showonly:" (without quotes), and to specify a list of pages to hide, it must begin with "hide:". If a page in a showonly list would normally be hidden for other reasons (such as a missing hardware device), this policy won't force that page to appear. After this, the policy string must contain a semicolon-delimited list of settings page identifiers. The identifier for any given settings page is the published URI for that page, minus the "ms-settings:" protocol part. Example: to specify that only the About and Bluetooth pages should be shown (their respective URIs are ms-settings:about and ms-settings:bluetooth) and all other pages hidden: diff --git a/windows/client-management/mdm/policy-csp-settingssync.md b/windows/client-management/mdm/policy-csp-settingssync.md index cd348c3428..af01fa3e6c 100644 --- a/windows/client-management/mdm/policy-csp-settingssync.md +++ b/windows/client-management/mdm/policy-csp-settingssync.md @@ -43,11 +43,11 @@ ms.topic: reference Prevent the "accessibility" group from syncing to and from this PC. This turns off and disables the "accessibility" group on the "Windows backup" settings page in PC settings. -If you enable this policy setting, the "accessibility", group will not be synced. +If you enable this policy setting, the "accessibility", group won't be synced. Use the option "Allow users to turn accessibility syncing on" so that syncing is turned off by default but not disabled. -If you do not set or disable this setting, syncing of the "accessibility" group is on by default and configurable by the user. +If you don't set or disable this setting, syncing of the "accessibility" group is on by default and configurable by the user. diff --git a/windows/client-management/mdm/policy-csp-smartscreen.md b/windows/client-management/mdm/policy-csp-smartscreen.md index 5d3adfc05d..7cb8b3629e 100644 --- a/windows/client-management/mdm/policy-csp-smartscreen.md +++ b/windows/client-management/mdm/policy-csp-smartscreen.md @@ -116,7 +116,7 @@ App Install Control is a feature of Windows Defender SmartScreen that helps prot -This policy allows you to turn Windows Defender SmartScreen on or off. SmartScreen helps protect PCs by warning users before running potentially malicious programs downloaded from the Internet. This warning is presented as an interstitial dialog shown before running an app that has been downloaded from the Internet and is unrecognized or known to be malicious. No dialog is shown for apps that do not appear to be suspicious. +This policy allows you to turn Windows Defender SmartScreen on or off. SmartScreen helps protect PCs by warning users before running potentially malicious programs downloaded from the Internet. This warning is presented as an interstitial dialog shown before running an app that has been downloaded from the Internet and is unrecognized or known to be malicious. No dialog is shown for apps that don't appear to be suspicious. Some information is sent to Microsoft about files and programs run on PCs with this feature enabled. @@ -125,13 +125,13 @@ Some information is sent to Microsoft about files and programs run on PCs with t - Warn and prevent bypass - Warn -- If you enable this policy with the "Warn and prevent bypass" option, SmartScreen's dialogs will not present the user with the option to disregard the warning and run the app. SmartScreen will continue to show the warning on subsequent attempts to run the app. +- If you enable this policy with the "Warn and prevent bypass" option, SmartScreen's dialogs won't present the user with the option to disregard the warning and run the app. SmartScreen will continue to show the warning on subsequent attempts to run the app. -- If you enable this policy with the "Warn" option, SmartScreen's dialogs will warn the user that the app appears suspicious, but will permit the user to disregard the warning and run the app anyway. SmartScreen will not warn the user again for that app if the user tells SmartScreen to run the app. +- If you enable this policy with the "Warn" option, SmartScreen's dialogs will warn the user that the app appears suspicious, but will permit the user to disregard the warning and run the app anyway. SmartScreen won't warn the user again for that app if the user tells SmartScreen to run the app. -- If you disable this policy, SmartScreen will be turned off for all users. Users will not be warned if they try to run suspicious apps from the Internet. +- If you disable this policy, SmartScreen will be turned off for all users. Users won't be warned if they try to run suspicious apps from the Internet. -- If you do not configure this policy, SmartScreen will be enabled by default, but users may change their settings. +- If you don't configure this policy, SmartScreen will be enabled by default, but users may change their settings. @@ -194,7 +194,7 @@ Some information is sent to Microsoft about files and programs run on PCs with t -This policy allows you to turn Windows Defender SmartScreen on or off. SmartScreen helps protect PCs by warning users before running potentially malicious programs downloaded from the Internet. This warning is presented as an interstitial dialog shown before running an app that has been downloaded from the Internet and is unrecognized or known to be malicious. No dialog is shown for apps that do not appear to be suspicious. +This policy allows you to turn Windows Defender SmartScreen on or off. SmartScreen helps protect PCs by warning users before running potentially malicious programs downloaded from the Internet. This warning is presented as an interstitial dialog shown before running an app that has been downloaded from the Internet and is unrecognized or known to be malicious. No dialog is shown for apps that don't appear to be suspicious. Some information is sent to Microsoft about files and programs run on PCs with this feature enabled. @@ -203,13 +203,13 @@ Some information is sent to Microsoft about files and programs run on PCs with t - Warn and prevent bypass - Warn -- If you enable this policy with the "Warn and prevent bypass" option, SmartScreen's dialogs will not present the user with the option to disregard the warning and run the app. SmartScreen will continue to show the warning on subsequent attempts to run the app. +- If you enable this policy with the "Warn and prevent bypass" option, SmartScreen's dialogs won't present the user with the option to disregard the warning and run the app. SmartScreen will continue to show the warning on subsequent attempts to run the app. -- If you enable this policy with the "Warn" option, SmartScreen's dialogs will warn the user that the app appears suspicious, but will permit the user to disregard the warning and run the app anyway. SmartScreen will not warn the user again for that app if the user tells SmartScreen to run the app. +- If you enable this policy with the "Warn" option, SmartScreen's dialogs will warn the user that the app appears suspicious, but will permit the user to disregard the warning and run the app anyway. SmartScreen won't warn the user again for that app if the user tells SmartScreen to run the app. -- If you disable this policy, SmartScreen will be turned off for all users. Users will not be warned if they try to run suspicious apps from the Internet. +- If you disable this policy, SmartScreen will be turned off for all users. Users won't be warned if they try to run suspicious apps from the Internet. -- If you do not configure this policy, SmartScreen will be enabled by default, but users may change their settings. +- If you don't configure this policy, SmartScreen will be enabled by default, but users may change their settings. @@ -231,7 +231,7 @@ Some information is sent to Microsoft about files and programs run on PCs with t | Value | Description | |:--|:--| -| 0 (Default) | Do not prevent override. | +| 0 (Default) | Don't prevent override. | | 1 | Prevent override. | diff --git a/windows/client-management/mdm/policy-csp-start.md b/windows/client-management/mdm/policy-csp-start.md index 3d078e6ef4..4b2f62cf0c 100644 --- a/windows/client-management/mdm/policy-csp-start.md +++ b/windows/client-management/mdm/policy-csp-start.md @@ -623,7 +623,7 @@ If you enable this policy, then invocations of context menus within the Start Me | Value | Description | |:--|:--| -| 0 (Default) | Do not disable. | +| 0 (Default) | Don't disable. | | 1 | Disable. | @@ -668,7 +668,7 @@ This policy setting removes Quick Settings from the bottom right area on the tas The quick settings area is located at the left of the clock in the taskbar and includes icons for current network and volume. -If this setting is enabled, Quick Settings is not displayed in the quick settings area. +If this setting is enabled, Quick Settings isn't displayed in the quick settings area. A reboot is required for this policy setting to take effect. @@ -829,7 +829,7 @@ If there's a policy configuration conflict, the latest configuration request is | Value | Description | |:--|:--| -| 0 (Default) | Do not force size of Start. | +| 0 (Default) | Don't force size of Start. | | 1 | Force non-fullscreen size of Start. | | 2 | Force a fullscreen size of Start. | @@ -964,7 +964,7 @@ Enabling this policy hides "Change account settings" from appearing in the user | Value | Description | |:--|:--| -| 0 (Default) | Do not hide. | +| 0 (Default) | Don't hide. | | 1 | Hide. | @@ -998,7 +998,7 @@ Enabling this policy hides "Change account settings" from appearing in the user - If you enable this setting, the frequently used programs list is removed from the Start menu. -- If you disable this setting or do not configure it, the frequently used programs list remains on the simple Start menu. +- If you disable this setting or don't configure it, the frequently used programs list remains on the simple Start menu. @@ -1032,7 +1032,7 @@ To validate this policy, do the following steps: | Value | Description | |:--|:--| -| 0 (Default) | Do not hide. | +| 0 (Default) | Don't hide. | | 1 | Hide. | @@ -1098,7 +1098,7 @@ Enabling this policy hides "Hibernate" from appearing in the power button in the | Value | Description | |:--|:--| -| 0 (Default) | Do not hide. | +| 0 (Default) | Don't hide. | | 1 | Hide. | @@ -1148,7 +1148,7 @@ Enabling this policy hides "Lock" from appearing in the user tile in the start m | Value | Description | |:--|:--| -| 0 (Default) | Do not hide. | +| 0 (Default) | Don't hide. | | 1 | Hide. | @@ -1177,7 +1177,7 @@ Enabling this policy hides "Lock" from appearing in the user tile in the start m This policy allows you to remove the People Bar from the taskbar and disables the My People experience. -If you enable this policy the people icon will be removed from the taskbar, the corresponding settings toggle is removed from the taskbar settings page, and users will not be able to pin people to the taskbar. +If you enable this policy the people icon will be removed from the taskbar, the corresponding settings toggle is removed from the taskbar settings page, and users won't be able to pin people to the taskbar. @@ -1199,7 +1199,7 @@ If you enable this policy the people icon will be removed from the taskbar, the | Value | Description | |:--|:--| -| 0 (Default) | Do not hide. | +| 0 (Default) | Don't hide. | | 1 | Hide. | @@ -1265,7 +1265,7 @@ Enabling this policy hides the power button from appearing in the start menu. | Value | Description | |:--|:--| -| 0 (Default) | Do not hide. | +| 0 (Default) | Don't hide. | | 1 | Hide. | @@ -1333,7 +1333,7 @@ To validate this policy, do the following steps: | Value | Description | |:--|:--| -| 0 (Default) | Do not hide. | +| 0 (Default) | Don't hide. | | 1 | Hide. | @@ -1400,7 +1400,7 @@ To validate this policy, do the following steps: | Value | Description | |:--|:--| -| 0 (Default) | Do not hide. | +| 0 (Default) | Don't hide. | | 1 | Hide. | @@ -1594,7 +1594,7 @@ Enabling this policy hides "Restart/Update and restart" from appearing in the po | Value | Description | |:--|:--| -| 0 (Default) | Do not hide. | +| 0 (Default) | Don't hide. | | 1 | Hide. | @@ -1643,7 +1643,7 @@ Enabling this policy hides "Shut down/Update and shut down" from appearing in th | Value | Description | |:--|:--| -| 0 (Default) | Do not hide. | +| 0 (Default) | Don't hide. | | 1 | Hide. | @@ -1693,7 +1693,7 @@ Enabling this policy hides "Sign out" from appearing in the user tile in the sta | Value | Description | |:--|:--| -| 0 (Default) | Do not hide. | +| 0 (Default) | Don't hide. | | 1 | Hide. | @@ -1742,7 +1742,7 @@ Enabling this policy hides "Sleep" from appearing in the power button in the sta | Value | Description | |:--|:--| -| 0 (Default) | Do not hide. | +| 0 (Default) | Don't hide. | | 1 | Hide. | @@ -1791,7 +1791,7 @@ Enabling this policy hides "Switch account" from appearing in the user tile in t | Value | Description | |:--|:--| -| 0 (Default) | Do not hide. | +| 0 (Default) | Don't hide. | | 1 | Hide. | @@ -1912,7 +1912,7 @@ Enabling this policy hides the user tile from appearing in the start menu. | Value | Description | |:--|:--| -| 0 (Default) | Do not hide. | +| 0 (Default) | Don't hide. | | 1 | Hide. | @@ -1939,7 +1939,7 @@ Enabling this policy hides the user tile from appearing in the start menu. -This policy setting allows you to import Edge assets to be used with StartLayout policy. Start layout can contain secondary tile from Edge app which looks for Edge local asset file. Edge local asset would not exist and cause Edge secondary tile to appear empty in this case. This policy only gets applied when StartLayout policy is modified. +This policy setting allows you to import Edge assets to be used with StartLayout policy. Start layout can contain secondary tile from Edge app which looks for Edge local asset file. Edge local asset wouldn't exist and cause Edge secondary tile to appear empty in this case. This policy only gets applied when StartLayout policy is modified. @@ -1997,8 +1997,8 @@ To validate this policy, do the following steps: This policy setting allows you to control pinning programs to the Taskbar. -- If you enable this policy setting, users cannot change the programs currently pinned to the Taskbar. If any programs are already pinned to the Taskbar, these programs continue to show in the Taskbar. However, users cannot unpin these programs already pinned to the Taskbar, and they cannot pin new programs to the Taskbar. -- If you disable or do not configure this policy setting, users can change the programs currently pinned to the Taskbar. +- If you enable this policy setting, users can't change the programs currently pinned to the Taskbar. If any programs are already pinned to the Taskbar, these programs continue to show in the Taskbar. However, users can't unpin these programs already pinned to the Taskbar, and they can't pin new programs to the Taskbar. +- If you disable or don't configure this policy setting, users can change the programs currently pinned to the Taskbar. @@ -2061,11 +2061,11 @@ To validate this policy, do the following steps: If you enable this policy setting, you can configure Start menu to show or hide the list of user's most used apps, regardless of user settings. -Selecting "Show" will force the "Most used" list to be shown, and user cannot change to hide it using the Settings app. +Selecting "Show" will force the "Most used" list to be shown, and user can't change to hide it using the Settings app. -Selecting "Hide" will force the "Most used" list to be hidden, and user cannot change to show it using the Settings app. +Selecting "Hide" will force the "Most used" list to be hidden, and user can't change to show it using the Settings app. -Selecting "Not Configured", or if you disable or do not configure this policy setting, all will allow users to turn on or off the display of "Most used" list using the Settings app. This is default behavior. +Selecting "Not Configured", or if you disable or don't configure this policy setting, all will allow users to turn on or off the display of "Most used" list using the Settings app. This is default behavior. Note configuring this policy to "Show" or "Hide" on supported versions of Windows 10 will supercede any policy setting of "Remove frequent programs list from the Start Menu" (which manages same part of Start menu but with fewer options). @@ -2089,7 +2089,7 @@ Note configuring this policy to "Show" or "Hide" on supported versions of Window | Value | Description | |:--|:--| -| 0 (Default) | Do not enforce visibility of list of most used apps in Start; user can control via Settings app (default behavior equivalent to not configuring this policy). | +| 0 (Default) | Don't enforce visibility of list of most used apps in Start; user can control via Settings app (default behavior equivalent to not configuring this policy). | | 1 | Force showing of list of most used apps in Start; corresponding toggle in Setting app is disabled. | | 2 | Force hiding of list of most used apps in Start; corresponding toggle in Setting app is disabled. | @@ -2205,9 +2205,9 @@ Specifies the Start layout for users. This setting lets you specify the Start layout for users and prevents them from changing its configuration. The Start layout you specify must be stored in an XML file that was generated by the Export-StartLayout PowerShell cmdlet. To use this setting, you must first manually configure a device's Start layout to the desired look and feel. Once you are done, run the Export-StartLayout PowerShell cmdlet on that same device. The cmdlet will generate an XML file representing the layout you configured. -Once the XML file is generated and moved to the desired file path, type the fully qualified path and name of the XML file. You can type a local path, such as C:\StartLayouts\myLayout.xml or a UNC path, such as \\Server\Share\Layout.xml. If the specified file is not available when the user logs on, the layout won't be changed. Users cannot customize their Start screen while this setting is enabled. +Once the XML file is generated and moved to the desired file path, type the fully qualified path and name of the XML file. You can type a local path, such as C:\StartLayouts\myLayout.xml or a UNC path, such as \\Server\Share\Layout.xml. If the specified file isn't available when the user logs on, the layout won't be changed. Users can't customize their Start screen while this setting is enabled. -If you disable this setting or do not configure it, the Start screen layout won't be changed and users will be able to customize it. +If you disable this setting or don't configure it, the Start screen layout won't be changed and users will be able to customize it. diff --git a/windows/client-management/mdm/policy-csp-storage.md b/windows/client-management/mdm/policy-csp-storage.md index 1c5a0027b5..da0068fd9c 100644 --- a/windows/client-management/mdm/policy-csp-storage.md +++ b/windows/client-management/mdm/policy-csp-storage.md @@ -45,7 +45,7 @@ Enabled: Updates would be downloaded for the Disk Failure Prediction Failure Model. Disabled: -Updates would not be downloaded for the Disk Failure Prediction Failure Model. +Updates wouldn't be downloaded for the Disk Failure Prediction Failure Model. Not configured: Same as Enabled. @@ -70,7 +70,7 @@ Same as Enabled. | Value | Description | |:--|:--| -| 0 | Do not allow. | +| 0 | Don't allow. | | 1 (Default) | Allow. | @@ -114,10 +114,10 @@ Same as Enabled. Storage Sense can automatically clean some of the user's files to free up disk space. By default, Storage Sense is automatically turned on when the machine runs into low disk space and is set to run whenever the machine runs into storage pressure. This cadence can be changed in Storage settings or set with the "Configure Storage Sense cadence" group policy. Enabled: -Storage Sense is turned on for the machine, with the default cadence as 'during low free disk space'. Users cannot disable Storage Sense, but they can adjust the cadence (unless you also configure the "Configure Storage Sense cadence" group policy). +Storage Sense is turned on for the machine, with the default cadence as 'during low free disk space'. Users can't disable Storage Sense, but they can adjust the cadence (unless you also configure the "Configure Storage Sense cadence" group policy). Disabled: -Storage Sense is turned off the machine. Users cannot enable Storage Sense. +Storage Sense is turned off the machine. Users can't enable Storage Sense. Not Configured: By default, Storage Sense is turned off until the user runs into low disk space or the user enables it manually. Users can configure this setting in Storage settings. @@ -183,15 +183,15 @@ By default, Storage Sense is turned off until the user runs into low disk space -When Storage Sense runs, it can delete the user's temporary files that are not in use. +When Storage Sense runs, it can delete the user's temporary files that aren't in use. -If the group policy "Allow Storage Sense" is disabled, then this policy does not have any effect. +If the group policy "Allow Storage Sense" is disabled, then this policy doesn't have any effect. Enabled: -Storage Sense will delete the user's temporary files that are not in use. Users cannot disable this setting in Storage settings. +Storage Sense will delete the user's temporary files that aren't in use. Users can't disable this setting in Storage settings. Disabled: -Storage Sense will not delete the user's temporary files. Users cannot enable this setting in Storage settings. +Storage Sense won't delete the user's temporary files. Users can't enable this setting in Storage settings. Not Configured: By default, Storage Sense will delete the user's temporary files. Users can configure this setting in Storage settings. @@ -259,14 +259,14 @@ By default, Storage Sense will delete the user's temporary files. Users can conf When Storage Sense runs, it can dehydrate cloud-backed content that hasn't been opened in a certain amount of days. -If the group policy "Allow Storage Sense" is disabled, then this policy does not have any effect. +If the group policy "Allow Storage Sense" is disabled, then this policy doesn't have any effect. Enabled: You must provide the minimum number of days a cloud-backed file can remain unopened before Storage Sense dehydrates it from the sync root. Supported values are: 0 - 365. -If you set this value to zero, Storage Sense will not dehydrate any cloud-backed content. The default value is 0, or never dehydrating cloud-backed content. +If you set this value to zero, Storage Sense won't dehydrate any cloud-backed content. The default value is 0, or never dehydrating cloud-backed content. Disabled or Not Configured: -By default, Storage Sense will not dehydrate any cloud-backed content. Users can configure this setting in Storage settings. +By default, Storage Sense won't dehydrate any cloud-backed content. Users can configure this setting in Storage settings. @@ -322,14 +322,14 @@ By default, Storage Sense will not dehydrate any cloud-backed content. Users can When Storage Sense runs, it can delete files in the user's Downloads folder if they haven't been opened for more than a certain number of days. -If the group policy "Allow Storage Sense" is disabled, then this policy does not have any effect. +If the group policy "Allow Storage Sense" is disabled, then this policy doesn't have any effect. Enabled: You must provide the minimum number of days a file can remain unopened before Storage Sense deletes it from Downloads folder. Supported values are: 0 - 365. -If you set this value to zero, Storage Sense will not delete files in the user's Downloads folder. The default is 0, or never deleting files in the Downloads folder. +If you set this value to zero, Storage Sense won't delete files in the user's Downloads folder. The default is 0, or never deleting files in the Downloads folder. Disabled or Not Configured: -By default, Storage Sense will not delete files in the user's Downloads folder. Users can configure this setting in Storage settings. +By default, Storage Sense won't delete files in the user's Downloads folder. Users can configure this setting in Storage settings. @@ -385,7 +385,7 @@ By default, Storage Sense will not delete files in the user's Downloads folder. Storage Sense can automatically clean some of the user's files to free up disk space. -If the group policy "Allow Storage Sense" is disabled, then this policy does not have any effect. +If the group policy "Allow Storage Sense" is disabled, then this policy doesn't have any effect. Enabled: You must provide the desired Storage Sense cadence. Supported options are: daily, weekly, monthly, and during low free disk space. The default is 0 (during low free disk space). @@ -452,13 +452,13 @@ Use the following integer values for the supported options: -When Storage Sense runs, it can delete files in the user's Recycle Bin if they have been there for over a certain amount of days. +When Storage Sense runs, it can delete files in the user's Recycle Bin if they've been there for over a certain amount of days. -If the group policy "Allow Storage Sense" is disabled, then this policy does not have any effect. +If the group policy "Allow Storage Sense" is disabled, then this policy doesn't have any effect. Enabled: You must provide the minimum age threshold (in days) of a file in the Recycle Bin before Storage Sense will delete it. Supported values are: 0 - 365. -If you set this value to zero, Storage Sense will not delete files in the user's Recycle Bin. The default is 30 days. +If you set this value to zero, Storage Sense won't delete files in the user's Recycle Bin. The default is 30 days. Disabled or Not Configured: By default, Storage Sense will delete files in the user's Recycle Bin that have been there for over 30 days. Users can configure this setting in Storage settings. @@ -517,9 +517,9 @@ By default, Storage Sense will delete files in the user's Recycle Bin that have This policy setting configures whether or not Windows will activate an Enhanced Storage device. -- If you enable this policy setting, Windows will not activate unactivated Enhanced Storage devices. +- If you enable this policy setting, Windows won't activate unactivated Enhanced Storage devices. -- If you disable or do not configure this policy setting, Windows will activate unactivated Enhanced Storage devices. +- If you disable or don't configure this policy setting, Windows will activate unactivated Enhanced Storage devices. @@ -578,7 +578,7 @@ This policy setting denies write access to removable disks. - If you enable this policy setting, write access is denied to this removable storage class. -- If you disable or do not configure this policy setting, write access is allowed to this removable storage class. +- If you disable or don't configure this policy setting, write access is allowed to this removable storage class. > [!NOTE] > To require that users write data to BitLocker-protected storage, enable the policy setting "Deny write access to drives not protected by BitLocker," which is located in "Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Removable Data Drives." @@ -647,7 +647,7 @@ This policy setting denies read access to removable disks, which may include med - If you enable this policy setting, read access is denied to this removable storage class. -- If you disable or do not configure this policy setting, read access is allowed to this removable storage class. +- If you disable or don't configure this policy setting, read access is allowed to this removable storage class. @@ -717,7 +717,7 @@ This policy setting denies read access to removable disks, which may include med - If you enable this policy setting, read access is denied to this removable storage class. -- If you disable or do not configure this policy setting, read access is allowed to this removable storage class. +- If you disable or don't configure this policy setting, read access is allowed to this removable storage class. @@ -787,7 +787,7 @@ This policy setting denies write access to removable disks, which may include me - If you enable this policy setting, write access is denied to this removable storage class. -- If you disable or do not configure this policy setting, write access is allowed to this removable storage class. +- If you disable or don't configure this policy setting, write access is allowed to this removable storage class. @@ -857,7 +857,7 @@ This policy setting denies write access to removable disks, which may include me - If you enable this policy setting, write access is denied to this removable storage class. -- If you disable or do not configure this policy setting, write access is allowed to this removable storage class. +- If you disable or don't configure this policy setting, write access is allowed to this removable storage class. diff --git a/windows/client-management/mdm/policy-csp-system.md b/windows/client-management/mdm/policy-csp-system.md index b0fa9f686b..fe0d8004e6 100644 --- a/windows/client-management/mdm/policy-csp-system.md +++ b/windows/client-management/mdm/policy-csp-system.md @@ -43,7 +43,7 @@ ms.topic: reference This policy setting determines whether users can get preview builds of Windows, by configuring controls in Settings > Update and security > Windows Insider Program. -- If you enable or do not configure this policy setting, users can download and install preview builds of Windows by configuring Windows Insider Program settings. +- If you enable or don't configure this policy setting, users can download and install preview builds of Windows by configuring Windows Insider Program settings. - If you disable this policy setting, Windows Insider Program settings will be unavailable to users through the Settings app. @@ -117,8 +117,8 @@ To enable this behavior: 1. Enable this policy setting 2. Join an Azure Active Directory account to the device -Windows diagnostic data is collected when the Allow Telemetry policy setting is set to value 1 - Required or above. Configuring this setting does not change the Windows diagnostic data collection level set for the device -If you disable or do not configure this setting, Microsoft will be the controller of the Windows diagnostic data collected from the device and processed in accordance with Microsoft's privacy statement at unless you have enabled policies like 'Allow Update Compliance Processing' or 'Allow Desktop Analytics Processing". +Windows diagnostic data is collected when the Allow Telemetry policy setting is set to value 1 - Required or above. Configuring this setting doesn't change the Windows diagnostic data collection level set for the device +If you disable or don't configure this setting, Microsoft will be the controller of the Windows diagnostic data collected from the device and processed in accordance with Microsoft's privacy statement at unless you have enabled policies like 'Allow Update Compliance Processing' or 'Allow Desktop Analytics Processing". See the documentation at for information on this and other policies that will result in Microsoft being the processor of Windows diagnostic data. @@ -196,7 +196,7 @@ To enable this behavior: 4. Set the Configure the Commercial ID setting for your Desktop Analytics workspace When these policies are configured, Windows diagnostic data collected from the device will be subject to Microsoft processor commitments. -This setting has no effect on devices unless they are properly enrolled in Desktop Analytics. If you disable this policy setting, devices will not appear in Desktop Analytics. +This setting has no effect on devices unless they're properly enrolled in Desktop Analytics. If you disable this policy setting, devices won't appear in Desktop Analytics. @@ -262,7 +262,7 @@ This setting has no effect on devices unless they are properly enrolled in Deskt This policy allows the device name to be sent to Microsoft as part of Windows diagnostic data. -If you disable or do not configure this policy setting, then device name will not be sent to Microsoft as part of Windows diagnostic data. +If you disable or don't configure this policy setting, then device name won't be sent to Microsoft as part of Windows diagnostic data. @@ -375,7 +375,7 @@ Specifies whether set general purpose device to be in embedded mode. Most restri > [!NOTE] -> This policy is not supported in Windows 10, version 1607. This policy setting determines the level that Microsoft can experiment with the product to study user preferences or device behavior. Most restricted value is 0. +> This policy isn't supported in Windows 10, version 1607. This policy setting determines the level that Microsoft can experiment with the product to study user preferences or device behavior. Most restricted value is 0. @@ -429,9 +429,9 @@ This policy setting determines whether Windows is allowed to download fonts and - If you enable this policy setting, Windows periodically queries an online font provider to determine whether a new font catalog is available. Windows may also download font data if needed to format or render text. -- If you disable this policy setting, Windows does not connect to an online font provider and only enumerates locally-installed fonts. +- If you disable this policy setting, Windows doesn't connect to an online font provider and only enumerates locally-installed fonts. -- If you do not configure this policy setting, the default behavior depends on the Windows edition. Changes to this policy take effect on reboot. +- If you don't configure this policy setting, the default behavior depends on the Windows edition. Changes to this policy take effect on reboot. @@ -522,9 +522,9 @@ Specifies whether to allow app access to the Location service. Most restricted v | Value | Description | |:--|:--| -| 0 | Force Location Off. All Location Privacy settings are toggled off and grayed out. Users cannot change the settings, and no apps are allowed access to the Location service, including Cortana and Search. | +| 0 | Force Location Off. All Location Privacy settings are toggled off and grayed out. Users can't change the settings, and no apps are allowed access to the Location service, including Cortana and Search. | | 1 (Default) | Location service is allowed. The user has control and can change Location Privacy settings on or off. | -| 2 | Force Location On. All Location Privacy settings are toggled on and grayed out. Users cannot change the settings and all consent permissions will be automatically suppressed. | +| 2 | Force Location On. All Location Privacy settings are toggled on and grayed out. Users can't change the settings and all consent permissions will be automatically suppressed. | @@ -568,7 +568,7 @@ This policy is deprecated and will only work on Windows 10 version 1809. Setting This policy setting configures an Azure Active Directory joined device so that Microsoft is the processor of the Windows diagnostic data collected from the device, subject to the Product Terms at< https://go.microsoft.com/fwlink/?linkid=2185086>. For customers who enroll into the Microsoft Managed Desktop service, enabling this policy is required to allow Microsoft to process data for operational and analytic needs. See for more information. hen these policies are configured, Windows diagnostic data collected from the device will be subject to Microsoft processor commitments. -This setting has no effect on devices unless they are properly enrolled in Microsoft Managed Desktop. If you disable this policy setting, devices may not appear in Microsoft Managed Desktop. +This setting has no effect on devices unless they're properly enrolled in Microsoft Managed Desktop. If you disable this policy setting, devices may not appear in Microsoft Managed Desktop. @@ -641,7 +641,7 @@ Controls whether the user is allowed to use the storage card for device storage. | Value | Description | |:--|:--| -| 0 | SD card use is not allowed and USB drives are disabled. This setting does not prevent programmatic access to the storage card. | +| 0 | SD card use isn't allowed and USB drives are disabled. This setting doesn't prevent programmatic access to the storage card. | | 1 (Default) | Allow a storage card. | @@ -672,13 +672,13 @@ Controls whether the user is allowed to use the storage card for device storage. -By configuring this policy setting you can adjust what diagnostic data is collected from Windows. This policy setting also restricts the user from increasing the amount of diagnostic data collection via the Settings app. The diagnostic data collected under this policy impacts the operating system and apps that are considered part of Windows and does not apply to any additional apps installed by your organization. +By configuring this policy setting you can adjust what diagnostic data is collected from Windows. This policy setting also restricts the user from increasing the amount of diagnostic data collection via the Settings app. The diagnostic data collected under this policy impacts the operating system and apps that are considered part of Windows and doesn't apply to any additional apps installed by your organization. - Diagnostic data off (not recommended). Using this value, no diagnostic data is sent from the device. This value is only supported on Enterprise, Education, and Server editions. - Send required diagnostic data. This is the minimum diagnostic data necessary to keep Windows secure, up to date, and performing as expected. Using this value disables the "Optional diagnostic data" control in the Settings app. - Send optional diagnostic data. Additional diagnostic data is collected that helps us to detect, diagnose and fix issues, as well as make product improvements. Required diagnostic data will always be included when you choose to send optional diagnostic data. Optional diagnostic data can also include diagnostic log files and crash dumps. Use the "Limit Dump Collection" and the "Limit Diagnostic Log Collection" policies for more granular control of what optional diagnostic data is sent. -If you disable or do not configure this policy setting, the device will send required diagnostic data and the end user can choose whether to send optional diagnostic data from the Settings app. +If you disable or don't configure this policy setting, the device will send required diagnostic data and the end user can choose whether to send optional diagnostic data from the Settings app. Note: The "Configure diagnostic data opt-in settings user interface" group policy can be used to prevent end users from changing their data collection settings. @@ -703,7 +703,7 @@ The "Configure diagnostic data opt-in settings user interface" group policy can | Value | Description | |:--|:--| -| 0 | Security. Information that is required to help keep Windows more secure, including data about the Connected User Experience and Telemetry component settings, the Malicious Software Removal Tool, and Windows Defender.
Note: This value is only applicable to Windows 10 Enterprise, Windows 10 Education, Windows 10 Mobile Enterprise, Windows 10 IoT Core (IoT Core), and Windows Server 2016. Using this setting on other devices is equivalent to setting the value of 1. | +| 0 | Security. Information that's required to help keep Windows more secure, including data about the Connected User Experience and Telemetry component settings, the Malicious Software Removal Tool, and Windows Defender.
Note: This value is only applicable to Windows 10 Enterprise, Windows 10 Education, Windows 10 Mobile Enterprise, Windows 10 IoT Core (IoT Core), and Windows Server 2016. Using this setting on other devices is equivalent to setting the value of 1. | | 1 (Default) | Basic. Basic device info, including: quality-related data, app compatibility, app usage data, and data from the Security level. | | 3 | Full. All data necessary to identify and help to fix problems, plus data from the Security, Basic, and Enhanced levels. | @@ -754,7 +754,7 @@ To enable this behavior: 4. Set the Configure the Commercial ID setting for your Update Compliance workspace When these policies are configured, Windows diagnostic data collected from the device will be subject to Microsoft processor commitments. -If you disable or do not configure this policy setting, devices will not appear in Update Compliance. +If you disable or don't configure this policy setting, devices won't appear in Update Compliance. @@ -876,7 +876,7 @@ To enable this behavior: 3. Set Allow Telemetry to value 1 - Required, or higher When these policies are configured, Windows diagnostic data collected from the device will be subject to Microsoft processor commitments. -If you disable or do not configure this policy setting, devices enrolled to the Windows Update for Business deployment service will not be able to take advantage of some deployment service features. +If you disable or don't configure this policy setting, devices enrolled to the Windows Update for Business deployment service won't be able to take advantage of some deployment service features. @@ -942,16 +942,16 @@ If you disable or do not configure this policy setting, devices enrolled to the This policy setting allows you to specify which boot-start drivers are initialized based on a classification determined by an Early Launch Antimalware boot-start driver. The Early Launch Antimalware boot-start driver can return the following classifications for each boot-start driver: - - Good: The driver has been signed and has not been tampered with. - - Bad: The driver has been identified as malware. It is recommended that you do not allow known bad drivers to be initialized. - - Bad, but required for boot: The driver has been identified as malware, but the computer cannot successfully boot without loading this driver. - - Unknown: This driver has not been attested to by your malware detection application and has not been classified by the Early Launch Antimalware boot-start driver. + - Good: The driver has been signed and hasn't been tampered with. + - Bad: The driver has been identified as malware. It's recommended that you don't allow known bad drivers to be initialized. + - Bad, but required for boot: The driver has been identified as malware, but the computer can't successfully boot without loading this driver. + - Unknown: This driver hasn't been attested to by your malware detection application and hasn't been classified by the Early Launch Antimalware boot-start driver. - If you enable this policy setting you will be able to choose which boot-start drivers to initialize the next time the computer is started. -- If you disable or do not configure this policy setting, the boot start drivers determined to be Good, Unknown or Bad but Boot Critical are initialized and the initialization of drivers determined to be Bad is skipped. +- If you disable or don't configure this policy setting, the boot start drivers determined to be Good, Unknown or Bad but Boot Critical are initialized and the initialization of drivers determined to be Bad is skipped. -If your malware detection application does not include an Early Launch Antimalware boot-start driver or if your Early Launch Antimalware boot-start driver has been disabled, this setting has no effect and all boot-start drivers are initialized. +If your malware detection application doesn't include an Early Launch Antimalware boot-start driver or if your Early Launch Antimalware boot-start driver has been disabled, this setting has no effect and all boot-start drivers are initialized. @@ -1064,7 +1064,7 @@ The value for this setting will be provided by Microsoft as part of the onboardi This policy setting controls whether notifications are shown, following a change to diagnostic data opt-in settings, on first logon and when the changes occur in settings. -If you set this policy setting to "Disable diagnostic data change notifications", diagnostic data opt-in change notifications will not appear. +If you set this policy setting to "Disable diagnostic data change notifications", diagnostic data opt-in change notifications won't appear. If you set this policy setting to "Enable diagnostic data change notifications" or don't configure this policy setting, diagnostic data opt-in change notifications appear at first logon and when the changes occur in Settings. @@ -1135,7 +1135,7 @@ If you set this policy setting to "Disable diagnostic data opt-in settings", dia If you don't configure this policy setting, or you set it to "Enable diagnostic data opt-in settings", end users can change the device diagnostic settings in the Settings app. Note: -To set a limit on the amount of diagnostic data that is sent to Microsoft by your organization, use the "Allow Diagnostic Data" policy setting. +To set a limit on the amount of diagnostic data that's sent to Microsoft by your organization, use the "Allow Diagnostic Data" policy setting. @@ -1265,7 +1265,7 @@ This policy setting controls whether the Delete diagnostic data button is enable This policy setting controls whether users can enable and launch the Diagnostic Data Viewer from the Diagnostic & feedback Settings page. -- If you enable this policy setting, the Diagnostic Data Viewer will not be enabled in Settings page, and it will prevent the viewer from showing diagnostic data collected by Microsoft from the device. +- If you enable this policy setting, the Diagnostic Data Viewer won't be enabled in Settings page, and it will prevent the viewer from showing diagnostic data collected by Microsoft from the device. - If you disable or don't configure this policy setting, the Diagnostic Data Viewer will be enabled in Settings page. @@ -1387,7 +1387,7 @@ This group policy allows control over whether the DirectX Database Updater task -This policy setting blocks the Connected User Experience and Telemetry service from automatically using an authenticated proxy to send data back to Microsoft on Windows 10. If you disable or do not configure this policy setting, the Connected User Experience and Telemetry service will automatically use an authenticated proxy to send data back to Microsoft. Enabling this policy will block the Connected User Experience and Telemetry service from automatically using an authenticated proxy. +This policy setting blocks the Connected User Experience and Telemetry service from automatically using an authenticated proxy to send data back to Microsoft on Windows 10. If you disable or don't configure this policy setting, the Connected User Experience and Telemetry service will automatically use an authenticated proxy to send data back to Microsoft. Enabling this policy will block the Connected User Experience and Telemetry service from automatically using an authenticated proxy. @@ -1459,7 +1459,7 @@ This policy setting lets you prevent apps and features from working with files o * OneDrive files aren't kept in sync with the cloud. * Users can't automatically upload photos and videos from the camera roll folder. -- If you disable or do not configure this policy setting, apps and features can work with OneDrive file storage. +- If you disable or don't configure this policy setting, apps and features can work with OneDrive file storage. @@ -1524,7 +1524,7 @@ This policy setting lets you prevent apps and features from working with files o This policy setting controls whether Windows attempts to connect with the OneSettings service. -- If you enable this policy, Windows will not attempt to connect with the OneSettings Service. +- If you enable this policy, Windows won't attempt to connect with the OneSettings Service. - If you disable or don't configure this policy setting, Windows will periodically attempt to connect with the OneSettings service to download configuration settings. @@ -1594,9 +1594,9 @@ This policy setting allows you to turn off System Restore. System Restore enables users, in the event of a problem, to restore their computers to a previous state without losing personal data files. By default, System Restore is turned on for the boot volume. -- If you enable this policy setting, System Restore is turned off, and the System Restore Wizard cannot be accessed. The option to configure System Restore or create a restore point through System Protection is also disabled. +- If you enable this policy setting, System Restore is turned off, and the System Restore Wizard can't be accessed. The option to configure System Restore or create a restore point through System Protection is also disabled. -- If you disable or do not configure this policy setting, users can perform System Restore and configure System Restore settings through System Protection. +- If you disable or don't configure this policy setting, users can perform System Restore and configure System Restore settings through System Protection. Also, see the "Turn off System Restore configuration" policy setting. If the "Turn off System Restore" policy setting is disabled or not configured, the "Turn off System Restore configuration" policy setting is used to determine whether the option to configure System Restore is available. @@ -1657,7 +1657,7 @@ This policy setting controls whether Windows records attempts to connect with th - If you enable this policy, Windows will record attempts to connect with the OneSettings service to the Microsoft\Windows\Privacy-Auditing\Operational EventLog channel. -- If you disable or don't configure this policy setting, Windows will not record attempts to connect with the OneSettings service to the EventLog. +- If you disable or don't configure this policy setting, Windows won't record attempts to connect with the OneSettings service to the EventLog. @@ -1719,7 +1719,7 @@ This policy setting controls whether Windows records attempts to connect with th -Diagnostic files created when a feedback is filed in the Feedback Hub app will always be saved locally. If this policy is not present or set to false, users will be presented with the option to save locally. The default is to not save locally. +Diagnostic files created when a feedback is filed in the Feedback Hub app will always be saved locally. If this policy isn't present or set to false, users will be presented with the option to save locally. The default is to not save locally. @@ -1741,7 +1741,7 @@ Diagnostic files created when a feedback is filed in the Feedback Hub app will a | Value | Description | |:--|:--| -| 0 (Default) | False. The Feedback Hub will not always save a local copy of diagnostics that may be created when a feedback is submitted. The user will have the option to do so. | +| 0 (Default) | False. The Feedback Hub won't always save a local copy of diagnostics that may be created when a feedback is submitted. The user will have the option to do so. | | 1 | True. The Feedback Hub should always save a local copy of diagnostics that may be created when a feedback is submitted. | @@ -1768,11 +1768,11 @@ Diagnostic files created when a feedback is filed in the Feedback Hub app will a -This policy controls messages which are shown when Windows is running on a device that does not meet the minimum system requirements for this OS version. +This policy controls messages which are shown when Windows is running on a device that doesn't meet the minimum system requirements for this OS version. - If you enable this policy setting, these messages will never appear on desktop or in the Settings app. -- If you disable or do not configure this policy setting, these messages will appear on desktop and in the Settings app when Windows is running on a device that does not meet the minimum system requirements for this OS version. +- If you disable or don't configure this policy setting, these messages will appear on desktop and in the Settings app when Windows is running on a device that doesn't meet the minimum system requirements for this OS version. @@ -1837,9 +1837,9 @@ This policy controls messages which are shown when Windows is running on a devic This policy setting controls whether additional diagnostic logs are collected when more information is needed to troubleshoot a problem on the device. Diagnostic logs are only sent when the device has been configured to send optional diagnostic data. -By enabling this policy setting, diagnostic logs will not be collected. +By enabling this policy setting, diagnostic logs won't be collected. -If you disable or do not configure this policy setting, we may occasionally collect diagnostic logs if the device has been configured to send optional diagnostic data. +If you disable or don't configure this policy setting, we may occasionally collect diagnostic logs if the device has been configured to send optional diagnostic data. @@ -1905,7 +1905,7 @@ This policy setting limits the type of dumps that can be collected when more inf By enabling this setting, Windows Error Reporting is limited to sending kernel mini dumps and user mode triage dumps. -If you disable or do not configure this policy setting, we may occasionally collect full or heap dumps if the user has opted to send optional diagnostic data. +If you disable or don't configure this policy setting, we may occasionally collect full or heap dumps if the user has opted to send optional diagnostic data. @@ -1979,7 +1979,7 @@ To enable the behavior described above, complete the following steps: When these policies are configured, Microsoft will collect only required diagnostic data and the events required by Desktop Analytics, which can be viewed at< https://go.microsoft.com/fwlink/?linkid=2116020>. -If you disable or do not configure this policy setting, diagnostic data collection is determined by the "Allow Diagnostic Data" policy setting or by the end user from the Settings app. +If you disable or don't configure this policy setting, diagnostic data collection is determined by the "Allow Diagnostic Data" policy setting or by the end user from the Settings app. @@ -2043,7 +2043,7 @@ If you disable or do not configure this policy setting, diagnostic data collecti With this policy setting, you can forward Connected User Experience and Telemetry requests to a proxy server. -If you enable this policy setting, you can specify the FQDN or IP address of the destination device within your organization's network (and optionally a port number, if desired). The connection will be made over a Secure Sockets Layer (SSL) connection. If the named proxy fails, or if you disable or do not configure this policy setting, Connected User Experience and Telemetry data will be sent to Microsoft using the default proxy configuration. +If you enable this policy setting, you can specify the FQDN or IP address of the destination device within your organization's network (and optionally a port number, if desired). The connection will be made over a Secure Sockets Layer (SSL) connection. If the named proxy fails, or if you disable or don't configure this policy setting, Connected User Experience and Telemetry data will be sent to Microsoft using the default proxy configuration. The format for this setting is ``:`` @@ -2100,9 +2100,9 @@ The format for this setting is ``:`` This policy setting allows you to turn off File History. -- If you enable this policy setting, File History cannot be activated to create regular, automatic backups. +- If you enable this policy setting, File History can't be activated to create regular, automatic backups. -- If you disable or do not configure this policy setting, File History can be activated to create regular, automatic backups. +- If you disable or don't configure this policy setting, File History can be activated to create regular, automatic backups. diff --git a/windows/client-management/mdm/policy-csp-tenantrestrictions.md b/windows/client-management/mdm/policy-csp-tenantrestrictions.md index 8b1720e1fa..0015fd1d3c 100644 --- a/windows/client-management/mdm/policy-csp-tenantrestrictions.md +++ b/windows/client-management/mdm/policy-csp-tenantrestrictions.md @@ -48,7 +48,7 @@ When you enable this setting, compliant applications will be prevented from acce -Before enabling firewall protection, ensure that a Windows Defender Application Control (WDAC) policy that correctly tags applications has been applied to the target devices. Enabling firewall protection without a corresponding WDAC policy will prevent all applications from reaching Microsoft endpoints. This firewall setting is not supported on all versions of Windows - see the following link for more information. +Before enabling firewall protection, ensure that a Windows Defender Application Control (WDAC) policy that correctly tags applications has been applied to the target devices. Enabling firewall protection without a corresponding WDAC policy will prevent all applications from reaching Microsoft endpoints. This firewall setting isn't supported on all versions of Windows - see the following link for more information. For details about setting up WDAC with tenant restrictions, see diff --git a/windows/client-management/mdm/policy-csp-textinput.md b/windows/client-management/mdm/policy-csp-textinput.md index dbd01ced03..8cf24f2de2 100644 --- a/windows/client-management/mdm/policy-csp-textinput.md +++ b/windows/client-management/mdm/policy-csp-textinput.md @@ -37,7 +37,7 @@ ms.topic: reference -Placeholder only. Do not use in production environment. +Placeholder only. Don't use in production environment. @@ -135,7 +135,7 @@ Allows the user to turn on and off the logging for incorrect conversion and savi -Allows the user to turn on Open Extended Dictionary, Internet search integration, or cloud candidate features to provide input suggestions that do not exist in the device's local dictionary. Most restricted value is 0. In Windows 10, version 1803, we introduced new suggestion services in Japanese IME in addition to cloud suggestion. When AllowIMENetworkAccess is set to 1, all suggestion services are available as predictive input. +Allows the user to turn on Open Extended Dictionary, Internet search integration, or cloud candidate features to provide input suggestions that don't exist in the device's local dictionary. Most restricted value is 0. In Windows 10, version 1803, we introduced new suggestion services in Japanese IME in addition to cloud suggestion. When AllowIMENetworkAccess is set to 1, all suggestion services are available as predictive input. @@ -609,7 +609,7 @@ This policy setting controls the ability to send inking and typing data to Micro -Allows the user to turn on or off the automatic downloading of newer versions of the Expressive Input UI. When downloading is not allowed the Expressive Input panel will always display the initial UI included with the base Windows image. Most restricted value is 0. The following list shows the supported values: 0 - Not allowed. 1 (default) - Allowed. +Allows the user to turn on or off the automatic downloading of newer versions of the Expressive Input UI. When downloading isn't allowed the Expressive Input panel will always display the initial UI included with the base Windows image. Most restricted value is 0. The following list shows the supported values: 0 - Not allowed. 1 (default) - Allowed. @@ -662,14 +662,14 @@ This policy setting controls the version of Microsoft IME. - If you don't configure this policy setting, user can control IME version to use. The new Microsoft IME is on by default. -- If you enable this, user is not allowed to control IME version to use. The previous version of Microsoft IME is always selected. +- If you enable this, user isn't allowed to control IME version to use. The previous version of Microsoft IME is always selected. -- If you disable this, user is not allowed to control IME version to use. The new Microsoft IME is always selected. +- If you disable this, user isn't allowed to control IME version to use. The new Microsoft IME is always selected. This Policy setting applies only to Microsoft Japanese IME. > [!NOTE] -> Changes to this setting will not take effect until the user logs off. +> Changes to this setting won't take effect until the user logs off. @@ -737,14 +737,14 @@ This policy setting controls the version of Microsoft IME. - If you don't configure this policy setting, user can control IME version to use. The new Microsoft IME is on by default. -- If you enable this, user is not allowed to control IME version to use. The previous version of Microsoft IME is always selected. +- If you enable this, user isn't allowed to control IME version to use. The previous version of Microsoft IME is always selected. -- If you disable this, user is not allowed to control IME version to use. The new Microsoft IME is always selected. +- If you disable this, user isn't allowed to control IME version to use. The new Microsoft IME is always selected. This Policy setting applies only to Microsoft Korean IME. > [!NOTE] -> Changes to this setting will not take effect until the user logs off. +> Changes to this setting won't take effect until the user logs off. @@ -803,14 +803,14 @@ This policy setting controls the version of Microsoft IME. - If you don't configure this policy setting, user can control IME version to use. The new Microsoft IME is on by default. -- If you enable this, user is not allowed to control IME version to use. The previous version of Microsoft IME is always selected. +- If you enable this, user isn't allowed to control IME version to use. The previous version of Microsoft IME is always selected. -- If you disable this, user is not allowed to control IME version to use. The new Microsoft IME is always selected. +- If you disable this, user isn't allowed to control IME version to use. The new Microsoft IME is always selected. This Policy setting applies only to Microsoft Simplified Chinese IME. > [!NOTE] -> Changes to this setting will not take effect until the user logs off. +> Changes to this setting won't take effect until the user logs off. @@ -878,14 +878,14 @@ This policy setting controls the version of Microsoft IME. - If you don't configure this policy setting, user can control IME version to use. The new Microsoft IME is on by default. -- If you enable this, user is not allowed to control IME version to use. The previous version of Microsoft IME is always selected. +- If you enable this, user isn't allowed to control IME version to use. The previous version of Microsoft IME is always selected. -- If you disable this, user is not allowed to control IME version to use. The new Microsoft IME is always selected. +- If you disable this, user isn't allowed to control IME version to use. The new Microsoft IME is always selected. This Policy setting applies only to Microsoft Traditional Chinese IME. > [!NOTE] -> Changes to this setting will not take effect until the user logs off. +> Changes to this setting won't take effect until the user logs off. diff --git a/windows/client-management/mdm/policy-csp-timelanguagesettings.md b/windows/client-management/mdm/policy-csp-timelanguagesettings.md index 57634c16d2..1243feb131 100644 --- a/windows/client-management/mdm/policy-csp-timelanguagesettings.md +++ b/windows/client-management/mdm/policy-csp-timelanguagesettings.md @@ -89,11 +89,11 @@ This policy is deprecated. -This policy setting controls whether the LPRemove task will run to clean up language packs installed on a machine but are not used by any users on that machine. +This policy setting controls whether the LPRemove task will run to clean up language packs installed on a machine but aren't used by any users on that machine. -- If you enable this policy setting, language packs that are installed as part of the system image will remain installed even if they are not used by any user on that system. +- If you enable this policy setting, language packs that are installed as part of the system image will remain installed even if they aren't used by any user on that system. -- If you disable or do not configure this policy setting, language packs that are installed as part of the system image but are not used by any user on that system will be removed as part of a scheduled clean up task. +- If you disable or don't configure this policy setting, language packs that are installed as part of the system image but aren't used by any user on that system will be removed as part of a scheduled clean up task. @@ -199,9 +199,9 @@ Specifies the time zone to be applied to the device. This is the standard Window This policy setting controls which UI language is used for computers with more than one UI language installed. -- If you enable this policy setting, the UI language of Windows menus and dialogs for systems with more than one language is restricted to a specified language. If the specified language is not installed on the target computer or you disable this policy setting, the language selection defaults to the language selected by the local administrator. +- If you enable this policy setting, the UI language of Windows menus and dialogs for systems with more than one language is restricted to a specified language. If the specified language isn't installed on the target computer or you disable this policy setting, the language selection defaults to the language selected by the local administrator. -- If you disable or do not configure this policy setting, there is no restriction of a specific language used for the Windows menus and dialogs. +- If you disable or don't configure this policy setting, there is no restriction of a specific language used for the Windows menus and dialogs. diff --git a/windows/client-management/mdm/policy-csp-troubleshooting.md b/windows/client-management/mdm/policy-csp-troubleshooting.md index 4d38c6e260..5d793747db 100644 --- a/windows/client-management/mdm/policy-csp-troubleshooting.md +++ b/windows/client-management/mdm/policy-csp-troubleshooting.md @@ -42,11 +42,11 @@ This policy setting configures how troubleshooting for known problems can be app Not configuring this policy setting will allow the user to configure how troubleshooting is applied. Enabling this policy allows you to configure how troubleshooting is applied on the user's device. You can select from one of the following values: -0 = Do not allow users, system features, or Microsoft to apply troubleshooting. +0 = Don't allow users, system features, or Microsoft to apply troubleshooting. 1 = Only automatically apply troubleshooting for critical problems by system features and Microsoft. 2 = Automatically apply troubleshooting for critical problems by system features and Microsoft. Notify users when troubleshooting for other problems is available and allow users to choose to apply or ignore. 3 = Automatically apply troubleshooting for critical and other problems by system features and Microsoft. Notify users when troubleshooting has solved a problem. -4 = Automatically apply troubleshooting for critical and other problems by system features and Microsoft. Do not notify users when troubleshooting has solved a problem. +4 = Automatically apply troubleshooting for critical and other problems by system features and Microsoft. Don't notify users when troubleshooting has solved a problem. 5 = Allow the user to choose their own troubleshooting settings. After setting this policy, you can use the following instructions to check devices in your domain for available troubleshooting from Microsoft: @@ -83,11 +83,11 @@ schtasks /run /TN "\Microsoft\Windows\Diagnosis\RecommendedTroubleshootingScanne | Value | Description | |:--|:--| -| 0 | Off - Do not allow users, system features, or Microsoft to apply troubleshooting. | -| 1 (Default) | Critical - Automatically apply troubleshooting for critical problems detected by system features and Microsoft. Do not notify users when troubleshooting has solved a problem. | +| 0 | Off - Don't allow users, system features, or Microsoft to apply troubleshooting. | +| 1 (Default) | Critical - Automatically apply troubleshooting for critical problems detected by system features and Microsoft. Don't notify users when troubleshooting has solved a problem. | | 2 | Prompt - Automatically apply troubleshooting for critical problems detected by system features and Microsoft. Prompt users when troubleshooting for other problems is available and allow the user to choose to apply or ignore. | | 3 | Notify - Automatically apply troubleshooting for critical and other problems detected by system features and Microsoft. Notify users when troubleshooting has solved a problem. | -| 4 | Silent - Automatically apply troubleshooting for critical and other problems detected by system features and Microsoft. Do not notify users when troubleshooting has solved a problem. | +| 4 | Silent - Automatically apply troubleshooting for critical and other problems detected by system features and Microsoft. Don't notify users when troubleshooting has solved a problem. | | 5 | Configurable - Allow the user to choose their own troubleshooting settings. | diff --git a/windows/client-management/mdm/policy-csp-update.md b/windows/client-management/mdm/policy-csp-update.md index 1b64f21d76..022286e154 100644 --- a/windows/client-management/mdm/policy-csp-update.md +++ b/windows/client-management/mdm/policy-csp-update.md @@ -123,7 +123,7 @@ Update CSP policies are listed below based on the group policy area: -When enabled, devices will not automatically restart outside of active hours until the deadline and grace period have expired for feature updates, even if an update is ready for restart. When disabled, an automatic restart may be attempted outside of active hours after update is ready for restart before the deadline is reached. Takes effect only if Update/ConfigureDeadlineForFeatureUpdates is configured. +When enabled, devices won't automatically restart outside of active hours until the deadline and grace period have expired for feature updates, even if an update is ready for restart. When disabled, an automatic restart may be attempted outside of active hours after update is ready for restart before the deadline is reached. Takes effect only if Update/ConfigureDeadlineForFeatureUpdates is configured. @@ -182,7 +182,7 @@ When enabled, devices will not automatically restart outside of active hours unt -When enabled, devices will not automatically restart outside of active hours until the deadline and grace period have expired for quality updates, even if an update is ready for restart. When disabled, an automatic restart may be attempted outside of active hours after update is ready for restart before the deadline is reached. Takes effect only if Update/ConfigureDeadlineForQualityUpdates is configured. +When enabled, devices won't automatically restart outside of active hours until the deadline and grace period have expired for quality updates, even if an update is ready for restart. When disabled, an automatic restart may be attempted outside of active hours after update is ready for restart before the deadline is reached. Takes effect only if Update/ConfigureDeadlineForQualityUpdates is configured. @@ -266,7 +266,7 @@ Allows the IT admin to manage whether Automatic Updates accepts updates signed b | Value | Description | |:--|:--| | 0 | Not allowed or not configured. Updates from an intranet Microsoft update service location must be signed by Microsoft. | -| 1 (Default) | Allowed. Accepts updates received through an intranet Microsoft update service location, if they are signed by a certificate found in the 'Trusted Publishers' certificate store of the local computer. | +| 1 (Default) | Allowed. Accepts updates received through an intranet Microsoft update service location, if they're signed by a certificate found in the 'Trusted Publishers' certificate store of the local computer. | @@ -298,7 +298,7 @@ The maintenance wakeup policy specifies if Automatic Maintenance should make a w - If you enable this policy setting, Automatic Maintenance will attempt to set OS wake policy and make a wake request for the daily scheduled time, if required. -- If you disable or do not configure this policy setting, the wake setting as specified in Security and Maintenance/Automatic Maintenance Control Panel will apply. +- If you disable or don't configure this policy setting, the wake setting as specified in Security and Maintenance/Automatic Maintenance Control Panel will apply. @@ -460,7 +460,7 @@ Pause Updates | To prevent Feature Updates from being offered to the device, you |:--|:--| | Name | DeferFeatureUpdates | | Friendly Name | Select when Preview Builds and Feature Updates are received | -| Element Name | How many days after a Feature Update is released would you like to defer the update before it is offered to the device? | +| Element Name | How many days after a Feature Update is released would you like to defer the update before it's offered to the device? | | Location | Computer Configuration | | Path | Windows Components > Windows Update > Manage updates offered from Windows Update | | Registry Key Name | Software\Policies\Microsoft\Windows\WindowsUpdate | @@ -498,7 +498,7 @@ To prevent quality updates from being received on their scheduled time, you can To resume receiving Quality Updates which are paused, clear the start date field. -If you disable or do not configure this policy, Windows Update will not alter its behavior. +If you disable or don't configure this policy, Windows Update won't alter its behavior. @@ -586,7 +586,7 @@ IT admins can, if necessary, opt devices out of safeguard protections using this | Value | Description | |:--|:--| | 0 (Default) | Safeguards are enabled and devices may be blocked for upgrades until the safeguard is cleared. | -| 1 | Safeguards are not enabled and upgrades will be deployed without blocking on safeguards. | +| 1 | Safeguards aren't enabled and upgrades will be deployed without blocking on safeguards. | @@ -614,7 +614,7 @@ IT admins can, if necessary, opt devices out of safeguard protections using this Enable this policy to not include drivers with Windows quality updates. -If you disable or do not configure this policy, Windows Update will include updates that have a Driver classification. +If you disable or don't configure this policy, Windows Update will include updates that have a Driver classification. @@ -680,7 +680,7 @@ If you disable or do not configure this policy, Windows Update will include upda Enable this policy to manage which updates you receive prior to the update being released to the world. Dev Channel -Ideal for highly technical users. Insiders in the Dev Channel will receive builds from our active development branch that is earliest in a development cycle. These builds are not matched to a specific Windows 10 release. +Ideal for highly technical users. Insiders in the Dev Channel will receive builds from our active development branch that's earliest in a development cycle. These builds aren't matched to a specific Windows 10 release. Beta Channel Ideal for feature explorers who want to see upcoming Windows 10 features. Your feedback will be especially important here as it will help our engineers ensure key issues are fixed before a major release. @@ -694,7 +694,7 @@ Ideal for those who want to validate the features and fixes coming soon to their > [!NOTE] > Preview Build enrollment requires a telemetry level setting of 2 or higher and your domain registered on insider.windows.com. For additional information on Preview Builds, see: -If you disable or do not configure this policy, Windows Update will not offer you any pre-release updates and you will receive such content once released to the world. Disabling this policy will cause any devices currently on a pre-release build to opt out and stay on the latest Feature Update once released. +If you disable or don't configure this policy, Windows Update won't offer you any pre-release updates and you will receive such content once released to the world. Disabling this policy will cause any devices currently on a pre-release build to opt out and stay on the latest Feature Update once released. @@ -786,7 +786,7 @@ Pause Updates | To prevent Feature Updates from being offered to the device, you | Value | Description | |:--|:--| -| 0 (Default) | Feature Updates are not paused. | +| 0 (Default) | Feature Updates aren't paused. | | 1 | Feature Updates are paused for 60 days or until value set to back to 0, whichever is sooner. | @@ -887,7 +887,7 @@ To prevent quality updates from being received on their scheduled time, you can To resume receiving Quality Updates which are paused, clear the start date field. -If you disable or do not configure this policy, Windows Update will not alter its behavior. +If you disable or don't configure this policy, Windows Update won't alter its behavior. @@ -911,7 +911,7 @@ If you disable or do not configure this policy, Windows Update will not alter it | Value | Description | |:--|:--| -| 0 (Default) | Quality Updates are not paused. | +| 0 (Default) | Quality Updates aren't paused. | | 1 | Quality Updates are paused for 35 days or until value set back to 0, whichever is sooner. | @@ -1216,7 +1216,7 @@ If the status is set to Disabled or Not Configured, Windows will check for avail > If the "Configure Automatic Updates" policy is disabled, this policy has no effect. > [!NOTE] -> This policy is not supported on %WINDOWS_ARM_VERSION_6_2%. Setting this policy will not have any effect on %WINDOWS_ARM_VERSION_6_2% PCs. +> This policy isn't supported on %WINDOWS_ARM_VERSION_6_2%. Setting this policy won't have any effect on %WINDOWS_ARM_VERSION_6_2% PCs. @@ -1309,7 +1309,7 @@ This policy should be enabled only when [UpdateServiceUrl](#updateserviceurl) is |:--|:--| | Name | CorpWuURL | | Friendly Name | Specify intranet Microsoft update service location | -| Element Name | Do not enforce TLS certificate pinning for Windows Update client for detecting updates. | +| Element Name | Don't enforce TLS certificate pinning for Windows Update client for detecting updates. | | Location | Computer Configuration | | Path | Windows Components > Windows Update > Manage updates offered from Windows Server Update Service | | Registry Key Name | Software\Policies\Microsoft\Windows\WindowsUpdate | @@ -1339,10 +1339,10 @@ This policy should be enabled only when [UpdateServiceUrl](#updateserviceurl) is -Allows Windows Update Agent to determine the download URL when it is missing from the metadata. This scenario will occur when intranet update service stores the metadata files but the download contents are stored in the ISV file cache (specified as the alternate download URL). +Allows Windows Update Agent to determine the download URL when it's missing from the metadata. This scenario will occur when intranet update service stores the metadata files but the download contents are stored in the ISV file cache (specified as the alternate download URL). > [!NOTE] -> This setting should only be used in combination with an alternate download URL and configured to use ISV file cache. This setting is used when the intranet update service does not provide download URLs in the update metadata for files which are available on the alternate download server. +> This setting should only be used in combination with an alternate download URL and configured to use ISV file cache. This setting is used when the intranet update service doesn't provide download URLs in the update metadata for files which are available on the alternate download server. @@ -1749,7 +1749,7 @@ This policy setting doesn't impact those customers who have, per Microsoft recom -Allows the device to check for updates from a WSUS server instead of Microsoft Update. This is useful for on-premises MDMs that need to update devices that cannot connect to the Internet. +Allows the device to check for updates from a WSUS server instead of Microsoft Update. This is useful for on-premises MDMs that need to update devices that can't connect to the Internet. @@ -1824,10 +1824,10 @@ The following list shows the supported values: -Specifies an alternate intranet server to host updates from Microsoft Update. You can then use this update service to automatically update computers on your network. This setting lets you specify a server on your network to function as an internal update service. The Automatic Updates client will search this service for updates that apply to the computers on your network. To use this setting, you must set two server name values: the server from which the Automatic Updates client detects and downloads updates, and the server to which updated workstations upload statistics. You can set both values to be the same server. An optional server name value can be specified to configure Windows Update agent, and download updates from an alternate download server instead of WSUS Server. Value type is string and the default value is an empty string, . If the setting is not configured, and if Automatic Updates is not disabled by policy or user preference, the Automatic Updates client connects directly to the Windows Update site on the Internet. +Specifies an alternate intranet server to host updates from Microsoft Update. You can then use this update service to automatically update computers on your network. This setting lets you specify a server on your network to function as an internal update service. The Automatic Updates client will search this service for updates that apply to the computers on your network. To use this setting, you must set two server name values: the server from which the Automatic Updates client detects and downloads updates, and the server to which updated workstations upload statistics. You can set both values to be the same server. An optional server name value can be specified to configure Windows Update agent, and download updates from an alternate download server instead of WSUS Server. Value type is string and the default value is an empty string, . If the setting isn't configured, and if Automatic Updates isn't disabled by policy or user preference, the Automatic Updates client connects directly to the Windows Update site on the Internet. > [!NOTE] -> If the Configure Automatic Updates Group Policy is disabled, then this policy has no effect. If the Alternate Download Server Group Policy is not set, it will use the WSUS server by default to download updates. This policy is not supported on Windows RT. Setting this policy will not have any effect on Windows RT PCs. +> If the Configure Automatic Updates Group Policy is disabled, then this policy has no effect. If the Alternate Download Server Group Policy isn't set, it will use the WSUS server by default to download updates. This policy isn't supported on Windows RT. Setting this policy won't have any effect on Windows RT PCs. @@ -1883,15 +1883,15 @@ Specifies an alternate intranet server to host updates from Microsoft Update. Yo -- If you enable this policy, the PC will not automatically restart after updates during active hours. The PC will attempt to restart outside of active hours. +- If you enable this policy, the PC won't automatically restart after updates during active hours. The PC will attempt to restart outside of active hours. Note that the PC must restart for certain updates to take effect. -- If you disable or do not configure this policy and have no other reboot group policies, the user selected active hours will be in effect. +- If you disable or don't configure this policy and have no other reboot group policies, the user selected active hours will be in effect. If any of the following two policies are enabled, this policy has no effect: -1. No auto-restart with logged on users for scheduled automatic updates installations. +1. No auto-restart with logged-on users for scheduled automatic updates installations. 2. Always automatically restart at scheduled time. Note that the default max active hours range is 18 hours from the active hours start time unless otherwise configured via the Specify active hours range for auto-restarts policy. @@ -1953,7 +1953,7 @@ Enable this policy to specify the maximum number of hours from the start time th The max active hours range can be set between 8 and 18 hours. -If you disable or do not configure this policy, the default max active hours range will be used. +If you disable or don't configure this policy, the default max active hours range will be used. @@ -2009,15 +2009,15 @@ If you disable or do not configure this policy, the default max active hours ran -- If you enable this policy, the PC will not automatically restart after updates during active hours. The PC will attempt to restart outside of active hours. +- If you enable this policy, the PC won't automatically restart after updates during active hours. The PC will attempt to restart outside of active hours. Note that the PC must restart for certain updates to take effect. -- If you disable or do not configure this policy and have no other reboot group policies, the user selected active hours will be in effect. +- If you disable or don't configure this policy and have no other reboot group policies, the user selected active hours will be in effect. If any of the following two policies are enabled, this policy has no effect: -1. No auto-restart with logged on users for scheduled automatic updates installations. +1. No auto-restart with logged-on users for scheduled automatic updates installations. 2. Always automatically restart at scheduled time. Note that the default max active hours range is 18 hours from the active hours start time unless otherwise configured via the Specify active hours range for auto-restarts policy. @@ -2078,7 +2078,7 @@ Note that the default max active hours range is 18 hours from the active hours s Specifies whether this computer will receive security updates and other important downloads through the Windows automatic updating service. > [!NOTE] -> This policy does not apply to %WINDOWS_ARM_VERSION_6_2%. +> This policy doesn't apply to %WINDOWS_ARM_VERSION_6_2%. This setting lets you specify whether automatic updates are enabled on this computer. If the service is enabled, you must select one of the four options in the Group Policy Setting: @@ -2086,9 +2086,9 @@ This setting lets you specify whether automatic updates are enabled on this comp When Windows finds updates that apply to this computer, users will be notified that updates are ready to be downloaded. After going to Windows Update, users can download and install any available updates. -3 = (Default setting) Download the updates automatically and notify when they are ready to be installed +3 = (Default setting) Download the updates automatically and notify when they're ready to be installed -Windows finds updates that apply to the computer and downloads them in the background (the user is not notified or interrupted during this process). When the downloads are complete, users will be notified that they are ready to install. After going to Windows Update, users can install them. +Windows finds updates that apply to the computer and downloads them in the background (the user isn't notified or interrupted during this process). When the downloads are complete, users will be notified that they're ready to install. After going to Windows Update, users can install them. 4 = Automatically download updates and install them on the schedule specified below. @@ -2096,11 +2096,11 @@ When "Automatic" is selected as the scheduled install time, Windows will automat Specify the schedule using the options in the Group Policy Setting. For version 1709 and above, there is an additional choice of limiting updating to a weekly, bi-weekly, or monthly occurrence. If no schedule is specified, the default schedule for all installations will be every day at 3:00 AM. If any updates require a restart to complete the installation, Windows will restart the computer automatically. (If a user is signed in to the computer when Windows is ready to restart, the user will be notified and given the option to delay the restart.) -On %WINDOWS_CLIENT_VERSION_6_2% and later, you can set updates to install during automatic maintenance instead of a specific schedule. Automatic maintenance will install updates when the computer is not in use and avoid doing so when the computer is running on battery power. If automatic maintenance is unable to install updates for 2 days, Windows Update will install updates right away. Users will then be notified about an upcoming restart, and that restart will only take place if there is no potential for accidental data loss. +On %WINDOWS_CLIENT_VERSION_6_2% and later, you can set updates to install during automatic maintenance instead of a specific schedule. Automatic maintenance will install updates when the computer isn't in use and avoid doing so when the computer is running on battery power. If automatic maintenance is unable to install updates for 2 days, Windows Update will install updates right away. Users will then be notified about an upcoming restart, and that restart will only take place if there is no potential for accidental data loss. -5 = Allow local administrators to select the configuration mode that Automatic Updates should notify and install updates. (This option has not been carried over to any Win 10 Versions) +5 = Allow local administrators to select the configuration mode that Automatic Updates should notify and install updates. (This option hasn't been carried over to any Win 10 Versions) -With this option, local administrators will be allowed to use the Windows Update control panel to select a configuration option of their choice. Local administrators will not be allowed to disable the configuration for Automatic Updates. +With this option, local administrators will be allowed to use the Windows Update control panel to select a configuration option of their choice. Local administrators won't be allowed to disable the configuration for Automatic Updates. 7 = Notify for install and notify for restart. (Windows Server only) @@ -2108,7 +2108,7 @@ With this option from Windows Server 2016, applicable only to Server SKU devices If the status for this policy is set to Disabled, any updates that are available on Windows Update must be downloaded and installed manually. To do this, search for Windows Update using Start. -If the status is set to Not Configured, use of Automatic Updates is not specified at the Group Policy level. However, an administrator can still configure Automatic Updates through Control Panel. +If the status is set to Not Configured, use of Automatic Updates isn't specified at the Group Policy level. However, an administrator can still configure Automatic Updates through Control Panel. @@ -2131,10 +2131,10 @@ If the status is set to Not Configured, use of Automatic Updates is not specifie | Value | Description | |:--|:--| | 0 | Notify the user before downloading the update. This policy is used by the enterprise who wants to enable the end-users to manage data usage. With this option users are notified when there are updates that apply to the device and are ready for download. Users can download and install the updates from the Windows Update control panel. | -| 1 | Auto install the update and then notify the user to schedule a device restart. Updates are downloaded automatically on non-metered networks and installed during "Automatic Maintenance" when the device is not in use and is not running on battery power. If automatic maintenance is unable to install updates for two days, Windows Update will install updates immediately. If the installation requires a restart, the end-user is prompted to schedule the restart time. The end-user has up to seven days to schedule the restart and after that, a restart of the device is forced. Enabling the end-user to control the start time reduces the risk of accidental data loss caused by applications that do not shutdown properly on restart. | -| 2 (Default) | Auto install and restart. Updates are downloaded automatically on non-metered networks and installed during "Automatic Maintenance" when the device is not in use and is not running on battery power. If automatic maintenance is unable to install updates for two days, Windows Update will install updates right away. If a restart is required, then the device is automatically restarted when the device is not actively being used. This is the default behavior for unmanaged devices. Devices are updated quickly, but it increases the risk of accidental data loss caused by an application that does not shutdown properly on restart. | +| 1 | Auto install the update and then notify the user to schedule a device restart. Updates are downloaded automatically on non-metered networks and installed during "Automatic Maintenance" when the device isn't in use and isn't running on battery power. If automatic maintenance is unable to install updates for two days, Windows Update will install updates immediately. If the installation requires a restart, the end-user is prompted to schedule the restart time. The end-user has up to seven days to schedule the restart and after that, a restart of the device is forced. Enabling the end-user to control the start time reduces the risk of accidental data loss caused by applications that don't shutdown properly on restart. | +| 2 (Default) | Auto install and restart. Updates are downloaded automatically on non-metered networks and installed during "Automatic Maintenance" when the device isn't in use and isn't running on battery power. If automatic maintenance is unable to install updates for two days, Windows Update will install updates right away. If a restart is required, then the device is automatically restarted when the device isn't actively being used. This is the default behavior for unmanaged devices. Devices are updated quickly, but it increases the risk of accidental data loss caused by an application that doesn't shutdown properly on restart. | | 3 | Auto install and restart at a specified time. The IT specifies the installation day and time. If no day and time are specified, the default is 3 AM daily. Automatic installation happens at this time and device restart happens after a 15-minute countdown. If the user is logged in when Windows is ready to restart, the user can interrupt the 15-minute countdown to delay the restart. | -| 4 | Auto install and restart without end-user control. Updates are downloaded automatically on non-metered networks and installed during "Automatic Maintenance" when the device is not in use and is not running on battery power. If automatic maintenance is unable to install updates for two days, Windows Update will install updates right away. If a restart is required, then the device is automatically restarted when the device is not actively being used. This setting option also sets the end-user control panel to read-only. | +| 4 | Auto install and restart without end-user control. Updates are downloaded automatically on non-metered networks and installed during "Automatic Maintenance" when the device isn't in use and isn't running on battery power. If automatic maintenance is unable to install updates for two days, Windows Update will install updates right away. If a restart is required, then the device is automatically restarted when the device isn't actively being used. This setting option also sets the end-user control panel to read-only. | | 5 | Turn off automatic updates. | @@ -2244,7 +2244,7 @@ This policy is accessible through the Update setting in the user interface or Gr Specifies whether this computer will receive security updates and other important downloads through the Windows automatic updating service. > [!NOTE] -> This policy does not apply to %WINDOWS_ARM_VERSION_6_2%. +> This policy doesn't apply to %WINDOWS_ARM_VERSION_6_2%. This setting lets you specify whether automatic updates are enabled on this computer. If the service is enabled, you must select one of the four options in the Group Policy Setting: @@ -2252,9 +2252,9 @@ This setting lets you specify whether automatic updates are enabled on this comp When Windows finds updates that apply to this computer, users will be notified that updates are ready to be downloaded. After going to Windows Update, users can download and install any available updates. -3 = (Default setting) Download the updates automatically and notify when they are ready to be installed +3 = (Default setting) Download the updates automatically and notify when they're ready to be installed -Windows finds updates that apply to the computer and downloads them in the background (the user is not notified or interrupted during this process). When the downloads are complete, users will be notified that they are ready to install. After going to Windows Update, users can install them. +Windows finds updates that apply to the computer and downloads them in the background (the user isn't notified or interrupted during this process). When the downloads are complete, users will be notified that they're ready to install. After going to Windows Update, users can install them. 4 = Automatically download updates and install them on the schedule specified below. @@ -2262,11 +2262,11 @@ When "Automatic" is selected as the scheduled install time, Windows will automat Specify the schedule using the options in the Group Policy Setting. For version 1709 and above, there is an additional choice of limiting updating to a weekly, bi-weekly, or monthly occurrence. If no schedule is specified, the default schedule for all installations will be every day at 3:00 AM. If any updates require a restart to complete the installation, Windows will restart the computer automatically. (If a user is signed in to the computer when Windows is ready to restart, the user will be notified and given the option to delay the restart.) -On %WINDOWS_CLIENT_VERSION_6_2% and later, you can set updates to install during automatic maintenance instead of a specific schedule. Automatic maintenance will install updates when the computer is not in use and avoid doing so when the computer is running on battery power. If automatic maintenance is unable to install updates for 2 days, Windows Update will install updates right away. Users will then be notified about an upcoming restart, and that restart will only take place if there is no potential for accidental data loss. +On %WINDOWS_CLIENT_VERSION_6_2% and later, you can set updates to install during automatic maintenance instead of a specific schedule. Automatic maintenance will install updates when the computer isn't in use and avoid doing so when the computer is running on battery power. If automatic maintenance is unable to install updates for 2 days, Windows Update will install updates right away. Users will then be notified about an upcoming restart, and that restart will only take place if there is no potential for accidental data loss. -5 = Allow local administrators to select the configuration mode that Automatic Updates should notify and install updates. (This option has not been carried over to any Win 10 Versions) +5 = Allow local administrators to select the configuration mode that Automatic Updates should notify and install updates. (This option hasn't been carried over to any Win 10 Versions) -With this option, local administrators will be allowed to use the Windows Update control panel to select a configuration option of their choice. Local administrators will not be allowed to disable the configuration for Automatic Updates. +With this option, local administrators will be allowed to use the Windows Update control panel to select a configuration option of their choice. Local administrators won't be allowed to disable the configuration for Automatic Updates. 7 = Notify for install and notify for restart. (Windows Server only) @@ -2274,7 +2274,7 @@ With this option from Windows Server 2016, applicable only to Server SKU devices If the status for this policy is set to Disabled, any updates that are available on Windows Update must be downloaded and installed manually. To do this, search for Windows Update using Start. -If the status is set to Not Configured, use of Automatic Updates is not specified at the Group Policy level. However, an administrator can still configure Automatic Updates through Control Panel. +If the status is set to Not Configured, use of Automatic Updates isn't specified at the Group Policy level. However, an administrator can still configure Automatic Updates through Control Panel. @@ -2639,7 +2639,7 @@ Minimum number of days from update installation until restarts occur automatical -When enabled, devices will not automatically restart outside of active hours until the deadline and grace period have expired, even if an update is ready for restart. When disabled, an automatic restart may be attempted outside of active hours after update is ready for restart before the deadline is reached. Takes effect only if Update/ConfigureDeadlineForQualityUpdates or Update/ConfigureDeadlineForFeatureUpdates is configured. +When enabled, devices won't automatically restart outside of active hours until the deadline and grace period have expired, even if an update is ready for restart. When disabled, an automatic restart may be attempted outside of active hours after update is ready for restart before the deadline is reached. Takes effect only if Update/ConfigureDeadlineForQualityUpdates or Update/ConfigureDeadlineForFeatureUpdates is configured. @@ -2819,7 +2819,7 @@ If you select "Apply only during active hours" in conjunction with Option 1 or 2 Specifies whether this computer will receive security updates and other important downloads through the Windows automatic updating service. > [!NOTE] -> This policy does not apply to %WINDOWS_ARM_VERSION_6_2%. +> This policy doesn't apply to %WINDOWS_ARM_VERSION_6_2%. This setting lets you specify whether automatic updates are enabled on this computer. If the service is enabled, you must select one of the four options in the Group Policy Setting: @@ -2827,9 +2827,9 @@ This setting lets you specify whether automatic updates are enabled on this comp When Windows finds updates that apply to this computer, users will be notified that updates are ready to be downloaded. After going to Windows Update, users can download and install any available updates. -3 = (Default setting) Download the updates automatically and notify when they are ready to be installed +3 = (Default setting) Download the updates automatically and notify when they're ready to be installed -Windows finds updates that apply to the computer and downloads them in the background (the user is not notified or interrupted during this process). When the downloads are complete, users will be notified that they are ready to install. After going to Windows Update, users can install them. +Windows finds updates that apply to the computer and downloads them in the background (the user isn't notified or interrupted during this process). When the downloads are complete, users will be notified that they're ready to install. After going to Windows Update, users can install them. 4 = Automatically download updates and install them on the schedule specified below. @@ -2837,11 +2837,11 @@ When "Automatic" is selected as the scheduled install time, Windows will automat Specify the schedule using the options in the Group Policy Setting. For version 1709 and above, there is an additional choice of limiting updating to a weekly, bi-weekly, or monthly occurrence. If no schedule is specified, the default schedule for all installations will be every day at 3:00 AM. If any updates require a restart to complete the installation, Windows will restart the computer automatically. (If a user is signed in to the computer when Windows is ready to restart, the user will be notified and given the option to delay the restart.) -On %WINDOWS_CLIENT_VERSION_6_2% and later, you can set updates to install during automatic maintenance instead of a specific schedule. Automatic maintenance will install updates when the computer is not in use and avoid doing so when the computer is running on battery power. If automatic maintenance is unable to install updates for 2 days, Windows Update will install updates right away. Users will then be notified about an upcoming restart, and that restart will only take place if there is no potential for accidental data loss. +On %WINDOWS_CLIENT_VERSION_6_2% and later, you can set updates to install during automatic maintenance instead of a specific schedule. Automatic maintenance will install updates when the computer isn't in use and avoid doing so when the computer is running on battery power. If automatic maintenance is unable to install updates for 2 days, Windows Update will install updates right away. Users will then be notified about an upcoming restart, and that restart will only take place if there is no potential for accidental data loss. -5 = Allow local administrators to select the configuration mode that Automatic Updates should notify and install updates. (This option has not been carried over to any Win 10 Versions) +5 = Allow local administrators to select the configuration mode that Automatic Updates should notify and install updates. (This option hasn't been carried over to any Win 10 Versions) -With this option, local administrators will be allowed to use the Windows Update control panel to select a configuration option of their choice. Local administrators will not be allowed to disable the configuration for Automatic Updates. +With this option, local administrators will be allowed to use the Windows Update control panel to select a configuration option of their choice. Local administrators won't be allowed to disable the configuration for Automatic Updates. 7 = Notify for install and notify for restart. (Windows Server only) @@ -2849,7 +2849,7 @@ With this option from Windows Server 2016, applicable only to Server SKU devices If the status for this policy is set to Disabled, any updates that are available on Windows Update must be downloaded and installed manually. To do this, search for Windows Update using Start. -If the status is set to Not Configured, use of Automatic Updates is not specified at the Group Policy level. However, an administrator can still configure Automatic Updates through Control Panel. +If the status is set to Not Configured, use of Automatic Updates isn't specified at the Group Policy level. However, an administrator can still configure Automatic Updates through Control Panel. @@ -2923,7 +2923,7 @@ If the status is set to Not Configured, use of Automatic Updates is not specifie Specifies whether this computer will receive security updates and other important downloads through the Windows automatic updating service. > [!NOTE] -> This policy does not apply to %WINDOWS_ARM_VERSION_6_2%. +> This policy doesn't apply to %WINDOWS_ARM_VERSION_6_2%. This setting lets you specify whether automatic updates are enabled on this computer. If the service is enabled, you must select one of the four options in the Group Policy Setting: @@ -2931,9 +2931,9 @@ This setting lets you specify whether automatic updates are enabled on this comp When Windows finds updates that apply to this computer, users will be notified that updates are ready to be downloaded. After going to Windows Update, users can download and install any available updates. -3 = (Default setting) Download the updates automatically and notify when they are ready to be installed +3 = (Default setting) Download the updates automatically and notify when they're ready to be installed -Windows finds updates that apply to the computer and downloads them in the background (the user is not notified or interrupted during this process). When the downloads are complete, users will be notified that they are ready to install. After going to Windows Update, users can install them. +Windows finds updates that apply to the computer and downloads them in the background (the user isn't notified or interrupted during this process). When the downloads are complete, users will be notified that they're ready to install. After going to Windows Update, users can install them. 4 = Automatically download updates and install them on the schedule specified below. @@ -2941,11 +2941,11 @@ When "Automatic" is selected as the scheduled install time, Windows will automat Specify the schedule using the options in the Group Policy Setting. For version 1709 and above, there is an additional choice of limiting updating to a weekly, bi-weekly, or monthly occurrence. If no schedule is specified, the default schedule for all installations will be every day at 3:00 AM. If any updates require a restart to complete the installation, Windows will restart the computer automatically. (If a user is signed in to the computer when Windows is ready to restart, the user will be notified and given the option to delay the restart.) -On %WINDOWS_CLIENT_VERSION_6_2% and later, you can set updates to install during automatic maintenance instead of a specific schedule. Automatic maintenance will install updates when the computer is not in use and avoid doing so when the computer is running on battery power. If automatic maintenance is unable to install updates for 2 days, Windows Update will install updates right away. Users will then be notified about an upcoming restart, and that restart will only take place if there is no potential for accidental data loss. +On %WINDOWS_CLIENT_VERSION_6_2% and later, you can set updates to install during automatic maintenance instead of a specific schedule. Automatic maintenance will install updates when the computer isn't in use and avoid doing so when the computer is running on battery power. If automatic maintenance is unable to install updates for 2 days, Windows Update will install updates right away. Users will then be notified about an upcoming restart, and that restart will only take place if there is no potential for accidental data loss. -5 = Allow local administrators to select the configuration mode that Automatic Updates should notify and install updates. (This option has not been carried over to any Win 10 Versions) +5 = Allow local administrators to select the configuration mode that Automatic Updates should notify and install updates. (This option hasn't been carried over to any Win 10 Versions) -With this option, local administrators will be allowed to use the Windows Update control panel to select a configuration option of their choice. Local administrators will not be allowed to disable the configuration for Automatic Updates. +With this option, local administrators will be allowed to use the Windows Update control panel to select a configuration option of their choice. Local administrators won't be allowed to disable the configuration for Automatic Updates. 7 = Notify for install and notify for restart. (Windows Server only) @@ -2953,7 +2953,7 @@ With this option from Windows Server 2016, applicable only to Server SKU devices If the status for this policy is set to Disabled, any updates that are available on Windows Update must be downloaded and installed manually. To do this, search for Windows Update using Start. -If the status is set to Not Configured, use of Automatic Updates is not specified at the Group Policy level. However, an administrator can still configure Automatic Updates through Control Panel. +If the status is set to Not Configured, use of Automatic Updates isn't specified at the Group Policy level. However, an administrator can still configure Automatic Updates through Control Panel. @@ -3021,7 +3021,7 @@ If the status is set to Not Configured, use of Automatic Updates is not specifie Specifies whether this computer will receive security updates and other important downloads through the Windows automatic updating service. > [!NOTE] -> This policy does not apply to %WINDOWS_ARM_VERSION_6_2%. +> This policy doesn't apply to %WINDOWS_ARM_VERSION_6_2%. This setting lets you specify whether automatic updates are enabled on this computer. If the service is enabled, you must select one of the four options in the Group Policy Setting: @@ -3029,9 +3029,9 @@ This setting lets you specify whether automatic updates are enabled on this comp When Windows finds updates that apply to this computer, users will be notified that updates are ready to be downloaded. After going to Windows Update, users can download and install any available updates. -3 = (Default setting) Download the updates automatically and notify when they are ready to be installed +3 = (Default setting) Download the updates automatically and notify when they're ready to be installed -Windows finds updates that apply to the computer and downloads them in the background (the user is not notified or interrupted during this process). When the downloads are complete, users will be notified that they are ready to install. After going to Windows Update, users can install them. +Windows finds updates that apply to the computer and downloads them in the background (the user isn't notified or interrupted during this process). When the downloads are complete, users will be notified that they're ready to install. After going to Windows Update, users can install them. 4 = Automatically download updates and install them on the schedule specified below. @@ -3039,11 +3039,11 @@ When "Automatic" is selected as the scheduled install time, Windows will automat Specify the schedule using the options in the Group Policy Setting. For version 1709 and above, there is an additional choice of limiting updating to a weekly, bi-weekly, or monthly occurrence. If no schedule is specified, the default schedule for all installations will be every day at 3:00 AM. If any updates require a restart to complete the installation, Windows will restart the computer automatically. (If a user is signed in to the computer when Windows is ready to restart, the user will be notified and given the option to delay the restart.) -On %WINDOWS_CLIENT_VERSION_6_2% and later, you can set updates to install during automatic maintenance instead of a specific schedule. Automatic maintenance will install updates when the computer is not in use and avoid doing so when the computer is running on battery power. If automatic maintenance is unable to install updates for 2 days, Windows Update will install updates right away. Users will then be notified about an upcoming restart, and that restart will only take place if there is no potential for accidental data loss. +On %WINDOWS_CLIENT_VERSION_6_2% and later, you can set updates to install during automatic maintenance instead of a specific schedule. Automatic maintenance will install updates when the computer isn't in use and avoid doing so when the computer is running on battery power. If automatic maintenance is unable to install updates for 2 days, Windows Update will install updates right away. Users will then be notified about an upcoming restart, and that restart will only take place if there is no potential for accidental data loss. -5 = Allow local administrators to select the configuration mode that Automatic Updates should notify and install updates. (This option has not been carried over to any Win 10 Versions) +5 = Allow local administrators to select the configuration mode that Automatic Updates should notify and install updates. (This option hasn't been carried over to any Win 10 Versions) -With this option, local administrators will be allowed to use the Windows Update control panel to select a configuration option of their choice. Local administrators will not be allowed to disable the configuration for Automatic Updates. +With this option, local administrators will be allowed to use the Windows Update control panel to select a configuration option of their choice. Local administrators won't be allowed to disable the configuration for Automatic Updates. 7 = Notify for install and notify for restart. (Windows Server only) @@ -3051,7 +3051,7 @@ With this option from Windows Server 2016, applicable only to Server SKU devices If the status for this policy is set to Disabled, any updates that are available on Windows Update must be downloaded and installed manually. To do this, search for Windows Update using Start. -If the status is set to Not Configured, use of Automatic Updates is not specified at the Group Policy level. However, an administrator can still configure Automatic Updates through Control Panel. +If the status is set to Not Configured, use of Automatic Updates isn't specified at the Group Policy level. However, an administrator can still configure Automatic Updates through Control Panel. @@ -3128,7 +3128,7 @@ These policies are not exclusive and can be used in any combination. Together wi Specifies whether this computer will receive security updates and other important downloads through the Windows automatic updating service. > [!NOTE] -> This policy does not apply to %WINDOWS_ARM_VERSION_6_2%. +> This policy doesn't apply to %WINDOWS_ARM_VERSION_6_2%. This setting lets you specify whether automatic updates are enabled on this computer. If the service is enabled, you must select one of the four options in the Group Policy Setting: @@ -3136,9 +3136,9 @@ This setting lets you specify whether automatic updates are enabled on this comp When Windows finds updates that apply to this computer, users will be notified that updates are ready to be downloaded. After going to Windows Update, users can download and install any available updates. -3 = (Default setting) Download the updates automatically and notify when they are ready to be installed +3 = (Default setting) Download the updates automatically and notify when they're ready to be installed -Windows finds updates that apply to the computer and downloads them in the background (the user is not notified or interrupted during this process). When the downloads are complete, users will be notified that they are ready to install. After going to Windows Update, users can install them. +Windows finds updates that apply to the computer and downloads them in the background (the user isn't notified or interrupted during this process). When the downloads are complete, users will be notified that they're ready to install. After going to Windows Update, users can install them. 4 = Automatically download updates and install them on the schedule specified below. @@ -3146,11 +3146,11 @@ When "Automatic" is selected as the scheduled install time, Windows will automat Specify the schedule using the options in the Group Policy Setting. For version 1709 and above, there is an additional choice of limiting updating to a weekly, bi-weekly, or monthly occurrence. If no schedule is specified, the default schedule for all installations will be every day at 3:00 AM. If any updates require a restart to complete the installation, Windows will restart the computer automatically. (If a user is signed in to the computer when Windows is ready to restart, the user will be notified and given the option to delay the restart.) -On %WINDOWS_CLIENT_VERSION_6_2% and later, you can set updates to install during automatic maintenance instead of a specific schedule. Automatic maintenance will install updates when the computer is not in use and avoid doing so when the computer is running on battery power. If automatic maintenance is unable to install updates for 2 days, Windows Update will install updates right away. Users will then be notified about an upcoming restart, and that restart will only take place if there is no potential for accidental data loss. +On %WINDOWS_CLIENT_VERSION_6_2% and later, you can set updates to install during automatic maintenance instead of a specific schedule. Automatic maintenance will install updates when the computer isn't in use and avoid doing so when the computer is running on battery power. If automatic maintenance is unable to install updates for 2 days, Windows Update will install updates right away. Users will then be notified about an upcoming restart, and that restart will only take place if there is no potential for accidental data loss. -5 = Allow local administrators to select the configuration mode that Automatic Updates should notify and install updates. (This option has not been carried over to any Win 10 Versions) +5 = Allow local administrators to select the configuration mode that Automatic Updates should notify and install updates. (This option hasn't been carried over to any Win 10 Versions) -With this option, local administrators will be allowed to use the Windows Update control panel to select a configuration option of their choice. Local administrators will not be allowed to disable the configuration for Automatic Updates. +With this option, local administrators will be allowed to use the Windows Update control panel to select a configuration option of their choice. Local administrators won't be allowed to disable the configuration for Automatic Updates. 7 = Notify for install and notify for restart. (Windows Server only) @@ -3158,7 +3158,7 @@ With this option from Windows Server 2016, applicable only to Server SKU devices If the status for this policy is set to Disabled, any updates that are available on Windows Update must be downloaded and installed manually. To do this, search for Windows Update using Start. -If the status is set to Not Configured, use of Automatic Updates is not specified at the Group Policy level. However, an administrator can still configure Automatic Updates through Control Panel. +If the status is set to Not Configured, use of Automatic Updates isn't specified at the Group Policy level. However, an administrator can still configure Automatic Updates through Control Panel. @@ -3235,7 +3235,7 @@ These policies are not exclusive and can be used in any combination. Together wi Specifies whether this computer will receive security updates and other important downloads through the Windows automatic updating service. > [!NOTE] -> This policy does not apply to %WINDOWS_ARM_VERSION_6_2%. +> This policy doesn't apply to %WINDOWS_ARM_VERSION_6_2%. This setting lets you specify whether automatic updates are enabled on this computer. If the service is enabled, you must select one of the four options in the Group Policy Setting: @@ -3243,9 +3243,9 @@ This setting lets you specify whether automatic updates are enabled on this comp When Windows finds updates that apply to this computer, users will be notified that updates are ready to be downloaded. After going to Windows Update, users can download and install any available updates. -3 = (Default setting) Download the updates automatically and notify when they are ready to be installed +3 = (Default setting) Download the updates automatically and notify when they're ready to be installed -Windows finds updates that apply to the computer and downloads them in the background (the user is not notified or interrupted during this process). When the downloads are complete, users will be notified that they are ready to install. After going to Windows Update, users can install them. +Windows finds updates that apply to the computer and downloads them in the background (the user isn't notified or interrupted during this process). When the downloads are complete, users will be notified that they're ready to install. After going to Windows Update, users can install them. 4 = Automatically download updates and install them on the schedule specified below. @@ -3253,11 +3253,11 @@ When "Automatic" is selected as the scheduled install time, Windows will automat Specify the schedule using the options in the Group Policy Setting. For version 1709 and above, there is an additional choice of limiting updating to a weekly, bi-weekly, or monthly occurrence. If no schedule is specified, the default schedule for all installations will be every day at 3:00 AM. If any updates require a restart to complete the installation, Windows will restart the computer automatically. (If a user is signed in to the computer when Windows is ready to restart, the user will be notified and given the option to delay the restart.) -On %WINDOWS_CLIENT_VERSION_6_2% and later, you can set updates to install during automatic maintenance instead of a specific schedule. Automatic maintenance will install updates when the computer is not in use and avoid doing so when the computer is running on battery power. If automatic maintenance is unable to install updates for 2 days, Windows Update will install updates right away. Users will then be notified about an upcoming restart, and that restart will only take place if there is no potential for accidental data loss. +On %WINDOWS_CLIENT_VERSION_6_2% and later, you can set updates to install during automatic maintenance instead of a specific schedule. Automatic maintenance will install updates when the computer isn't in use and avoid doing so when the computer is running on battery power. If automatic maintenance is unable to install updates for 2 days, Windows Update will install updates right away. Users will then be notified about an upcoming restart, and that restart will only take place if there is no potential for accidental data loss. -5 = Allow local administrators to select the configuration mode that Automatic Updates should notify and install updates. (This option has not been carried over to any Win 10 Versions) +5 = Allow local administrators to select the configuration mode that Automatic Updates should notify and install updates. (This option hasn't been carried over to any Win 10 Versions) -With this option, local administrators will be allowed to use the Windows Update control panel to select a configuration option of their choice. Local administrators will not be allowed to disable the configuration for Automatic Updates. +With this option, local administrators will be allowed to use the Windows Update control panel to select a configuration option of their choice. Local administrators won't be allowed to disable the configuration for Automatic Updates. 7 = Notify for install and notify for restart. (Windows Server only) @@ -3265,7 +3265,7 @@ With this option from Windows Server 2016, applicable only to Server SKU devices If the status for this policy is set to Disabled, any updates that are available on Windows Update must be downloaded and installed manually. To do this, search for Windows Update using Start. -If the status is set to Not Configured, use of Automatic Updates is not specified at the Group Policy level. However, an administrator can still configure Automatic Updates through Control Panel. +If the status is set to Not Configured, use of Automatic Updates isn't specified at the Group Policy level. However, an administrator can still configure Automatic Updates through Control Panel. @@ -3342,7 +3342,7 @@ These policies are not exclusive and can be used in any combination. Together wi Specifies whether this computer will receive security updates and other important downloads through the Windows automatic updating service. > [!NOTE] -> This policy does not apply to %WINDOWS_ARM_VERSION_6_2%. +> This policy doesn't apply to %WINDOWS_ARM_VERSION_6_2%. This setting lets you specify whether automatic updates are enabled on this computer. If the service is enabled, you must select one of the four options in the Group Policy Setting: @@ -3350,9 +3350,9 @@ This setting lets you specify whether automatic updates are enabled on this comp When Windows finds updates that apply to this computer, users will be notified that updates are ready to be downloaded. After going to Windows Update, users can download and install any available updates. -3 = (Default setting) Download the updates automatically and notify when they are ready to be installed +3 = (Default setting) Download the updates automatically and notify when they're ready to be installed -Windows finds updates that apply to the computer and downloads them in the background (the user is not notified or interrupted during this process). When the downloads are complete, users will be notified that they are ready to install. After going to Windows Update, users can install them. +Windows finds updates that apply to the computer and downloads them in the background (the user isn't notified or interrupted during this process). When the downloads are complete, users will be notified that they're ready to install. After going to Windows Update, users can install them. 4 = Automatically download updates and install them on the schedule specified below. @@ -3360,11 +3360,11 @@ When "Automatic" is selected as the scheduled install time, Windows will automat Specify the schedule using the options in the Group Policy Setting. For version 1709 and above, there is an additional choice of limiting updating to a weekly, bi-weekly, or monthly occurrence. If no schedule is specified, the default schedule for all installations will be every day at 3:00 AM. If any updates require a restart to complete the installation, Windows will restart the computer automatically. (If a user is signed in to the computer when Windows is ready to restart, the user will be notified and given the option to delay the restart.) -On %WINDOWS_CLIENT_VERSION_6_2% and later, you can set updates to install during automatic maintenance instead of a specific schedule. Automatic maintenance will install updates when the computer is not in use and avoid doing so when the computer is running on battery power. If automatic maintenance is unable to install updates for 2 days, Windows Update will install updates right away. Users will then be notified about an upcoming restart, and that restart will only take place if there is no potential for accidental data loss. +On %WINDOWS_CLIENT_VERSION_6_2% and later, you can set updates to install during automatic maintenance instead of a specific schedule. Automatic maintenance will install updates when the computer isn't in use and avoid doing so when the computer is running on battery power. If automatic maintenance is unable to install updates for 2 days, Windows Update will install updates right away. Users will then be notified about an upcoming restart, and that restart will only take place if there is no potential for accidental data loss. -5 = Allow local administrators to select the configuration mode that Automatic Updates should notify and install updates. (This option has not been carried over to any Win 10 Versions) +5 = Allow local administrators to select the configuration mode that Automatic Updates should notify and install updates. (This option hasn't been carried over to any Win 10 Versions) -With this option, local administrators will be allowed to use the Windows Update control panel to select a configuration option of their choice. Local administrators will not be allowed to disable the configuration for Automatic Updates. +With this option, local administrators will be allowed to use the Windows Update control panel to select a configuration option of their choice. Local administrators won't be allowed to disable the configuration for Automatic Updates. 7 = Notify for install and notify for restart. (Windows Server only) @@ -3372,7 +3372,7 @@ With this option from Windows Server 2016, applicable only to Server SKU devices If the status for this policy is set to Disabled, any updates that are available on Windows Update must be downloaded and installed manually. To do this, search for Windows Update using Start. -If the status is set to Not Configured, use of Automatic Updates is not specified at the Group Policy level. However, an administrator can still configure Automatic Updates through Control Panel. +If the status is set to Not Configured, use of Automatic Updates isn't specified at the Group Policy level. However, an administrator can still configure Automatic Updates through Control Panel. @@ -3449,7 +3449,7 @@ These policies are not exclusive and can be used in any combination. Together wi Specifies whether this computer will receive security updates and other important downloads through the Windows automatic updating service. > [!NOTE] -> This policy does not apply to %WINDOWS_ARM_VERSION_6_2%. +> This policy doesn't apply to %WINDOWS_ARM_VERSION_6_2%. This setting lets you specify whether automatic updates are enabled on this computer. If the service is enabled, you must select one of the four options in the Group Policy Setting: @@ -3457,9 +3457,9 @@ This setting lets you specify whether automatic updates are enabled on this comp When Windows finds updates that apply to this computer, users will be notified that updates are ready to be downloaded. After going to Windows Update, users can download and install any available updates. -3 = (Default setting) Download the updates automatically and notify when they are ready to be installed +3 = (Default setting) Download the updates automatically and notify when they're ready to be installed -Windows finds updates that apply to the computer and downloads them in the background (the user is not notified or interrupted during this process). When the downloads are complete, users will be notified that they are ready to install. After going to Windows Update, users can install them. +Windows finds updates that apply to the computer and downloads them in the background (the user isn't notified or interrupted during this process). When the downloads are complete, users will be notified that they're ready to install. After going to Windows Update, users can install them. 4 = Automatically download updates and install them on the schedule specified below. @@ -3467,11 +3467,11 @@ When "Automatic" is selected as the scheduled install time, Windows will automat Specify the schedule using the options in the Group Policy Setting. For version 1709 and above, there is an additional choice of limiting updating to a weekly, bi-weekly, or monthly occurrence. If no schedule is specified, the default schedule for all installations will be every day at 3:00 AM. If any updates require a restart to complete the installation, Windows will restart the computer automatically. (If a user is signed in to the computer when Windows is ready to restart, the user will be notified and given the option to delay the restart.) -On %WINDOWS_CLIENT_VERSION_6_2% and later, you can set updates to install during automatic maintenance instead of a specific schedule. Automatic maintenance will install updates when the computer is not in use and avoid doing so when the computer is running on battery power. If automatic maintenance is unable to install updates for 2 days, Windows Update will install updates right away. Users will then be notified about an upcoming restart, and that restart will only take place if there is no potential for accidental data loss. +On %WINDOWS_CLIENT_VERSION_6_2% and later, you can set updates to install during automatic maintenance instead of a specific schedule. Automatic maintenance will install updates when the computer isn't in use and avoid doing so when the computer is running on battery power. If automatic maintenance is unable to install updates for 2 days, Windows Update will install updates right away. Users will then be notified about an upcoming restart, and that restart will only take place if there is no potential for accidental data loss. -5 = Allow local administrators to select the configuration mode that Automatic Updates should notify and install updates. (This option has not been carried over to any Win 10 Versions) +5 = Allow local administrators to select the configuration mode that Automatic Updates should notify and install updates. (This option hasn't been carried over to any Win 10 Versions) -With this option, local administrators will be allowed to use the Windows Update control panel to select a configuration option of their choice. Local administrators will not be allowed to disable the configuration for Automatic Updates. +With this option, local administrators will be allowed to use the Windows Update control panel to select a configuration option of their choice. Local administrators won't be allowed to disable the configuration for Automatic Updates. 7 = Notify for install and notify for restart. (Windows Server only) @@ -3479,7 +3479,7 @@ With this option from Windows Server 2016, applicable only to Server SKU devices If the status for this policy is set to Disabled, any updates that are available on Windows Update must be downloaded and installed manually. To do this, search for Windows Update using Start. -If the status is set to Not Configured, use of Automatic Updates is not specified at the Group Policy level. However, an administrator can still configure Automatic Updates through Control Panel. +If the status is set to Not Configured, use of Automatic Updates isn't specified at the Group Policy level. However, an administrator can still configure Automatic Updates through Control Panel. @@ -3819,11 +3819,11 @@ Specify the deadline before the PC will automatically restart to apply updates. The restart may happen inside active hours. -If you disable or do not configure this policy, the PC will restart according to the default schedule. +If you disable or don't configure this policy, the PC will restart according to the default schedule. Enabling either of the following two policies will override the above policy: -1. No auto-restart with logged on users for scheduled automatic updates installations. +1. No auto-restart with logged-on users for scheduled automatic updates installations. 2. Always automatically restart at scheduled time. @@ -3883,11 +3883,11 @@ Specify the deadline before the PC will automatically restart to apply updates. The restart may happen inside active hours. -If you disable or do not configure this policy, the PC will restart according to the default schedule. +If you disable or don't configure this policy, the PC will restart according to the default schedule. Enabling either of the following two policies will override the above policy: -1. No auto-restart with logged on users for scheduled automatic updates installations. +1. No auto-restart with logged-on users for scheduled automatic updates installations. 2. Always automatically restart at scheduled time. @@ -3947,7 +3947,7 @@ Enable this policy to specify when auto-restart reminders are displayed. You can specify the amount of time prior to a scheduled restart to notify the user. -If you disable or do not configure this policy, the default period will be used. +If you disable or don't configure this policy, the default period will be used. @@ -4017,7 +4017,7 @@ Enable this policy to specify the method by which the auto-restart required noti The method can be set to require user action to dismiss the notification. -If you disable or do not configure this policy, the default method will be used. +If you disable or don't configure this policy, the default method will be used. @@ -4254,7 +4254,7 @@ If this policy is disabled or not configured, then the Windows Update client may | Value | Description | |:--|:--| | 0 (Default) | Allow scan against Windows Update. | -| 1 | Do not allow update deferral policies to cause scans against Windows Update. | +| 1 | Don't allow update deferral policies to cause scans against Windows Update. | @@ -4300,13 +4300,13 @@ You can specify the number of days a user can snooze Engaged restart reminder no You can specify the deadline in days before automatically scheduling and executing a pending restart regardless of active hours. The deadline can be set between 2 and 30 days from the time the restart becomes pending. If configured, the pending restart will transition from Auto-restart to Engaged restart (pending user schedule) to automatically executed, within the specified period. -If you do not specify a deadline or if the deadline is set to 0, the PC won't automatically restart and will require the person to schedule it prior to restart. +If you don't specify a deadline or if the deadline is set to 0, the PC won't automatically restart and will require the person to schedule it prior to restart. -If you disable or do not configure this policy, the PC will restart following the default schedule. +If you disable or don't configure this policy, the PC will restart following the default schedule. Enabling any of the following policies will override the above policy: -1. No auto-restart with logged on users for scheduled automatic updates installations +1. No auto-restart with logged-on users for scheduled automatic updates installations 2. Always automatically restart at scheduled time 3. Specify deadline before auto-restart for update installation. @@ -4370,13 +4370,13 @@ You can specify the number of days a user can snooze Engaged restart reminder no You can specify the deadline in days before automatically scheduling and executing a pending restart regardless of active hours. The deadline can be set between 2 and 30 days from the time the restart becomes pending. If configured, the pending restart will transition from Auto-restart to Engaged restart (pending user schedule) to automatically executed, within the specified period. -If you do not specify a deadline or if the deadline is set to 0, the PC won't automatically restart and will require the person to schedule it prior to restart. +If you don't specify a deadline or if the deadline is set to 0, the PC won't automatically restart and will require the person to schedule it prior to restart. -If you disable or do not configure this policy, the PC will restart following the default schedule. +If you disable or don't configure this policy, the PC will restart following the default schedule. Enabling any of the following policies will override the above policy: -1. No auto-restart with logged on users for scheduled automatic updates installations +1. No auto-restart with logged-on users for scheduled automatic updates installations 2. Always automatically restart at scheduled time 3. Specify deadline before auto-restart for update installation. @@ -4440,13 +4440,13 @@ You can specify the number of days a user can snooze Engaged restart reminder no You can specify the deadline in days before automatically scheduling and executing a pending restart regardless of active hours. The deadline can be set between 2 and 30 days from the time the restart becomes pending. If configured, the pending restart will transition from Auto-restart to Engaged restart (pending user schedule) to automatically executed, within the specified period. -If you do not specify a deadline or if the deadline is set to 0, the PC won't automatically restart and will require the person to schedule it prior to restart. +If you don't specify a deadline or if the deadline is set to 0, the PC won't automatically restart and will require the person to schedule it prior to restart. -If you disable or do not configure this policy, the PC will restart following the default schedule. +If you disable or don't configure this policy, the PC will restart following the default schedule. Enabling any of the following policies will override the above policy: -1. No auto-restart with logged on users for scheduled automatic updates installations +1. No auto-restart with logged-on users for scheduled automatic updates installations 2. Always automatically restart at scheduled time 3. Specify deadline before auto-restart for update installation. @@ -4510,13 +4510,13 @@ You can specify the number of days a user can snooze Engaged restart reminder no You can specify the deadline in days before automatically scheduling and executing a pending restart regardless of active hours. The deadline can be set between 2 and 30 days from the time the restart becomes pending. If configured, the pending restart will transition from Auto-restart to Engaged restart (pending user schedule) to automatically executed, within the specified period. -If you do not specify a deadline or if the deadline is set to 0, the PC won't automatically restart and will require the person to schedule it prior to restart. +If you don't specify a deadline or if the deadline is set to 0, the PC won't automatically restart and will require the person to schedule it prior to restart. -If you disable or do not configure this policy, the PC will restart following the default schedule. +If you disable or don't configure this policy, the PC will restart following the default schedule. Enabling any of the following policies will override the above policy: -1. No auto-restart with logged on users for scheduled automatic updates installations +1. No auto-restart with logged-on users for scheduled automatic updates installations 2. Always automatically restart at scheduled time 3. Specify deadline before auto-restart for update installation. @@ -4580,13 +4580,13 @@ You can specify the number of days a user can snooze Engaged restart reminder no You can specify the deadline in days before automatically scheduling and executing a pending restart regardless of active hours. The deadline can be set between 2 and 30 days from the time the restart becomes pending. If configured, the pending restart will transition from Auto-restart to Engaged restart (pending user schedule) to automatically executed, within the specified period. -If you do not specify a deadline or if the deadline is set to 0, the PC won't automatically restart and will require the person to schedule it prior to restart. +If you don't specify a deadline or if the deadline is set to 0, the PC won't automatically restart and will require the person to schedule it prior to restart. -If you disable or do not configure this policy, the PC will restart following the default schedule. +If you disable or don't configure this policy, the PC will restart following the default schedule. Enabling any of the following policies will override the above policy: -1. No auto-restart with logged on users for scheduled automatic updates installations +1. No auto-restart with logged-on users for scheduled automatic updates installations 2. Always automatically restart at scheduled time 3. Specify deadline before auto-restart for update installation. @@ -4650,13 +4650,13 @@ You can specify the number of days a user can snooze Engaged restart reminder no You can specify the deadline in days before automatically scheduling and executing a pending restart regardless of active hours. The deadline can be set between 2 and 30 days from the time the restart becomes pending. If configured, the pending restart will transition from Auto-restart to Engaged restart (pending user schedule) to automatically executed, within the specified period. -If you do not specify a deadline or if the deadline is set to 0, the PC won't automatically restart and will require the person to schedule it prior to restart. +If you don't specify a deadline or if the deadline is set to 0, the PC won't automatically restart and will require the person to schedule it prior to restart. -If you disable or do not configure this policy, the PC will restart following the default schedule. +If you disable or don't configure this policy, the PC will restart following the default schedule. Enabling any of the following policies will override the above policy: -1. No auto-restart with logged on users for scheduled automatic updates installations +1. No auto-restart with logged-on users for scheduled automatic updates installations 2. Always automatically restart at scheduled time 3. Specify deadline before auto-restart for update installation. @@ -4747,7 +4747,7 @@ To validate this policy: | Value | Description | |:--|:--| -| 0 (Default) | Do not ignore MO download limit for apps and their updates. | +| 0 (Default) | Don't ignore MO download limit for apps and their updates. | | 1 | Ignore MO download limit (allow unlimited downloading) for apps and their updates. | @@ -4807,7 +4807,7 @@ To validate this policy: | Value | Description | |:--|:--| -| 0 (Default) | Do not ignore MO download limit for OS updates. | +| 0 (Default) | Don't ignore MO download limit for OS updates. | | 1 | Ignore MO download limit (allow unlimited downloading) for OS updates. | @@ -4858,7 +4858,7 @@ To validate this policy: | Value | Description | |:--|:--| -| 0 (Default) | Deferrals are not paused. | +| 0 (Default) | Deferrals aren't paused. | | 1 | Deferrals are paused. | @@ -5048,13 +5048,13 @@ This policy is deprecated. Use Update/RequireUpdateApproval instead. -Enable this policy to control when notifications are displayed to warn users about a scheduled restart for the update installation deadline. Users are not able to postpone the scheduled restart once the deadline has been reached and the restart is automatically executed. +Enable this policy to control when notifications are displayed to warn users about a scheduled restart for the update installation deadline. Users aren't able to postpone the scheduled restart once the deadline has been reached and the restart is automatically executed. Specifies the amount of time prior to a scheduled restart to display the warning reminder to the user. You can specify the amount of time prior to a scheduled restart to notify the user that the auto restart is imminent to allow them time to save their work. -If you disable or do not configure this policy, the default notification behaviors will be used. +If you disable or don't configure this policy, the default notification behaviors will be used. @@ -5118,13 +5118,13 @@ If you disable or do not configure this policy, the default notification behavio -Enable this policy to control when notifications are displayed to warn users about a scheduled restart for the update installation deadline. Users are not able to postpone the scheduled restart once the deadline has been reached and the restart is automatically executed. +Enable this policy to control when notifications are displayed to warn users about a scheduled restart for the update installation deadline. Users aren't able to postpone the scheduled restart once the deadline has been reached and the restart is automatically executed. Specifies the amount of time prior to a scheduled restart to display the warning reminder to the user. You can specify the amount of time prior to a scheduled restart to notify the user that the auto restart is imminent to allow them time to save their work. -If you disable or do not configure this policy, the default notification behaviors will be used. +If you disable or don't configure this policy, the default notification behaviors will be used. @@ -5194,7 +5194,7 @@ This policy setting allows you to control whether users receive notifications fo Enable this policy to turn off all auto restart notifications. -If you disable or do not configure this policy, the default notification behaviors will be unchanged. +If you disable or don't configure this policy, the default notification behaviors will be unchanged. diff --git a/windows/client-management/mdm/policy-csp-userrights.md b/windows/client-management/mdm/policy-csp-userrights.md index c6f35c8564..72571499bb 100644 --- a/windows/client-management/mdm/policy-csp-userrights.md +++ b/windows/client-management/mdm/policy-csp-userrights.md @@ -123,7 +123,7 @@ For example, the following syntax grants user rights to a specific user or group -This user right is used by Credential Manager during Backup/Restore. No accounts should have this privilege, as it is only assigned to Winlogon. Users' saved credentials might be compromised if this privilege is given to other entities. +This user right is used by Credential Manager during Backup/Restore. No accounts should've this privilege, as it's only assigned to Winlogon. Users' saved credentials might be compromised if this privilege is given to other entities. @@ -172,7 +172,7 @@ This user right is used by Credential Manager during Backup/Restore. No accounts -This user right determines which users and groups are allowed to connect to the computer over the network. Remote Desktop Services are not affected by this user right. Note: Remote Desktop Services was called Terminal Services in previous versions of Windows Server. +This user right determines which users and groups are allowed to connect to the computer over the network. Remote Desktop Services aren't affected by this user right. Note: Remote Desktop Services was called Terminal Services in previous versions of Windows Server. @@ -377,7 +377,7 @@ This user right determines which users can bypass file, directory, registry, and -This user right determines which users can traverse directory trees even though the user may not have permissions on the traversed directory. This privilege does not allow the user to list the contents of a directory, only to traverse directories. +This user right determines which users can traverse directory trees even though the user may not have permissions on the traversed directory. This privilege doesn't allow the user to list the contents of a directory, only to traverse directories. @@ -484,7 +484,7 @@ This user right determines which users and groups can change the time and date o -This user right determines which users and groups can change the time zone used by the computer for displaying the local time, which is the computer's system time plus the time zone offset. System time itself is absolute and is not affected by a change in the time zone. +This user right determines which users and groups can change the time zone used by the computer for displaying the local time, which is the computer's system time plus the time zone offset. System time itself is absolute and isn't affected by a change in the time zone. @@ -533,7 +533,7 @@ This user right determines which users and groups can change the time zone used -This security setting determines whether users can create global objects that are available to all sessions. Users can still create objects that are specific to their own session if they do not have this user right. Users who can create global objects could affect processes that run under other users' sessions, which could lead to application failure or data corruption. +This security setting determines whether users can create global objects that are available to all sessions. Users can still create objects that are specific to their own session if they don't have this user right. Users who can create global objects could affect processes that run under other users' sessions, which could lead to application failure or data corruption. > [!CAUTION] > Assigning this user right can be a security risk. Assign this user right only to trusted users. @@ -585,7 +585,7 @@ This security setting determines whether users can create global objects that ar -This user right determines which users and groups can call an internal application programming interface (API) to create and change the size of a page file. This user right is used internally by the operating system and usually does not need to be assigned to any users. +This user right determines which users and groups can call an internal application programming interface (API) to create and change the size of a page file. This user right is used internally by the operating system and usually doesn't need to be assigned to any users. @@ -634,7 +634,7 @@ This user right determines which users and groups can call an internal applicati -This user right determines which accounts can be used by processes to create a directory object using the object manager. This user right is used internally by the operating system and is useful to kernel-mode components that extend the object namespace. Because components that are running in kernel mode already have this user right assigned to them, it is not necessary to specifically assign it. +This user right determines which accounts can be used by processes to create a directory object using the object manager. This user right is used internally by the operating system and is useful to kernel-mode components that extend the object namespace. Because components that are running in kernel mode already have this user right assigned to them, it isn't necessary to specifically assign it. @@ -683,7 +683,7 @@ This user right determines which accounts can be used by processes to create a d -This user right determines if the user can create a symbolic link from the computer he is logged on to. +This user right determines if the user can create a symbolic link from the computer he is logged-on to. > [!CAUTION] > This privilege should only be given to trusted users. Symbolic links can expose security vulnerabilities in applications that aren't designed to handle them. @@ -738,10 +738,10 @@ This user right determines if the user can create a symbolic link from the compu -This user right determines which accounts can be used by processes to create a token that can then be used to get access to any local resources when the process uses an internal application programming interface (API) to create an access token. This user right is used internally by the operating system. Unless it is necessary, do not assign this user right to a user, group, or process other than Local System. +This user right determines which accounts can be used by processes to create a token that can then be used to get access to any local resources when the process uses an internal application programming interface (API) to create an access token. This user right is used internally by the operating system. Unless it's necessary, don't assign this user right to a user, group, or process other than Local System. > [!CAUTION] -> Assigning this user right can be a security risk. Do not assign this user right to any user, group, or process that you do not want to take over the system. +> Assigning this user right can be a security risk. Don't assign this user right to any user, group, or process that you don't want to take over the system. @@ -790,7 +790,7 @@ This user right determines which accounts can be used by processes to create a t -This user right determines which users can attach a debugger to any process or to the kernel. Developers who are debugging their own applications do not need to be assigned this user right. Developers who are debugging new system components will need this user right to be able to do so. This user right provides complete access to sensitive and critical operating system components. +This user right determines which users can attach a debugger to any process or to the kernel. Developers who are debugging their own applications don't need to be assigned this user right. Developers who are debugging new system components will need this user right to be able to do so. This user right provides complete access to sensitive and critical operating system components. > [!CAUTION] > Assigning this user right can be a security risk. Only assign this user right to trusted users. @@ -894,7 +894,7 @@ This user right determines which users are prevented from accessing a computer o This security setting determines which service accounts are prevented from registering a process as a service. > [!NOTE] -> This security setting does not apply to the System, Local Service, or Network Service accounts. +> This security setting doesn't apply to the System, Local Service, or Network Service accounts. @@ -996,7 +996,7 @@ This security setting determines which accounts are prevented from being able to Deny log on as a service -This security setting determines which service accounts are prevented from registering a process as a service. This policy setting supersedes the Log on as a service policy setting if an account is subject to both policies. > [!NOTE] -> This security setting does not apply to the System, Local Service, or Network Service accounts. Default: None. +> This security setting doesn't apply to the System, Local Service, or Network Service accounts. Default: None. @@ -1094,7 +1094,7 @@ This user right determines which users and groups are prohibited from logging on -This user right determines which users can set the Trusted for Delegation setting on a user or computer object. The user or object that is granted this privilege must have write access to the account control flags on the user or computer object. A server process running on a computer (or under a user context) that is trusted for delegation can access resources on another computer using delegated credentials of a client, as long as the client account does not have the Account cannot be delegated account control flag set. +This user right determines which users can set the Trusted for Delegation setting on a user or computer object. The user or object that's granted this privilege must have write access to the account control flags on the user or computer object. A server process running on a computer (or under a user context) that's trusted for delegation can access resources on another computer using delegated credentials of a client, as long as the client account doesn't have the Account can't be delegated account control flag set. > [!CAUTION] > Misuse of this user right, or of the Trusted for Delegation setting, could make the network vulnerable to sophisticated attacks using Trojan horse programs that impersonate incoming clients and use their credentials to gain access to network resources. @@ -1195,13 +1195,13 @@ This user right determines which accounts can be used by a process to add entrie -Assigning this user right to a user allows programs running on behalf of that user to impersonate a client. Requiring this user right for this kind of impersonation prevents an unauthorized user from convincing a client to connect (for example, by remote procedure call (RPC) or named pipes) to a service that they have created and then impersonating that client, which can elevate the unauthorized user's permissions to administrative or system levels. +Assigning this user right to a user allows programs running on behalf of that user to impersonate a client. Requiring this user right for this kind of impersonation prevents an unauthorized user from convincing a client to connect (for example, by remote procedure call (RPC) or named pipes) to a service that they've created and then impersonating that client, which can elevate the unauthorized user's permissions to administrative or system levels. > [!CAUTION] > Assigning this user right can be a security risk. Only assign this user right to trusted users. > [!NOTE] -> By default, services that are started by the Service Control Manager have the built-in Service group added to their access tokens. Component Object Model (COM) servers that are started by the COM infrastructure and that are configured to run under a specific account also have the Service group added to their access tokens. As a result, these services get this user right when they are started. In addition, a user can also impersonate an access token if any of the following conditions exist. 1) The access token that is being impersonated is for this user. 2) The user, in this logon session, created the access token by logging on to the network with explicit credentials. 3) The requested level is less than Impersonate, such as Anonymous or Identify. Because of these factors, users do not usually need this user right. +> By default, services that are started by the Service Control Manager have the built-in Service group added to their access tokens. Component Object Model (COM) servers that are started by the COM infrastructure and that are configured to run under a specific account also have the Service group added to their access tokens. As a result, these services get this user right when they're started. In addition, a user can also impersonate an access token if any of the following conditions exist. 1) The access token that's being impersonated is for this user. 2) The user, in this logon session, created the access token by logging on to the network with explicit credentials. 3) The requested level is less than Impersonate, such as Anonymous or Identify. Because of these factors, users don't usually need this user right. > [!WARNING] > If you enable this setting, programs that previously had the Impersonate privilege may lose it, and they may not run. @@ -1359,10 +1359,10 @@ This user right determines which accounts can use a process with Write Property -This user right determines which users can dynamically load and unload device drivers or other code in to kernel mode. This user right does not apply to Plug and Play device drivers. It is recommended that you do not assign this privilege to other users. +This user right determines which users can dynamically load and unload device drivers or other code in to kernel mode. This user right doesn't apply to Plug and Play device drivers. It's recommended that you don't assign this privilege to other users. > [!CAUTION] -> Assigning this user right can be a security risk. Do not assign this user right to any user, group, or process that you do not want to take over the system. +> Assigning this user right can be a security risk. Don't assign this user right to any user, group, or process that you don't want to take over the system. @@ -1460,7 +1460,7 @@ This user right determines which accounts can use a process to keep data in phys -This security setting allows a user to be logged on by means of a batch-queue facility and is provided only for compatibility with older versions of Windows. For example, when a user submits a job by means of the task scheduler, the task scheduler logs that user on as a batch user rather than as an interactive user. +This security setting allows a user to be logged-on by means of a batch-queue facility and is provided only for compatibility with older versions of Windows. For example, when a user submits a job by means of the task scheduler, the task scheduler logs that user on as a batch user rather than as an interactive user. @@ -1558,7 +1558,7 @@ This security setting allows a security principal to log on as a service. Servic -This user right determines which users can specify object access auditing options for individual resources, such as files, Active Directory objects, and registry keys. This security setting does not allow a user to enable file and object access auditing in general. You can view audited events in the security log of the Event Viewer. A user with this privilege can also view and clear the security log. +This user right determines which users can specify object access auditing options for individual resources, such as files, Active Directory objects, and registry keys. This security setting doesn't allow a user to enable file and object access auditing in general. You can view audited events in the security log of the Event Viewer. A user with this privilege can also view and clear the security log. @@ -1656,7 +1656,7 @@ This user right determines which users and groups can run maintenance tasks on a -This user right determines who can modify firmware environment values. Firmware environment variables are settings stored in the nonvolatile RAM of non-x86-based computers. The effect of the setting depends on the processor. On x86-based computers, the only firmware environment value that can be modified by assigning this user right is the Last Known Good Configuration setting, which should only be modified by the system. On Itanium-based computers, boot information is stored in nonvolatile RAM. Users must be assigned this user right to run bootcfg.exe and to change the Default Operating System setting on Startup and Recovery in System Properties. On all computers, this user right is required to install or upgrade Windows. Note: This security setting does not affect who can modify the system environment variables and user environment variables that are displayed on the Advanced tab of System Properties. +This user right determines who can modify firmware environment values. Firmware environment variables are settings stored in the nonvolatile RAM of non-x86-based computers. The effect of the setting depends on the processor. On x86-based computers, the only firmware environment value that can be modified by assigning this user right is the Last Known Good Configuration setting, which should only be modified by the system. On Itanium-based computers, boot information is stored in nonvolatile RAM. Users must be assigned this user right to run bootcfg.exe and to change the Default Operating System setting on Startup and Recovery in System Properties. On all computers, this user right is required to install or upgrade Windows. Note: This security setting doesn't affect who can modify the system environment variables and user environment variables that are displayed on the Advanced tab of System Properties. @@ -2002,7 +2002,7 @@ This user right determines which users can bypass file, directory, registry, and -This security setting determines which users who are logged on locally to the computer can shut down the operating system using the Shut Down command. Misuse of this user right can result in a denial of service. +This security setting determines which users who are logged-on locally to the computer can shut down the operating system using the Shut Down command. Misuse of this user right can result in a denial of service. diff --git a/windows/client-management/mdm/policy-csp-virtualizationbasedtechnology.md b/windows/client-management/mdm/policy-csp-virtualizationbasedtechnology.md index 0c7bdc6147..fe7a0912dd 100644 --- a/windows/client-management/mdm/policy-csp-virtualizationbasedtechnology.md +++ b/windows/client-management/mdm/policy-csp-virtualizationbasedtechnology.md @@ -123,7 +123,7 @@ Require UEFI Memory Attributes Table. | Value | Description | |:--|:--| -| 0 (Default) | Do not require UEFI Memory Attributes Table. | +| 0 (Default) | Don't require UEFI Memory Attributes Table. | | 1 | Require UEFI Memory Attributes Table. | diff --git a/windows/client-management/mdm/policy-csp-webthreatdefense.md b/windows/client-management/mdm/policy-csp-webthreatdefense.md index 8b1d4c3d0b..6d04befd16 100644 --- a/windows/client-management/mdm/policy-csp-webthreatdefense.md +++ b/windows/client-management/mdm/policy-csp-webthreatdefense.md @@ -103,7 +103,7 @@ This policy setting determines whether Enhanced Phishing Protection in Microsoft - If you enable this policy setting, Enhanced Phishing Protection in Microsoft Defender SmartScreen warns your users if they type their work or school password into one of the malicious scenarios described above and encourages them to change their password. -- If you disable or don't configure this policy setting, Enhanced Phishing Protection in Microsoft Defender SmartScreen will not warn your users if they type their work or school password into one of the malicious scenarios described above. +- If you disable or don't configure this policy setting, Enhanced Phishing Protection in Microsoft Defender SmartScreen won't warn your users if they type their work or school password into one of the malicious scenarios described above. @@ -170,7 +170,7 @@ This policy setting determines whether Enhanced Phishing Protection in Microsoft - If you enable this policy setting, Enhanced Phishing Protection in Microsoft Defender SmartScreen warns users if they reuse their work or school password and encourages them to change it. -- If you disable or don't configure this policy setting, Enhanced Phishing Protection in Microsoft Defender SmartScreen will not warn users if they reuse their work or school password. +- If you disable or don't configure this policy setting, Enhanced Phishing Protection in Microsoft Defender SmartScreen won't warn users if they reuse their work or school password. @@ -237,7 +237,7 @@ This policy setting determines whether Enhanced Phishing Protection in Microsoft - If you enable this policy setting, Enhanced Phishing Protection in Microsoft Defender SmartScreen warns your users if they store their password in text editor apps. -- If you disable or don't configure this policy setting, Enhanced Phishing Protection in Microsoft Defender SmartScreen will not warn users if they store their password in text editor apps. +- If you disable or don't configure this policy setting, Enhanced Phishing Protection in Microsoft Defender SmartScreen won't warn users if they store their password in text editor apps. @@ -300,11 +300,11 @@ This policy setting determines whether Enhanced Phishing Protection in Microsoft -This policy setting determines whether Enhanced Phishing Protection in Microsoft Defender SmartScreen is in audit mode or off. Users do not see notifications for any protection scenarios when Enhanced Phishing Protection in Microsoft Defender is in audit mode. Audit mode captures unsafe password entry events and sends telemetry through Microsoft Defender. +This policy setting determines whether Enhanced Phishing Protection in Microsoft Defender SmartScreen is in audit mode or off. Users don't see notifications for any protection scenarios when Enhanced Phishing Protection in Microsoft Defender is in audit mode. Audit mode captures unsafe password entry events and sends telemetry through Microsoft Defender. - If you enable this policy setting, Enhanced Phishing Protection in Microsoft Defender SmartScreen is enabled in audit mode and your users are unable to turn it off. -- If you disable this policy setting, Enhanced Phishing Protection in Microsoft Defender SmartScreen is off and it will not capture events, send telemetry, or notify users. Additionally, your users are unable to turn it on. +- If you disable this policy setting, Enhanced Phishing Protection in Microsoft Defender SmartScreen is off and it won't capture events, send telemetry, or notify users. Additionally, your users are unable to turn it on. - If you don't configure this setting, users can decide whether or not they will enable Enhanced Phishing Protection in Microsoft Defender SmartScreen. diff --git a/windows/client-management/mdm/policy-csp-wifi.md b/windows/client-management/mdm/policy-csp-wifi.md index 58cdee589d..6b9c3280f6 100644 --- a/windows/client-management/mdm/policy-csp-wifi.md +++ b/windows/client-management/mdm/policy-csp-wifi.md @@ -47,7 +47,7 @@ This policy setting determines whether users can enable the following WLAN setti - If this policy setting is disabled, both "Connect to suggested open hotspots," "Connect to networks shared by my contacts," and "Enable paid services" will be turned off and users on this device will be prevented from enabling them. -- If this policy setting is not configured or is enabled, users can choose to enable or disable either "Connect to suggested open hotspots" or "Connect to networks shared by my contacts". +- If this policy setting isn't configured or is enabled, users can choose to enable or disable either "Connect to suggested open hotspots" or "Connect to networks shared by my contacts". @@ -114,9 +114,9 @@ Determines whether administrators can enable and configure the Internet Connecti ICS lets administrators configure their system as an Internet gateway for a small network and provides network services, such as name resolution and addressing through DHCP, to the local private network. -- If you enable this setting, ICS cannot be enabled or configured by administrators, and the ICS service cannot run on the computer. The Advanced tab in the Properties dialog box for a LAN or remote access connection is removed. The Internet Connection Sharing page is removed from the New Connection Wizard. The Network Setup Wizard is disabled. +- If you enable this setting, ICS can't be enabled or configured by administrators, and the ICS service can't run on the computer. The Advanced tab in the Properties dialog box for a LAN or remote access connection is removed. The Internet Connection Sharing page is removed from the New Connection Wizard. The Network Setup Wizard is disabled. -- If you disable this setting or do not configure it and have two or more connections, administrators can enable ICS. The Advanced tab in the properties dialog box for a LAN or remote access connection is available. In addition, the user is presented with the option to enable Internet Connection Sharing in the Network Setup Wizard and Make New Connection Wizard. (The Network Setup Wizard is available only in Windows XP Professional.) +- If you disable this setting or don't configure it and have two or more connections, administrators can enable ICS. The Advanced tab in the properties dialog box for a LAN or remote access connection is available. In addition, the user is presented with the option to enable Internet Connection Sharing in the Network Setup Wizard and Make New Connection Wizard. (The Network Setup Wizard is available only in Windows XP Professional.) By default, ICS is disabled when you create a remote access connection, but administrators can use the Advanced tab to enable it. When running the New Connection Wizard or Network Setup Wizard, administrators can choose to enable ICS. @@ -130,7 +130,7 @@ By default, ICS is disabled when you create a remote access connection, but admi > Nonadministrators are already prohibited from configuring Internet Connection Sharing, regardless of this setting. > [!NOTE] -> Disabling this setting does not prevent Wireless Hosted Networking from using the ICS service for DHCP services. To prevent the ICS service from running, on the Network Permissions tab in the network's policy properties, select the "Do not use hosted networks" check box. +> Disabling this setting doesn't prevent Wireless Hosted Networking from using the ICS service for DHCP services. To prevent the ICS service from running, on the Network Permissions tab in the network's policy properties, select the "Do not use hosted networks" check box. @@ -196,7 +196,7 @@ By default, ICS is disabled when you create a remote access connection, but admi Allow or disallow connecting to Wi-Fi outside of MDM server-installed networks. Most restricted value is 0. > [!NOTE] -> Setting this policy deletes any previously installed user-configured and Wi-Fi sense Wi-Fi profiles from the device. Certain Wi-Fi profiles that are not user configured nor Wi-Fi sense might not be deleted. In addition, not all non-MDM profiles are completely deleted. +> Setting this policy deletes any previously installed user-configured and Wi-Fi sense Wi-Fi profiles from the device. Certain Wi-Fi profiles that aren't user configured nor Wi-Fi sense might not be deleted. In addition, not all non-MDM profiles are completely deleted. @@ -269,7 +269,7 @@ Allow or disallow the device to use the DSCP to UP Mapping feature from the Wi-F |:--|:--| | 0 | DSCP to UP Mapping will be disabled. | | 1 | DSCP to UP Mapping will be enabled. | -| 2 (Default) | DSCP to UP Mapping will be enabled only if it is enabled in the network profile. | +| 2 (Default) | DSCP to UP Mapping will be enabled only if it's enabled in the network profile. | @@ -317,7 +317,7 @@ Allow or disallow the device to automatically request to enable Mirrored Stream | Value | Description | |:--|:--| -| 0 | The device will not automatically request to enable MSCS when connecting to a MSCS capable network. | +| 0 | The device won't automatically request to enable MSCS when connecting to a MSCS capable network. | | 1 (Default) | The device will automatically request to enable MSCS when connecting to a MSCS capable network. | diff --git a/windows/client-management/mdm/policy-csp-windowsconnectionmanager.md b/windows/client-management/mdm/policy-csp-windowsconnectionmanager.md index 9200c24281..bd34cc6487 100644 --- a/windows/client-management/mdm/policy-csp-windowsconnectionmanager.md +++ b/windows/client-management/mdm/policy-csp-windowsconnectionmanager.md @@ -51,7 +51,7 @@ Manual connection attempts - When the computer is already connected to either a non-domain based network or a domain based network over media other than Ethernet, and a user attempts to create a manual connection to an additional network in violation of this policy setting, the existing network connection is disconnected and the manual connection is allowed. - When the computer is already connected to either a non-domain based network or a domain based network over Ethernet, and a user attempts to create a manual connection to an additional network in violation of this policy setting, the existing Ethernet connection is maintained and the manual connection attempt is blocked. -- If this policy setting is not configured or is disabled, computers are allowed to connect simultaneously to both domain and non-domain networks. +- If this policy setting isn't configured or is disabled, computers are allowed to connect simultaneously to both domain and non-domain networks. diff --git a/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md b/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md index 407393166b..68793b34a9 100644 --- a/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md +++ b/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md @@ -43,7 +43,7 @@ Enabled: Enter the company name in the Options section. Disabled: -Company information will not be shown at all in either Windows Security or any notifications that it creates. +Company information won't be shown at all in either Windows Security or any notifications that it creates. Not configured: Same as Disabled. @@ -131,7 +131,7 @@ Same as Disabled. | Value | Description | |:--|:--| | 0 (Default) | (Disable) The users can see the display of the Account protection area in Windows Defender Security Center. | -| 1 | (Enable) The users cannot see the display of the Account protection area in Windows Defender Security Center. | +| 1 | (Enable) The users can't see the display of the Account protection area in Windows Defender Security Center. | @@ -203,7 +203,7 @@ Same as Disabled. | Value | Description | |:--|:--| | 0 (Default) | (Disable) The users can see the display of the app and browser protection area in Windows Defender Security Center. | -| 1 | (Enable) The users cannot see the display of the app and browser protection area in Windows Defender Security Center. | +| 1 | (Enable) The users can't see the display of the app and browser protection area in Windows Defender Security Center. | @@ -275,7 +275,7 @@ Same as Disabled. | Value | Description | |:--|:--| | 0 (Default) | (Disabled or not configured) The security processor troubleshooting page shows a button that initiates the process to clear the security processor (TPM). | -| 1 | (Enabled) The security processor troubleshooting page will not show a button to initiate the process to clear the security processor (TPM). | +| 1 | (Enabled) The security processor troubleshooting page won't show a button to initiate the process to clear the security processor (TPM). | @@ -347,7 +347,7 @@ Same as Disabled. | Value | Description | |:--|:--| | 0 (Default) | (Disable) The users can see the display of the Device security area in Windows Defender Security Center. | -| 1 | (Enable) The users cannot see the display of the Device security area in Windows Defender Security Center. | +| 1 | (Enable) The users can't see the display of the Device security area in Windows Defender Security Center. | @@ -392,7 +392,7 @@ Only show critical notifications from Windows Security. If the Suppress all notifications GP setting has been enabled, this setting will have no effect. Enabled: -Local users will only see critical notifications from Windows Security. They will not see other types of notifications, such as regular PC or device health information. +Local users will only see critical notifications from Windows Security. They won't see other types of notifications, such as regular PC or device health information. Disabled: Local users will see all types of notifications from Windows Security. @@ -493,7 +493,7 @@ Same as Disabled. | Value | Description | |:--|:--| | 0 (Default) | (Disable) The users can see the display of the family options area in Windows Defender Security Center. | -| 1 | (Enable) The users cannot see the display of the family options area in Windows Defender Security Center. | +| 1 | (Enable) The users can't see the display of the family options area in Windows Defender Security Center. | @@ -565,7 +565,7 @@ Same as Disabled. | Value | Description | |:--|:--| | 0 (Default) | (Disable) The users can see the display of the device performance and health area in Windows Defender Security Center. | -| 1 | (Enable) The users cannot see the display of the device performance and health area in Windows Defender Security Center. | +| 1 | (Enable) The users can't see the display of the device performance and health area in Windows Defender Security Center. | @@ -637,7 +637,7 @@ Same as Disabled. | Value | Description | |:--|:--| | 0 (Default) | (Disable) The users can see the display of the firewall and network protection area in Windows Defender Security Center. | -| 1 | (Enable) The users cannot see the display of the firewall and network protection area in Windows Defender Security Center. | +| 1 | (Enable) The users can't see the display of the firewall and network protection area in Windows Defender Security Center. | @@ -680,7 +680,7 @@ Same as Disabled. Hide notifications from Windows Security. Enabled: -Local users will not see notifications from Windows Security. +Local users won't see notifications from Windows Security. Disabled: Local users can see notifications from Windows Security. @@ -709,7 +709,7 @@ Same as Disabled. | Value | Description | |:--|:--| | 0 (Default) | (Disable) The users can see the display of Windows Defender Security Center notifications. | -| 1 | (Enable) The users cannot see the display of Windows Defender Security Center notifications. | +| 1 | (Enable) The users can't see the display of Windows Defender Security Center notifications. | @@ -752,7 +752,7 @@ Same as Disabled. Hide the recommendation to update TPM Firmware when a vulnerable firmware is detected. Enabled: -Users will not be shown a recommendation to update their TPM Firmware. +Users won't be shown a recommendation to update their TPM Firmware. Disabled: Users will see a recommendation to update their TPM Firmware if Windows Security detects the system contains a TPM with vulnerable firmware. @@ -853,7 +853,7 @@ Same as Disabled. | Value | Description | |:--|:--| | 0 (Default) | (Disable) The users can see the display of the virus and threat protection area in Windows Defender Security Center. | -| 1 | (Enable) The users cannot see the display of the virus and threat protection area in Windows Defender Security Center. | +| 1 | (Enable) The users can't see the display of the virus and threat protection area in Windows Defender Security Center. | @@ -896,7 +896,7 @@ Same as Disabled. Prevent users from making changes to the Exploit protection settings area in Windows Security. Enabled: -Local users can not make changes in the Exploit protection settings area. +Local users can't make changes in the Exploit protection settings area. Disabled: Local users are allowed to make changes in the Exploit protection settings area. @@ -925,7 +925,7 @@ Same as Disabled. | Value | Description | |:--|:--| | 0 (Default) | (Disable) Local users are allowed to make changes in the exploit protection settings area. | -| 1 | (Enable) Local users cannot make changes in the exploit protection settings area. | +| 1 | (Enable) Local users can't make changes in the exploit protection settings area. | @@ -973,7 +973,7 @@ Enabled: Enter the email address or email ID in the Options section. Disabled: -A contact email address or email ID will not be shown in either Windows Security or any notifications it creates. +A contact email address or email ID won't be shown in either Windows Security or any notifications it creates. Not configured: Same as Disabled. @@ -1145,7 +1145,7 @@ Same as Disabled. | Value | Description | |:--|:--| -| 0 (Default) | (Disable) Do not display the company name and contact options in the card fly out notification. | +| 0 (Default) | (Disable) Don't display the company name and contact options in the card fly out notification. | | 1 | (Enable) Display the company name and contact options in the card fly out notification. | @@ -1484,7 +1484,7 @@ Enabled: Enter the phone number or Skype ID in the Options section. Disabled: -A contact phone number or Skype ID will not be shown in either Windows Security or any notifications it creates. +A contact phone number or Skype ID won't be shown in either Windows Security or any notifications it creates. Not configured: Same as Disabled. @@ -1548,7 +1548,7 @@ Enabled: Enter the URL in the Options section. Disabled: -A contact website URL will not be shown in either Windows Security or any notifications it creates. +A contact website URL won't be shown in either Windows Security or any notifications it creates. Not configured: Same as Disabled. diff --git a/windows/client-management/mdm/policy-csp-windowsinkworkspace.md b/windows/client-management/mdm/policy-csp-windowsinkworkspace.md index 913ae9adfa..7f9cb85aff 100644 --- a/windows/client-management/mdm/policy-csp-windowsinkworkspace.md +++ b/windows/client-management/mdm/policy-csp-windowsinkworkspace.md @@ -123,7 +123,7 @@ Allow Windows Ink Workspace. | Value | Description | |:--|:--| | 0 | Access to ink workspace is disabled. The feature is turned off. | -| 1 | Ink workspace is enabled (feature is turned on), but the user cannot access it above the lock screen. | +| 1 | Ink workspace is enabled (feature is turned on), but the user can't access it above the lock screen. | | 2 (Default) | Ink workspace is enabled (feature is turned on), and the user is allowed to use it above the lock screen. | diff --git a/windows/client-management/mdm/policy-csp-windowslogon.md b/windows/client-management/mdm/policy-csp-windowslogon.md index f5b8e657ba..beb275034b 100644 --- a/windows/client-management/mdm/policy-csp-windowslogon.md +++ b/windows/client-management/mdm/policy-csp-windowslogon.md @@ -47,11 +47,11 @@ This only occurs if the last interactive user didn't sign out before the restart If the device is joined to Active Directory or Azure Active Directory, this policy only applies to Windows Update restarts. Otherwise, this will apply to both Windows Update restarts and user-initiated restarts and shutdowns. -- If you don't configure this policy setting, it is enabled by default. When the policy is enabled, the user is automatically signed in and the session is automatically locked with all lock screen apps configured for that user after the device boots. +- If you don't configure this policy setting, it's enabled by default. When the policy is enabled, the user is automatically signed in and the session is automatically locked with all lock screen apps configured for that user after the device boots. After enabling this policy, you can configure its settings through the ConfigAutomaticRestartSignOn policy, which configures the mode of automatically signing in and locking the last interactive user after a restart or cold boot . -- If you disable this policy setting, the device does not configure automatic sign in. The user's lock screen apps are not restarted after the system restarts. +- If you disable this policy setting, the device doesn't configure automatic sign in. The user's lock screen apps aren't restarted after the system restarts. @@ -106,17 +106,17 @@ After enabling this policy, you can configure its settings through the ConfigAut -This policy setting controls the configuration under which an automatic restart and sign on and lock occurs after a restart or cold boot. If you chose "Disabled" in the "Sign-in and lock last interactive user automatically after a restart" policy, then automatic sign on will not occur and this policy does not need to be configured. +This policy setting controls the configuration under which an automatic restart and sign on and lock occurs after a restart or cold boot. If you chose "Disabled" in the "Sign-in and lock last interactive user automatically after a restart" policy, then automatic sign on won't occur and this policy doesn't need to be configured. - If you enable this policy setting, you can choose one of the following two options: -1. "Enabled if BitLocker is on and not suspended" specifies that automatic sign on and lock will only occur if BitLocker is active and not suspended during the reboot or shutdown. Personal data can be accessed on the device's hard drive at this time if BitLocker is not on or suspended during an update. BitLocker suspension temporarily removes protection for system components and data but may be needed in certain circumstances to successfully update boot-critical components. +1. "Enabled if BitLocker is on and not suspended" specifies that automatic sign on and lock will only occur if BitLocker is active and not suspended during the reboot or shutdown. Personal data can be accessed on the device's hard drive at this time if BitLocker isn't on or suspended during an update. BitLocker suspension temporarily removes protection for system components and data but may be needed in certain circumstances to successfully update boot-critical components. BitLocker is suspended during updates if: - The device doesn't have TPM 2.0 and PCR7, or - The device doesn't use a TPM-only protector -2. "Always Enabled" specifies that automatic sign on will happen even if BitLocker is off or suspended during reboot or shutdown. When BitLocker is not enabled, personal data is accessible on the hard drive. Automatic restart and sign on should only be run under this condition if you are confident that the configured device is in a secure physical location. +2. "Always Enabled" specifies that automatic sign on will happen even if BitLocker is off or suspended during reboot or shutdown. When BitLocker isn't enabled, personal data is accessible on the hard drive. Automatic restart and sign on should only be run under this condition if you are confident that the configured device is in a secure physical location. - If you disable or don't configure this setting, automatic sign on will default to the "Enabled if BitLocker is on and not suspended" behavior. @@ -176,7 +176,7 @@ This policy setting allows you to prevent app notifications from appearing on th - If you enable this policy setting, no app notifications are displayed on the lock screen. -- If you disable or do not configure this policy setting, users can choose which apps display notifications on the lock screen. +- If you disable or don't configure this policy setting, users can choose which apps display notifications on the lock screen. @@ -233,7 +233,7 @@ This policy setting allows you to prevent app notifications from appearing on th This policy setting allows you to control whether anyone can interact with available networks UI on the logon screen. -- If you enable this policy setting, the PC's network connectivity state cannot be changed without signing into Windows. +- If you enable this policy setting, the PC's network connectivity state can't be changed without signing into Windows. - If you disable or don't configure this policy setting, any user can disconnect the PC from the network or can connect the PC to other available networks without signing into Windows. @@ -320,12 +320,12 @@ This policy setting allows you to control whether users see the first sign-in an - If you enable this policy setting, Microsoft account users will see the opt-in prompt for services, and users with other accounts will see the sign-in animation. -- If you disable this policy setting, users will not see the animation and Microsoft account users will not see the opt-in prompt for services. +- If you disable this policy setting, users won't see the animation and Microsoft account users won't see the opt-in prompt for services. -- If you do not configure this policy setting, the user who completes the initial Windows setup will see the animation during their first sign-in. If the first user had already completed the initial setup and this policy setting is not configured, users new to this computer will not see the animation. +- If you don't configure this policy setting, the user who completes the initial Windows setup will see the animation during their first sign-in. If the first user had already completed the initial setup and this policy setting isn't configured, users new to this computer won't see the animation. > [!NOTE] -> The first sign-in animation will not be shown on Server, so this policy will have no effect. +> The first sign-in animation won't be shown on Server, so this policy will have no effect. @@ -390,9 +390,9 @@ This policy setting allows you to control whether users see the first sign-in an This policy controls the configuration under which winlogon sends MPR notifications in the system. -- If you enable this setting or do not configure it, winlogon sends MPR notifications if a credential manager is configured. +- If you enable this setting or don't configure it, winlogon sends MPR notifications if a credential manager is configured. -- If you disable this setting, winlogon does not send MPR notifications. +- If you disable this setting, winlogon doesn't send MPR notifications. @@ -451,7 +451,7 @@ This policy setting allows local users to be enumerated on domain-joined compute - If you enable this policy setting, Logon UI will enumerate all local users on domain-joined computers. -- If you disable or do not configure this policy setting, the Logon UI will not enumerate local users on domain-joined computers. +- If you disable or don't configure this policy setting, the Logon UI won't enumerate local users on domain-joined computers. @@ -508,11 +508,11 @@ This policy setting allows local users to be enumerated on domain-joined compute This policy setting allows you to hide the Switch User interface in the Logon UI, the Start menu and the Task Manager. -- If you enable this policy setting, the Switch User interface is hidden from the user who is attempting to log on or is logged on to the computer that has this policy applied. +- If you enable this policy setting, the Switch User interface is hidden from the user who is attempting to log on or is logged-on to the computer that has this policy applied. The locations that Switch User interface appear are in the Logon UI, the Start menu and the Task Manager. -- If you disable or do not configure this policy setting, the Switch User interface is accessible to the user in the three locations. +- If you disable or don't configure this policy setting, the Switch User interface is accessible to the user in the three locations. @@ -575,7 +575,7 @@ The locations that Switch User interface appear are in the Logon UI, the Start m -OverrideShellProgram policy allows IT admin to configure the shell program for Windows OS on a device. This policy has the highest precedence over other ways of configuring the shell program. The policy currently supports below options: 1. Not Configured: Default shell will be launched. 2. Apply Lightweight Shell: Lightweight shell does not have a user interface and helps the device to achieve better performance as the shell consumes limited resources over default shell. Lightweight shell contains a limited set of features which could be consumed by applications. This configuration can be useful if the device needs to have a continuous running user interface application which would consume features offered by Lightweight shell. If you disable or do not configure this policy setting, then the default shell will be launched. +OverrideShellProgram policy allows IT admin to configure the shell program for Windows OS on a device. This policy has the highest precedence over other ways of configuring the shell program. The policy currently supports below options: 1. Not Configured: Default shell will be launched. 2. Apply Lightweight Shell: Lightweight shell doesn't have a user interface and helps the device to achieve better performance as the shell consumes limited resources over default shell. Lightweight shell contains a limited set of features which could be consumed by applications. This configuration can be useful if the device needs to have a continuous running user interface application which would consume features offered by Lightweight shell. If you disable or don't configure this policy setting, then the default shell will be launched. diff --git a/windows/client-management/mdm/policy-csp-windowssandbox.md b/windows/client-management/mdm/policy-csp-windowssandbox.md index 2aa8eeaf02..c8b375b284 100644 --- a/windows/client-management/mdm/policy-csp-windowssandbox.md +++ b/windows/client-management/mdm/policy-csp-windowssandbox.md @@ -41,9 +41,9 @@ This policy setting enables or disables audio input to the Sandbox. - If you enable this policy setting, Windows Sandbox will be able to receive audio input from the user. Applications using a microphone may require this setting. -- If you disable this policy setting, Windows Sandbox will not be able to receive audio input from the user. Applications using a microphone may not function properly with this setting. +- If you disable this policy setting, Windows Sandbox won't be able to receive audio input from the user. Applications using a microphone may not function properly with this setting. -- If you do not configure this policy setting, audio input will be enabled. +- If you don't configure this policy setting, audio input will be enabled. Note that there may be security implications of exposing host audio input to the container. @@ -108,7 +108,7 @@ This policy setting enables or disables clipboard sharing with the sandbox. - If you disable this policy setting, copy and paste in and out of Sandbox will be restricted. -- If you do not configure this policy setting, clipboard sharing will be enabled. +- If you don't configure this policy setting, clipboard sharing will be enabled. @@ -171,7 +171,7 @@ This policy setting enables or disables networking in the sandbox. You can disab - If you disable this policy setting, networking is disabled in Windows Sandbox. -- If you do not configure this policy setting, networking will be enabled. +- If you don't configure this policy setting, networking will be enabled. Note that enabling networking can expose untrusted applications to the internal network. @@ -234,9 +234,9 @@ This policy setting enables or disables printer sharing from the host into the S - If you enable this policy setting, host printers will be shared into Windows Sandbox. -- If you disable this policy setting, Windows Sandbox will not be able to view printers from the host. +- If you disable this policy setting, Windows Sandbox won't be able to view printers from the host. -- If you do not configure this policy setting, printer redirection will be disabled. +- If you don't configure this policy setting, printer redirection will be disabled. @@ -299,7 +299,7 @@ This policy setting is to enable or disable the virtualized GPU. - If you disable this policy setting, Windows Sandbox will use software rendering, which can be slower than virtualized GPU. -- If you do not configure this policy setting, vGPU will be enabled. +- If you don't configure this policy setting, vGPU will be enabled. Note that enabling virtualized GPU can potentially increase the attack surface of the sandbox. @@ -364,7 +364,7 @@ This policy setting enables or disables video input to the Sandbox. - If you disable this policy setting, video input is disabled in Windows Sandbox. Applications using video input may not function properly in Windows Sandbox. -- If you do not configure this policy setting, video input will be disabled. Applications that use video input may not function properly in Windows Sandbox. +- If you don't configure this policy setting, video input will be disabled. Applications that use video input may not function properly in Windows Sandbox. Note that there may be security implications of exposing host video input to the container. diff --git a/windows/client-management/mdm/policy-csp-wirelessdisplay.md b/windows/client-management/mdm/policy-csp-wirelessdisplay.md index 7453986004..c60fc591ad 100644 --- a/windows/client-management/mdm/policy-csp-wirelessdisplay.md +++ b/windows/client-management/mdm/policy-csp-wirelessdisplay.md @@ -289,7 +289,7 @@ If you set it to 1, your PC may start an outgoing projection as a TCP client. This policy allows you to turn off projection from a PC. -If you set it to 0, your PC cannot discover or project to other devices. +If you set it to 0, your PC can't discover or project to other devices. If you set it to 1, your PC can discover and project to other devices. @@ -312,7 +312,7 @@ If you set it to 1, your PC can discover and project to other devices. | Value | Description | |:--|:--| -| 0 | Your PC cannot discover or project to other devices. | +| 0 | Your PC can't discover or project to other devices. | | 1 (Default) | Your PC can discover and project to other devices. | @@ -340,7 +340,7 @@ If you set it to 1, your PC can discover and project to other devices. This policy allows you to turn off projection from a PC over infrastructure. -If you set it to 0, your PC cannot discover or project to other infrastructure devices, though it may still be possible to discover and project over WiFi Direct. +If you set it to 0, your PC can't discover or project to other infrastructure devices, though it may still be possible to discover and project over WiFi Direct. If you set it to 1, your PC can discover and project to other devices over infrastructure. @@ -363,7 +363,7 @@ If you set it to 1, your PC can discover and project to other devices over infra | Value | Description | |:--|:--| -| 0 | Your PC cannot discover or project to other infrastructure devices, although it is possible to discover and project over WiFi Direct. | +| 0 | Your PC can't discover or project to other infrastructure devices, although it's possible to discover and project over WiFi Direct. | | 1 (Default) | Your PC can discover and project to other devices over infrastructure. | @@ -416,7 +416,7 @@ If you turn it off or don't configure it, your PC is discoverable and can be pro | Value | Description | |:--|:--| -| 0 | Projection to PC is not allowed. Always off and the user cannot enable it. | +| 0 | Projection to PC isn't allowed. Always off and the user can't enable it. | | 1 (Default) | Projection to PC is allowed. Enabled only above the lock screen. | @@ -458,7 +458,7 @@ If you turn it off or don't configure it, your PC is discoverable and can be pro This policy setting allows you to turn off projection to a PC over infrastructure. -If you set it to 0, your PC cannot be discoverable and can't be projected to over infrastructure, though it may still be possible to project over WiFi Direct. +If you set it to 0, your PC can't be discoverable and can't be projected to over infrastructure, though it may still be possible to project over WiFi Direct. If you set it to 1, your PC can be discoverable and can be projected to over infrastructure. @@ -481,7 +481,7 @@ If you set it to 1, your PC can be discoverable and can be projected to over inf | Value | Description | |:--|:--| -| 0 | Your PC is not discoverable and other devices cannot project to it over infrastructure, although it is possible to project to it over WiFi Direct. | +| 0 | Your PC isn't discoverable and other devices can't project to it over infrastructure, although it's possible to project to it over WiFi Direct. | | 1 (Default) | Your PC is discoverable and other devices can project to it over infrastructure. | @@ -585,7 +585,7 @@ If you set this to 'Always', all pairings will require PIN. | Value | Description | |:--|:--| -| 0 (Default) | PIN is not required. | +| 0 (Default) | PIN isn't required. | | 1 | Pairing ceremony for new devices will always require a PIN. | | 2 | All pairings will require PIN. | diff --git a/windows/client-management/mdm/rootcacertificates-csp.md b/windows/client-management/mdm/rootcacertificates-csp.md index 437dc7ac26..44ad086f77 100644 --- a/windows/client-management/mdm/rootcacertificates-csp.md +++ b/windows/client-management/mdm/rootcacertificates-csp.md @@ -215,7 +215,7 @@ Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certifi -Specifies the X.509 certificate as a Base64-encoded string. The Base-64 string value cannot include extra formatting characters such as embedded linefeeds, etc. +Specifies the X.509 certificate as a Base64-encoded string. The Base-64 string value can't include extra formatting characters such as embedded linefeeds, etc. @@ -528,7 +528,7 @@ Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certifi -Specifies the X.509 certificate as a Base64-encoded string. The Base-64 string value cannot include extra formatting characters such as embedded linefeeds, etc. +Specifies the X.509 certificate as a Base64-encoded string. The Base-64 string value can't include extra formatting characters such as embedded linefeeds, etc. @@ -840,7 +840,7 @@ Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certifi -Specifies the X.509 certificate as a Base64-encoded string. The Base-64 string value cannot include extra formatting characters such as embedded linefeeds, etc. +Specifies the X.509 certificate as a Base64-encoded string. The Base-64 string value can't include extra formatting characters such as embedded linefeeds, etc. @@ -1154,7 +1154,7 @@ Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certifi -Specifies the X.509 certificate as a Base64-encoded string. The Base-64 string value cannot include extra formatting characters such as embedded linefeeds, etc. +Specifies the X.509 certificate as a Base64-encoded string. The Base-64 string value can't include extra formatting characters such as embedded linefeeds, etc. @@ -1467,7 +1467,7 @@ Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certifi -Specifies the X.509 certificate as a Base64-encoded string. The Base-64 string value cannot include extra formatting characters such as embedded linefeeds, etc. +Specifies the X.509 certificate as a Base64-encoded string. The Base-64 string value can't include extra formatting characters such as embedded linefeeds, etc. @@ -1701,7 +1701,7 @@ Returns the expiration date of the certificate. Supported operation is Get. This -Node for certificates that are not trusted. IT admin can use this node to immediately flag certificates that have been compromised and no longer usable. +Node for certificates that aren't trusted. IT admin can use this node to immediately flag certificates that have been compromised and no longer usable. @@ -1780,7 +1780,7 @@ Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certifi -Specifies the X.509 certificate as a Base64-encoded string. The Base-64 string value cannot include extra formatting characters such as embedded linefeeds, etc. +Specifies the X.509 certificate as a Base64-encoded string. The Base-64 string value can't include extra formatting characters such as embedded linefeeds, etc. @@ -2093,7 +2093,7 @@ Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certifi -Specifies the X.509 certificate as a Base64-encoded string. The Base-64 string value cannot include extra formatting characters such as embedded linefeeds, etc. +Specifies the X.509 certificate as a Base64-encoded string. The Base-64 string value can't include extra formatting characters such as embedded linefeeds, etc. @@ -2406,7 +2406,7 @@ Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certifi -Specifies the X.509 certificate as a Base64-encoded string. The Base-64 string value cannot include extra formatting characters such as embedded linefeeds, etc. +Specifies the X.509 certificate as a Base64-encoded string. The Base-64 string value can't include extra formatting characters such as embedded linefeeds, etc. @@ -2719,7 +2719,7 @@ Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certifi -Specifies the X.509 certificate as a Base64-encoded string. The Base-64 string value cannot include extra formatting characters such as embedded linefeeds, etc. +Specifies the X.509 certificate as a Base64-encoded string. The Base-64 string value can't include extra formatting characters such as embedded linefeeds, etc. @@ -3032,7 +3032,7 @@ Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certifi -Specifies the X.509 certificate as a Base64-encoded string. The Base-64 string value cannot include extra formatting characters such as embedded linefeeds, etc. +Specifies the X.509 certificate as a Base64-encoded string. The Base-64 string value can't include extra formatting characters such as embedded linefeeds, etc. @@ -3266,7 +3266,7 @@ Returns the expiration date of the certificate. Supported operation is Get. This -Node for certificates that are not trusted. IT admin can use this node to immediately flag certificates that have been compromised and no longer usable. +Node for certificates that aren't trusted. IT admin can use this node to immediately flag certificates that have been compromised and no longer usable. @@ -3345,7 +3345,7 @@ Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certifi -Specifies the X.509 certificate as a Base64-encoded string. The Base-64 string value cannot include extra formatting characters such as embedded linefeeds, etc. +Specifies the X.509 certificate as a Base64-encoded string. The Base-64 string value can't include extra formatting characters such as embedded linefeeds, etc. diff --git a/windows/client-management/mdm/sharedpc-csp.md b/windows/client-management/mdm/sharedpc-csp.md index 2fe0cc255c..efb7d39fed 100644 --- a/windows/client-management/mdm/sharedpc-csp.md +++ b/windows/client-management/mdm/sharedpc-csp.md @@ -441,7 +441,7 @@ Setting this node to "1" enables Windows Insider Preview flighting and the abili -Accounts will start being deleted when they have not been logged on during the specified period, given as number of days. +Accounts will start being deleted when they haven't been logged-on during the specified period, given as number of days. diff --git a/windows/client-management/mdm/supl-csp.md b/windows/client-management/mdm/supl-csp.md index 2ff3f418bf..26ba1214aa 100644 --- a/windows/client-management/mdm/supl-csp.md +++ b/windows/client-management/mdm/supl-csp.md @@ -392,7 +392,7 @@ Optional. Specifies the positioning method that the SUPL client will use for mob -This setting is deprecated in Windows 10. Optional. Boolean. Specifies whether the location toggle on the location screen in Settings is also used to manage SUPL network-initiated (NI) requests for location. If the value is set to 0, the NI behavior is independent from the current location toggle setting. If the value is set to 1, the NI behavior follows the current location toggle setting. The default value is 1. Note that most clients do not support this behavior. This value manages the settings for both SUPL and v2 UPL. If a phone is configured for both SUPL and V2 UPL and these values differ, the SUPL setting will always be used. +This setting is deprecated in Windows 10. Optional. Boolean. Specifies whether the location toggle on the location screen in Settings is also used to manage SUPL network-initiated (NI) requests for location. If the value is set to 0, the NI behavior is independent from the current location toggle setting. If the value is set to 1, the NI behavior follows the current location toggle setting. The default value is 1. Note that most clients don't support this behavior. This value manages the settings for both SUPL and v2 UPL. If a phone is configured for both SUPL and V2 UPL and these values differ, the SUPL setting will always be used. @@ -460,7 +460,7 @@ For OMA DM, if the format for this node is incorrect then an entry will be ignor -Required. List all of the MCC and MNC pairs owned by the mobile operator. This list is used to verify that the UICC matches the network and SUPL can be used. When the UICC and network do not match, the phone uses the default location service and does not use SUPL. +Required. List all of the MCC and MNC pairs owned by the mobile operator. This list is used to verify that the UICC matches the network and SUPL can be used. When the UICC and network don't match, the phone uses the default location service and doesn't use SUPL. @@ -542,7 +542,7 @@ Optional. Time in seconds that the network-initiated location request is display -Required. Specifies the root certificate for the H-SLP server. Windows does not support a non-secure mode. If this node is not included, the configuration service provider will fail but may not return a specific error. +Required. Specifies the root certificate for the H-SLP server. Windows doesn't support a non-secure mode. If this node isn't included, the configuration service provider will fail but may not return a specific error. diff --git a/windows/client-management/mdm/surfacehub-csp.md b/windows/client-management/mdm/surfacehub-csp.md index 354095bc43..dece9dcc5a 100644 --- a/windows/client-management/mdm/surfacehub-csp.md +++ b/windows/client-management/mdm/surfacehub-csp.md @@ -105,7 +105,7 @@ The following list shows the SurfaceHub configuration service provider nodes: -Node for setting device account information. A device account is a Microsoft Exchange account that is connected with Skype for Business, which allows people to join scheduled meetings, make Skype for Business calls, and share content from the device. See the [Surface Hub administrator guide](/surface-hub/) for more information about setting up a device account. To use a device account from Azure Active Directory: 1. Set the UserPrincipalName (for Azure AD). 2. Set a valid Password. 3. Execute ValidateAndCommit to validate the specified username and password combination against Azure AD. 4. Get the ErrorContext in case something goes wrong during validation. +Node for setting device account information. A device account is a Microsoft Exchange account that's connected with Skype for Business, which allows people to join scheduled meetings, make Skype for Business calls, and share content from the device. See the [Surface Hub administrator guide](/surface-hub/) for more information about setting up a device account. To use a device account from Azure Active Directory: 1. Set the UserPrincipalName (for Azure AD). 2. Set a valid Password. 3. Execute ValidateAndCommit to validate the specified username and password combination against Azure AD. 4. Get the ErrorContext in case something goes wrong during validation. @@ -1188,7 +1188,7 @@ Setting for the screen to wake up and stay on with sensor activity. -Background image for the welcome screen. To set this, specify an https URL to a PNG file (only PNGs are supported for security reasons). If any certificate authorities need to be trusted in order to access the URL, please ensure they are valid and installed on the Hub, otherwise it may not be able to load the image. +Background image for the welcome screen. To set this, specify an https URL to a PNG file (only PNGs are supported for security reasons). If any certificate authorities need to be trusted in order to access the URL, please ensure they're valid and installed on the Hub, otherwise it may not be able to load the image. @@ -2212,7 +2212,7 @@ Specifies the default volume value for a new session. -Specifies whether to disable auto-populating of the sign-in dialog with invitees from scheduled meetings. If this setting is true, the sign-in dialog will not be populated. If false, the dialog will auto-populate. +Specifies whether to disable auto-populating of the sign-in dialog with invitees from scheduled meetings. If this setting is true, the sign-in dialog won't be populated. If false, the dialog will auto-populate. @@ -2235,7 +2235,7 @@ Specifies whether to disable auto-populating of the sign-in dialog with invitees | Value | Description | |:--|:--| | false (Default) | Dialog will auto-populate. | -| true | Sign-in dialog will not be populated. | +| true | Sign-in dialog won't be populated. | @@ -2261,7 +2261,7 @@ Specifies whether to disable auto-populating of the sign-in dialog with invitees -Specifies whether to disable the "My meetings and files" feature in the Start menu, which shows the signed-in user's meetings and files from Office 365. If this setting is true, the "My meetings and files" feature will not be shown. When false, the "My meetings and files" feature will be shown. +Specifies whether to disable the "My meetings and files" feature in the Start menu, which shows the signed-in user's meetings and files from Office 365. If this setting is true, the "My meetings and files" feature won't be shown. When false, the "My meetings and files" feature will be shown. @@ -2283,7 +2283,7 @@ Specifies whether to disable the "My meetings and files" feature in the Start me | Value | Description | |:--|:--| -| true | "My meetings and files" feature will not be shown. | +| true | "My meetings and files" feature won't be shown. | | false (Default) | The "My meetings and files" feature will be shown. | diff --git a/windows/client-management/mdm/vpnv2-csp.md b/windows/client-management/mdm/vpnv2-csp.md index c22d60eab5..0992815e7c 100644 --- a/windows/client-management/mdm/vpnv2-csp.md +++ b/windows/client-management/mdm/vpnv2-csp.md @@ -261,7 +261,7 @@ The following list shows the VPNv2 configuration service provider nodes: -Unique alpha numeric identifier for the profile. The profile name must not include a forward slash (/). If the profile name has a space or other non-alphanumeric character, it must be properly escaped according to the URL encoding standard. +Unique alpha numeric identifier for the profile. The profile name mustn't include a forward slash (/). If the profile name has a space or other non-alphanumeric character, it must be properly escaped according to the URL encoding standard. @@ -713,7 +713,7 @@ List of applications set to trigger the VPN. If any of these apps are launched a -A sequential integer identifier which allows the ability to specify multiple apps for App Trigger. Sequencing must start at 0 and you should not skip numbers. +A sequential integer identifier which allows the ability to specify multiple apps for App Trigger. Sequencing must start at 0 and you shouldn't skip numbers. @@ -870,7 +870,7 @@ Returns the type of App/Id. This value can be either of the following: PackageFa -False: Do not Bypass for Local traffic +False: Don't Bypass for Local traffic True: ByPass VPN Interface for Local Traffic Optional. When this setting is True, requests to local resources that are available on the same Wi-Fi network as the VPN client can bypass the VPN. For example, if enterprise policy for VPN requires force tunnel for VPN, but enterprise intends to allow the remote user to connect locally to media center in their home, then this option should be set to True. The user can bypass VPN for local subnet traffic. When this is set to False, the setting is disabled and no subnet exceptions are allowed. @@ -1217,7 +1217,7 @@ Comma Separated list of Issuer Hashes for the VPN Client to look for the correct If turned on a device tunnel profile does four things. First, it automatically becomes an always on profile. -Second, it does not require the presence or logging in of any user to the machine in order for it to connect. +Second, it doesn't require the presence or logging in of any user to the machine in order for it to connect. Third, no other Device Tunnel profile maybe be present on the same machine. A device tunnel profile must be deleted before another device tunnel profile can be added, removed, or connected. @@ -1241,7 +1241,7 @@ A device tunnel profile must be deleted before another device tunnel profile can | Value | Description | |:--|:--| -| false (Default) | This is not a device tunnel profile. | +| false (Default) | This isn't a device tunnel profile. | | true | This is a device tunnel profile. | @@ -1316,7 +1316,7 @@ Optional. When this setting is True, the Advanced Options page will have its edi -Optional. When this setting is True, the Disconnect button will not be visible for connected profiles. +Optional. When this setting is True, the Disconnect button won't be visible for connected profiles. @@ -1338,7 +1338,7 @@ Optional. When this setting is True, the Disconnect button will not be visible f | Value | Description | |:--|:--| | false | Disconnect Button is visible. | -| true | Disconnect Button is not visible. | +| true | Disconnect Button isn't visible. | @@ -1386,7 +1386,7 @@ Set to disable IKEv2 Fragmentation. | Value | Description | |:--|:--| -| true | IKEv2 Fragmentation will not be used. | +| true | IKEv2 Fragmentation won't be used. | | false (Default) | IKEv2 Fragmentation is used as normal. | @@ -1555,7 +1555,7 @@ Boolean to determine whether this domain name rule will trigger the VPN. | Value | Description | |:--|:--| -| false (Default) | This DomainName rule will not trigger the VPN. | +| false (Default) | This DomainName rule won't trigger the VPN. | | true | This DomainName rule will trigger the VPN. | @@ -1660,7 +1660,7 @@ Used to indicate the namespace to which the policy applies. When a Name query is -Returns the namespace type. This value can be one of the following: FQDN - If the DomainName was not prepended with a . and applies only to the fully qualified domain name (FQDN) of a specified host. Suffix - If the DomainName was prepended with a . and applies to the specified namespace, all records in that namespace, and all subdomains. +Returns the namespace type. This value can be one of the following: FQDN - If the DomainName wasn't prepended with a . and applies only to the fully qualified domain name (FQDN) of a specified host. Suffix - If the DomainName was prepended with a . and applies to the specified namespace, all records in that namespace, and all subdomains. @@ -1699,7 +1699,7 @@ Returns the namespace type. This value can be one of the following: FQDN - If th -A boolean value that specifies if the rule being added should persist even when the VPN is not connected. +A boolean value that specifies if the rule being added should persist even when the VPN isn't connected. @@ -2290,7 +2290,7 @@ Type of user authentication. | Value | Description | |:--|:--| | EAP | EAP. | -| MSChapv2 | MSChapv2: This is not supported for IKEv2. | +| MSChapv2 | MSChapv2: This isn't supported for IKEv2. | @@ -2810,7 +2810,7 @@ Required for native profiles. Type of tunneling protocol used. -True: Plumb traffic selectors as routes onto VPN interface, False: Do not plumb traffic selectors as routes. +True: Plumb traffic selectors as routes onto VPN interface, False: Don't plumb traffic selectors as routes. @@ -3219,7 +3219,7 @@ Nodes under the PluginProfile are required when using a Microsoft Store based VP -Optional. This is an HTML encoded XML blob for SSL-VPN plug-in specific configuration including authentication information that is deployed to the device to make it available for SSL-VPN plug-ins. Contact the plugin provider for format and other details. Most plugins can also configure values based on the server negotiations as well as defaults. +Optional. This is an HTML encoded XML blob for SSL-VPN plug-in specific configuration including authentication information that's deployed to the device to make it available for SSL-VPN plug-ins. Contact the plugin provider for format and other details. Most plugins can also configure values based on the server negotiations as well as defaults. @@ -3603,7 +3603,7 @@ Allows registration of the connection's address in DNS. | Value | Description | |:--|:--| -| false (Default) | Do not register the connection's address in DNS. | +| false (Default) | Don't register the connection's address in DNS. | | true | Register the connection's addresses in DNS. | @@ -3652,7 +3652,7 @@ Boolean value (true or false) for caching credentials. | Value | Description | |:--|:--| -| false (Default) | Do not cache credentials. | +| false (Default) | Don't cache credentials. | | true | Credentials are cached whenever possible. | @@ -4450,7 +4450,7 @@ Specifies the routing policy if an App or Claims type is used in the traffic fil -Comma separated string to identify the trusted network. VPN will not connect automatically when the user is on their corporate wireless network where protected resources are directly accessible to the device. +Comma separated string to identify the trusted network. VPN won't connect automatically when the user is on their corporate wireless network where protected resources are directly accessible to the device. @@ -4512,7 +4512,7 @@ Determines whether the credential manager will save ras credentials after a conn | Value | Description | |:--|:--| -| false | Ras Credentials are not saved. | +| false | Ras Credentials aren't saved. | | true (Default) | Ras Credentials are saved. | @@ -4539,7 +4539,7 @@ Determines whether the credential manager will save ras credentials after a conn -Unique alpha numeric identifier for the profile. The profile name must not include a forward slash (/). If the profile name has a space or other non-alphanumeric character, it must be properly escaped according to the URL encoding standard. +Unique alpha numeric identifier for the profile. The profile name mustn't include a forward slash (/). If the profile name has a space or other non-alphanumeric character, it must be properly escaped according to the URL encoding standard. @@ -4991,7 +4991,7 @@ List of applications set to trigger the VPN. If any of these apps are launched a -A sequential integer identifier which allows the ability to specify multiple apps for App Trigger. Sequencing must start at 0 and you should not skip numbers. +A sequential integer identifier which allows the ability to specify multiple apps for App Trigger. Sequencing must start at 0 and you shouldn't skip numbers. @@ -5148,7 +5148,7 @@ Returns the type of App/Id. This value can be either of the following: PackageFa -False: Do not Bypass for Local traffic +False: Don't Bypass for Local traffic True: ByPass VPN Interface for Local Traffic Optional. When this setting is True, requests to local resources that are available on the same Wi-Fi network as the VPN client can bypass the VPN. For example, if enterprise policy for VPN requires force tunnel for VPN, but enterprise intends to allow the remote user to connect locally to media center in their home, then this option should be set to True. The user can bypass VPN for local subnet traffic. When this is set to False, the setting is disabled and no subnet exceptions are allowed. @@ -5541,7 +5541,7 @@ Optional. When this setting is True, the Advanced Options page will have its edi -Optional. When this setting is True, the Disconnect button will not be visible for connected profiles. +Optional. When this setting is True, the Disconnect button won't be visible for connected profiles. @@ -5563,7 +5563,7 @@ Optional. When this setting is True, the Disconnect button will not be visible f | Value | Description | |:--|:--| | false | Disconnect Button is visible. | -| true | Disconnect Button is not visible. | +| true | Disconnect Button isn't visible. | @@ -5611,7 +5611,7 @@ Set to disable IKEv2 Fragmentation. | Value | Description | |:--|:--| -| true | IKEv2 Fragmentation will not be used. | +| true | IKEv2 Fragmentation won't be used. | | false (Default) | IKEv2 Fragmentation is used as normal. | @@ -5780,7 +5780,7 @@ Boolean to determine whether this domain name rule will trigger the VPN. | Value | Description | |:--|:--| -| false (Default) | This DomainName rule will not trigger the VPN. | +| false (Default) | This DomainName rule won't trigger the VPN. | | true | This DomainName rule will trigger the VPN. | @@ -5885,7 +5885,7 @@ Used to indicate the namespace to which the policy applies. When a Name query is -Returns the namespace type. This value can be one of the following: FQDN - If the DomainName was not prepended with a . and applies only to the fully qualified domain name (FQDN) of a specified host. Suffix - If the DomainName was prepended with a . and applies to the specified namespace, all records in that namespace, and all subdomains. +Returns the namespace type. This value can be one of the following: FQDN - If the DomainName wasn't prepended with a . and applies only to the fully qualified domain name (FQDN) of a specified host. Suffix - If the DomainName was prepended with a . and applies to the specified namespace, all records in that namespace, and all subdomains. @@ -5924,7 +5924,7 @@ Returns the namespace type. This value can be one of the following: FQDN - If th -A boolean value that specifies if the rule being added should persist even when the VPN is not connected. +A boolean value that specifies if the rule being added should persist even when the VPN isn't connected. @@ -6493,7 +6493,7 @@ This is only supported in IKEv2. -This value can be one of the following: EAP or MSChapv2 (This is not supported for IKEv2). +This value can be one of the following: EAP or MSChapv2 (This isn't supported for IKEv2). @@ -6515,7 +6515,7 @@ This value can be one of the following: EAP or MSChapv2 (This is not supported f | Value | Description | |:--|:--| | EAP | EAP. | -| MSChapv2 | MSChapv2: This is not supported for IKEv2. | +| MSChapv2 | MSChapv2: This isn't supported for IKEv2. | @@ -7035,7 +7035,7 @@ Required for native profiles. Type of tunneling protocol used. -True: Plumb traffic selectors as routes onto VPN interface, False: Do not plumb traffic selectors as routes. +True: Plumb traffic selectors as routes onto VPN interface, False: Don't plumb traffic selectors as routes. @@ -7444,7 +7444,7 @@ Nodes under the PluginProfile are required when using a Microsoft Store based VP -Optional. This is an HTML encoded XML blob for SSL-VPN plug-in specific configuration including authentication information that is deployed to the device to make it available for SSL-VPN plug-ins. Contact the plugin provider for format and other details. Most plugins can also configure values based on the server negotiations as well as defaults. +Optional. This is an HTML encoded XML blob for SSL-VPN plug-in specific configuration including authentication information that's deployed to the device to make it available for SSL-VPN plug-ins. Contact the plugin provider for format and other details. Most plugins can also configure values based on the server negotiations as well as defaults. @@ -7828,7 +7828,7 @@ Allows registration of the connection's address in DNS. | Value | Description | |:--|:--| -| false (Default) | Do not register the connection's address in DNS. | +| false (Default) | Don't register the connection's address in DNS. | | true | Register the connection's addresses in DNS. | @@ -7877,7 +7877,7 @@ Boolean value (true or false) for caching credentials. | Value | Description | |:--|:--| -| false (Default) | Do not cache credentials. | +| false (Default) | Don't cache credentials. | | true | Credentials are cached whenever possible. | @@ -7906,7 +7906,7 @@ Boolean value (true or false) for caching credentials. Applicable only to AppContainer profiles. -False: Do not show profile in Settings UI. +False: Don't show profile in Settings UI. True: Show profile in Settings UI. Optional. This node is only relevant for AppContainer profiles (i.e. using the VpnManagementAgent::AddProfileFromXmlAsync method). @@ -8719,7 +8719,7 @@ Specifies the routing policy if an App or Claims type is used in the traffic fil -Comma separated string to identify the trusted network. VPN will not connect automatically when the user is on their corporate wireless network where protected resources are directly accessible to the device. +Comma separated string to identify the trusted network. VPN won't connect automatically when the user is on their corporate wireless network where protected resources are directly accessible to the device. @@ -8781,7 +8781,7 @@ Determines whether the credential manager will save ras credentials after a conn | Value | Description | |:--|:--| -| false | Ras Credentials are not saved. | +| false | Ras Credentials aren't saved. | | true (Default) | Ras Credentials are saved. | diff --git a/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md b/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md index 387aa261ca..5dcfb1a7ce 100644 --- a/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md +++ b/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md @@ -313,7 +313,7 @@ This policy setting allows you to determine whether applications inside Microsof | Value | Description | |:--|:--| -| 0 (Default) | Microsoft Defender Application Guard cannot access the device’s camera and microphone. When the policy is not configured, it is the same as disabled (0). | +| 0 (Default) | Microsoft Defender Application Guard can't access the device’s camera and microphone. When the policy isn't configured, it's the same as disabled (0). | | 1 | Turns on the functionality to allow Microsoft Defender Application Guard to access the device’s camera and microphone. | @@ -440,7 +440,7 @@ This policy setting allows you to determine whether Application Guard can use th | Value | Description | |:--|:--| -| 0 (Default) | Cannot access the vGPU and uses the CPU to support rendering graphics. When the policy is not configured, it is the same as disabled (0). | +| 0 (Default) | Cannot access the vGPU and uses the CPU to support rendering graphics. When the policy isn't configured, it's the same as disabled (0). | | 1 | Turns on the functionality to access the vGPU offloading graphics rendering from the CPU. This can create a faster experience when working with graphics intense websites or watching video within the container. | @@ -611,7 +611,7 @@ This policy setting allows you to decide whether websites can load non-enterpris This policy setting allows certain device level Root Certificates to be shared with the Microsoft Defender Application Guard container. - If you enable this setting, certificates with a thumbprint matching the ones specified will be transferred into the container. Multiple certificates can be specified by using a comma to separate the thumbprints for each certificate you want to transfer. Here's an example: b4e72779a8a362c860c36a6461f31e3aa7e58c14,1b1d49f06d2a697a544a1059bd59a7b058cda924. -- If you disable or don't configure this setting, certificates are not shared with the Microsoft Defender Application Guard container. +- If you disable or don't configure this setting, certificates aren't shared with the Microsoft Defender Application Guard container. @@ -890,7 +890,7 @@ This policy setting allows you to determine whether users can elect to download | Value | Description | |:--|:--| -| 0 (Default) | The user cannot download files from Edge in the container to the host file system. When the policy is not configured, it is the same as disabled (0). | +| 0 (Default) | The user can't download files from Edge in the container to the host file system. When the policy isn't configured, it's the same as disabled (0). | | 1 | Turns on the functionality to allow users to download files from Edge in the container to the host file system. | diff --git a/windows/client-management/mdm/windowslicensing-csp.md b/windows/client-management/mdm/windowslicensing-csp.md index 671928655e..60dd258bf1 100644 --- a/windows/client-management/mdm/windowslicensing-csp.md +++ b/windows/client-management/mdm/windowslicensing-csp.md @@ -250,7 +250,7 @@ Returns the last error code of Refresh/Remove Device License operation. Value wo -Returns last error description from Device Licensing. Value would be empty, if error decription can not be evaluated. +Returns last error description from Device Licensing. Value would be empty, if error decription can't be evaluated. @@ -1134,7 +1134,7 @@ Error code of last subscription operation. Value would be empty(0) in absence of -Error description of last subscription operation. Value would be empty, if error description cannot be evaluated. +Error description of last subscription operation. Value would be empty, if error description can't be evaluated. From 9b6e53d8a7cf2e6b63f910d1b79cc1d110e5f117 Mon Sep 17 00:00:00 2001 From: Andre Della Monica Date: Thu, 11 May 2023 11:04:30 -0500 Subject: [PATCH 118/258] More changes --- ...dows-autopatch-groups-manage-autopatch-groups.md | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/windows/deployment/windows-autopatch/deploy/windows-autopatch-groups-manage-autopatch-groups.md b/windows/deployment/windows-autopatch/deploy/windows-autopatch-groups-manage-autopatch-groups.md index 71ba52fc37..9c11543fb9 100644 --- a/windows/deployment/windows-autopatch/deploy/windows-autopatch-groups-manage-autopatch-groups.md +++ b/windows/deployment/windows-autopatch/deploy/windows-autopatch-groups-manage-autopatch-groups.md @@ -1,7 +1,7 @@ --- title: Manage Windows Autopatch groups description: This article explains how to manage Autopatch groups -ms.date: 05/05/2023 +ms.date: 05/11/2023 ms.prod: windows-client ms.technology: itpro-updates ms.topic: how-to @@ -219,3 +219,14 @@ The Windows Autopatch team is currently developing the Autopatch group Azure AD > - Modern Workplace Devices-Windows Autopatch-Broad > > Use the [Policy health feature](../operate/windows-autopatch-policy-health-and-remediation.md) to restore these groups, if needed. For more information, see [restore deployment groups](../operate/windows-autopatch-policy-health-and-remediation.md#restore-deployment-groups). + +### Autopatch group rename + +- **Status: Active** + +The Windows Autopatch team is aware that the Windows Autopatch service doesn't allow the rename of Autopatch groups yet. The Autopatch group name is appended to all deployment ring names in the Autopatch group. + +> [!IMPORTANT] +> During the public preview, if you try to rename either the [Update rings](/mem/intune/protect/windows-10-update-rings) or [feature updates](/mem/intune/protect/windows-10-feature-updates) for Windows 10 and later policies directly in the Microsoft Intune end-user experience, the policy names are reverted back to the name defined by the Autopatch group end-user experience interface. + +The Windows Autopatch team is currently developing the rename feature and plan to make it available during public preview. \ No newline at end of file From 0b863e787c031d006b0e35f406630843d32f1ac0 Mon Sep 17 00:00:00 2001 From: Tiara Quan <95256667+tiaraquan@users.noreply.github.com> Date: Thu, 11 May 2023 09:28:50 -0700 Subject: [PATCH 119/258] Update windows-autopatch-groups-manage-autopatch-groups.md --- .../windows-autopatch-groups-manage-autopatch-groups.md | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/windows/deployment/windows-autopatch/deploy/windows-autopatch-groups-manage-autopatch-groups.md b/windows/deployment/windows-autopatch/deploy/windows-autopatch-groups-manage-autopatch-groups.md index 9c11543fb9..9831d4850d 100644 --- a/windows/deployment/windows-autopatch/deploy/windows-autopatch-groups-manage-autopatch-groups.md +++ b/windows/deployment/windows-autopatch/deploy/windows-autopatch-groups-manage-autopatch-groups.md @@ -220,13 +220,11 @@ The Windows Autopatch team is currently developing the Autopatch group Azure AD > > Use the [Policy health feature](../operate/windows-autopatch-policy-health-and-remediation.md) to restore these groups, if needed. For more information, see [restore deployment groups](../operate/windows-autopatch-policy-health-and-remediation.md#restore-deployment-groups). -### Autopatch group rename +### Rename an Autopatch group - **Status: Active** -The Windows Autopatch team is aware that the Windows Autopatch service doesn't allow the rename of Autopatch groups yet. The Autopatch group name is appended to all deployment ring names in the Autopatch group. +You can't rename an Autopatch group yet. The Autopatch group name is appended to all deployment ring names in the Autopatch group. Windows Autopatch is currently developing the rename feature. > [!IMPORTANT] > During the public preview, if you try to rename either the [Update rings](/mem/intune/protect/windows-10-update-rings) or [feature updates](/mem/intune/protect/windows-10-feature-updates) for Windows 10 and later policies directly in the Microsoft Intune end-user experience, the policy names are reverted back to the name defined by the Autopatch group end-user experience interface. - -The Windows Autopatch team is currently developing the rename feature and plan to make it available during public preview. \ No newline at end of file From 2847d473e200074e8e73d366f1688dd8c1a751f5 Mon Sep 17 00:00:00 2001 From: Vinay Pamnani <37223378+vinaypamnani-msft@users.noreply.github.com> Date: Thu, 11 May 2023 13:11:30 -0400 Subject: [PATCH 120/258] Sanitization improvements --- .../client-management/mdm/bitlocker-csp.md | 62 +-- .../mdm/clientcertificateinstall-csp.md | 36 +- windows/client-management/mdm/defender-csp.md | 311 ++++++++++----- windows/client-management/mdm/dmacc-csp.md | 10 +- windows/client-management/mdm/email2-csp.md | 3 +- windows/client-management/mdm/firewall-csp.md | 49 ++- windows/client-management/mdm/laps-csp.md | 8 +- .../mdm/passportforwork-csp.md | 35 +- .../mdm/policy-csp-admx-appcompat.md | 4 +- .../mdm/policy-csp-admx-appxpackagemanager.md | 10 +- .../mdm/policy-csp-admx-auditsettings.md | 4 +- .../mdm/policy-csp-admx-bits.md | 4 +- .../mdm/policy-csp-admx-controlpanel.md | 20 +- .../policy-csp-admx-controlpaneldisplay.md | 5 +- .../policy-csp-admx-credentialproviders.md | 18 +- .../mdm/policy-csp-admx-credssp.md | 62 ++- .../mdm/policy-csp-admx-desktop.md | 8 +- .../mdm/policy-csp-admx-deviceguard.md | 4 +- .../mdm/policy-csp-admx-diskquota.md | 7 +- .../mdm/policy-csp-admx-dnsclient.md | 12 +- .../mdm/policy-csp-admx-errorreporting.md | 4 +- .../mdm/policy-csp-admx-eventforwarding.md | 3 +- .../mdm/policy-csp-admx-filerevocation.md | 5 +- .../mdm/policy-csp-admx-filesys.md | 16 +- .../mdm/policy-csp-admx-globalization.md | 18 +- .../mdm/policy-csp-admx-grouppolicy.md | 56 ++- .../mdm/policy-csp-admx-icm.md | 4 +- .../mdm/policy-csp-admx-iis.md | 5 +- .../mdm/policy-csp-admx-kdc.md | 18 +- .../mdm/policy-csp-admx-kerberos.md | 4 +- .../mdm/policy-csp-admx-lanmanserver.md | 19 +- .../mdm/policy-csp-admx-lanmanworkstation.md | 15 +- .../mdm/policy-csp-admx-leakdiagnostic.md | 7 +- .../mdm/policy-csp-admx-logon.md | 13 +- ...icy-csp-admx-microsoftdefenderantivirus.md | 113 +++--- .../mdm/policy-csp-admx-mmcsnapins.md | 208 +++++++++- .../mdm/policy-csp-admx-msapolicy.md | 6 +- .../mdm/policy-csp-admx-msched.md | 4 +- .../mdm/policy-csp-admx-msi.md | 8 +- .../mdm/policy-csp-admx-nca.md | 9 +- .../mdm/policy-csp-admx-netlogon.md | 5 +- .../mdm/policy-csp-admx-networkconnections.md | 13 +- .../mdm/policy-csp-admx-offlinefiles.md | 16 +- .../mdm/policy-csp-admx-peertopeercaching.md | 34 +- .../mdm/policy-csp-admx-power.md | 10 +- ...licy-csp-admx-powershellexecutionpolicy.md | 17 +- .../mdm/policy-csp-admx-printing.md | 19 +- .../mdm/policy-csp-admx-reliability.md | 6 +- .../mdm/policy-csp-admx-remoteassistance.md | 6 +- .../mdm/policy-csp-admx-removablestorage.md | 4 +- .../mdm/policy-csp-admx-sdiageng.md | 4 +- .../mdm/policy-csp-admx-servermanager.md | 3 +- .../mdm/policy-csp-admx-smartcard.md | 15 +- .../mdm/policy-csp-admx-startmenu.md | 11 +- .../mdm/policy-csp-admx-tabletpcinputpanel.md | 26 +- .../mdm/policy-csp-admx-tabletshell.md | 10 +- .../mdm/policy-csp-admx-tcpip.md | 6 +- .../mdm/policy-csp-admx-terminalserver.md | 38 +- .../mdm/policy-csp-admx-touchinput.md | 12 +- ...y-csp-admx-userexperiencevirtualization.md | 371 +++++++++++++++++- .../mdm/policy-csp-admx-userprofiles.md | 11 +- .../mdm/policy-csp-admx-w32time.md | 103 +++-- .../mdm/policy-csp-admx-wcm.md | 10 +- .../mdm/policy-csp-admx-windowsconnectnow.md | 6 +- .../mdm/policy-csp-admx-windowsexplorer.md | 19 +- .../mdm/policy-csp-admx-windowsmediaplayer.md | 7 +- .../mdm/policy-csp-admx-winlogon.md | 5 +- .../mdm/policy-csp-admx-workfoldersclient.md | 5 +- .../mdm/policy-csp-applicationdefaults.md | 5 +- .../mdm/policy-csp-applicationmanagement.md | 3 +- .../client-management/mdm/policy-csp-audit.md | 73 +++- .../mdm/policy-csp-autoplay.md | 5 +- .../client-management/mdm/policy-csp-bits.md | 47 ++- .../mdm/policy-csp-browser.md | 103 +++-- .../mdm/policy-csp-cellular.md | 3 +- .../mdm/policy-csp-credentialsdelegation.md | 4 +- .../mdm/policy-csp-defender.md | 132 ++++--- .../mdm/policy-csp-deliveryoptimization.md | 5 +- .../mdm/policy-csp-deviceinstallation.md | 37 +- .../mdm/policy-csp-education.md | 6 +- .../mdm/policy-csp-experience.md | 10 +- .../mdm/policy-csp-internetexplorer.md | 47 ++- .../mdm/policy-csp-kerberos.md | 4 +- .../mdm/policy-csp-lanmanworkstation.md | 4 +- .../mdm/policy-csp-licensing.md | 17 +- ...policy-csp-localpoliciessecurityoptions.md | 14 +- .../mdm/policy-csp-localusersandgroups.md | 3 +- .../mdm/policy-csp-mixedreality.md | 23 +- .../mdm/policy-csp-networkisolation.md | 4 +- .../mdm/policy-csp-newsandinterests.md | 4 +- .../mdm/policy-csp-notifications.md | 3 +- .../client-management/mdm/policy-csp-power.md | 14 +- .../mdm/policy-csp-printers.md | 44 ++- .../mdm/policy-csp-privacy.md | 11 +- .../mdm/policy-csp-remoteassistance.md | 20 +- .../mdm/policy-csp-remotedesktopservices.md | 6 +- .../mdm/policy-csp-search.md | 7 +- .../mdm/policy-csp-settings.md | 6 +- .../mdm/policy-csp-smartscreen.md | 14 +- .../client-management/mdm/policy-csp-start.md | 4 +- .../mdm/policy-csp-storage.md | 24 +- .../mdm/policy-csp-system.md | 53 ++- .../mdm/policy-csp-tenantrestrictions.md | 3 +- .../mdm/policy-csp-textinput.md | 26 +- .../mdm/policy-csp-troubleshooting.md | 14 +- .../mdm/policy-csp-update.md | 65 +-- .../mdm/policy-csp-userrights.md | 12 +- .../client-management/mdm/policy-csp-wifi.md | 4 +- .../policy-csp-windowsconnectionmanager.md | 4 +- ...olicy-csp-windowsdefendersecuritycenter.md | 75 +++- .../mdm/policy-csp-windowslogon.md | 9 +- .../mdm/policy-csp-windowspowershell.md | 8 +- windows/client-management/mdm/vpnv2-csp.md | 23 +- windows/client-management/mdm/wifi-csp.md | 4 +- .../windowsdefenderapplicationguard-csp.md | 4 +- 115 files changed, 2175 insertions(+), 834 deletions(-) diff --git a/windows/client-management/mdm/bitlocker-csp.md b/windows/client-management/mdm/bitlocker-csp.md index 248d7b95f8..ff28625681 100644 --- a/windows/client-management/mdm/bitlocker-csp.md +++ b/windows/client-management/mdm/bitlocker-csp.md @@ -4,7 +4,7 @@ description: Learn more about the BitLocker CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/10/2023 +ms.date: 05/11/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -88,15 +88,16 @@ The following list shows the BitLocker configuration service provider nodes: Allows Admin to enforce "RequireDeviceEncryption" policy for scenarios where policy is pushed while current logged-on user is non-admin/standard user. + "AllowStandardUserEncryption" policy is tied to "AllowWarningForOtherDiskEncryption" policy being set to "0", i.e, Silent encryption is enforced. -If "AllowWarningForOtherDiskEncryption" isn't set, or is set to "1", "RequireDeviceEncryption" policy won't try to encrypt drive(s) if a standard user -is the current logged-on user in the system. + +If "AllowWarningForOtherDiskEncryption" isn't set, or is set to "1", "RequireDeviceEncryption" policy won't try to encrypt drive(s) if a standard user is the current logged-on user in the system. The expected values for this policy are: 1 = "RequireDeviceEncryption" policy will try to enable encryption on all fixed drives even if a current logged in user is standard user. -0 = This is the default, when the policy isn't set. If current logged-on user is a standard user, "RequireDeviceEncryption" policy -won't try to enable encryption on any drive. + +0 = This is the default, when the policy isn't set. If current logged-on user is a standard user, "RequireDeviceEncryption" policy won't try to enable encryption on any drive. @@ -172,6 +173,7 @@ This policy setting allows suspending protection for BitLocker Drive Encryption The expected values for this policy are: 0 = Prevent BitLocker Drive Encryption protection from being suspended. + 1 = This is the default, when the policy isn't set. Allows suspending BitLocker Drive Encryption protection. @@ -225,8 +227,7 @@ Allows Admin to disable all UI (notification for encryption and warning prompt f and turn on encryption on the user machines silently. > [!WARNING] -> When you enable BitLocker on a device with third party encryption, it may render the device unusable and will -require reinstallation of Windows. +> When you enable BitLocker on a device with third party encryption, it may render the device unusable and will require reinstallation of Windows. > [!NOTE] > This policy takes effect only if "RequireDeviceEncryption" policy is set to 1. @@ -234,8 +235,9 @@ require reinstallation of Windows. The expected values for this policy are: 1 = This is the default, when the policy isn't set. Warning prompt and encryption notification is allowed. -0 = Disables the warning prompt and encryption notification. Starting in Windows 10, next major update, -the value 0 only takes effect on Azure Active Directory joined devices. + +0 = Disables the warning prompt and encryption notification. Starting in Windows 10, next major update, the value 0 only takes effect on Azure Active Directory joined devices. + Windows will attempt to silently enable BitLocker for value 0. @@ -311,14 +313,17 @@ Windows will attempt to silently enable BitLocker for value 0. Allows Admin to configure Numeric Recovery Password Rotation upon use for OS and fixed drives on AAD and Hybrid domain joined devices. -When not configured, Rotation is turned on by default for AAD only and off on Hybrid. The Policy will be effective only when -Active Directory back up for recovery password is configured to required. -For OS drive: Turn on "Do not enable Bitlocker until recovery information is stored to AD DS for operating system drives" -For Fixed drives: Turn on "Do not enable Bitlocker until recovery information is stored to AD DS for fixed data drives" + +When not configured, Rotation is turned on by default for AAD only and off on Hybrid. The Policy will be effective only when Active Directory back up for recovery password is configured to required. + +For OS drive: Turn on "Do not enable BitLocker until recovery information is stored to AD DS for operating system drives". + +For Fixed drives: Turn on "Do not enable BitLocker until recovery information is stored to AD DS for fixed data drives". Supported Values: 0 - Numeric Recovery Passwords rotation OFF. + 1 - Numeric Recovery Passwords Rotation upon use ON for AAD joined devices. Default value -2 - Numeric Recovery Passwords Rotation upon use ON for both AAD and Hybrid devices +2 - Numeric Recovery Passwords Rotation upon use ON for both AAD and Hybrid devices. @@ -1117,6 +1122,7 @@ To disable this policy, use the following SyncML: Allows the Admin to require encryption to be turned on using BitLocker\Device Encryption. Sample value for this node to enable this policy: + 1 Disabling the policy won't turn off the encryption on the system drive. But will stop prompting the user to turn it on. @@ -1209,7 +1215,9 @@ To disable RequireDeviceEncryption: Allows the Admin to require storage card encryption on the device. This policy is only valid for mobile SKU. + Sample value for this node to enable this policy: + 1 Disabling the policy won't turn off the encryption on the storage card. But will stop prompting the user to turn it on. @@ -1262,16 +1270,19 @@ Disabling the policy won't turn off the encryption on the storage card. But will Allows admin to push one-time rotation of all numeric recovery passwords for OS and Fixed Data drives on an Azure Active Directory or hybrid-joined device. + This policy is Execute type and rotates all numeric passwords when issued from MDM tools. -The policy only comes into effect when Active Directory backup for a recovery password is configured to "required." -- For OS drives, enable "Do not enable BitLocker until recovery information is stored to Active Directory Domain Services for operating system drives." -- For fixed drives, enable "Do not enable BitLocker until recovery information is stored to Active Directory Domain Services for fixed data drives." +The policy only comes into effect when Active Directory backup for a recovery password is configured to "required". + +- For OS drives, enable "Do not enable BitLocker until recovery information is stored to Active Directory Domain Services for operating system drives". + +- For fixed drives, enable "Do not enable BitLocker until recovery information is stored to Active Directory Domain Services for fixed data drives". Client returns status DM_S_ACCEPTED_FOR_PROCESSING to indicate the rotation has started. Server can query status with the following status nodes: - status\RotateRecoveryPasswordsStatus -- status\RotateRecoveryPasswordsRequestID +- status\RotateRecoveryPasswordsRequestID. Supported Values: String form of request ID. Example format of request ID is GUID. Server can choose the format as needed according to the management tools. @@ -1369,6 +1380,7 @@ Supported Values: String form of request ID. Example format of request ID is GUI This node reports compliance state of device encryption on the system. + Value '0' means the device is compliant. Any other value represents a non-compliant device. @@ -1469,8 +1481,8 @@ This node reports compliance state of removal drive encryption. "0" Value means This Node reports the RequestID corresponding to RotateRecoveryPasswordsStatus. -This node needs to be queried in synchronization with RotateRecoveryPasswordsStatus -To ensure the status is correctly matched to the request ID. + +This node needs to be queried in synchronization with RotateRecoveryPasswordsStatus to ensure the status is correctly matched to the request ID. @@ -1510,7 +1522,9 @@ To ensure the status is correctly matched to the request ID. This Node reports the status of RotateRecoveryPasswords request. + Status code can be one of the following: + NotStarted(2), Pending (1), Pass (0), Other error codes in case of failure. @@ -1625,9 +1639,9 @@ The Windows touch keyboard (such as that used by tablets) isn't available in the Note that if you don't enable this policy setting, options in the "Require additional authentication at startup" policy might not be available on such devices. These options include: - - Configure TPM startup PIN: Required/Allowed - - Configure TPM startup key and PIN: Required/Allowed - - Configure use of passwords for operating system drives. +- Configure TPM startup PIN: Required/Allowed +- Configure TPM startup key and PIN: Required/Allowed +- Configure use of passwords for operating system drives. @@ -2211,7 +2225,7 @@ This policy setting allows you to configure whether BitLocker requires additiona > [!NOTE] > Only one of the additional authentication options can be required at startup, otherwise a policy error occurs. -If you want to use BitLocker on a computer without a TPM, select the "Allow BitLocker without a compatible TPM" check box. In this mode either a password or a USB drive is required for start-up. When using a startup key, the key information used to encrypt the drive is stored on the USB drive, creating a USB key. When the USB key is inserted the access to the drive is authenticated and the drive is accessible. If the USB key is lost or unavailable or if you have forgotten the password then you will need to use one of the BitLocker recovery options to access the drive. +If you want to use BitLocker on a computer without a TPM, select the "Allow BitLocker without a compatible TPM" check box. In this mode either a password or a USB drive is required for start-up. When using a startup key, the key information used to encrypt the drive is stored on the USB drive, creating a USB key. When the USB key is inserted the access to the drive is authenticated and the drive is accessible. If the USB key is lost or unavailable or if you have forgotten the password then you'll need to use one of the BitLocker recovery options to access the drive. On a computer with a compatible TPM, four types of authentication methods can be used at startup to provide added protection for encrypted data. When the computer starts, it can use only the TPM for authentication, or it can also require insertion of a USB flash drive containing a startup key, the entry of a 6-digit to 20-digit personal identification number (PIN), or both. diff --git a/windows/client-management/mdm/clientcertificateinstall-csp.md b/windows/client-management/mdm/clientcertificateinstall-csp.md index 53f3bc2a65..8e74c3c59e 100644 --- a/windows/client-management/mdm/clientcertificateinstall-csp.md +++ b/windows/client-management/mdm/clientcertificateinstall-csp.md @@ -4,7 +4,7 @@ description: Learn more about the ClientCertificateInstall CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/10/2023 +ms.date: 05/11/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -162,7 +162,9 @@ Required for PFX certificate installation. The parent node grouping the PFX cert Required for PFX certificate installation. A unique ID to differentiate different certificate install requests. + Format is node. + Calling Delete on the this node, should delete the certificates and the keys that were installed by the corresponding PFX blob. @@ -205,6 +207,7 @@ Calling Delete on the this node, should delete the certificates and the keys tha Optional. + Specifies the NGC container name (if NGC KSP is chosen for above node). If this node isn't specified when NGC KSP is chosen, enrollment will fail. @@ -295,9 +298,13 @@ Required for PFX certificate installation. Indicates the KeyStorage provider to Required. + [CRYPT_DATA_BLOB](/previous-versions/windows/desktop/legacy/aa381414(v=vs.85)) structure that contains a PFX packet with the exported and encrypted certificates and keys. Add on this node will trigger the addition to the PFX certificate. This requires that all the other nodes under UniqueID that are parameters for PFX installation (Container Name, KeyLocation, CertPassword, fKeyExportable) are present before this is called. This will also set the Status node to the current Status of the operation. + If Add is called on this node and a blob already exists, it will fail. If Replace is called on this node, the certificates will be overwritten. + If Add is called on this node for a new PFX, the certificate will be added. If Replace is called on this node when it doesn't exist, this will fail. + In other words, using Replace or Add will result in the effect of either overwriting the old certificate or adding a new certificate @@ -377,6 +384,7 @@ Password that protects the PFX blob. This is required if the PFX is password pro Optional. + When a value of "2" is contained iin PFXCertPasswordEncryptionType, specify the store name where the certificate for decrypting the PFXCertPassword is stored. @@ -418,6 +426,7 @@ When a value of "2" is contained iin PFXCertPasswordEncryptionType, specify the Optional. Used to specify if the PFX certificate password is encrypted with a certificate. + If the value is 0 - Password isn't encrypted 1- Password is encrypted using the MDM certificate by the MDM server @@ -643,6 +652,7 @@ Node for SCEP. An alert is sent after the SCEP certificate is installed. Required for SCEP certificate installation. A unique ID to differentiate different certificate install requests. + Calling Delete on the this node, should delete the corresponding SCEP certificate. @@ -921,6 +931,7 @@ Required for SCEP certificate enrollment. B64 encoded SCEP enrollment challenge. Optional. + Specifies the NGC container name (if NGC KSP is chosen for above node). If this node isn't specified when NGC KSP is chosen, enrollment will fail. @@ -1119,6 +1130,7 @@ For NGC, only SHA256 is supported as the supported algorithm. Required for enrollment. Specify private key length (RSA). + Valid value: 1024, 2048, 4096. For NGC, only 2048 is the supported keylength. @@ -1171,6 +1183,7 @@ Valid value: 1024, 2048, 4096. For NGC, only 2048 is the supported keylength. Optional. Specify where to keep the private key. Note that even it's protected by TPM, it isn't guarded with TPM PIN. + SCEP enrolled cert doesn't support TPM PIN protection. @@ -1262,6 +1275,7 @@ Required for enrollment. Specify the key usage bits (0x80, 0x20, 0xA0, etc.) for Optional. Special to SCEP. Specify device retry times when the SCEP sever sends pending status. Format is int. Default value is 3. Max value: the value can't be larger than 30. If it's larger than 30, the device will use 30. + The min value is 0 which means no retry. @@ -1505,6 +1519,7 @@ Optional. OID of certificate template name. Note that this name is typically ign Optional. Specify the units for valid period. Valid values are: Days(Default), Months, Years. + MDM server expected certificate validation period (ValidPeriodUnits + ValidPeriod) the SCEP server as part of certificate enrollment request. It's the server's decision on how to use this valid period to create the certificate. @@ -1638,7 +1653,9 @@ Required. Returns the URL of the SCEP server that responded to the enrollment re Required. Specify the latest status for the certificate due to enroll request. + Valid values are: + 1 - finished successfully 2 - pending (the device hasn't finished the action but has received the SCEP server pending response) 32 - unknown @@ -1721,7 +1738,9 @@ Required for PFX certificate installation. The parent node grouping the PFX cert Required for PFX certificate installation. A unique ID to differentiate different certificate install requests. + Format is node. + Calling Delete on the this node, should delete the certificates and the keys that were installed by the corresponding PFX blob. @@ -1764,6 +1783,7 @@ Calling Delete on the this node, should delete the certificates and the keys tha Optional. + Specifies the NGC container name (if NGC KSP is chosen for above node). If this node isn't specified when NGC KSP is chosen, enrollment will fail. @@ -1854,9 +1874,13 @@ Required for PFX certificate installation. Indicates the KeyStorage provider to Required. + [CRYPT_DATA_BLOB](/previous-versions/windows/desktop/legacy/aa381414(v=vs.85)) structure that contains a PFX packet with the exported and encrypted certificates and keys. Add on this node will trigger the addition to the PFX certificate. This requires that all the other nodes under UniqueID that are parameters for PFX installation (Container Name, KeyLocation, CertPassword, fKeyExportable) are present before this is called. This will also set the Status node to the current Status of the operation. + If Add is called on this node and a blob already exists, it will fail. If Replace is called on this node, the certificates will be overwritten. + If Add is called on this node for a new PFX, the certificate will be added. If Replace is called on this node when it doesn't exist, this will fail. + In other words, using Replace or Add will result in the effect of either overwriting the old certificate or adding a new certificate @@ -1936,6 +1960,7 @@ Password that protects the PFX blob. This is required if the PFX is password pro Optional. + When a value of "2" is contained iin PFXCertPasswordEncryptionType, specify the store name where the certificate for decrypting the PFXCertPassword is stored. @@ -1977,6 +2002,7 @@ When a value of "2" is contained iin PFXCertPasswordEncryptionType, specify the Optional. Used to specify if the PFX certificate password is encrypted with a certificate. + If the value is 0 - Password isn't encrypted 1- Password is encrypted using the MDM certificate by the MDM server @@ -2200,6 +2226,7 @@ Node for SCEP. An alert is sent after the SCEP certificate is installed. Required for SCEP certificate installation. A unique ID to differentiate different certificate install requests. + Calling Delete on the this node, should delete the corresponding SCEP certificate. @@ -2478,6 +2505,7 @@ Required for SCEP certificate enrollment. B64 encoded SCEP enrollment challenge. Optional. + Specifies the NGC container name (if NGC KSP is chosen for above node). If this node isn't specified when NGC KSP is chosen, enrollment will fail. @@ -2676,6 +2704,7 @@ For NGC, only SHA256 is supported as the supported algorithm. Required for enrollment. Specify private key length (RSA). + Valid value: 1024, 2048, 4096. For NGC, only 2048 is the supported keylength. @@ -2728,6 +2757,7 @@ Valid value: 1024, 2048, 4096. For NGC, only 2048 is the supported keylength. Optional. Specify where to keep the private key. Note that even it's protected by TPM, it isn't guarded with TPM PIN. + SCEP enrolled cert doesn't support TPM PIN protection. @@ -2819,6 +2849,7 @@ Required for enrollment. Specify the key usage bits (0x80, 0x20, 0xA0, etc.) for Optional. Special to SCEP. Specify device retry times when the SCEP sever sends pending status. Format is int. Default value is 3. Max value: the value can't be larger than 30. If it's larger than 30, the device will use 30. + The min value is 0 which means no retry. @@ -3062,6 +3093,7 @@ Optional. OID of certificate template name. Note that this name is typically ign Optional. Specify the units for valid period. Valid values are: Days(Default), Months, Years. + MDM server expected certificate validation period (ValidPeriodUnits + ValidPeriod) the SCEP server as part of certificate enrollment request. It's the server's decision on how to use this valid period to create the certificate. @@ -3195,7 +3227,9 @@ Required. Returns the URL of the SCEP server that responded to the enrollment re Required. Specify the latest status for the certificate due to enroll request. + Valid values are: + 1 - finished successfully 2 - pending (the device hasn't finished the action but has received the SCEP server pending response) 32 - unknown diff --git a/windows/client-management/mdm/defender-csp.md b/windows/client-management/mdm/defender-csp.md index 0496ae8985..72fb71fe7b 100644 --- a/windows/client-management/mdm/defender-csp.md +++ b/windows/client-management/mdm/defender-csp.md @@ -4,7 +4,7 @@ description: Learn more about the Defender CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/10/2023 +ms.date: 05/11/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -2429,57 +2429,108 @@ The ID of a threat that has been detected by Windows Defender. Threat category ID. Supported values: -| Value | Description | -|:--|:--| -| 0 | Invalid | -| 1 | Adware | -| 2 | Spyware | -| 3 | Password stealer | -| 4 | Trojan downloader | -| 5 | Worm | -| 6 | Backdoor | -| 7 | Remote access Trojan | -| 8 | Trojan | -| 9 | Email flooder | -| 10 | Keylogger | -| 11 | Dialer | -| 12 | Monitoring software | -| 13 | Browser modifier | -| 14 | Cookie | -| 15 | Browser plugin | -| 16 | AOL exploit | -| 17 | Nuker | -| 18 | Security disabler | -| 19 | Joke program | -| 20 | Hostile ActiveX control | -| 21 | Software bundler | -| 22 | Stealth modifier | -| 23 | Settings modifier | -| 24 | Toolbar | -| 25 | Remote control software | -| 26 | Trojan FTP | -| 27 | Potential unwanted software | -| 28 | ICQ exploit | -| 29 | Trojan telnet | -| 30 | Exploit | -| 31 | File sharing program | -| 32 | Malware creation tool | -| 33 | Remote control software | -| 34 | Tool | -| 36 | Trojan denial of service | -| 37 | Trojan dropper | -| 38 | Trojan mass mailer | -| 39 | Trojan monitoring software | -| 40 | Trojan proxy server | -| 42 | Virus | -| 43 | Known | -| 44 | Unknown | -| 45 | SPP | -| 46 | Behavior | -| 47 | Vulnerability | -| 48 | Policy | -| 49 | EUS (Enterprise Unwanted Software) | -| 50 | Ransomware | +| Value | Description |. + +|:--|:--|. + +| 0 | Invalid |. + +| 1 | Adware |. + +| 2 | Spyware |. + +| 3 | Password stealer |. + +| 4 | Trojan downloader |. + +| 5 | Worm |. + +| 6 | Backdoor |. + +| 7 | Remote access Trojan |. + +| 8 | Trojan |. + +| 9 | Email flooder |. + +| 10 | Keylogger |. + +| 11 | Dialer |. + +| 12 | Monitoring software |. + +| 13 | Browser modifier |. + +| 14 | Cookie |. + +| 15 | Browser plugin |. + +| 16 | AOL exploit |. + +| 17 | Nuker |. + +| 18 | Security disabler |. + +| 19 | Joke program |. + +| 20 | Hostile ActiveX control |. + +| 21 | Software bundler |. + +| 22 | Stealth modifier |. + +| 23 | Settings modifier |. + +| 24 | Toolbar |. + +| 25 | Remote control software |. + +| 26 | Trojan FTP |. + +| 27 | Potential unwanted software |. + +| 28 | ICQ exploit |. + +| 29 | Trojan telnet |. + +| 30 | Exploit |. + +| 31 | File sharing program |. + +| 32 | Malware creation tool |. + +| 33 | Remote control software |. + +| 34 | Tool |. + +| 36 | Trojan denial of service |. + +| 37 | Trojan dropper |. + +| 38 | Trojan mass mailer |. + +| 39 | Trojan monitoring software |. + +| 40 | Trojan proxy server |. + +| 42 | Virus |. + +| 43 | Known |. + +| 44 | Unknown |. + +| 45 | SPP |. + +| 46 | Behavior |. + +| 47 | Vulnerability |. + +| 48 | Policy |. + +| 49 | EUS (Enterprise Unwanted Software) |. + +| 50 | Ransomware |. + | 51 | ASR Rule | @@ -2521,18 +2572,30 @@ Threat category ID. Supported values: Information about the current status of the threat. The following list shows the supported values: -| Value | Description | -|:--|:--| -| 0 | Active | -| 1 | Action failed | -| 2 | Manual steps required | -| 3 | Full scan required | -| 4 | Reboot required | -| 5 | Remediated with noncritical failures | -| 6 | Quarantined | -| 7 | Removed | -| 8 | Cleaned | -| 9 | Allowed | +| Value | Description |. + +|:--|:--|. + +| 0 | Active |. + +| 1 | Action failed |. + +| 2 | Manual steps required |. + +| 3 | Full scan required |. + +| 4 | Reboot required |. + +| 5 | Remediated with noncritical failures |. + +| 6 | Quarantined |. + +| 7 | Removed |. + +| 8 | Cleaned |. + +| 9 | Allowed |. + | 10 | No Status ( Cleared) | @@ -2769,12 +2832,18 @@ Number of times this threat has been detected on a particular client. Threat severity ID. The following list shows the supported values: -| Value | Description | -|:--|:--| -| 0 | Unknown | -| 1 | Low | -| 2 | Moderate | -| 4 | High | +| Value | Description |. + +|:--|:--|. + +| 0 | Unknown |. + +| 1 | Low |. + +| 2 | Moderate |. + +| 4 | High |. + | 5 | Severe | @@ -2894,13 +2963,20 @@ An interior node to group information about Windows Defender health status. Provide the current state of the device. The following list shows the supported values: -| Value | Description | -|:--|:--| -| 0 | Clean | -| 1 | Pending full scan | -| 2 | Pending reboot | -| 4 | Pending manual steps (Windows Defender is waiting for the user to take some action, such as restarting the computer or running a full scan) | -| 8 | Pending offline scan | +| Value | Description |. + +|:--|:--|. + +| 0 | Clean |. + +| 1 | Pending full scan |. + +| 2 | Pending reboot |. + +| 4 | Pending manual steps (Windows Defender is waiting for the user to take some action, such as restarting the computer or running a full scan) |. + +| 8 | Pending offline scan |. + | 16 | Pending critical failure (Windows Defender has failed critically and an Administrator needs to investigate and take some action, such as restarting the computer or reinstalling Windows Defender) | @@ -3293,33 +3369,60 @@ Indicates whether network protection is running. Provide the current state of the product. This is a bitmask flag value that can represent one or multiple product states from below list. Supported product status values: -| Value | Description | -|:--|:--| -| 0 | No status | -| 1 (1 << 0) | Service not running | -| 2 (1 << 1) | Service started without any malware protection engine | -| 4 (1 << 2) | Pending full scan due to threat action | -| 8 (1 << 3) | Pending reboot due to threat action | -| 16 (1 << 4) | ending manual steps due to threat action | -| 32 (1 << 5) | AV signatures out of date | -| 64 (1 << 6) | AS signatures out of date | -| 128 (1 << 7) | No quick scan has happened for a specified period | -| 256 (1 << 8) | No full scan has happened for a specified period | -| 512 (1 << 9) | System initiated scan in progress | -| 1024 (1 << 10) | System initiated clean in progress | -| 2048 (1 << 11) | There are samples pending submission | -| 4096 (1 << 12) | Product running in evaluation mode | -| 8192 (1 << 13) | Product running in non-genuine Windows mode | -| 16384 (1 << 14) | Product expired | -| 32768 (1 << 15) | Off-line scan required | -| 65536 (1 << 16) | Service is shutting down as part of system shutdown | -| 131072 (1 << 17) | Threat remediation failed critically | -| 262144 (1 << 18) | Threat remediation failed non-critically | -| 524288 (1 << 19) | No status flags set (well initialized state) | -| 1048576 (1 << 20) | Platform is out of date | -| 2097152 (1 << 21) | Platform update is in progress | -| 4194304 (1 << 22) | Platform is about to be outdated | -| 8388608 (1 << 23) | Signature or platform end of life is past or is impending | +| Value | Description |. + +|:--|:--|. + +| 0 | No status |. + +| 1 (1 << 0) | Service not running |. + +| 2 (1 << 1) | Service started without any malware protection engine |. + +| 4 (1 << 2) | Pending full scan due to threat action |. + +| 8 (1 << 3) | Pending reboot due to threat action |. + +| 16 (1 << 4) | ending manual steps due to threat action |. + +| 32 (1 << 5) | AV signatures out of date |. + +| 64 (1 << 6) | AS signatures out of date |. + +| 128 (1 << 7) | No quick scan has happened for a specified period |. + +| 256 (1 << 8) | No full scan has happened for a specified period |. + +| 512 (1 << 9) | System initiated scan in progress |. + +| 1024 (1 << 10) | System initiated clean in progress |. + +| 2048 (1 << 11) | There are samples pending submission |. + +| 4096 (1 << 12) | Product running in evaluation mode |. + +| 8192 (1 << 13) | Product running in non-genuine Windows mode |. + +| 16384 (1 << 14) | Product expired |. + +| 32768 (1 << 15) | Off-line scan required |. + +| 65536 (1 << 16) | Service is shutting down as part of system shutdown |. + +| 131072 (1 << 17) | Threat remediation failed critically |. + +| 262144 (1 << 18) | Threat remediation failed non-critically |. + +| 524288 (1 << 19) | No status flags set (well initialized state) |. + +| 1048576 (1 << 20) | Platform is out of date |. + +| 2097152 (1 << 21) | Platform update is in progress |. + +| 4194304 (1 << 22) | Platform is about to be outdated |. + +| 8388608 (1 << 23) | Signature or platform end of life is past or is impending |. + | 16777216 (1 << 24) | Windows SMode signatures still in use on non-Win10S install | diff --git a/windows/client-management/mdm/dmacc-csp.md b/windows/client-management/mdm/dmacc-csp.md index ecfe0c99d9..ce77f658d1 100644 --- a/windows/client-management/mdm/dmacc-csp.md +++ b/windows/client-management/mdm/dmacc-csp.md @@ -4,7 +4,7 @@ description: Learn more about the DMAcc CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/10/2023 +ms.date: 05/11/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -878,9 +878,10 @@ Defines a set of Microsoft-specific extended parameters. This element is created This node specifies whether to disable the ability of the DM client to communicate with a down-level server. + Possible Values: -false (default) -- Compatibility with down-level servers is enabled -true -- Compatibility with down-level servers is disabled. + +false (default) -- Compatibility with down-level servers is enabled true -- Compatibility with down-level servers is disabled. @@ -1432,8 +1433,11 @@ the UUID of the device. This node specifies whether the DM client can use the nonce resynchronization protocol when authentication of a server notification fails. If nonce resynchronization is disabled and authentication of the server notification fails, the notification is dropped. + Possible Values: + false (default) : Nonce resynchronization is disabled. + true: Nonce resynchronization is enabled. diff --git a/windows/client-management/mdm/email2-csp.md b/windows/client-management/mdm/email2-csp.md index 85def42a46..ddb612ea0c 100644 --- a/windows/client-management/mdm/email2-csp.md +++ b/windows/client-management/mdm/email2-csp.md @@ -4,7 +4,7 @@ description: Learn more about the EMAIL2 CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/10/2023 +ms.date: 05/11/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -257,6 +257,7 @@ Character string that specifies the name used to authorize the user to a specifi Character string that specifies whether the outgoing server requires authentication. + 1 for TRUE 0 for FALSE(default). diff --git a/windows/client-management/mdm/firewall-csp.md b/windows/client-management/mdm/firewall-csp.md index 308aa06a7c..d9396625f8 100644 --- a/windows/client-management/mdm/firewall-csp.md +++ b/windows/client-management/mdm/firewall-csp.md @@ -4,7 +4,7 @@ description: Learn more about the Firewall CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/10/2023 +ms.date: 05/11/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -1237,10 +1237,15 @@ A unique GUID string identifier for this dynamic keyword address. Consists of one or more comma-delimited tokens specifying the addresses covered by this keyword. This value shouldn't be set if AutoResolve is true. + Valid tokens include: + A subnet can be specified using either the subnet mask or network prefix notation. If neither a subnet mask not a network prefix is specified, the subnet mask defaults to 255.255.255.255. + A valid IPv6 address. + An IPv4 address range in the format of "start address - end address" with no spaces included. + An IPv6 address range in the format of "start address - end address" with no spaces included. @@ -1491,6 +1496,7 @@ Specifies the action for the rule. Specifies the action the rule enforces: + 0 - Block 1 - Allow. @@ -1545,9 +1551,12 @@ Rules that control connections for an app, program or service. Specified based on the intersection of the following nodes. -PackageFamilyName -FilePath -FQBN +PackageFamilyName. + +FilePath. + +FQBN. + ServiceName. @@ -1785,6 +1794,7 @@ Specifies the description of the rule. The rule is enabled based on the traffic direction as following. IN - the rule applies to inbound traffic. + OUT - the rule applies to outbound traffic. If not specified the default is OUT. @@ -1889,6 +1899,7 @@ New rules have the EdgeTraversal property disabled by default. Indicates whether the rule is enabled or disabled. If the rule must be enabled, this value must be set to true. + If not specified - a new rule is disabled by default. @@ -1978,6 +1989,7 @@ Comma separated list of ICMP types and codes applicable to the firewall rule. To String value. Multiple interface types can be included in the string by separating each value with a ",". Acceptable values are "RemoteAccess", "Wireless", "Lan", "MBB", and "All". + If more than one interface type is specified, the strings must be separated by a comma. @@ -2031,12 +2043,17 @@ If more than one interface type is specified, the strings must be separated by a Consists of one or more comma-delimited tokens specifying the local addresses covered by the rule. "\*" is the default value. + Valid tokens include: + "\*" indicates any local address. If present, this must be the only token included. A subnet can be specified using either the subnet mask or network prefix notation. If neither a subnet mask not a network prefix is specified, the subnet mask defaults to 255.255.255.255. + A valid IPv6 address. + An IPv4 address range in the format of "start address - end address" with no spaces included. + An IPv6 address range in the format of "start address - end address" with no spaces included. If not specified the default is All. @@ -2078,6 +2095,7 @@ An IPv6 address range in the format of "start address - end address" with no spa Comma Separated list of ranges for eg. 100-120,200,300-320. If not specified the default is All. + When setting this field in a firewall rule, the protocol field must also be set, to either 6 (TCP) or 17 (UDP). @@ -2119,6 +2137,7 @@ When setting this field in a firewall rule, the protocol field must also be set, Specifies the list of authorized local users for the app container. + This is a string in Security Descriptor Definition Language (SDDL) format\. @@ -2198,7 +2217,7 @@ Specifies the friendly name of the firewall rule. -Specifies one WDAC tag. This is a string that can contain any alphanumeric character and any of the characters ":", "/", ".", and "_". A PolicyAppId and ServiceName can't be specified in the same rule. +Specifies one WDAC tag. This is a string that can contain any alphanumeric character and any of the characters ":", "/", ""., and "_". A PolicyAppId and ServiceName can't be specified in the same rule. @@ -2370,7 +2389,9 @@ Comma separated list of Dynamic Keyword Address Ids (GUID strings) specifying th Consists of one or more comma-delimited tokens specifying the remote addresses covered by the rule. The default value is "\*". Valid tokens include: + "\*" indicates any remote address. If present, this must be the only token included. + "Defaultgateway" "DHCP" "DNS" @@ -2380,9 +2401,13 @@ Consists of one or more comma-delimited tokens specifying the remote addresses c "Internet" "PlayToRenderers" "LocalSubnet" indicates any local address on the local subnet. This token isn't case-sensitive. + A subnet can be specified using either the subnet mask or network prefix notation. If neither a subnet mask not a network prefix is specified, the subnet mask defaults to 255.255.255.255. + A valid IPv6 address. + An IPv4 address range in the format of "start address - end address" with no spaces included. + An IPv6 address range in the format of "start address - end address" with no spaces included. If not specified the default is All. @@ -2424,6 +2449,7 @@ An IPv6 address range in the format of "start address - end address" with no spa Comma Separated list of ranges for eg. 100-120,200,300-320. If not specified the default is All. + When setting this field in a firewall rule, the protocol field must also be set, to either 6 (TCP) or 17 (UDP). @@ -3117,6 +3143,7 @@ Unique alpha numeric identifier for the rule. The rule name mustn't include a fo Specifies the action the rule enforces: + 0 - Block 1 - Allow. @@ -3170,6 +3197,7 @@ Specifies the action the rule enforces: The rule is enabled based on the traffic direction as following. IN - the rule applies to inbound traffic. + OUT - the rule applies to outbound traffic. If not specified the default is OUT. @@ -3222,6 +3250,7 @@ If not specified the default is OUT. Indicates whether the rule is enabled or disabled. If the rule must be enabled, this value must be set to true. + If not specified - a new rule is disabled by default. @@ -3271,12 +3300,17 @@ If not specified - a new rule is disabled by default. Consists of one or more comma-delimited tokens specifying the local addresses covered by the rule. "\*" is the default value. + Valid tokens include: + "\*" indicates any local address. If present, this must be the only token included. A subnet can be specified using either the subnet mask or network prefix notation. If neither a subnet mask not a network prefix is specified, the subnet mask defaults to 255.255.255.255. + A valid IPv6 address. + An IPv4 address range in the format of "start address - end address" with no spaces included. + An IPv6 address range in the format of "start address - end address" with no spaces included. If not specified the default is All. @@ -3527,10 +3561,15 @@ Specifies the profiles to which the rule belongs: Domain, Private, Public. See [ Consists of one or more comma-delimited tokens specifying the remote addresses covered by the rule. The default value is "\*". Valid tokens include: + "\*" indicates any remote address. If present, this must be the only token included. + A subnet can be specified using either the subnet mask or network prefix notation. If neither a subnet mask not a network prefix is specified, the subnet mask defaults to 255.255.255.255. + A valid IPv6 address. + An IPv4 address range in the format of "start address - end address" with no spaces included. + An IPv6 address range in the format of "start address - end address" with no spaces included. If not specified the default is All. diff --git a/windows/client-management/mdm/laps-csp.md b/windows/client-management/mdm/laps-csp.md index dad05ffbd7..21eb2d1b73 100644 --- a/windows/client-management/mdm/laps-csp.md +++ b/windows/client-management/mdm/laps-csp.md @@ -4,7 +4,7 @@ description: Learn more about the LAPS CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/10/2023 +ms.date: 05/11/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -448,7 +448,7 @@ The allowable settings are: 0=Disabled (password won't be backed up) 1=Backup the password to Azure AD only -2=Backup the password to Active Directory only +2=Backup the password to Active Directory only. If not specified, this setting will default to 0. @@ -502,7 +502,7 @@ If not specified, this setting will default to 0. Use this policy to configure the maximum password age of the managed local administrator account. -If not specified, this setting will default to 30 days +If not specified, this setting will default to 30 days. This setting has a minimum allowed value of 1 day when backing the password to on-premises Active Directory, and 7 days when backing the password to Azure AD. @@ -555,7 +555,7 @@ The allowable settings are: 1=Large letters 2=Large letters + small letters 3=Large letters + small letters + numbers -4=Large letters + small letters + numbers + special characters +4=Large letters + small letters + numbers + special characters. If not specified, this setting will default to 4. diff --git a/windows/client-management/mdm/passportforwork-csp.md b/windows/client-management/mdm/passportforwork-csp.md index a56f1e976a..a325b44c94 100644 --- a/windows/client-management/mdm/passportforwork-csp.md +++ b/windows/client-management/mdm/passportforwork-csp.md @@ -4,7 +4,7 @@ description: Learn more about the PassportForWork CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/10/2023 +ms.date: 05/11/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -417,9 +417,9 @@ Root node for PIN policies. Use this policy setting to configure the use of digits in the Windows Hello for Business PIN. -A value of 1 corresponds to "Required." If you configure this policy setting to 1, Windows Hello for Business requires users to include at least one digit in their PIN. +A value of 1 corresponds to "Required". If you configure this policy setting to 1, Windows Hello for Business requires users to include at least one digit in their PIN. -A value of 2 corresponds to "Disallow." If you configure this policy setting to 2, Windows Hello for Business prevents users from using digits in their PIN. +A value of 2 corresponds to "Disallow". If you configure this policy setting to 2, Windows Hello for Business prevents users from using digits in their PIN. If you don't configure this policy setting, Windows Hello for Business requires users to use digits in their PIN. @@ -555,9 +555,9 @@ This policy specifies the number of past PINs that can be stored in the history Use this policy setting to configure the use of lowercase letters in the Windows Hello for Business PIN. -A value of 1 corresponds to "Required." If you configure this policy setting to 1, Windows Hello for Business requires users to include at least one lowercase letter in their PIN. +A value of 1 corresponds to "Required". If you configure this policy setting to 1, Windows Hello for Business requires users to include at least one lowercase letter in their PIN. -A value of 2 corresponds to "Disallow." If you configure this policy setting to 2, Windows Hello for Business prevents users from using lowercase letters in their PIN. +A value of 2 corresponds to "Disallow". If you configure this policy setting to 2, Windows Hello for Business prevents users from using lowercase letters in their PIN. If you don't configure this policy setting, Windows Hello for Business doesn't allow users to use lowercase letters in their PIN. @@ -707,9 +707,9 @@ Minimum PIN length configures the minimum number of characters required for the Use this policy setting to configure the use of special characters in the Windows Hello for Business PIN gesture. Valid special characters for Windows Hello for Business PIN gestures include: ! " # $ % & ' ( ) * + , - . / : ; `< = >` ? @ [ \ ] ^ _ ` { | } ~ . -A value of 1 corresponds to "Required." If you configure this policy setting to 1, Windows Hello for Business requires users to include at least one special character in their PIN. +A value of 1 corresponds to "Required". If you configure this policy setting to 1, Windows Hello for Business requires users to include at least one special character in their PIN. -A value of 2 corresponds to "Disallow." If you configure this policy setting to 2, Windows Hello for Business prevents users from using special characters in their PIN. +A value of 2 corresponds to "Disallow". If you configure this policy setting to 2, Windows Hello for Business prevents users from using special characters in their PIN. If you don't configure this policy setting, Windows Hello for Business doesn't allow users to use special characters in their PIN. @@ -763,9 +763,9 @@ If you don't configure this policy setting, Windows Hello for Business doesn't a Use this policy setting to configure the use of uppercase letters in the Windows Hello for Business PIN. -A value of 1 corresponds to "Required." If you configure this policy setting to 1, Windows Hello for Business requires users to include at least one uppercase letter in their PIN. +A value of 1 corresponds to "Required". If you configure this policy setting to 1, Windows Hello for Business requires users to include at least one uppercase letter in their PIN. -A value of 2 corresponds to "Disallow." If you configure this policy setting to 2, Windows Hello for Business prevents users from using uppercase letters in their PIN. +A value of 2 corresponds to "Disallow". If you configure this policy setting to 2, Windows Hello for Business prevents users from using uppercase letters in their PIN. If you don't configure this policy setting, Windows Hello for Business doesn't allow users to use uppercase letters in their PIN. @@ -861,6 +861,7 @@ Boolean that specifies if phone sign-in can be used with a device. Phone sign-in Default value is false. - If you enable this setting, a desktop device will allow a registered, companion device to be used as an authentication factor. + - If you disable this setting, a companion device can't be used in desktop authentication scenarios. @@ -1999,9 +2000,9 @@ Root node for PIN policies. Use this policy setting to configure the use of digits in the Windows Hello for Business PIN. -A value of 1 corresponds to "Required." If you configure this policy setting to 1, Windows Hello for Business requires users to include at least one digit in their PIN. +A value of 1 corresponds to "Required". If you configure this policy setting to 1, Windows Hello for Business requires users to include at least one digit in their PIN. -A value of 2 corresponds to "Disallow." If you configure this policy setting to 2, Windows Hello for Business prevents users from using digits in their PIN. +A value of 2 corresponds to "Disallow". If you configure this policy setting to 2, Windows Hello for Business prevents users from using digits in their PIN. If you don't configure this policy setting, Windows Hello for Business requires users to use digits in their PIN. @@ -2137,9 +2138,9 @@ This policy specifies the number of past PINs that can be stored in the history Use this policy setting to configure the use of lowercase letters in the Windows Hello for Business PIN. -A value of 1 corresponds to "Required." If you configure this policy setting to 1, Windows Hello for Business requires users to include at least one lowercase letter in their PIN. +A value of 1 corresponds to "Required". If you configure this policy setting to 1, Windows Hello for Business requires users to include at least one lowercase letter in their PIN. -A value of 2 corresponds to "Disallow." If you configure this policy setting to 2, Windows Hello for Business prevents users from using lowercase letters in their PIN. +A value of 2 corresponds to "Disallow". If you configure this policy setting to 2, Windows Hello for Business prevents users from using lowercase letters in their PIN. If you don't configure this policy setting, Windows Hello for Business doesn't allow users to use lowercase letters in their PIN. @@ -2289,9 +2290,9 @@ Minimum PIN length configures the minimum number of characters required for the Use this policy setting to configure the use of special characters in the Windows Hello for Business PIN gesture. Valid special characters for Windows Hello for Business PIN gestures include: ! " # $ % & ' ( ) * + , - . / : ; `< = >` ? @ [ \ ] ^ _ ` { | } ~ . -A value of 1 corresponds to "Required." If you configure this policy setting to 1, Windows Hello for Business requires users to include at least one special character in their PIN. +A value of 1 corresponds to "Required". If you configure this policy setting to 1, Windows Hello for Business requires users to include at least one special character in their PIN. -A value of 2 corresponds to "Disallow." If you configure this policy setting to 2, Windows Hello for Business prevents users from using special characters in their PIN. +A value of 2 corresponds to "Disallow". If you configure this policy setting to 2, Windows Hello for Business prevents users from using special characters in their PIN. If you don't configure this policy setting, Windows Hello for Business doesn't allow users to use special characters in their PIN. @@ -2345,9 +2346,9 @@ If you don't configure this policy setting, Windows Hello for Business doesn't a Use this policy setting to configure the use of uppercase letters in the Windows Hello for Business PIN. -A value of 1 corresponds to "Required." If you configure this policy setting to 1, Windows Hello for Business requires users to include at least one uppercase letter in their PIN. +A value of 1 corresponds to "Required". If you configure this policy setting to 1, Windows Hello for Business requires users to include at least one uppercase letter in their PIN. -A value of 2 corresponds to "Disallow." If you configure this policy setting to 2, Windows Hello for Business prevents users from using uppercase letters in their PIN. +A value of 2 corresponds to "Disallow". If you configure this policy setting to 2, Windows Hello for Business prevents users from using uppercase letters in their PIN. If you don't configure this policy setting, Windows Hello for Business doesn't allow users to use uppercase letters in their PIN. diff --git a/windows/client-management/mdm/policy-csp-admx-appcompat.md b/windows/client-management/mdm/policy-csp-admx-appcompat.md index 5e55ec1de2..d110cff6bc 100644 --- a/windows/client-management/mdm/policy-csp-admx-appcompat.md +++ b/windows/client-management/mdm/policy-csp-admx-appcompat.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_AppCompat Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/10/2023 +ms.date: 05/11/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -229,7 +229,7 @@ This policy controls the state of the application compatibility engine in the sy The engine is part of the loader and looks through a compatibility database every time an application is started on the system. If a match for the application is found it provides either run-time solutions or compatibility fixes, or displays an Application Help message if the application has a know problem. -Turning off the application compatibility engine will boost system performance. However, this will degrade the compatibility of many popular legacy applications, and won't block known incompatible applications from installing. (For Instance: This may result in a blue screen if an old anti-virus application is installed.) +Turning off the application compatibility engine will boost system performance. However, this will degrade the compatibility of many popular legacy applications, and won't block known incompatible applications from installing. (For Instance: This may result in a blue screen if an old anti-virus application is installed). The Windows Resource Protection and User Account Control features of Windows use the application compatibility engine to provide mitigations for application problems. If the engine is turned off, these mitigations won't be applied to applications and their installers and these applications may fail to install or run properly. diff --git a/windows/client-management/mdm/policy-csp-admx-appxpackagemanager.md b/windows/client-management/mdm/policy-csp-admx-appxpackagemanager.md index 7fddb59d66..7471be691a 100644 --- a/windows/client-management/mdm/policy-csp-admx-appxpackagemanager.md +++ b/windows/client-management/mdm/policy-csp-admx-appxpackagemanager.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_AppxPackageManager Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/10/2023 +ms.date: 05/11/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -41,13 +41,13 @@ ms.topic: reference This policy setting allows you to manage the deployment of Windows Store apps when the user is signed in using a special profile. Special profiles are the following user profiles, where changes are discarded after the user signs off: -Roaming user profiles to which the "Delete cached copies of roaming profiles" Group Policy setting applies +Roaming user profiles to which the "Delete cached copies of roaming profiles" Group Policy setting applies. -Mandatory user profiles and super-mandatory profiles, which are created by an administrator +Mandatory user profiles and super-mandatory profiles, which are created by an administrator. -Temporary user profiles, which are created when an error prevents the correct profile from loading +Temporary user profiles, which are created when an error prevents the correct profile from loading. -User profiles for the Guest account and members of the Guests group +User profiles for the Guest account and members of the Guests group. - If you enable this policy setting, Group Policy allows deployment operations (adding, registering, staging, updating, or removing an app package) of Windows Store apps when using a special profile. diff --git a/windows/client-management/mdm/policy-csp-admx-auditsettings.md b/windows/client-management/mdm/policy-csp-admx-auditsettings.md index f4093a84c0..c2c110b8ba 100644 --- a/windows/client-management/mdm/policy-csp-admx-auditsettings.md +++ b/windows/client-management/mdm/policy-csp-admx-auditsettings.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_AuditSettings Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/10/2023 +ms.date: 05/11/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -47,7 +47,7 @@ This setting only applies when the Audit Process Creation policy is enabled. - If you disable or don't configure this policy setting, the process's command line information won't be included in Audit Process Creation events. -Default: Not configured +Default: Not configured. > [!NOTE] > When this policy setting is enabled, any user with access to read the security events will be able to read the command line arguments for any successfully created process. Command line arguments can contain sensitive or private information such as passwords or user data. diff --git a/windows/client-management/mdm/policy-csp-admx-bits.md b/windows/client-management/mdm/policy-csp-admx-bits.md index 18ca7e97f0..6ca32a3a25 100644 --- a/windows/client-management/mdm/policy-csp-admx-bits.md +++ b/windows/client-management/mdm/policy-csp-admx-bits.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_Bits Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/10/2023 +ms.date: 05/11/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -287,7 +287,9 @@ If BITS peer caching is enabled, BITS caches downloaded files and makes them ava This policy setting limits the network bandwidth that BITS uses for peer cache transfers (this setting doesn't affect transfers from the origin server). + To prevent any negative impact to a computer caused by serving other peers, by default BITS will use up to 30 percent of the bandwidth of the slowest active network interface. For example, if a computer has both a 100 Mbps network card and a 56 Kbps modem, and both are active, BITS will use a maximum of 30 percent of 56 Kbps. + You can change the default behavior of BITS, and specify a fixed maximum bandwidth that BITS will use for peer caching. - If you enable this policy setting, you can enter a value in bits per second (bps) between 1048576 and 4294967200 to use as the maximum network bandwidth used for peer caching. diff --git a/windows/client-management/mdm/policy-csp-admx-controlpanel.md b/windows/client-management/mdm/policy-csp-admx-controlpanel.md index 3ba5ac3aaf..d847bc2c59 100644 --- a/windows/client-management/mdm/policy-csp-admx-controlpanel.md +++ b/windows/client-management/mdm/policy-csp-admx-controlpanel.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_ControlPanel Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/10/2023 +ms.date: 05/11/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -178,14 +178,20 @@ Disables all Control Panel programs and the PC settings app. This setting prevents Control.exe and SystemSettings.exe, the program files for Control Panel and PC settings, from starting. As a result, users can't start Control Panel or PC settings, or run any of their items. This setting removes Control Panel from: -The Start screen -File Explorer + +The Start screen. + +File Explorer. This setting removes PC settings from: -The Start screen -Settings charm -Account picture -Search results + +The Start screen. + +Settings charm. + +Account picture. + +Search results. If users try to select a Control Panel item from the Properties item on a context menu, a message appears explaining that a setting prevents the action. diff --git a/windows/client-management/mdm/policy-csp-admx-controlpaneldisplay.md b/windows/client-management/mdm/policy-csp-admx-controlpaneldisplay.md index b67723e27d..1f95adc480 100644 --- a/windows/client-management/mdm/policy-csp-admx-controlpaneldisplay.md +++ b/windows/client-management/mdm/policy-csp-admx-controlpaneldisplay.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_ControlPanelDisplay Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/10/2023 +ms.date: 05/11/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -1127,6 +1127,7 @@ If this setting is enabled, the background and accent colors of Windows will be Determines whether screen savers used on the computer are password protected. - If you enable this setting, all screen savers are password protected. + - If you disable this setting, password protection can't be set on any screen saver. This setting also disables the "Password protected" checkbox on the Screen Saver dialog in the Personalization or Display Control Panel, preventing users from changing the password protection setting. @@ -1398,7 +1399,7 @@ This can be a local computer visual style (aero.msstyles), or a file located on > If this setting is enabled and the file isn't available at user logon, the default visual style is loaded. > [!NOTE] -> When running Windows XP, you can select the Luna visual style by typing %windir%\resources\Themes\Luna\Luna.msstyles +> When running Windows XP, you can select the Luna visual style by typing %windir%\resources\Themes\Luna\Luna.msstyles. > [!NOTE] > To select the Windows Classic visual style, leave the box blank beside "Path to Visual Style:" and enable this setting. When running Windows 8 or Windows RT, you can't apply the Windows Classic visual style. diff --git a/windows/client-management/mdm/policy-csp-admx-credentialproviders.md b/windows/client-management/mdm/policy-csp-admx-credentialproviders.md index 2f1b2134df..04915e32c2 100644 --- a/windows/client-management/mdm/policy-csp-admx-credentialproviders.md +++ b/windows/client-management/mdm/policy-csp-admx-credentialproviders.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_CredentialProviders Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/10/2023 +ms.date: 05/11/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -163,19 +163,15 @@ This policy setting allows the administrator to assign a specified credential pr -This policy setting allows the administrator to exclude the specified -credential providers from use during authentication. +This policy setting allows the administrator to exclude the specified credential providers from use during authentication. + +Note credential providers are used to process and validate user credentials during logon or when authentication is required. -Note credential providers are used to process and validate user -credentials during logon or when authentication is required. Windows Vista provides two default credential providers: -Password and Smart Card. An administrator can install additional -credential providers for different sets of credentials -(for example, to support biometric authentication). -- If you enable this policy, an administrator can specify the CLSIDs -of the credential providers to exclude from the set of installed -credential providers available for authentication purposes. +Password and Smart Card. An administrator can install additional credential providers for different sets of credentials (for example, to support biometric authentication). + +- If you enable this policy, an administrator can specify the CLSIDs of the credential providers to exclude from the set of installed credential providers available for authentication purposes. - If you disable or don't configure this policy, all installed and otherwise enabled credential providers are available for authentication purposes. diff --git a/windows/client-management/mdm/policy-csp-admx-credssp.md b/windows/client-management/mdm/policy-csp-admx-credssp.md index e1aa6cdef1..746fc85903 100644 --- a/windows/client-management/mdm/policy-csp-admx-credssp.md +++ b/windows/client-management/mdm/policy-csp-admx-credssp.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_CredSsp Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/10/2023 +ms.date: 05/11/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -50,14 +50,18 @@ The policy becomes effective the next time the user signs on to a computer runni - If you disable or don't configure (by default) this policy setting, delegation of default credentials isn't permitted to any computer. Applications depending upon this delegation behavior might fail authentication. For more information, see KB. FWlink for KB: + > [!NOTE] > The "Allow delegating default credentials" policy setting can be set to one or more Service Principal Names (SPNs). The SPN represents the target server to which the user credentials can be delegated. The use of a single wildcard character is permitted when specifying the SPN. For Example: -TERMSRV/host.humanresources.fabrikam.com Remote Desktop Session Host running on host.humanresources.fabrikam.com machine + +TERMSRV/host.humanresources.fabrikam.com Remote Desktop Session Host running on host.humanresources.fabrikam.com machine. + TERMSRV/* Remote Desktop Session Host running on all machines. + TERMSRV/*.humanresources.fabrikam.com Remote Desktop Session Host running on all machines in .humanresources.fabrikam.com. @@ -125,8 +129,11 @@ This policy setting applies when server authentication was achieved via NTLM. > The "Allow delegating default credentials with NTLM-only server authentication" policy setting can be set to one or more Service Principal Names (SPNs). The SPN represents the target server to which the user credentials can be delegated. The use of a single wildcard character is permitted when specifying the SPN. For Example: -TERMSRV/host.humanresources.fabrikam.com Remote Desktop Session Host running on host.humanresources.fabrikam.com machine + +TERMSRV/host.humanresources.fabrikam.com Remote Desktop Session Host running on host.humanresources.fabrikam.com machine. + TERMSRV/* Remote Desktop Session Host running on all machines. + TERMSRV/*.humanresources.fabrikam.com Remote Desktop Session Host running on all machines in .humanresources.fabrikam.com. @@ -182,7 +189,7 @@ TERMSRV/*.humanresources.fabrikam.com Remote Desktop Session Host running on all -Encryption Oracle Remediation +Encryption Oracle Remediation. This policy setting applies to applications using the CredSSP component (for example: Remote Desktop Connection). @@ -264,9 +271,13 @@ This policy setting applies when server authentication was achieved via a truste > The "Allow delegating fresh credentials" policy setting can be set to one or more Service Principal Names (SPNs). The SPN represents the target server to which the user credentials can be delegated. The use of a single wildcard is permitted when specifying the SPN. For Example: -TERMSRV/host.humanresources.fabrikam.com -Remote Desktop Session Host running on host.humanresources.fabrikam.com machine + +TERMSRV/host.humanresources.fabrikam.com. + +Remote Desktop Session Host running on host.humanresources.fabrikam.com machine. + TERMSRV/* Remote Desktop Session Host running on all machines. + TERMSRV/*.humanresources.fabrikam.com Remote Desktop Session Host running on all machines in .humanresources.fabrikam.com. @@ -336,8 +347,11 @@ This policy setting applies when server authentication was achieved via NTLM. > The "Allow delegating fresh credentials with NTLM-only server authentication" policy setting can be set to one or more Service Principal Names (SPNs). The SPN represents the target server to which the user credentials can be delegated. The use of a single wildcard character is permitted when specifying the SPN. For Example: -TERMSRV/host.humanresources.fabrikam.com Remote Desktop Session Host running on host.humanresources.fabrikam.com machine + +TERMSRV/host.humanresources.fabrikam.com Remote Desktop Session Host running on host.humanresources.fabrikam.com machine. + TERMSRV/* Remote Desktop Session Host running on all machines. + TERMSRV/*.humanresources.fabrikam.com Remote Desktop Session Host running on all machines in humanresources.fabrikam.com. @@ -407,8 +421,11 @@ This policy setting applies when server authentication was achieved via a truste > The "Allow delegating saved credentials" policy setting can be set to one or more Service Principal Names (SPNs). The SPN represents the target server to which the user credentials can be delegated. The use of a single wildcard character is permitted when specifying the SPN. For Example: -TERMSRV/host.humanresources.fabrikam.com Remote Desktop Session Host running on host.humanresources.fabrikam.com machine + +TERMSRV/host.humanresources.fabrikam.com Remote Desktop Session Host running on host.humanresources.fabrikam.com machine. + TERMSRV/* Remote Desktop Session Host running on all machines. + TERMSRV/*.humanresources.fabrikam.com Remote Desktop Session Host running on all machines in humanresources.fabrikam.com. @@ -478,8 +495,11 @@ This policy setting applies when server authentication was achieved via NTLM. > The "Allow delegating saved credentials with NTLM-only server authentication" policy setting can be set to one or more Service Principal Names (SPNs). The SPN represents the target server to which the user credentials can be delegated. The use of a single wildcard character is permitted when specifying the SPN. For Example: -TERMSRV/host.humanresources.fabrikam.com Remote Desktop Session Host running on host.humanresources.fabrikam.com machine + +TERMSRV/host.humanresources.fabrikam.com Remote Desktop Session Host running on host.humanresources.fabrikam.com machine. + TERMSRV/* Remote Desktop Session Host running on all machines. + TERMSRV/*.humanresources.fabrikam.com Remote Desktop Session Host running on all machines in humanresources.fabrikam.com. @@ -545,9 +565,12 @@ This policy setting applies to applications using the Cred SSP component (for ex > The "Deny delegating default credentials" policy setting can be set to one or more Service Principal Names (SPNs). The SPN represents the target server to which the user credentials can't be delegated. The use of a single wildcard character is permitted when specifying the SPN. For Example: -TERMSRV/host.humanresources.fabrikam.com Remote Desktop Session Host running on host.humanresources.fabrikam.com machine + +TERMSRV/host.humanresources.fabrikam.com Remote Desktop Session Host running on host.humanresources.fabrikam.com machine. + TERMSRV/* Remote Desktop Session Host running on all machines. -TERMSRV/*.humanresources.fabrikam.com Remote Desktop Session Host running on all machines in .humanresources.fabrikam.com + +TERMSRV/*.humanresources.fabrikam.com Remote Desktop Session Host running on all machines in .humanresources.fabrikam.com. This policy setting can be used in combination with the "Allow delegating default credentials" policy setting to define exceptions for specific servers that are otherwise permitted when using wildcard characters in the "Allow delegating default credentials" server list. @@ -614,9 +637,12 @@ This policy setting applies to applications using the Cred SSP component (for ex > The "Deny delegating fresh credentials" policy setting can be set to one or more Service Principal Names (SPNs). The SPN represents the target server to which the user credentials can't be delegated. The use of a single wildcard character is permitted when specifying the SPN. For Example: -TERMSRV/host.humanresources.fabrikam.com Remote Desktop Session Host running on host.humanresources.fabrikam.com machine + +TERMSRV/host.humanresources.fabrikam.com Remote Desktop Session Host running on host.humanresources.fabrikam.com machine. + TERMSRV/* Remote Desktop Session Host running on all machines. -TERMSRV/*.humanresources.fabrikam.com Remote Desktop Session Host running on all machines in .humanresources.fabrikam.com + +TERMSRV/*.humanresources.fabrikam.com Remote Desktop Session Host running on all machines in .humanresources.fabrikam.com. This policy setting can be used in combination with the "Allow delegating fresh credentials" policy setting to define exceptions for specific servers that are otherwise permitted when using wildcard characters in the "Allow delegating fresh credentials" server list. @@ -683,9 +709,12 @@ This policy setting applies to applications using the Cred SSP component (for ex > The "Deny delegating saved credentials" policy setting can be set to one or more Service Principal Names (SPNs). The SPN represents the target server to which the user credentials can't be delegated. The use of a single wildcard character is permitted when specifying the SPN. For Example: -TERMSRV/host.humanresources.fabrikam.com Remote Desktop Session Host running on host.humanresources.fabrikam.com machine + +TERMSRV/host.humanresources.fabrikam.com Remote Desktop Session Host running on host.humanresources.fabrikam.com machine. + TERMSRV/* Remote Desktop Session Host running on all machines. -TERMSRV/*.humanresources.fabrikam.com Remote Desktop Session Host running on all machines in .humanresources.fabrikam.com + +TERMSRV/*.humanresources.fabrikam.com Remote Desktop Session Host running on all machines in .humanresources.fabrikam.com. This policy setting can be used in combination with the "Allow delegating saved credentials" policy setting to define exceptions for specific servers that are otherwise permitted when using wildcard characters in the "Allow delegating saved credentials" server list. @@ -745,7 +774,8 @@ This policy setting can be used in combination with the "Allow delegating saved When running in Restricted Admin or Remote Credential Guard mode, participating apps don't expose signed in or supplied credentials to a remote host. Restricted Admin limits access to resources located on other servers or networks from the remote host because credentials aren't delegated. Remote Credential Guard doesn't limit access to resources because it redirects all requests back to the client device. Participating apps: -Remote Desktop Client + +Remote Desktop Client. - If you enable this policy setting, the following options are supported: diff --git a/windows/client-management/mdm/policy-csp-admx-desktop.md b/windows/client-management/mdm/policy-csp-admx-desktop.md index 5c2b83f315..e5cf956edd 100644 --- a/windows/client-management/mdm/policy-csp-admx-desktop.md +++ b/windows/client-management/mdm/policy-csp-admx-desktop.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_Desktop Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/10/2023 +ms.date: 05/11/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -45,7 +45,7 @@ Displays the filter bar above the results of an Active Directory search. The fil - If you disable this setting or don't configure it, the filter bar doesn't appear, but users can display it by selecting "Filter" on the "View" menu. -To see the filter bar, open Network Locations, click Entire Network, and then click Directory. Right-click the name of a Windows domain, and click Find. Type the name of an object in the directory, such as "Administrator." If the filter bar doesn't appear above the resulting display, on the View menu, click Filter. +To see the filter bar, open Network Locations, click Entire Network, and then click Directory. Right-click the name of a Windows domain, and click Find. Type the name of an object in the directory, such as "Administrator". If the filter bar doesn't appear above the resulting display, on the View menu, click Filter. @@ -838,7 +838,9 @@ This policy setting hides the Properties menu command on the shortcut menu for t - If you enable this policy setting, the Properties menu command won't be displayed when the user does any of the following: Right-clicks the My Documents icon. + Clicks the My Documents icon, and then opens the File menu. + Clicks the My Documents icon, and then presses ALT+ENTER. - If you disable or don't configure this policy setting, the Properties menu command is displayed. @@ -1563,7 +1565,7 @@ If you enable this setting, users can't add or remove toolbars from the desktop. > If users have added or removed toolbars, this setting prevents them from restoring the default configuration. > [!TIP] -> To view the toolbars that can be added to the desktop, right-click a docked toolbar (such as the taskbar beside the Start button), and point to "Toolbars." +> To view the toolbars that can be added to the desktop, right-click a docked toolbar (such as the taskbar beside the Start button), and point to "Toolbars". Also, see the "Prohibit adjusting desktop toolbars" setting. diff --git a/windows/client-management/mdm/policy-csp-admx-deviceguard.md b/windows/client-management/mdm/policy-csp-admx-deviceguard.md index 61e0d5e8c7..b1348a061e 100644 --- a/windows/client-management/mdm/policy-csp-admx-deviceguard.md +++ b/windows/client-management/mdm/policy-csp-admx-deviceguard.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_DeviceGuard Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/10/2023 +ms.date: 05/11/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -41,7 +41,7 @@ ms.topic: reference -Deploy Windows Defender Application Control +Deploy Windows Defender Application Control. This policy setting lets you deploy a Code Integrity Policy to a machine to control what's allowed to run on that machine. diff --git a/windows/client-management/mdm/policy-csp-admx-diskquota.md b/windows/client-management/mdm/policy-csp-admx-diskquota.md index ffc46e0daf..d8e4b5055e 100644 --- a/windows/client-management/mdm/policy-csp-admx-diskquota.md +++ b/windows/client-management/mdm/policy-csp-admx-diskquota.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_DiskQuota Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/10/2023 +ms.date: 05/11/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -53,7 +53,7 @@ To prevent users from changing the setting while a setting is in effect, the sys > This policy setting turns on disk quota management but doesn't establish or enforce a particular disk quota limit. To specify a disk quota limit, use the "Default quota limit and warning level" policy setting. Otherwise, the system uses the physical space on the volume as the quota limit. > [!NOTE] -> To turn on or turn off disk quota management without specifying a setting, in My Computer, right-click the name of an NTFS volume, click Properties, click the Quota tab, and then click "Enable quota management." +> To turn on or turn off disk quota management without specifying a setting, in My Computer, right-click the name of an NTFS volume, click Properties, click the Quota tab, and then click "Enable quota management". @@ -111,6 +111,7 @@ To prevent users from changing the setting while a setting is in effect, the sys This policy setting determines whether disk quota limits are enforced and prevents users from changing the setting. - If you enable this policy setting, disk quota limits are enforced. + - If you disable this policy setting, disk quota limits aren't enforced. When you enable or disable this policy setting, the system disables the "Deny disk space to users exceeding quota limit" option on the Quota tab so administrators can't make changes while the setting is in effect. - If you don't configure this policy setting, the disk quota limit isn't enforced by default, but administrators can change the setting. @@ -245,6 +246,7 @@ This policy setting is effective only when disk quota management is enabled on t This policy setting determines whether the system records an event in the local Application log when users reach their disk quota limit on a volume, and prevents users from changing the logging setting. - If you enable this policy setting, the system records an event when the user reaches their limit. + - If you disable this policy setting, no event is recorded. Also, when you enable or disable this policy setting, the system disables the "Log event when a user exceeds their quota limit" option on the Quota tab, so administrators can't change the setting while a setting is in effect. - If you don't configure this policy setting, no events are recorded, but administrators can use the Quota tab option to change the setting. @@ -312,6 +314,7 @@ Also, this policy setting doesn't affect the Quota Entries window on the Quota t This policy setting determines whether the system records an event in the Application log when users reach their disk quota warning level on a volume. - If you enable this policy setting, the system records an event. + - If you disable this policy setting, no event is recorded. When you enable or disable this policy setting, the system disables the corresponding "Log event when a user exceeds their warning level" option on the Quota tab so that administrators can't change logging while a policy setting is in effect. - If you don't configure this policy setting, no event is recorded, but administrators can use the Quota tab option to change the logging setting. diff --git a/windows/client-management/mdm/policy-csp-admx-dnsclient.md b/windows/client-management/mdm/policy-csp-admx-dnsclient.md index a05adfaa5a..f6c0d4debc 100644 --- a/windows/client-management/mdm/policy-csp-admx-dnsclient.md +++ b/windows/client-management/mdm/policy-csp-admx-dnsclient.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_DnsClient Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/10/2023 +ms.date: 05/11/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -100,11 +100,11 @@ Specifies that NetBIOS over TCP/IP (NetBT) queries are issued for fully qualifie Specifies that computers may attach suffixes to an unqualified multi-label name before sending subsequent DNS queries if the original name query fails. -A name containing dots, but not dot-terminated, is called an unqualified multi-label name, for example "server.corp" is an unqualified multi-label name. The name "server.corp.contoso.com." is an example of a fully qualified name because it contains a terminating dot. +A name containing dots, but not dot-terminated, is called an unqualified multi-label name, for example "server.corp" is an unqualified multi-label name. The name "server.corp.contoso.com" is an example of a fully qualified name because it contains a terminating dot. For example, if attaching suffixes is allowed, an unqualified multi-label name query for "server.corp" will be queried by the DNS client first. If the query succeeds, the response is returned to the client. If the query fails, the unqualified multi-label name is appended with DNS suffixes. These suffixes can be derived from a combination of the local DNS client's primary domain suffix, a connection-specific domain suffix, and a DNS suffix search list. -If attaching suffixes is allowed, and a DNS client with a primary domain suffix of "contoso.com" performs a query for "server.corp" the DNS client will send a query for "server.corp" first, and then a query for "server.corp.contoso.com." second if the first query fails. +If attaching suffixes is allowed, and a DNS client with a primary domain suffix of "contoso.com" performs a query for "server.corp" the DNS client will send a query for "server.corp" first, and then a query for "server.corp.contoso.com" second if the first query fails. - If you enable this policy setting, suffixes are allowed to be appended to an unqualified multi-label name if the original name query fails. @@ -990,9 +990,9 @@ To specify the TTL, click Enabled and then enter a value in seconds (for example Specifies the DNS suffixes to attach to an unqualified single-label name before submission of a DNS query for that name. -An unqualified single-label name contains no dots. The name "example" is a single-label name. This is different from a fully qualified domain name such as "example.microsoft.com." +An unqualified single-label name contains no dots. The name "example" is a single-label name. This is different from a fully qualified domain name such as "example.microsoft.com". -Client computers that receive this policy setting will attach one or more suffixes to DNS queries for a single-label name. For example, a DNS query for the single-label name "example" will be modified to "example.microsoft.com" before sending the query to a DNS server if this policy setting is enabled with a suffix of "microsoft.com." +Client computers that receive this policy setting will attach one or more suffixes to DNS queries for a single-label name. For example, a DNS query for the single-label name "example" will be modified to "example.microsoft.com" before sending the query to a DNS server if this policy setting is enabled with a suffix of "microsoft.com". To use this policy setting, click Enabled, and then enter a string value representing the DNS suffixes that should be appended to single-label names. You must specify at least one suffix. Use a comma-delimited string, such as "microsoft.com,serverua.microsoft.com,office.microsoft.com" to specify multiple suffixes. @@ -1239,7 +1239,7 @@ Only secure - computers send only secure dynamic updates. -Specifies if computers may send dynamic updates to zones with a single label name. These zones are also known as top-level domain zones, for example: "com." +Specifies if computers may send dynamic updates to zones with a single label name. These zones are also known as top-level domain zones, for example: "com". By default, a DNS client that's configured to perform dynamic DNS update will update the DNS zone that's authoritative for its DNS resource records unless the authoritative zone is a top-level domain or root zone. diff --git a/windows/client-management/mdm/policy-csp-admx-errorreporting.md b/windows/client-management/mdm/policy-csp-admx-errorreporting.md index 8c8777e9ed..b0d3994734 100644 --- a/windows/client-management/mdm/policy-csp-admx-errorreporting.md +++ b/windows/client-management/mdm/policy-csp-admx-errorreporting.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_ErrorReporting Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/10/2023 +ms.date: 05/11/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -169,7 +169,7 @@ To create a list of applications for which Windows Error Reporting never reports - If you enable this policy setting, you can create a list of applications that are always included in error reporting. To add applications to the list, click Show under the Report errors for applications on this list setting, and edit the list of application file names in the Show Contents dialog box. The file names must include the .exe file name extension (for example, notepad.exe). Errors that are generated by applications on this list are always reported, even if the Default dropdown in the Default application reporting policy setting is set to report no application errors. -If the Report all errors in Microsoft applications or Report all errors in Windows components check boxes in the Default Application Reporting policy setting are filled, Windows Error Reporting reports errors as if all applications in these categories were added to the list in this policy setting. (Note: The Microsoft applications category includes the Windows components category.) +If the Report all errors in Microsoft applications or Report all errors in Windows components check boxes in the Default Application Reporting policy setting are filled, Windows Error Reporting reports errors as if all applications in these categories were added to the list in this policy setting. (Note: The Microsoft applications category includes the Windows components category). - If you disable this policy setting or don't configure it, the Default application reporting settings policy setting takes precedence. diff --git a/windows/client-management/mdm/policy-csp-admx-eventforwarding.md b/windows/client-management/mdm/policy-csp-admx-eventforwarding.md index 3270f35b6e..b510d5bbff 100644 --- a/windows/client-management/mdm/policy-csp-admx-eventforwarding.md +++ b/windows/client-management/mdm/policy-csp-admx-eventforwarding.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_EventForwarding Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/10/2023 +ms.date: 05/11/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -104,6 +104,7 @@ This policy setting allows you to configure the server address, refresh interval - If you enable this policy setting, you can configure the Source Computer to contact a specific FQDN (Fully Qualified Domain Name) or IP Address and request subscription specifics. Use the following syntax when using the HTTPS protocol: + Server=https://``:5986/wsman/SubscriptionManager/WEC,Refresh=``,IssuerCA=``. When using the HTTP protocol, use port 5985. - If you disable or don't configure this policy setting, the Event Collector computer won't be specified. diff --git a/windows/client-management/mdm/policy-csp-admx-filerevocation.md b/windows/client-management/mdm/policy-csp-admx-filerevocation.md index bd89712c67..bf73c35e40 100644 --- a/windows/client-management/mdm/policy-csp-admx-filerevocation.md +++ b/windows/client-management/mdm/policy-csp-admx-filerevocation.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_FileRevocation Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/10/2023 +ms.date: 05/11/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -42,7 +42,8 @@ ms.topic: reference Windows Runtime applications can protect content which has been associated with an enterprise identifier (EID), but can only revoke access to content it protected. To allow an application to revoke access to all content on the device that's protected by a particular enterprise, add an entry to the list on a new line that contains the enterprise identifier, separated by a comma, and the Package Family Name of the application. The EID must be an internet domain belonging to the enterprise in standard international domain name format. Example value: -Contoso.com,ContosoIT. HumanResourcesApp_m5g0r7arhahqy + +Contoso.com,ContosoIT. HumanResourcesApp_m5g0r7arhahqy. - If you enable this policy setting, the application identified by the Package Family Name will be permitted to revoke access to all content protected using the specified EID on the device. diff --git a/windows/client-management/mdm/policy-csp-admx-filesys.md b/windows/client-management/mdm/policy-csp-admx-filesys.md index e8e81ba85c..9e086acb53 100644 --- a/windows/client-management/mdm/policy-csp-admx-filesys.md +++ b/windows/client-management/mdm/policy-csp-admx-filesys.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_FileSys Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/10/2023 +ms.date: 05/11/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -99,6 +99,7 @@ A reboot is required for this setting to take effect. Delete notification is a feature that notifies the underlying storage device of clusters that are freed due to a file delete operation. A value of 0, the default, will enable delete notifications for all volumes. + A value of 1 will disable delete notifications for all volumes. @@ -379,12 +380,15 @@ If you enable short names on all volumes then short names will always be generat Symbolic links can introduce vulnerabilities in certain applications. To mitigate this issue, you can selectively enable or disable the evaluation of these types of symbolic links: -Local Link to a Local Target -Local Link to a Remote Target -Remote Link to Remote Target -Remote Link to Local Target +Local Link to a Local Target. -For further information please refer to the Windows Help section +Local Link to a Remote Target. + +Remote Link to Remote Target. + +Remote Link to Local Target. + +For further information please refer to the Windows Help section. > [!NOTE] > If this policy is Disabled or Not Configured, local administrators may select the types of symbolic links to be evaluated. diff --git a/windows/client-management/mdm/policy-csp-admx-globalization.md b/windows/client-management/mdm/policy-csp-admx-globalization.md index 70fc0069ba..07132d5d80 100644 --- a/windows/client-management/mdm/policy-csp-admx-globalization.md +++ b/windows/client-management/mdm/policy-csp-admx-globalization.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_Globalization Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/10/2023 +ms.date: 05/11/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -111,7 +111,9 @@ The policy setting "Restrict user locales" can also be enabled to disallow selec - If you disable or don't configure this policy setting, the user can select a custom locale as their user locale. - If this policy setting is enabled at the machine level, it can't be disabled by a per-user policy setting. + - If this policy setting is disabled at the machine level, the per-user policy setting will be ignored. + - If this policy setting isn't configured at the machine level, restrictions will be based on per-user policy settings. To set this policy setting on a per-user basis, make sure that you don't configure the per-machine policy setting. @@ -180,7 +182,9 @@ The policy setting "Restrict user locales" can also be enabled to disallow selec - If you disable or don't configure this policy setting, the user can select a custom locale as their user locale. - If this policy setting is enabled at the machine level, it can't be disabled by a per-user policy setting. + - If this policy setting is disabled at the machine level, the per-user policy setting will be ignored. + - If this policy setting isn't configured at the machine level, restrictions will be based on per-user policy settings. To set this policy setting on a per-user basis, make sure that you don't configure the per-machine policy setting. @@ -713,7 +717,9 @@ The locale list is specified using language tags, separated by a semicolon (;). - If you disable or don't configure this policy setting, users can select any locale installed on the computer, unless restricted by the "Disallow selection of Custom Locales" policy setting. - If this policy setting is enabled at the computer level, it can't be disabled by a per-user policy. + - If this policy setting is disabled at the computer level, the per-user policy is ignored. + - If this policy setting isn't configured at the computer level, restrictions are based on per-user policies. @@ -780,7 +786,9 @@ The locale list is specified using language tags, separated by a semicolon (;). - If you disable or don't configure this policy setting, users can select any locale installed on the computer, unless restricted by the "Disallow selection of Custom Locales" policy setting. - If this policy setting is enabled at the computer level, it can't be disabled by a per-user policy. + - If this policy setting is disabled at the computer level, the per-user policy is ignored. + - If this policy setting isn't configured at the computer level, restrictions are based on per-user policies. @@ -965,7 +973,9 @@ This policy setting prevents users from changing their user geographical locatio - If you disable or don't configure this policy setting, users may select any GeoID. - If you enable this policy setting at the computer level, it can't be disabled by a per-user policy setting. + - If you disable this policy setting at the computer level, the per-user policy is ignored. + - If you don't configure this policy setting at the computer level, restrictions are based on per-user policy settings. To set this policy setting on a per-user basis, make sure that the per-computer policy setting isn't configured. @@ -1030,7 +1040,9 @@ This policy setting prevents users from changing their user geographical locatio - If you disable or don't configure this policy setting, users may select any GeoID. - If you enable this policy setting at the computer level, it can't be disabled by a per-user policy setting. + - If you disable this policy setting at the computer level, the per-user policy is ignored. + - If you don't configure this policy setting at the computer level, restrictions are based on per-user policy settings. To set this policy setting on a per-user basis, make sure that the per-computer policy setting isn't configured. @@ -1097,7 +1109,9 @@ When this policy setting is enabled, users can still choose alternate locales in - If this policy setting is disabled or not configured, then the user can customize their user locale overrides. - If this policy is set to Enabled at the computer level, then it can't be disabled by a per-User policy. + - If this policy is set to Disabled at the computer level, then the per-User policy will be ignored. + - If this policy is set to Not Configured at the computer level, then restrictions will be based on per-User policies. To set this policy on a per-user basis, make sure that the per-computer policy is set to Not Configured. @@ -1164,7 +1178,9 @@ When this policy setting is enabled, users can still choose alternate locales in - If this policy setting is disabled or not configured, then the user can customize their user locale overrides. - If this policy is set to Enabled at the computer level, then it can't be disabled by a per-User policy. + - If this policy is set to Disabled at the computer level, then the per-User policy will be ignored. + - If this policy is set to Not Configured at the computer level, then restrictions will be based on per-User policies. To set this policy on a per-user basis, make sure that the per-computer policy is set to Not Configured. diff --git a/windows/client-management/mdm/policy-csp-admx-grouppolicy.md b/windows/client-management/mdm/policy-csp-admx-grouppolicy.md index 58f02f82ae..e1d7e4f64b 100644 --- a/windows/client-management/mdm/policy-csp-admx-grouppolicy.md +++ b/windows/client-management/mdm/policy-csp-admx-grouppolicy.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_GroupPolicy Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/10/2023 +ms.date: 05/11/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -23,7 +23,7 @@ ms.topic: reference -##### AllowX/ForestPolicy/and/RUP +2 AllowX/ForestPolicy/and/RUP | Scope | Editions | Applicable OS | @@ -45,10 +45,13 @@ This policy setting affects all user accounts that interactively log on to a com - If you don't configure this policy setting: - - No user-based policy settings are applied from the user's forest. - - Users don't receive their roaming profiles; they receive a local profile on the computer from the local forest. A warning message appears to the user, and an event log message (1529) is posted. - - Loopback Group Policy processing is applied, using the Group Policy Objects (GPOs) that are scoped to the computer. - - An event log message (1109) is posted, stating that loopback was invoked in Replace mode. +- No user-based policy settings are applied from the user's forest. + +- Users don't receive their roaming profiles; they receive a local profile on the computer from the local forest. A warning message appears to the user, and an event log message (1529) is posted. + +- Loopback Group Policy processing is applied, using the Group Policy Objects (GPOs) that are scoped to the computer. + +- An event log message (1109) is posted, stating that loopback was invoked in Replace mode. - If you enable this policy setting, the behavior is exactly the same as in Windows 2000: user policy is applied, and a roaming user profile is allowed from the trusted forest. @@ -172,6 +175,7 @@ This policy setting affects all policy settings that use the software installati This policy setting overrides customized settings that the program implementing the software installation policy set when it was installed. - If you enable this policy setting, you can use the check boxes provided to change the options. + - If you disable or don't configure this policy setting, it has no effect on the system. The "Allow processing across a slow network connection" option updates the policies even when the update is being transmitted across a slow network connection, such as a telephone line. Updates across slow connections can cause significant delays. @@ -237,6 +241,7 @@ This policy setting affects all policies that use the disk quota component of Gr This policy setting overrides customized settings that the program implementing the disk quota policy set when it was installed. - If you enable this policy setting, you can use the check boxes provided to change the options. + - If you disable or don't configure this policy setting, it has no effect on the system. The "Allow processing across a slow network connection" option updates the policies even when the update is being transmitted across a slow network connection, such as a telephone line. Updates across slow connections can cause significant delays. @@ -304,6 +309,7 @@ This policy setting affects all policies that use the encryption component of Gr It overrides customized settings that the program implementing the encryption policy set when it was installed. - If you enable this policy setting, you can use the check boxes provided to change the options. + - If you disable or don't configure this policy setting, it has no effect on the system. The "Allow processing across a slow network connection" option updates the policies even when the update is being transmitted across a slow network connection, such as a telephone line. Updates across slow connections can cause significant delays. @@ -371,6 +377,7 @@ This policy setting affects all policies that use the folder redirection compone This policy setting overrides customized settings that the program implementing the folder redirection policy setting set when it was installed. - If you enable this policy setting, you can use the check boxes provided to change the options. + - If you disable or don't configure this policy setting, it has no effect on the system. The "Allow processing across a slow network connection" option updates the policies even when the update is being transmitted across a slow network connection, such as a telephone line. Updates across slow connections can cause significant delays. @@ -436,6 +443,7 @@ This policy setting affects all policies that use the Internet Explorer Maintena This policy setting overrides customized settings that the program implementing the Internet Explorer Maintenance policy set when it was installed. - If you enable this policy setting, you can use the check boxes provided to change the options. + - If you disable or don't configure this policy setting, it has no effect on the system. The "Allow processing across a slow network connection" option updates the policies even when the update is being transmitted across a slow network connection, such as a telephone line. Updates across slow connections can cause significant delays. @@ -503,6 +511,7 @@ This policy setting affects all policies that use the IP security component of G This policy setting overrides customized settings that the program implementing the IP security policy set when it was installed. - If you enable this policy setting, you can use the check boxes provided to change the options. + - If you disable or don't configure this policy setting, it has no effect on the system. The "Allow processing across a slow network connection" option updates the policies even when the update is being transmitted across a slow network connection, such as a telephone line. Updates across slow connections can cause significant delays. @@ -568,6 +577,7 @@ This policy setting determines when registry policies are updated. This policy setting affects all policies in the Administrative Templates folder and any other policies that store values in the registry. It overrides customized settings that the program implementing a registry policy set when it was installed. - If you enable this policy setting, you can use the check boxes provided to change the options. + - If you disable or don't configure this policy setting, it has no effect on the system. The "Do not apply during periodic background processing" option prevents the system from updating affected policies in the background while the computer is in use. When background updates are disabled, policy changes won't take effect until the next user logon or system restart. @@ -631,6 +641,7 @@ This policy setting determines when policies that assign shared scripts are upda This policy setting affects all policies that use the scripts component of Group Policy, such as those in WindowsSettings\Scripts. It overrides customized settings that the program implementing the scripts policy set when it was installed. - If you enable this policy setting, you can use the check boxes provided to change the options. + - If you disable or don't configure this setting, it has no effect on the system. The "Allow processing across a slow network connection" option updates the policies even when the update is being transmitted across a slow network connection, such as a telephone line. Updates across slow connections can cause significant delays. @@ -698,6 +709,7 @@ This policy setting affects all policies that use the security component of Grou This policy setting overrides customized settings that the program implementing the security policy set when it was installed. - If you enable this policy setting, you can use the check boxes provided to change the options. + - If you disable or don't configure this policy setting, it has no effect on the system. The "Do not apply during periodic background processing" option prevents the system from updating affected policies in the background while the computer is in use. When background updates are disabled, policy changes won't take effect until the next user logon or system restart. @@ -904,7 +916,7 @@ By default, interactively logged-on users can view their own Resultant Set of Po > This policy setting doesn't affect administrators. If you enable or disable this policy setting, by default administrators can view RSoP data. > [!NOTE] -> To view RSoP data on a client computer, use the RSoP snap-in for the Microsoft Management Console. You can launch the RSoP snap-in from the command line by typing RSOP.msc +> To view RSoP data on a client computer, use the RSoP snap-in for the Microsoft Management Console. You can launch the RSoP snap-in from the command line by typing RSOP.msc. > [!NOTE] > This policy setting exists as both a User Configuration and Computer Configuration setting. @@ -976,7 +988,7 @@ By default, interactively logged-on users can view their own Resultant Set of Po > This policy setting doesn't affect administrators. If you enable or disable this policy setting, by default administrators can view RSoP data. > [!NOTE] -> To view RSoP data on a client computer, use the RSoP snap-in for the Microsoft Management Console. You can launch the RSoP snap-in from the command line by typing RSOP.msc +> To view RSoP data on a client computer, use the RSoP snap-in for the Microsoft Management Console. You can launch the RSoP snap-in from the command line by typing RSOP.msc. > [!NOTE] > This policy setting exists as both a User Configuration and Computer Configuration setting. @@ -1411,13 +1423,13 @@ This policy setting determines whether the Windows device is allowed to particip This policy setting allows you to configure Group Policy caching behavior. -- If you enable or don't configure this policy setting, Group Policy caches policy information after every background processing session. This cache saves applicable GPOs and the settings contained within them. When Group Policy runs in synchronous foreground mode, it refers to this cache, which enables it to run faster. When the cache is read, Group Policy attempts to contact a logon domain controller to determine the link speed. When Group Policy runs in background mode or asynchronous foreground mode, it continues to download the latest version of the policy information, and it uses a bandwidth estimate to determine slow link thresholds. (See the "Configure Group Policy Slow Link Detection" policy setting to configure asynchronous foreground behavior.) +- If you enable or don't configure this policy setting, Group Policy caches policy information after every background processing session. This cache saves applicable GPOs and the settings contained within them. When Group Policy runs in synchronous foreground mode, it refers to this cache, which enables it to run faster. When the cache is read, Group Policy attempts to contact a logon domain controller to determine the link speed. When Group Policy runs in background mode or asynchronous foreground mode, it continues to download the latest version of the policy information, and it uses a bandwidth estimate to determine slow link thresholds. (See the "Configure Group Policy Slow Link Detection" policy setting to configure asynchronous foreground behavior). The slow link value that's defined in this policy setting determines how long Group Policy will wait for a response from the domain controller before reporting the link speed as slow. The default is 500 milliseconds. The timeout value that's defined in this policy setting determines how long Group Policy will wait for a response from the domain controller before determining that there is no network connectivity. This stops the current Group Policy processing. Group Policy will run in the background the next time a connection to a domain controller is established. Setting this value too high might result in longer waits for the user at boot or logon. The default is 5000 milliseconds. -- If you disable this policy setting, the Group Policy client won't cache applicable GPOs or settings that are contained within the GPOs. When Group Policy runs synchronously, it downloads the latest version of the policy from the network and uses bandwidth estimates to determine slow link thresholds. (See the "Configure Group Policy Slow Link Detection" policy setting to configure asynchronous foreground behavior.) +- If you disable this policy setting, the Group Policy client won't cache applicable GPOs or settings that are contained within the GPOs. When Group Policy runs synchronously, it downloads the latest version of the policy from the network and uses bandwidth estimates to determine slow link thresholds. (See the "Configure Group Policy Slow Link Detection" policy setting to configure asynchronous foreground behavior). @@ -1474,10 +1486,13 @@ The timeout value that's defined in this policy setting determines how long Grou This policy setting allows you to configure Group Policy caching behavior on Windows Server machines. -- If you enable this policy setting, Group Policy caches policy information after every background processing session. This cache saves applicable GPOs and the settings contained within them. When Group Policy runs in synchronous foreground mode, it refers to this cache, which enables it to run faster. When the cache is read, Group Policy attempts to contact a logon domain controller to determine the link speed. When Group Policy runs in background mode or asynchronous foreground mode, it continues to download the latest version of the policy information, and it uses a bandwidth estimate to determine slow link thresholds. (See the "Configure Group Policy Slow Link Detection" policy setting to configure asynchronous foreground behavior.) +- If you enable this policy setting, Group Policy caches policy information after every background processing session. This cache saves applicable GPOs and the settings contained within them. When Group Policy runs in synchronous foreground mode, it refers to this cache, which enables it to run faster. When the cache is read, Group Policy attempts to contact a logon domain controller to determine the link speed. When Group Policy runs in background mode or asynchronous foreground mode, it continues to download the latest version of the policy information, and it uses a bandwidth estimate to determine slow link thresholds. (See the "Configure Group Policy Slow Link Detection" policy setting to configure asynchronous foreground behavior). + The slow link value that's defined in this policy setting determines how long Group Policy will wait for a response from the domain controller before reporting the link speed as slow. The default is 500 milliseconds. + The timeout value that's defined in this policy setting determines how long Group Policy will wait for a response from the domain controller before determining that there is no network connectivity. This stops the current Group Policy processing. Group Policy will run in the background the next time a connection to a domain controller is established. Setting this value too high might result in longer waits for the user at boot or logon. The default is 5000 milliseconds. -- If you disable or don't configure this policy setting, the Group Policy client won't cache applicable GPOs or settings that are contained within the GPOs. When Group Policy runs synchronously, it downloads the latest version of the policy from the network and uses bandwidth estimates to determine slow link thresholds. (See the "Configure Group Policy Slow Link Detection" policy setting to configure asynchronous foreground behavior.) + +- If you disable or don't configure this policy setting, the Group Policy client won't cache applicable GPOs or settings that are contained within the GPOs. When Group Policy runs synchronously, it downloads the latest version of the policy from the network and uses bandwidth estimates to determine slow link thresholds. (See the "Configure Group Policy Slow Link Detection" policy setting to configure asynchronous foreground behavior). @@ -1602,7 +1617,7 @@ A Group Policy administration (.adm) file can contain both true settings and pre - If you disable or don't configure this policy setting, the "Show Policies Only" command is turned on by default, but administrators can view preferences by turning off the "Show Policies Only" command. > [!NOTE] -> To find the "Show Policies Only" command, in Group Policy Object Editor, click the Administrative Templates folder (either one), right-click the same folder, and then point to "View." +> To find the "Show Policies Only" command, in Group Policy Object Editor, click the Administrative Templates folder (either one), right-click the same folder, and then point to "View". In Group Policy Object Editor, preferences have a red icon to distinguish them from true settings, which have a blue icon. @@ -1726,7 +1741,7 @@ This policy setting determines which domain controller the Group Policy Object E - If you disable this setting or don't configure it, the Group Policy Object Editor snap-in uses the domain controller designated as the PDC Operations Master for the domain. > [!NOTE] -> To change the PDC Operations Master for a domain, in Active Directory Users and Computers, right-click a domain, and then click "Operations Masters." +> To change the PDC Operations Master for a domain, in Active Directory Users and Computers, right-click a domain, and then click "Operations Masters". @@ -2394,7 +2409,7 @@ This leads to the following behavior: This security feature provides a means to override individual process MitigationOptions settings. This can be used to enforce a number of security policies specific to applications. The application name is specified as the Value name, including extension. The Value is specified as a bit field with a series of flags in particular positions. Bits can be set to either 0 (setting is forced off), 1 (setting is forced on), or ? (setting retains its existing value prior to GPO evaluation). The recognized bit locations are: PROCESS_CREATION_MITIGATION_POLICY_DEP_ENABLE (0x00000001) -Enables data execution prevention (DEP) for the child process +Enables data execution prevention (DEP) for the child process. PROCESS_CREATION_MITIGATION_POLICY_DEP_ATL_THUNK_ENABLE (0x00000002) Enables DEP-ATL thunk emulation for the child process. DEP-ATL thunk emulation causes the system to intercept NX faults that originate from the Active Template Library (ATL) thunk layer. @@ -2410,6 +2425,7 @@ PROCESS_CREATION_MITIGATION_POLICY_BOTTOM_UP_ASLR_ALWAYS_OFF (0x00020000) The bottom-up randomization policy, which includes stack randomization options, causes a random location to be used as the lowest user address. For instance, to enable PROCESS_CREATION_MITIGATION_POLICY_DEP_ENABLE and PROCESS_CREATION_MITIGATION_POLICY_FORCE_RELOCATE_IMAGES_ALWAYS_ON, disable PROCESS_CREATION_MITIGATION_POLICY_BOTTOM_UP_ASLR_ALWAYS_OFF, and to leave all other options at their default values, specify a value of: + ???????????????0???????1???????1 Setting flags not specified here to any value other than ? results in undefined behavior. @@ -2652,13 +2668,15 @@ When Group Policy detects the bandwidth speed of a Direct Access connection, the This policy directs Group Policy processing to skip processing any client side extension that requires synchronous processing (that is, whether computers wait for the network to be fully initialized during computer startup and user logon) when a slow network connection is detected. - If you enable this policy setting, when a slow network connection is detected, Group Policy processing will always run in an asynchronous manner. -Client computers won't wait for the network to be fully initialized at startup and logon. Existing users will be logged-on using cached credentials, -which will result in shorter logon times. Group Policy will be applied in the background after the network becomes available. -Note that because this is a background refresh, extensions requiring synchronous processing such as Software Installation, Folder Redirection -and Drive Maps preference extension won't be applied. + +Client computers won't wait for the network to be fully initialized at startup and logon. Existing users will be logged-on using cached credentials, which will result in shorter logon times. Group Policy will be applied in the background after the network becomes available. + +Note that because this is a background refresh, extensions requiring synchronous processing such as Software Installation, Folder Redirection and Drive Maps preference extension won't be applied. Note There are two conditions that will cause Group Policy to be processed synchronously even if this policy setting is enabled: + 1 - At the first computer startup after the client computer has joined the domain. + 2 - If the policy setting "Always wait for the network at computer startup and logon" is enabled. - If you disable or don't configure this policy setting, detecting a slow network connection won't affect whether Group Policy processing will be synchronous or asynchronous. diff --git a/windows/client-management/mdm/policy-csp-admx-icm.md b/windows/client-management/mdm/policy-csp-admx-icm.md index 8b83fbf9b0..d9bba74952 100644 --- a/windows/client-management/mdm/policy-csp-admx-icm.md +++ b/windows/client-management/mdm/policy-csp-admx-icm.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_ICM Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/10/2023 +ms.date: 05/11/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -850,7 +850,7 @@ Also see the "Configure Error Reporting", "Display Error Notification" and "Disa This policy setting allows you to remove access to Windows Update. -- If you enable this policy setting, all Windows Update features are removed. This includes blocking access to the Windows Update website at , from the Windows Update hyperlink on the Start menu, and also on the Tools menu in Internet Explorer. Windows automatic updating is also disabled; you will neither be notified about nor will you receive critical updates from Windows Update. This policy setting also prevents Device Manager from automatically installing driver updates from the Windows Update website. +- If you enable this policy setting, all Windows Update features are removed. This includes blocking access to the Windows Update website at , from the Windows Update hyperlink on the Start menu, and also on the Tools menu in Internet Explorer. Windows automatic updating is also disabled; you'll neither be notified about nor will you receive critical updates from Windows Update. This policy setting also prevents Device Manager from automatically installing driver updates from the Windows Update website. - If you disable or don't configure this policy setting, users can access the Windows Update website and enable automatic updating to receive notifications and critical updates from Windows Update. diff --git a/windows/client-management/mdm/policy-csp-admx-iis.md b/windows/client-management/mdm/policy-csp-admx-iis.md index eabc93b5ad..b886cd2b1a 100644 --- a/windows/client-management/mdm/policy-csp-admx-iis.md +++ b/windows/client-management/mdm/policy-csp-admx-iis.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_IIS Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/10/2023 +ms.date: 05/11/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -42,7 +42,8 @@ ms.topic: reference "This policy setting prevents installation of Internet Information Services (IIS) on this computer. - If you enable this policy setting, Internet Information Services (IIS) can't be installed, and you won't be able to install Windows components or applications that require IIS. Users installing Windows components or applications that require IIS might not receive a warning that IIS can't be installed because of this Group Policy setting. Enabling this setting won't have any effect on IIS if IIS is already installed on the computer. -- If you disable or don't configure this policy setting, IIS can be installed, as well as all the programs and applications that require IIS to run." + +- If you disable or don't configure this policy setting, IIS can be installed, as well as all the programs and applications that require IIS to run". diff --git a/windows/client-management/mdm/policy-csp-admx-kdc.md b/windows/client-management/mdm/policy-csp-admx-kdc.md index 7c67c906a2..e31c39dc28 100644 --- a/windows/client-management/mdm/policy-csp-admx-kdc.md +++ b/windows/client-management/mdm/policy-csp-admx-kdc.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_kdc Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/10/2023 +ms.date: 05/11/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -52,13 +52,15 @@ If you configure the "Not supported" option, the domain controller doesn't suppo If you configure "Supported", the domain controller supports claims, compound authentication and Kerberos armoring. The domain controller advertises to Kerberos client computers that the domain is capable of claims and compound authentication for Dynamic Access Control and Kerberos armoring. -Domain functional level requirements +Domain functional level requirements. + For the options "Always provide claims" and "Fail unarmored authentication requests", when the domain functional level is set to Windows Server 2008 R2 or earlier then domain controllers behave as if the "Supported" option is selected. When the domain functional level is set to Windows Server 2012 then the domain controller advertises to Kerberos client computers that the domain is capable of claims and compound authentication for Dynamic Access Control and Kerberos armoring, and: - - If you set the "Always provide claims" option, always returns claims for accounts and supports the RFC behavior for advertising the flexible authentication secure tunneling (FAST). - - If you set the "Fail unarmored authentication requests" option, rejects unarmored Kerberos messages. +- If you set the "Always provide claims" option, always returns claims for accounts and supports the RFC behavior for advertising the flexible authentication secure tunneling (FAST). + +- If you set the "Fail unarmored authentication requests" option, rejects unarmored Kerberos messages. > [!WARNING] > When "Fail unarmored authentication requests" is set, then client computers which don't support Kerberos armoring will fail to authenticate to the domain controller. @@ -67,9 +69,11 @@ To ensure this feature is effective, deploy enough domain controllers that suppo Impact on domain controller performance when this policy setting is enabled: - - Secure Kerberos domain capability discovery is required resulting in additional message exchanges. - - Claims and compound authentication for Dynamic Access Control increases the size and complexity of the data in the message which results in more processing time and greater Kerberos service ticket size. - - Kerberos armoring fully encrypts Kerberos messages and signs Kerberos errors which results in increased processing time, but doesn't change the service ticket size. +- Secure Kerberos domain capability discovery is required resulting in additional message exchanges. + +- Claims and compound authentication for Dynamic Access Control increases the size and complexity of the data in the message which results in more processing time and greater Kerberos service ticket size. + +- Kerberos armoring fully encrypts Kerberos messages and signs Kerberos errors which results in increased processing time, but doesn't change the service ticket size. diff --git a/windows/client-management/mdm/policy-csp-admx-kerberos.md b/windows/client-management/mdm/policy-csp-admx-kerberos.md index 3a2249f9ea..51dfef0089 100644 --- a/windows/client-management/mdm/policy-csp-admx-kerberos.md +++ b/windows/client-management/mdm/policy-csp-admx-kerberos.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_Kerberos Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/10/2023 +ms.date: 05/11/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -112,6 +112,7 @@ Automatic: Device will attempt to authenticate using its certificate. If the DC Force: Device will always authenticate using its certificate. If a DC can't be found which support computer account authentication using certificates then authentication will fail. - If you disable this policy setting, certificates will never be used. + - If you don't configure this policy setting, Automatic will be used. @@ -423,6 +424,7 @@ Automatic: Compound authentication is provided for this computer account when on Always: Compound authentication is always provided for this computer account. - If you disable this policy setting, Never will be used. + - If you don't configure this policy setting, Automatic will be used. diff --git a/windows/client-management/mdm/policy-csp-admx-lanmanserver.md b/windows/client-management/mdm/policy-csp-admx-lanmanserver.md index 33edf55abc..b47f82b91f 100644 --- a/windows/client-management/mdm/policy-csp-admx-lanmanserver.md +++ b/windows/client-management/mdm/policy-csp-admx-lanmanserver.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_LanmanServer Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/10/2023 +ms.date: 05/11/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -47,14 +47,17 @@ If you enable this policy setting and don't specify at least one supported ciphe SMB 3.11 cipher suites: -AES_128_GCM -AES_128_CCM -AES_256_GCM -AES_256_CCM +AES_128_GCM. + +AES_128_CCM. + +AES_256_GCM. + +AES_256_CCM. SMB 3.0 and 3.02 cipher suites: -AES_128_CCM +AES_128_CCM. How to modify this setting: @@ -117,7 +120,7 @@ Arrange the desired cipher suites in the edit box, one cipher suite per line, in This policy setting specifies whether a hash generation service generates hashes, also called content information, for data that's stored in shared folders. This policy setting must be applied to server computers that have the File Services role and both the File Server and the BranchCache for Network Files role services installed. -Policy configuration +Policy configuration. Select one of the following: @@ -191,7 +194,7 @@ This policy setting specifies whether the BranchCache hash generation service su If you specify only one version that's supported, content information for that version is the only type that's generated by BranchCache, and it's the only type of content information that can be retrieved by client computers. For example, if you enable support for V1 hashes, BranchCache generates only V1 hashes and client computers can retrieve only V1 hashes. -Policy configuration +Policy configuration. Select one of the following: diff --git a/windows/client-management/mdm/policy-csp-admx-lanmanworkstation.md b/windows/client-management/mdm/policy-csp-admx-lanmanworkstation.md index 8d1cb9b196..f8be5837ce 100644 --- a/windows/client-management/mdm/policy-csp-admx-lanmanworkstation.md +++ b/windows/client-management/mdm/policy-csp-admx-lanmanworkstation.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_LanmanWorkstation Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/10/2023 +ms.date: 05/11/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -47,14 +47,17 @@ If you enable this policy setting and don't specify at least one supported ciphe SMB 3.11 cipher suites: -AES_128_GCM -AES_128_CCM -AES_256_GCM -AES_256_CCM +AES_128_GCM. + +AES_128_CCM. + +AES_256_GCM. + +AES_256_CCM. SMB 3.0 and 3.02 cipher suites: -AES_128_CCM +AES_128_CCM. How to modify this setting: diff --git a/windows/client-management/mdm/policy-csp-admx-leakdiagnostic.md b/windows/client-management/mdm/policy-csp-admx-leakdiagnostic.md index f7be07c69a..772b105ff4 100644 --- a/windows/client-management/mdm/policy-csp-admx-leakdiagnostic.md +++ b/windows/client-management/mdm/policy-csp-admx-leakdiagnostic.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_LeakDiagnostic Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/10/2023 +ms.date: 05/11/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -47,8 +47,9 @@ This policy setting determines whether Diagnostic Policy Service (DPS) diagnoses This policy setting takes effect only under the following conditions: - - If the diagnostics-wide scenario execution policy isn't configured. - - When the Diagnostic Policy Service is in the running state. When the service is stopped or disabled, diagnostic scenarios aren't executed. +- If the diagnostics-wide scenario execution policy isn't configured. + +- When the Diagnostic Policy Service is in the running state. When the service is stopped or disabled, diagnostic scenarios aren't executed. > [!NOTE] > The DPS can be configured with the Services snap-in to the Microsoft Management Console. diff --git a/windows/client-management/mdm/policy-csp-admx-logon.md b/windows/client-management/mdm/policy-csp-admx-logon.md index 17891ec45a..398ad547da 100644 --- a/windows/client-management/mdm/policy-csp-admx-logon.md +++ b/windows/client-management/mdm/policy-csp-admx-logon.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_Logon Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/10/2023 +ms.date: 05/11/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -101,6 +101,7 @@ This policy prevents the user from showing account details (email address or use This policy setting disables the acrylic blur effect on logon background image. - If you enable this policy, the logon background image shows without blur. + - If you disable or don't configure this policy, the logon background image adopts the acrylic blur effect. @@ -560,7 +561,7 @@ This setting applies only to Windows 2000 Professional. It doesn't affect the "C > This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration. > [!TIP] -> To display the welcome screen, click Start, point to Programs, point to Accessories, point to System Tools, and then click "Getting Started." To suppress the welcome screen without specifying a setting, clear the "Show this screen at startup" check box on the welcome screen. +> To display the welcome screen, click Start, point to Programs, point to Accessories, point to System Tools, and then click "Getting Started". To suppress the welcome screen without specifying a setting, clear the "Show this screen at startup" check box on the welcome screen. @@ -629,7 +630,7 @@ This setting applies only to Windows 2000 Professional. It doesn't affect the "C > This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration. > [!TIP] -> To display the welcome screen, click Start, point to Programs, point to Accessories, point to System Tools, and then click "Getting Started." To suppress the welcome screen without specifying a setting, clear the "Show this screen at startup" check box on the welcome screen. +> To display the welcome screen, click Start, point to Programs, point to Accessories, point to System Tools, and then click "Getting Started". To suppress the welcome screen without specifying a setting, clear the "Show this screen at startup" check box on the welcome screen. @@ -826,15 +827,17 @@ On servers running Windows Server 2008 or later, this policy setting is ignored If the server is configured as follows, this policy setting takes effect during Group Policy processing at user logon: - - The server is configured as a terminal server (that is, the Terminal Server role service is installed and configured on the server); and - - The "Allow asynchronous user Group Policy processing when logging on through Terminal Services" policy setting is enabled. This policy setting is located under Computer Configuration\Policies\Administrative templates\System\Group Policy\. +- The server is configured as a terminal server (that is, the Terminal Server role service is installed and configured on the server); and +- The "Allow asynchronous user Group Policy processing when logging on through Terminal Services" policy setting is enabled. This policy setting is located under Computer Configuration\Policies\Administrative templates\System\Group Policy\. If this configuration isn't implemented on the server, this policy setting is ignored. In this case, Group Policy processing at user logon is synchronous (these servers wait for the network to be initialized during user logon). - If you disable or don't configure this policy setting and users log on to a client computer or a server running Windows Server 2008 or later and that's configured as described earlier, the computer typically doesn't wait for the network to be fully initialized. In this case, users are logged-on with cached credentials. Group Policy is applied asynchronously in the background. Note + -If you want to guarantee the application of Folder Redirection, Software Installation, or roaming user profile settings in just one logon, enable this policy setting to ensure that Windows waits for the network to be available before applying policy. + -If Folder Redirection policy will apply during the next logon, security policies will be applied asynchronously during the next update cycle, if network connectivity is available. diff --git a/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md b/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md index 1684e792d2..461ddc2f70 100644 --- a/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md +++ b/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_MicrosoftDefenderAntivirus Area in Policy author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/10/2023 +ms.date: 05/11/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -166,12 +166,15 @@ Enabling or disabling this policy may lead to unexpected or unsupported behavior Allows an administrator to specify if Automatic Exclusions feature for Server SKUs should be turned off. Disabled (Default): + Microsoft Defender will exclude pre-defined list of paths from the scan to improve performance. Enabled: + Microsoft Defender won't exclude pre-defined list of paths from scans. This can impact machine performance in some scenarios. Not configured: + Same as Disabled. @@ -228,13 +231,19 @@ Same as Disabled. This feature ensures the device checks in real time with the Microsoft Active Protection Service (MAPS) before allowing certain content to be run or accessed. If this feature is disabled, the check won't occur, which will lower the protection state of the device. + Enabled - The Block at First Sight setting is turned on. + Disabled - The Block at First Sight setting is turned off. This feature requires these Group Policy settings to be set as follows: + MAPS -> The "Join Microsoft MAPS" must be enabled or the "Block at First Sight" feature won't function. + MAPS -> The "Send file samples when further analysis is required" should be set to 1 (Send safe samples) or 3 (Send all samples). Setting to 0 (Always Prompt) will lower the protection state of the device. Setting to 2 (Never send) means the "Block at First Sight" feature won't function. + Real-time Protection -> The "Scan all downloaded files and attachments" policy must be enabled or the "Block at First Sight" feature won't function. + Real-time Protection -> Don't enable the "Turn off real-time protection" policy or the "Block at First Sight" feature won't function. @@ -649,16 +658,20 @@ This policy setting allows you to disable real-time scanning for any file opened Exclude files and paths from Attack Surface Reduction (ASR) rules. Enabled: + Specify the folders or files and resources that should be excluded from ASR rules in the Options section. + Enter each rule on a new line as a name-value pair: - - Name column: Enter a folder path or a fully qualified resource name. For example, "C:\Windows" will exclude all files in that directory. "C:\Windows\App.exe" will exclude only that specific file in that specific folder - - Value column: Enter "0" for each item +- Name column: Enter a folder path or a fully qualified resource name. For example, "C:\Windows" will exclude all files in that directory. "C:\Windows\App.exe" will exclude only that specific file in that specific folder +- Value column: Enter "0" for each item. Disabled: + No exclusions will be applied to the ASR rules. Not configured: + Same as Disabled. You can configure ASR rules in the Configure Attack Surface Reduction rules GP setting. @@ -720,30 +733,33 @@ Set the state for each Attack Surface Reduction (ASR) rule. After enabling this setting, you can set each rule to the following in the Options section: - - Block: the rule will be applied - - Audit Mode: if the rule would normally cause an event, then it will be recorded (although the rule won't actually be applied) - - Off: the rule won't be applied - - Not Configured: the rule is enabled with default values - - Warn: the rule will be applied and the end-user will have the option to bypass the block +- Block: the rule will be applied +- Audit Mode: if the rule would normally cause an event, then it will be recorded (although the rule won't actually be applied) +- Off: the rule won't be applied +- Not Configured: the rule is enabled with default values +- Warn: the rule will be applied and the end-user will have the option to bypass the block. Unless the ASR rule is disabled, a subsample of audit events are collected for ASR rules with the value of not configured. Enabled: + Specify the state for each ASR rule under the Options section for this setting. + Enter each rule on a new line as a name-value pair: - - Name column: Enter a valid ASR rule ID - - Value column: Enter the status ID that relates to state you want to specify for the associated rule +- Name column: Enter a valid ASR rule ID +- Value column: Enter the status ID that relates to state you want to specify for the associated rule. The following status IDs are permitted under the value column: - - 1 (Block) - - 0 (Off) - - 2 (Audit) - - 5 (Not Configured) - - 6 (Warn) +- 1 (Block) +- 0 (Off) +- 2 (Audit) +- 5 (Not Configured) +- 6 (Warn) Example: + xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx 0 xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx @@ -752,9 +768,11 @@ xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx 2 Disabled: + No ASR rules will be configured. Not configured: + Same as Disabled. You can exclude folders or files in the "Exclude files and paths from Attack Surface Reduction Rules" GP setting. @@ -819,12 +837,15 @@ These applications are allowed to modify or delete files in controlled folder ac Microsoft Defender Antivirus automatically determines which applications should be trusted. You can configure this setting to add additional applications. Enabled: + Specify additional allowed applications in the Options section.. Disabled: + No additional applications will be added to the trusted list. Not configured: + Same as Disabled. You can enable controlled folder access in the Configure controlled folder access GP setting. @@ -889,15 +910,19 @@ Specify additional folders that should be guarded by the Controlled folder acces Files in these folders can't be modified or deleted by untrusted applications. Default system folders are automatically protected. You can configure this setting to add additional folders. + The list of default system folders that are protected is shown in Windows Security. Enabled: + Specify additional folders that should be protected in the Options section. Disabled: + No additional folders will be protected. Not configured: + Same as Disabled. You can enable controlled folder access in the Configure controlled folder access GP setting. @@ -960,12 +985,15 @@ Microsoft Defender Antivirus automatically determines which applications can be Enable or disable file hash computation feature. Enabled: + When this feature is enabled Microsoft Defender will compute hash value for files it scans. Disabled: -File hash value isn't computed + +File hash value isn't computed. Not configured: + Same as Disabled. @@ -1258,9 +1286,9 @@ This policy setting defines the URL of a proxy .pac file that should be used whe 2. Proxy .pac URL (if specified) 3. None -4. Internet Explorer proxy settings +4. Internet Explorer proxy settings. -5. Autodetect +5. Autodetect. - If you enable this setting, the proxy setting will be set to use the specified proxy .pac according to the order specified above. @@ -1324,9 +1352,9 @@ This policy setting allows you to configure the named proxy that should be used 2. Proxy .pac URL (if specified) 3. None -4. Internet Explorer proxy settings +4. Internet Explorer proxy settings. -5. Autodetect +5. Autodetect. - If you enable this setting, the proxy will be set to the specified URL according to the order specified above. The URL should be proceeded with either https:// or https://. @@ -2280,15 +2308,8 @@ This policy setting configures a local override for the configuration of the tim This policy setting allows you to specify the day of the week on which to perform a scheduled full scan in order to complete remediation. The scan can also be configured to run every day or to never run at all. This setting can be configured with the following ordinal number values: -(0x0) Every Day -(0x1) Sunday -(0x2) Monday -(0x3) Tuesday -(0x4) Wednesday -(0x5) Thursday -(0x6) Friday -(0x7) Saturday -(0x8) Never (default) + +(0x0) Every Day (0x1) Sunday (0x2) Monday (0x3) Tuesday (0x4) Wednesday (0x5) Thursday (0x6) Friday (0x7) Saturday (0x8) Never (default) - If you enable this setting, a scheduled full scan to complete remediation will run at the frequency specified. @@ -2802,7 +2823,9 @@ This policy configures Windows software trace preprocessor (WPP Software Tracing This policy allows you to configure tracing levels for Windows software trace preprocessor (WPP Software Tracing). + Tracing levels are defined as: + 1 - Error 2 - Warning 3 - Info @@ -4155,15 +4178,8 @@ This policy setting allows you to configure scheduled scans to start only when y This policy setting allows you to specify the day of the week on which to perform a scheduled scan. The scan can also be configured to run every day or to never run at all. This setting can be configured with the following ordinal number values: -(0x0) Every Day -(0x1) Sunday -(0x2) Monday -(0x3) Tuesday -(0x4) Wednesday -(0x5) Thursday -(0x6) Friday -(0x7) Saturday -(0x8) Never (default) + +(0x0) Every Day (0x1) Sunday (0x2) Monday (0x3) Tuesday (0x4) Wednesday (0x5) Thursday (0x6) Friday (0x7) Saturday (0x8) Never (default) - If you enable this setting, a scheduled scan will run at the frequency specified. @@ -4693,7 +4709,7 @@ This policy setting allows you to configure security intelligence updates on sta -This policy setting allows you to define the order in which different security intelligence update sources should be contacted. The value of this setting should be entered as a pipe-separated string enumerating the security intelligence update sources in order. Possible values are: "InternalDefinitionUpdateServer", "MicrosoftUpdateServer", "MMPC", and "FileShares" +This policy setting allows you to define the order in which different security intelligence update sources should be contacted. The value of this setting should be entered as a pipe-separated string enumerating the security intelligence update sources in order. Possible values are: "InternalDefinitionUpdateServer", "MicrosoftUpdateServer", "MMPC", and "FileShares". For Example: `{ InternalDefinitionUpdateServer | MicrosoftUpdateServer | MMPC }` @@ -4874,15 +4890,9 @@ This policy setting allows you to enable real-time security intelligence updates This policy setting allows you to specify the day of the week on which to check for security intelligence updates. The check can also be configured to run every day or to never run at all. This setting can be configured with the following ordinal number values: + (0x0) Every Day (default) -(0x1) Sunday -(0x2) Monday -(0x3) Tuesday -(0x4) Wednesday -(0x5) Thursday -(0x6) Friday -(0x7) Saturday -(0x8) Never +(0x1) Sunday (0x2) Monday (0x3) Tuesday (0x4) Wednesday (0x5) Thursday (0x6) Friday (0x7) Saturday (0x8) Never. - If you enable this setting, the check for security intelligence updates will occur at the frequency specified. @@ -5297,15 +5307,15 @@ This policy setting allows you to join Microsoft MAPS. Microsoft MAPS is the onl You can choose to send basic or additional information about detected software. Additional information helps Microsoft create new security intelligence and help it to protect your computer. This information can include things like location of detected items on your computer if harmful software was removed. The information will be automatically collected and sent. In some instances, personal information might unintentionally be sent to Microsoft. However, Microsoft won't use this information to identify you or contact you. Possible options are: + (0x0) Disabled (default) -(0x1) Basic membership -(0x2) Advanced membership +(0x1) Basic membership (0x2) Advanced membership. Basic membership will send basic information to Microsoft about software that has been detected, including where the software came from, the actions that you apply or that are applied automatically, and whether the actions were successful. Advanced membership, in addition to basic information, will send more information to Microsoft about malicious software, spyware, and potentially unwanted software, including the location of the software, file names, how the software operates, and how it has impacted your computer. -- If you enable this setting, you will join Microsoft MAPS with the membership specified. +- If you enable this setting, you'll join Microsoft MAPS with the membership specified. - If you disable or don't configure this setting, you won't join Microsoft MAPS. @@ -5367,6 +5377,7 @@ In Windows 10, Basic membership is no longer available, so setting the value to This policy setting customize which remediation action will be taken for each listed Threat ID when it's detected during a scan. Threats should be added under the Options for this setting. Each entry must be listed as a name value pair. The name defines a valid Threat ID, while the value contains the action ID for the remediation action that should be taken. Valid remediation action values are: + 2 = Quarantine 3 = Remove 6 = Ignore. @@ -5483,6 +5494,7 @@ This policy setting allows you to configure whether or not to display additional Use this policy setting to specify if you want Microsoft Defender Antivirus notifications to display on clients. + - If you disable or don't configure this setting, Microsoft Defender Antivirus notifications will display on clients. - If you enable this setting, Microsoft Defender Antivirus notifications won't display on clients. @@ -5602,6 +5614,7 @@ If you enable this setting AM UI won't show reboot notifications. This policy setting allows you to configure whether or not to display AM UI to the users. + If you enable this setting AM UI won't be available to users. diff --git a/windows/client-management/mdm/policy-csp-admx-mmcsnapins.md b/windows/client-management/mdm/policy-csp-admx-mmcsnapins.md index b5fa5e65bd..37c2d9166e 100644 --- a/windows/client-management/mdm/policy-csp-admx-mmcsnapins.md +++ b/windows/client-management/mdm/policy-csp-admx-mmcsnapins.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_MMCSnapins Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/10/2023 +ms.date: 05/11/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -48,9 +48,11 @@ This policy setting permits or prohibits the use of this snap-in. - If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. + - If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. + - If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -117,9 +119,11 @@ This policy setting permits or prohibits the use of this snap-in. - If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. + - If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. + - If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -186,9 +190,11 @@ This policy setting permits or prohibits the use of this snap-in. - If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. + - If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. + - If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -255,9 +261,11 @@ This policy setting permits or prohibits the use of this snap-in. - If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. + - If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. + - If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -324,9 +332,11 @@ This policy setting permits or prohibits the use of this snap-in. - If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. + - If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. + - If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -393,9 +403,11 @@ This policy setting permits or prohibits the use of this snap-in. - If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. + - If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. + - If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -462,9 +474,11 @@ This policy setting permits or prohibits the use of this snap-in. - If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. + - If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. + - If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -531,9 +545,11 @@ This policy setting permits or prohibits the use of this snap-in. - If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. + - If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. + - If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -600,9 +616,11 @@ This policy setting permits or prohibits the use of this snap-in. - If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. + - If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. + - If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -669,9 +687,11 @@ This policy setting permits or prohibits the use of this snap-in. - If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. + - If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. + - If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -738,9 +758,11 @@ This policy setting permits or prohibits the use of this snap-in. - If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. + - If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. + - If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -807,9 +829,11 @@ This policy setting permits or prohibits the use of this snap-in. - If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. + - If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. + - If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -876,9 +900,11 @@ This policy setting permits or prohibits the use of this snap-in. - If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. + - If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. + - If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -945,9 +971,11 @@ This policy setting permits or prohibits the use of this snap-in. - If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. + - If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. + - If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -1014,9 +1042,11 @@ This policy setting permits or prohibits the use of this snap-in. - If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. + - If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. + - If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -1083,9 +1113,11 @@ This policy setting permits or prohibits the use of this snap-in. - If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. + - If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. + - If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -1152,9 +1184,11 @@ This policy setting permits or prohibits the use of this snap-in. - If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. + - If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. + - If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -1221,9 +1255,11 @@ This policy setting permits or prohibits the use of this snap-in. - If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. + - If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. + - If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -1290,9 +1326,11 @@ This policy setting permits or prohibits the use of this snap-in. - If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. + - If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. + - If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -1359,9 +1397,11 @@ This policy setting permits or prohibits the use of this snap-in. - If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. + - If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. + - If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -1428,9 +1468,11 @@ This policy setting permits or prohibits the use of this snap-in. - If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. + - If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. + - If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -1497,9 +1539,11 @@ This policy setting permits or prohibits the use of this snap-in. - If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. + - If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. + - If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -1566,9 +1610,11 @@ This policy setting permits or prohibits the use of this snap-in. - If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. + - If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. + - If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -1635,9 +1681,11 @@ This policy setting permits or prohibits the use of this snap-in. - If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. + - If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. + - If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -1704,9 +1752,11 @@ This policy setting permits or prohibits the use of this snap-in. - If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. + - If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. + - If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -1773,9 +1823,11 @@ This policy setting permits or prohibits the use of this snap-in. - If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. + - If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. + - If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -1842,9 +1894,11 @@ This policy setting permits or prohibits the use of this snap-in. - If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. + - If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. + - If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -1911,9 +1965,11 @@ This policy setting permits or prohibits the use of this snap-in. - If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. + - If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. + - If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -1980,9 +2036,11 @@ This policy setting permits or prohibits the use of this snap-in. - If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. + - If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. + - If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -2049,9 +2107,11 @@ This policy setting permits or prohibits the use of this snap-in. - If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. + - If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. + - If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -2118,9 +2178,11 @@ This policy setting permits or prohibits the use of this snap-in. - If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. + - If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. + - If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -2187,9 +2249,11 @@ This policy setting permits or prohibits the use of this snap-in. - If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. + - If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. + - If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -2256,9 +2320,11 @@ This policy setting permits or prohibits the use of this snap-in. - If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. + - If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. + - If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -2325,9 +2391,11 @@ This policy setting permits or prohibits the use of this snap-in. - If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. + - If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. + - If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -2394,9 +2462,11 @@ This policy setting permits or prohibits the use of this snap-in. - If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. + - If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. + - If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -2463,9 +2533,11 @@ This policy setting permits or prohibits the use of this snap-in. - If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. + - If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. + - If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -2601,9 +2673,11 @@ This policy setting permits or prohibits the use of this snap-in. - If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. + - If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. + - If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -2670,9 +2744,11 @@ This policy setting permits or prohibits the use of this snap-in. - If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. + - If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. + - If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -2739,9 +2815,11 @@ This policy setting permits or prohibits the use of this snap-in. - If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. + - If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. + - If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -2808,9 +2886,11 @@ This policy setting permits or prohibits the use of this snap-in. - If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. + - If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. + - If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -2877,9 +2957,11 @@ This policy setting permits or prohibits the use of this snap-in. - If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. + - If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. + - If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -2946,9 +3028,11 @@ This policy setting permits or prohibits the use of this snap-in. - If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. + - If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. + - If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -3015,9 +3099,11 @@ This policy setting permits or prohibits the use of this snap-in. - If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. + - If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. + - If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -3084,9 +3170,11 @@ This policy setting permits or prohibits the use of this snap-in. - If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. + - If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. + - If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -3153,9 +3241,11 @@ This policy setting permits or prohibits the use of this snap-in. - If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. + - If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. + - If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -3222,9 +3312,11 @@ This policy setting permits or prohibits the use of this snap-in. - If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. + - If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. + - If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -3291,9 +3383,11 @@ This policy setting permits or prohibits the use of this snap-in. - If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. + - If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. + - If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -3360,9 +3454,11 @@ This policy setting permits or prohibits the use of this snap-in. - If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. + - If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. + - If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -3429,9 +3525,11 @@ This policy setting permits or prohibits the use of this snap-in. - If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. + - If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. + - If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -3498,9 +3596,11 @@ This policy setting permits or prohibits the use of this snap-in. - If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. + - If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. + - If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -3567,9 +3667,11 @@ This policy setting permits or prohibits the use of this snap-in. - If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. + - If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. + - If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -3636,9 +3738,11 @@ This policy setting permits or prohibits the use of this snap-in. - If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. + - If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. + - If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -3705,9 +3809,11 @@ This policy setting permits or prohibits the use of this snap-in. - If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. + - If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. + - If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -3774,9 +3880,11 @@ This policy setting permits or prohibits the use of this snap-in. - If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. + - If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. + - If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -3843,9 +3951,11 @@ This policy setting permits or prohibits the use of this snap-in. - If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. + - If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. + - If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -3912,9 +4022,11 @@ This policy setting permits or prohibits the use of this snap-in. - If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. + - If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. + - If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -3981,9 +4093,11 @@ This policy setting permits or prohibits the use of this snap-in. - If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. + - If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. + - If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -4050,9 +4164,11 @@ This policy setting permits or prohibits the use of this snap-in. - If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. + - If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. + - If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -4119,9 +4235,11 @@ This policy setting permits or prohibits the use of this snap-in. - If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. + - If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. + - If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -4188,9 +4306,11 @@ This policy setting permits or prohibits the use of this snap-in. - If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. + - If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. + - If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -4257,9 +4377,11 @@ This policy setting permits or prohibits the use of this snap-in. - If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. + - If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. + - If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -4326,9 +4448,11 @@ This policy setting permits or prohibits the use of this snap-in. - If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. + - If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. + - If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -4395,9 +4519,11 @@ This policy setting permits or prohibits the use of this snap-in. - If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. + - If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. + - If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -4464,9 +4590,11 @@ This policy setting permits or prohibits the use of this snap-in. - If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. + - If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. + - If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -4533,9 +4661,11 @@ This policy setting permits or prohibits the use of this snap-in. - If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. + - If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. + - If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -4602,9 +4732,11 @@ This policy setting permits or prohibits the use of this snap-in. - If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. + - If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. + - If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -4671,9 +4803,11 @@ This policy setting permits or prohibits the use of this snap-in. - If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. + - If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. + - If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -4740,9 +4874,11 @@ This policy setting permits or prohibits the use of this snap-in. - If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. + - If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. + - If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -4809,9 +4945,11 @@ This policy setting permits or prohibits the use of this snap-in. - If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. + - If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. + - If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -4878,9 +5016,11 @@ This policy setting permits or prohibits the use of this snap-in. - If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. + - If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. + - If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -4947,9 +5087,11 @@ This policy setting permits or prohibits the use of this snap-in. - If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. + - If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. + - If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -5016,9 +5158,11 @@ This policy setting permits or prohibits the use of this snap-in. - If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. + - If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. + - If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -5085,9 +5229,11 @@ This policy setting permits or prohibits the use of this snap-in. - If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. + - If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. + - If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -5154,9 +5300,11 @@ This policy setting permits or prohibits the use of this snap-in. - If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. + - If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. + - If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -5223,9 +5371,11 @@ This policy setting permits or prohibits the use of this snap-in. - If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. + - If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. + - If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -5292,9 +5442,11 @@ This policy setting permits or prohibits the use of this snap-in. - If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. + - If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. + - If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -5361,9 +5513,11 @@ This policy setting permits or prohibits the use of this snap-in. - If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. + - If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. + - If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -5430,9 +5584,11 @@ This policy setting permits or prohibits the use of this snap-in. - If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. + - If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. + - If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -5499,9 +5655,11 @@ This policy setting permits or prohibits the use of this snap-in. - If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. + - If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. + - If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -5568,9 +5726,11 @@ This policy setting permits or prohibits the use of this snap-in. - If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. + - If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. + - If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -5637,9 +5797,11 @@ This policy setting permits or prohibits the use of this snap-in. - If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. + - If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. + - If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -5706,9 +5868,11 @@ This policy setting permits or prohibits the use of this snap-in. - If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. + - If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. + - If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -5775,9 +5939,11 @@ This policy setting permits or prohibits the use of this snap-in. - If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. + - If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. + - If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -5844,9 +6010,11 @@ This policy setting permits or prohibits the use of this snap-in. - If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. + - If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. + - If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -5913,9 +6081,11 @@ This policy setting permits or prohibits the use of this snap-in. - If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. + - If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. + - If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -5982,9 +6152,11 @@ This policy setting permits or prohibits the use of this snap-in. - If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. + - If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. + - If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -6051,9 +6223,11 @@ This policy setting permits or prohibits the use of this snap-in. - If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. + - If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. + - If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -6120,9 +6294,11 @@ This policy setting permits or prohibits the use of this snap-in. - If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. + - If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. + - If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -6189,9 +6365,11 @@ This policy setting permits or prohibits the use of this snap-in. - If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. + - If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. + - If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -6258,9 +6436,11 @@ This policy setting permits or prohibits the use of this snap-in. - If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. + - If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. + - If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -6327,9 +6507,11 @@ This policy setting permits or prohibits the use of this snap-in. - If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. + - If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. + - If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -6396,9 +6578,11 @@ This policy setting permits or prohibits the use of this snap-in. - If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. + - If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. + - If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -6465,9 +6649,11 @@ This policy setting permits or prohibits the use of this snap-in. - If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. + - If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. + - If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -6534,9 +6720,11 @@ This policy setting permits or prohibits the use of this snap-in. - If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. + - If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. + - If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -6603,9 +6791,11 @@ This policy setting permits or prohibits the use of this snap-in. - If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. + - If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. + - If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -6672,9 +6862,11 @@ This policy setting permits or prohibits the use of this snap-in. - If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. + - If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. + - If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -6741,9 +6933,11 @@ This policy setting permits or prohibits the use of this snap-in. - If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. + - If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. + - If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -6810,9 +7004,11 @@ This policy setting permits or prohibits the use of this snap-in. - If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. + - If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. + - If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -6879,9 +7075,11 @@ This policy setting permits or prohibits the use of this snap-in. - If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. + - If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. + - If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -6948,9 +7146,11 @@ This policy setting permits or prohibits the use of this snap-in. - If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. + - If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. + - If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -7017,9 +7217,11 @@ This policy setting permits or prohibits the use of this snap-in. - If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. + - If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. + - If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -7086,9 +7288,11 @@ This policy setting permits or prohibits the use of this snap-in. - If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. + - If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. + - If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -7155,9 +7359,11 @@ This policy setting permits or prohibits the use of this snap-in. - If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. + - If this policy setting isn't configured or disabled, this snap-in is prohibited. - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. + - If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. diff --git a/windows/client-management/mdm/policy-csp-admx-msapolicy.md b/windows/client-management/mdm/policy-csp-admx-msapolicy.md index 9de24482ba..2be7fd3549 100644 --- a/windows/client-management/mdm/policy-csp-admx-msapolicy.md +++ b/windows/client-management/mdm/policy-csp-admx-msapolicy.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_MSAPolicy Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/10/2023 +ms.date: 05/11/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -42,9 +42,13 @@ ms.topic: reference This setting controls whether users can provide Microsoft accounts for authentication for applications or services. - If this setting is enabled, all applications and services on the device are prevented from using Microsoft accounts for authentication. + This applies both to existing users of a device and new users who may be added. However, any application or service that has already authenticated a user won't be affected by enabling this setting until the authentication cache expires. + It's recommended to enable this setting before any user signs in to a device to prevent cached tokens from being present. + - If this setting is disabled or not configured, applications and services can use Microsoft accounts for authentication. + By default, this setting is Disabled. This setting doesn't affect whether users can sign in to devices by using Microsoft accounts, or the ability for users to provide Microsoft accounts via the browser for authentication with web-based applications. diff --git a/windows/client-management/mdm/policy-csp-admx-msched.md b/windows/client-management/mdm/policy-csp-admx-msched.md index f0e2bda261..a422431082 100644 --- a/windows/client-management/mdm/policy-csp-admx-msched.md +++ b/windows/client-management/mdm/policy-csp-admx-msched.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_msched Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/10/2023 +ms.date: 05/11/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -41,7 +41,7 @@ ms.topic: reference This policy setting allows you to configure Automatic Maintenance activation boundary. -The maintenance activation boundary is the daily schduled time at which Automatic Maintenance starts +The maintenance activation boundary is the daily schduled time at which Automatic Maintenance starts. - If you enable this policy setting, this will override the default daily scheduled time as specified in Security and Maintenance/Automatic Maintenance Control Panel. diff --git a/windows/client-management/mdm/policy-csp-admx-msi.md b/windows/client-management/mdm/policy-csp-admx-msi.md index f59500cda3..c8e0918d6f 100644 --- a/windows/client-management/mdm/policy-csp-admx-msi.md +++ b/windows/client-management/mdm/policy-csp-admx-msi.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_MSI Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/10/2023 +ms.date: 05/11/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -914,7 +914,7 @@ This policy setting should be used if you need to maintain a tight control over - If you enable this policy setting, updates can't be removed from the computer by a user or an administrator. The Windows Installer can still remove an update that's no longer applicable to the product. -- If you disable or don't configure this policy setting, a user can remove an update from the computer only if the user has been granted privileges to remove the update. This can depend on whether the user is an administrator, whether "Disable Windows Installer" and "Always install with elevated privileges" policy settings are set, and whether the update was installed in a per-user managed, per-user unmanaged, or per-machine context." +- If you disable or don't configure this policy setting, a user can remove an update from the computer only if the user has been granted privileges to remove the update. This can depend on whether the user is an administrator, whether "Disable Windows Installer" and "Always install with elevated privileges" policy settings are set, and whether the update was installed in a per-user managed, per-user unmanaged, or per-machine context". @@ -1091,9 +1091,11 @@ This policy setting causes the Windows Installer to enforce strict rules for com - If you enable this policy setting, strict upgrade rules will be enforced by the Windows Installer which may cause some upgrades to fail. Upgrades can fail if they attempt to do one of the following: (1) Remove a component from a feature. + This can also occur if you change the GUID of a component. The component identified by the original GUID appears to be removed and the component as identified by the new GUID appears as a new component. (2) Add a new feature to the top or middle of an existing feature tree. + The new feature must be added as a new leaf feature to an existing feature tree. - If you disable or don't configure this policy setting, the Windows Installer will use less restrictive rules for component upgrades. @@ -1280,7 +1282,7 @@ When you enable this policy setting, you can specify the types of events you wan To disable logging, delete all of the letters from the box. -If you disable or don't configure this policy setting, Windows Installer logs the default event types, represented by the letters "iweap." +If you disable or don't configure this policy setting, Windows Installer logs the default event types, represented by the letters "iweap". diff --git a/windows/client-management/mdm/policy-csp-admx-nca.md b/windows/client-management/mdm/policy-csp-admx-nca.md index be96a03888..b94826a3c0 100644 --- a/windows/client-management/mdm/policy-csp-admx-nca.md +++ b/windows/client-management/mdm/policy-csp-admx-nca.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_nca Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/10/2023 +ms.date: 05/11/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -45,11 +45,11 @@ Each string can be one of the following types: - A DNS name or IPv6 address that NCA pings. The syntax is "PING:" followed by a fully qualified domain name (FQDN) that resolves to an IPv6 address, or an IPv6 address. Examples: PING:myserver.corp.contoso.com or PING:2002:836b:1::1. -Note +Note. We recommend that you use FQDNs instead of IPv6 addresses wherever possible. -Important +Important. At least one of the entries must be a PING: resource. @@ -289,7 +289,8 @@ The ability to disconnect allows users to specify single-label, unqualified name To restore the DirectAccess rules to the NRPT and resume normal DirectAccess functionality, the user clicks Connect. -Note +Note. + If the DirectAccess client computer is on the intranet and has correctly determined its network location, the Disconnect option has no effect because the rules for DirectAccess are already removed from the NRPT. If this setting isn't configured, users don't have Connect or Disconnect options. diff --git a/windows/client-management/mdm/policy-csp-admx-netlogon.md b/windows/client-management/mdm/policy-csp-admx-netlogon.md index 4b36e599a7..13d24d1bfc 100644 --- a/windows/client-management/mdm/policy-csp-admx-netlogon.md +++ b/windows/client-management/mdm/policy-csp-admx-netlogon.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_Netlogon Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/10/2023 +ms.date: 05/11/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -46,7 +46,9 @@ Domain controllers use the client IP address during a DC locator ping request to The allowable values for this setting result in the following behaviors: 0 - DCs will never perform address lookups. + 1 - DCs will perform an exhaustive address lookup to discover additional client IP addresses. + 2 - DCs will perform a fast, DNS-only address lookup to discover additional client IP addresses. To specify this behavior in the DC Locator DNS SRV records, click Enabled, and then enter a value. The range of values is from 0 to 2. @@ -1789,6 +1791,7 @@ When an environment has a large number of DCs running both old and new operating The allowable values for this setting result in the following behaviors: 1 - Computers will ping DCs at the normal frequency. + 2 - Computers will ping DCs at the higher frequency. To specify this behavior, click Enabled and then enter a value. The range of values is from 1 to 2. diff --git a/windows/client-management/mdm/policy-csp-admx-networkconnections.md b/windows/client-management/mdm/policy-csp-admx-networkconnections.md index 74731224b1..8eb1fd9ec5 100644 --- a/windows/client-management/mdm/policy-csp-admx-networkconnections.md +++ b/windows/client-management/mdm/policy-csp-admx-networkconnections.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_NetworkConnections Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/10/2023 +ms.date: 05/11/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -326,7 +326,7 @@ To create an all-user remote access connection, on the Connection Availability p - If you enable this setting, all users can delete shared remote access connections. In addition, if your file system is NTFS, users need to have Write access to Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Pbk to delete a shared remote access connection. -- If you disable this setting (and enable the "Enable Network Connections settings for Administrators" setting), users (including administrators) can't delete all-user remote access connections. (By default, users can still delete their private connections, but you can change the default by using the "Prohibit deletion of remote access connections" setting.) +- If you disable this setting (and enable the "Enable Network Connections settings for Administrators" setting), users (including administrators) can't delete all-user remote access connections. (By default, users can still delete their private connections, but you can change the default by using the "Prohibit deletion of remote access connections" setting). > [!IMPORTANT] > If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting won't apply to administrators on post-Windows 2000 computers. @@ -402,7 +402,7 @@ Determines whether users can delete remote access connections. > [!IMPORTANT] > If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting won't apply to administrators on post-Windows 2000 computers. -- If you disable this setting or don't configure it, all users can delete their private remote access connections. Private connections are those that are available only to one user. (By default, only Administrators and Network Configuration Operators can delete connections available to all users, but you can change the default by using the "Ability to delete all user remote access connections" setting.) +- If you disable this setting or don't configure it, all users can delete their private remote access connections. Private connections are those that are available only to one user. (By default, only Administrators and Network Configuration Operators can delete connections available to all users, but you can change the default by using the "Ability to delete all user remote access connections" setting). > [!IMPORTANT] > When enabled, this setting takes precedence over the "Ability to delete all user remote access connections" setting. Users can't delete any remote access connections, and the "Ability to delete all user remote access connections" setting is ignored. @@ -1147,6 +1147,7 @@ This setting determines whether the Properties menu item is enabled, and thus, w > [!NOTE] > This setting takes precedence over settings that manipulate the availability of features inside the Remote Access Connection Properties dialog box. + - If this setting is disabled, nothing within the properties dialog box for a remote access connection will be available to users. > [!NOTE] @@ -1427,7 +1428,7 @@ To create an all-user connection, on the Connection Availability page in the New - If you don't configure the setting, only Administrators and Network Configuration Operators can rename all-user remote access connections. > [!NOTE] -> This setting doesn't apply to Administrators +> This setting doesn't apply to Administrators. > [!NOTE] > When the "Ability to rename LAN connections or remote access connections available to all users" setting is configured (set to either Enabled or Disabled), this setting doesn't apply. @@ -1564,7 +1565,7 @@ Determines whether nonadministrators can rename a LAN connection. - If you disable this setting, the Rename option is disabled for nonadministrators only. -- If you don't configure this setting, only Administrators and Network Configuration Operators can rename LAN connections +- If you don't configure this setting, only Administrators and Network Configuration Operators can rename LAN connections. > [!NOTE] > This setting doesn't apply to Administrators. @@ -1698,7 +1699,7 @@ ICS lets administrators configure their system as an Internet gateway for a smal - If you enable this setting, ICS can't be enabled or configured by administrators, and the ICS service can't run on the computer. The Advanced tab in the Properties dialog box for a LAN or remote access connection is removed. The Internet Connection Sharing page is removed from the New Connection Wizard. The Network Setup Wizard is disabled. -- If you disable this setting or don't configure it and have two or more connections, administrators can enable ICS. The Advanced tab in the properties dialog box for a LAN or remote access connection is available. In addition, the user is presented with the option to enable Internet Connection Sharing in the Network Setup Wizard and Make New Connection Wizard. (The Network Setup Wizard is available only in Windows XP Professional.) +- If you disable this setting or don't configure it and have two or more connections, administrators can enable ICS. The Advanced tab in the properties dialog box for a LAN or remote access connection is available. In addition, the user is presented with the option to enable Internet Connection Sharing in the Network Setup Wizard and Make New Connection Wizard. (The Network Setup Wizard is available only in Windows XP Professional). By default, ICS is disabled when you create a remote access connection, but administrators can use the Advanced tab to enable it. When running the New Connection Wizard or Network Setup Wizard, administrators can choose to enable ICS. diff --git a/windows/client-management/mdm/policy-csp-admx-offlinefiles.md b/windows/client-management/mdm/policy-csp-admx-offlinefiles.md index 3bf4a9faf6..56b4c9a621 100644 --- a/windows/client-management/mdm/policy-csp-admx-offlinefiles.md +++ b/windows/client-management/mdm/policy-csp-admx-offlinefiles.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_OfflineFiles Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/10/2023 +ms.date: 05/11/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -878,7 +878,7 @@ This policy setting enables administrators to block certain file types from bein Lists types of files that can't be used offline. -This setting lets you exclude certain types of files from automatic and manual caching for offline use. The system doesn't cache files of the type specified in this setting even when they reside on a network share configured for automatic caching. Also, if users try to make a file of this type available offline, the operation will fail and the following message will be displayed in the Synchronization Manager progress dialog box: "Files of this type can't be made available offline." +This setting lets you exclude certain types of files from automatic and manual caching for offline use. The system doesn't cache files of the type specified in this setting even when they reside on a network share configured for automatic caching. Also, if users try to make a file of this type available offline, the operation will fail and the following message will be displayed in the Synchronization Manager progress dialog box: "Files of this type can't be made available offline". This setting is designed to protect files that can't be separated, such as database components. @@ -1094,7 +1094,7 @@ This setting doesn't prevent users from working offline or from saving local cop This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration. > [!TIP] -> To view the Offline Files Folder, in Windows Explorer, on the Tools menu, click Folder Options, click the Offline Files tab, and then click "View Files." +> To view the Offline Files Folder, in Windows Explorer, on the Tools menu, click Folder Options, click the Offline Files tab, and then click "View Files". @@ -1158,7 +1158,7 @@ This setting doesn't prevent users from working offline or from saving local cop This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration. > [!TIP] -> To view the Offline Files Folder, in Windows Explorer, on the Tools menu, click Folder Options, click the Offline Files tab, and then click "View Files." +> To view the Offline Files Folder, in Windows Explorer, on the Tools menu, click Folder Options, click the Offline Files tab, and then click "View Files". @@ -1485,7 +1485,7 @@ This policy setting appears in the Computer Configuration and User Configuration The "Make Available Offline" command is called "Always available offline" on computers running Windows Server 2012, Windows Server 2008 R2, Windows Server 2008, Windows 8, Windows 7, or Windows Vista. -This policy setting doesn't prevent files from being automatically cached if the network share is configured for "Automatic Caching." It only affects the display of the "Make Available Offline" command in File Explorer. +This policy setting doesn't prevent files from being automatically cached if the network share is configured for "Automatic Caching". It only affects the display of the "Make Available Offline" command in File Explorer. If the "Remove 'Make Available Offline' command" policy setting is enabled, this setting has no effect. @@ -1555,7 +1555,7 @@ This policy setting appears in the Computer Configuration and User Configuration The "Make Available Offline" command is called "Always available offline" on computers running Windows Server 2012, Windows Server 2008 R2, Windows Server 2008, Windows 8, Windows 7, or Windows Vista. -This policy setting doesn't prevent files from being automatically cached if the network share is configured for "Automatic Caching." It only affects the display of the "Make Available Offline" command in File Explorer. +This policy setting doesn't prevent files from being automatically cached if the network share is configured for "Automatic Caching". It only affects the display of the "Make Available Offline" command in File Explorer. If the "Remove 'Make Available Offline' command" policy setting is enabled, this setting has no effect. @@ -1621,7 +1621,7 @@ If you disable the setting, the system displays the reminder balloons and preven If this setting isn't configured, reminder balloons are displayed by default when you enable offline files, but users can change the setting. -To prevent users from changing the setting while a setting is in effect, the system disables the "Enable reminders" option on the Offline Files tab +To prevent users from changing the setting while a setting is in effect, the system disables the "Enable reminders" option on the Offline Files tab. This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration. @@ -1691,7 +1691,7 @@ If you disable the setting, the system displays the reminder balloons and preven If this setting isn't configured, reminder balloons are displayed by default when you enable offline files, but users can change the setting. -To prevent users from changing the setting while a setting is in effect, the system disables the "Enable reminders" option on the Offline Files tab +To prevent users from changing the setting while a setting is in effect, the system disables the "Enable reminders" option on the Offline Files tab. This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration. diff --git a/windows/client-management/mdm/policy-csp-admx-peertopeercaching.md b/windows/client-management/mdm/policy-csp-admx-peertopeercaching.md index bcc762bc18..c7a0b84a44 100644 --- a/windows/client-management/mdm/policy-csp-admx-peertopeercaching.md +++ b/windows/client-management/mdm/policy-csp-admx-peertopeercaching.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_PeerToPeerCaching Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/10/2023 +ms.date: 05/11/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -41,13 +41,13 @@ ms.topic: reference This policy setting specifies whether BranchCache is enabled on client computers to which this policy is applied. In addition to this policy setting, you must specify whether the client computers are hosted cache mode or distributed cache mode clients. To do so, configure one of the following the policy settings: -- Set BranchCache Distributed Cache mode +- Set BranchCache Distributed Cache mode. -- Set BranchCache Hosted Cache mode +- Set BranchCache Hosted Cache mode. -- Configure Hosted Cache Servers +- Configure Hosted Cache Servers. -Policy configuration +Policy configuration. Select one of the following: @@ -116,7 +116,7 @@ This policy setting specifies whether BranchCache distributed cache mode is enab In distributed cache mode, client computers download content from BranchCache-enabled main office content servers, cache the content locally, and serve the content to other BranchCache distributed cache mode clients in the branch office. -Policy configuration +Policy configuration. Select one of the following: @@ -185,7 +185,7 @@ This policy setting specifies whether BranchCache hosted cache mode is enabled o When a client computer is configured as a hosted cache mode client, it's able to download cached content from a hosted cache server that's located at the branch office. In addition, when the hosted cache client obtains content from a content server, the client can upload the content to the hosted cache server for access by other hosted cache clients at the branch office. -Policy configuration +Policy configuration. Select one of the following: @@ -271,7 +271,7 @@ This policy setting can only be applied to client computers that are running at If you disable, or don't configure this setting, a client won't attempt to discover hosted cache servers by service connection point. -Policy configuration +Policy configuration. Select one of the following: @@ -338,17 +338,17 @@ This policy setting specifies whether client computers are configured to use hos - If you enable this policy setting and specify valid computer names of hosted cache servers, hosted cache mode is enabled for all client computers to which the policy setting is applied. For this policy setting to take effect, you must also enable the "Turn on BranchCache" policy setting. -This policy setting can only be applied to client computers that are running at least Windows 8. This policy has no effect on computers that are running Windows 7 or Windows Vista. Client computers to which this policy setting is applied, in addition to the "Set BranchCache Hosted Cache mode" policy setting, use the hosted cache servers that are specified in this policy setting and don't use the hosted cache server that's configured in the policy setting "Set BranchCache Hosted Cache Mode." +This policy setting can only be applied to client computers that are running at least Windows 8. This policy has no effect on computers that are running Windows 7 or Windows Vista. Client computers to which this policy setting is applied, in addition to the "Set BranchCache Hosted Cache mode" policy setting, use the hosted cache servers that are specified in this policy setting and don't use the hosted cache server that's configured in the policy setting "Set BranchCache Hosted Cache Mode". - If you don't configure this policy setting, or if you disable this policy setting, client computers that are configured with hosted cache mode still function correctly. -Policy configuration +Policy configuration. Select one of the following: - Not Configured. With this selection, BranchCache settings aren't applied to client computers by this policy setting. -- Enabled. With this selection, the policy setting is applied to client computers, which are configured as hosted cache mode clients that use the hosted cache servers that you specify in "Hosted cache servers." +- Enabled. With this selection, the policy setting is applied to client computers, which are configured as hosted cache mode clients that use the hosted cache servers that you specify in "Hosted cache servers". - Disabled. With this selection, this policy isn't applied to client computers. @@ -410,7 +410,7 @@ In circumstances where this setting is enabled, you can also select and configur This policy setting is used only when you have deployed one or more BranchCache-enabled file servers at your main office. This policy setting specifies when client computers in branch offices start caching content from file servers based on the network latency - or delay - that occurs when the clients download content from the main office over a Wide Area Network (WAN) link. When you configure a value for this setting, which is the maximum round trip network latency allowed before caching begins, clients don't cache content until the network latency reaches the specified value; when network latency is greater than the value, clients begin caching content after they receive it from the file servers. -Policy configuration +Policy configuration. Select one of the following: @@ -482,7 +482,7 @@ This policy setting specifies the default percentage of total disk space that's - If you disable or don't configure this policy setting, the cache is set to 5 percent of the total disk space on the client computer. -Policy configuration +Policy configuration. Select one of the following: @@ -556,7 +556,7 @@ This policy setting specifies the default age in days for which segments are val - If you disable or don't configure this policy setting, the age is set to 28 days. -Policy configuration +Policy configuration. Select one of the following: @@ -624,11 +624,11 @@ In circumstances where this setting is enabled, you can also select and configur This policy setting specifies whether BranchCache-capable client computers operate in a downgraded mode in order to maintain compatibility with previous versions of BranchCache. If client computers don't use the same BranchCache version, cache efficiency might be reduced because client computers that are using different versions of BranchCache might store cache data in incompatible formats. -- If you enable this policy setting, all clients use the version of BranchCache that you specify in "Select from the following versions." +- If you enable this policy setting, all clients use the version of BranchCache that you specify in "Select from the following versions". - If you don't configure this setting, all clients will use the version of BranchCache that matches their operating system. -Policy configuration +Policy configuration. Select one of the following: @@ -640,7 +640,7 @@ Select one of the following: In circumstances where this setting is enabled, you can also select and configure the following option: -Select from the following versions +Select from the following versions. - Windows Vista with BITS 4.0 installed, Windows 7, or Windows Server 2008 R2. If you select this version, later versions of Windows run the version of BranchCache that's included in these operating systems rather than later versions of BranchCache. diff --git a/windows/client-management/mdm/policy-csp-admx-power.md b/windows/client-management/mdm/policy-csp-admx-power.md index 1aed06c040..70d0eda39d 100644 --- a/windows/client-management/mdm/policy-csp-admx-power.md +++ b/windows/client-management/mdm/policy-csp-admx-power.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_Power Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/10/2023 +ms.date: 05/11/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -165,7 +165,7 @@ This policy setting specifies the action that Windows takes when a user presses -Sleep -Hibernate --Shut down +-Shut down. - If you disable this policy or don't configure this policy setting, users control this setting. @@ -522,7 +522,7 @@ This policy setting specifies the action that Windows takes when battery capacit -Take no action -Sleep -Hibernate --Shut down +-Shut down. - If you disable or don't configure this policy setting, users control this setting. @@ -585,7 +585,7 @@ This policy setting specifies the action that Windows takes when battery capacit -Take no action -Sleep -Hibernate --Shut down +-Shut down. - If you disable or don't configure this policy setting, users control this setting. @@ -948,7 +948,7 @@ This policy setting specifies the action that Windows takes when a user presses -Sleep -Hibernate --Shut down +-Shut down. - If you disable this policy or don't configure this policy setting, users control this setting. diff --git a/windows/client-management/mdm/policy-csp-admx-powershellexecutionpolicy.md b/windows/client-management/mdm/policy-csp-admx-powershellexecutionpolicy.md index e251901957..1fe9516c0a 100644 --- a/windows/client-management/mdm/policy-csp-admx-powershellexecutionpolicy.md +++ b/windows/client-management/mdm/policy-csp-admx-powershellexecutionpolicy.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_PowerShellExecutionPolicy Area in Policy author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/10/2023 +ms.date: 05/11/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -126,9 +126,9 @@ The "Allow all scripts" policy setting allows all scripts to run. - If you disable this policy setting, no scripts are allowed to run. > [!NOTE] -> This policy setting exists under both "Computer Configuration" and "User Configuration" in the Local Group Policy Editor. The "Computer Configuration" has precedence over "User Configuration." +> This policy setting exists under both "Computer Configuration" and "User Configuration" in the Local Group Policy Editor. The "Computer Configuration" has precedence over "User Configuration". -- If you disable or don't configure this policy setting, it reverts to a per-machine preference setting; the default if that isn't configured is "No scripts allowed." +- If you disable or don't configure this policy setting, it reverts to a per-machine preference setting; the default if that isn't configured is "No scripts allowed". @@ -189,16 +189,11 @@ The "Allow all scripts" policy setting allows all scripts to run. This policy setting lets you capture the input and output of Windows PowerShell commands into text-based transcripts. -- If you enable this policy setting, Windows PowerShell will enable transcripting for Windows PowerShell, the Windows PowerShell ISE, and any other -applications that leverage the Windows PowerShell engine. By default, Windows PowerShell will record transcript output to each users' My Documents -directory, with a file name that includes 'PowerShell_transcript', along with the computer name and time started. Enabling this policy is equivalent -to calling the Start-Transcript cmdlet on each Windows PowerShell session. +- If you enable this policy setting, Windows PowerShell will enable transcripting for Windows PowerShell, the Windows PowerShell ISE, and any other applications that leverage the Windows PowerShell engine. By default, Windows PowerShell will record transcript output to each users' My Documents directory, with a file name that includes 'PowerShell_transcript', along with the computer name and time started. Enabling this policy is equivalent to calling the Start-Transcript cmdlet on each Windows PowerShell session. -- If you disable this policy setting, transcripting of PowerShell-based applications is disabled by default, although transcripting can still be enabled -through the Start-Transcript cmdlet. +- If you disable this policy setting, transcripting of PowerShell-based applications is disabled by default, although transcripting can still be enabled through the Start-Transcript cmdlet. -If you use the OutputDirectory setting to enable transcript logging to a shared location, be sure to limit access to that directory to prevent users -from viewing the transcripts of other users or computers. +If you use the OutputDirectory setting to enable transcript logging to a shared location, be sure to limit access to that directory to prevent users from viewing the transcripts of other users or computers. > [!NOTE] > This policy setting exists under both Computer Configuration and User Configuration in the Group Policy Editor. The Computer Configuration policy setting takes precedence over the User Configuration policy setting. diff --git a/windows/client-management/mdm/policy-csp-admx-printing.md b/windows/client-management/mdm/policy-csp-admx-printing.md index fee31ca2ce..8080b412ee 100644 --- a/windows/client-management/mdm/policy-csp-admx-printing.md +++ b/windows/client-management/mdm/policy-csp-admx-printing.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_Printing Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/10/2023 +ms.date: 05/11/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -116,7 +116,9 @@ Not all applications support driver isolation. By default, Microsoft Excel 2007, Note: -This policy setting applies only to applications opted into isolation. + -This policy setting applies only to print drivers loaded by applications. Print drivers loaded by the print spooler aren't affected. + -This policy setting is only checked once during the lifetime of a process. After changing the policy, a running application must be relaunched before settings take effect. @@ -179,7 +181,7 @@ By default, the Printers folder includes a link to the Microsoft Support Web pag - If you disable this setting or don't configure it, or if you don't enter an alternate Internet address, the default link will appear in the Printers folder. > [!NOTE] -> Web pages links only appear in the Printers folder when Web view is enabled. If Web view is disabled, the setting has no effect. (To enable Web view, open the Printers folder, and, on the Tools menu, click Folder Options, click the General tab, and then click "Enable Web content in folders.") +> Web pages links only appear in the Printers folder when Web view is enabled. If Web view is disabled, the setting has no effect. (To enable Web view, open the Printers folder, and, on the Tools menu, click Folder Options, click the General tab, and then click "Enable Web content in folders"). Also, see the "Activate Internet printing" setting in this setting folder and the "Browse a common web site to find printers" setting in User Configuration\Administrative Templates\Control Panel\Printers. @@ -238,11 +240,12 @@ Web view is affected by the "Turn on Classic Shell" and "Do not allow Folder Opt -- If you enable this policy setting, it sets the maximum number of printers (of each type) that the Add Printer wizard will display on a computer on a managed network (when the computer is able to reach a domain controller, e.g. a domain-joined laptop on a corporate network.) +- If you enable this policy setting, it sets the maximum number of printers (of each type) that the Add Printer wizard will display on a computer on a managed network (when the computer is able to reach a domain controller, e.g. a domain-joined laptop on a corporate network). - If this policy setting is disabled, the network scan page won't be displayed. - If this policy setting isn't configured, the Add Printer wizard will display the default number of printers of each type: + Directory printers: 20 TCP/IP printers: 0 Web Services printers: 0 @@ -319,6 +322,7 @@ This policy setting allows you to manage where client computers search for Point - If you disable this policy setting, the client computer will only search the local driver store and server driver cache for compatible Point and Print drivers. If it's unable to find a compatible driver, then the Point and Print connection will fail. This policy setting isn't configured by default, and the behavior depends on the version of Windows that you are using. + By default, Windows Ultimate, Professional and Home SKUs will continue to search for compatible Point and Print drivers from Windows Update, if needed. However, you must explicitly enable this policy setting for other versions of Windows (for example Windows Enterprise, and all versions of Windows Server 2008 R2 and later) to have the same behavior. @@ -573,7 +577,7 @@ If you enable this setting and type an Internet or intranet address in the text This setting makes it easy for users to find the printers you want them to add. -Also, see the "Custom support URL in the Printers folder's left pane" and "Activate Internet printing" settings in "Computer Configuration\Administrative Templates\Printers." +Also, see the "Custom support URL in the Printers folder's left pane" and "Activate Internet printing" settings in "Computer Configuration\Administrative Templates\Printers". @@ -873,11 +877,12 @@ This setting doesn't prevent users from running other programs to delete a print -This policy sets the maximum number of printers (of each type) that the Add Printer wizard will display on a computer on an unmanaged network (when the computer isn't able to reach a domain controller, e.g. a domain-joined laptop on a home network.) +This policy sets the maximum number of printers (of each type) that the Add Printer wizard will display on a computer on an unmanaged network (when the computer isn't able to reach a domain controller, e.g. a domain-joined laptop on a home network). - If this setting is disabled, the network scan page won't be displayed. If this setting isn't configured, the Add Printer wizard will display the default number of printers of each type: + TCP/IP printers: 50 Web Services printers: 50 Bluetooth printers: 10 @@ -1321,7 +1326,9 @@ This policy setting determines whether the print spooler will execute print driv Note: -Other system or driver policy settings may alter the process in which a print driver is executed. + -This policy setting applies only to print drivers loaded by the print spooler. Print drivers loaded by applications aren't affected. + -This policy setting takes effect without restarting the print spooler service. @@ -1386,7 +1393,9 @@ This policy setting determines whether the print spooler will override the Drive Note: -Other system or driver policy settings may alter the process in which a print driver is executed. + -This policy setting applies only to print drivers loaded by the print spooler. Print drivers loaded by applications aren't affected. + -This policy setting takes effect without restarting the print spooler service. diff --git a/windows/client-management/mdm/policy-csp-admx-reliability.md b/windows/client-management/mdm/policy-csp-admx-reliability.md index 18f786321f..e08ad665f0 100644 --- a/windows/client-management/mdm/policy-csp-admx-reliability.md +++ b/windows/client-management/mdm/policy-csp-admx-reliability.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_Reliability Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/10/2023 +ms.date: 05/11/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -236,9 +236,9 @@ The Shutdown Event Tracker can be displayed when you shut down a workstation or - If you enable this setting and choose "Always" from the drop-down menu list, the Shutdown Event Tracker is displayed when the computer shuts down. -- If you enable this policy setting and choose "Server Only" from the drop-down menu list, the Shutdown Event Tracker is displayed when you shut down a computer running Windows Server. (See "Supported on" for supported versions.) +- If you enable this policy setting and choose "Server Only" from the drop-down menu list, the Shutdown Event Tracker is displayed when you shut down a computer running Windows Server. (See "Supported on" for supported versions). -- If you enable this policy setting and choose "Workstation Only" from the drop-down menu list, the Shutdown Event Tracker is displayed when you shut down a computer running a client version of Windows. (See "Supported on" for supported versions.) +- If you enable this policy setting and choose "Workstation Only" from the drop-down menu list, the Shutdown Event Tracker is displayed when you shut down a computer running a client version of Windows. (See "Supported on" for supported versions). - If you disable this policy setting, the Shutdown Event Tracker isn't displayed when you shut down the computer. diff --git a/windows/client-management/mdm/policy-csp-admx-remoteassistance.md b/windows/client-management/mdm/policy-csp-admx-remoteassistance.md index 9fedc83d9d..1c36430a8b 100644 --- a/windows/client-management/mdm/policy-csp-admx-remoteassistance.md +++ b/windows/client-management/mdm/policy-csp-admx-remoteassistance.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_RemoteAssistance Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/10/2023 +ms.date: 05/11/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -109,14 +109,14 @@ For example: "Turn off background" will include the following optimizations: -No full window drag --Turn off background +-Turn off background. "Full optimization" will include the following optimizations: -Use 16-bit color (8-bit color in Windows Vista) -Turn off font smoothing (not supported in Windows Vista) -No full window drag --Turn off background +-Turn off background. - If you enable this policy setting, bandwidth optimization occurs at the level specified. diff --git a/windows/client-management/mdm/policy-csp-admx-removablestorage.md b/windows/client-management/mdm/policy-csp-admx-removablestorage.md index d3d244b264..9dd1fd7618 100644 --- a/windows/client-management/mdm/policy-csp-admx-removablestorage.md +++ b/windows/client-management/mdm/policy-csp-admx-removablestorage.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_RemovableStorage Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/10/2023 +ms.date: 05/11/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -1232,7 +1232,7 @@ This policy setting denies write access to removable disks. - If you disable or don't configure this policy setting, write access is allowed to this removable storage class. > [!NOTE] -> To require that users write data to BitLocker-protected storage, enable the policy setting "Deny write access to drives not protected by BitLocker," which is located in "Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Removable Data Drives." +> To require that users write data to BitLocker-protected storage, enable the policy setting "Deny write access to drives not protected by BitLocker," which is located in "Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Removable Data Drives". diff --git a/windows/client-management/mdm/policy-csp-admx-sdiageng.md b/windows/client-management/mdm/policy-csp-admx-sdiageng.md index 659311557d..b00d4f7d27 100644 --- a/windows/client-management/mdm/policy-csp-admx-sdiageng.md +++ b/windows/client-management/mdm/policy-csp-admx-sdiageng.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_sdiageng Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/10/2023 +ms.date: 05/11/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -39,7 +39,7 @@ ms.topic: reference -This policy setting allows users who are connected to the Internet to access and search troubleshooting content that's hosted on Microsoft content servers. Users can access online troubleshooting content from within the Troubleshooting Control Panel UI by clicking "Yes" when they're prompted by a message that states, "Do you want the most up-to-date troubleshooting content?" +This policy setting allows users who are connected to the Internet to access and search troubleshooting content that's hosted on Microsoft content servers. Users can access online troubleshooting content from within the Troubleshooting Control Panel UI by clicking "Yes" when they're prompted by a message that states, "Do you want the most up-to-date troubleshooting content?". - If you enable or don't configure this policy setting, users who are connected to the Internet can access and search troubleshooting content that's hosted on Microsoft content servers from within the Troubleshooting Control Panel user interface. diff --git a/windows/client-management/mdm/policy-csp-admx-servermanager.md b/windows/client-management/mdm/policy-csp-admx-servermanager.md index 8e864a9933..f662948db4 100644 --- a/windows/client-management/mdm/policy-csp-admx-servermanager.md +++ b/windows/client-management/mdm/policy-csp-admx-servermanager.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_ServerManager Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/10/2023 +ms.date: 05/11/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -230,6 +230,7 @@ This policy setting allows you to set the refresh interval for Server Manager. E - If you enable this policy setting, Server Manager uses the refresh interval specified in the policy setting instead of the "Configure Refresh Interval" setting (in Windows Server 2008 and Windows Server 2008 R2), or the "Refresh the data shown in Server Manager every [x] [minutes/hours/days]" setting (in Windows Server 2012) that's configured in the Server Manager console. - If you disable this policy setting, Server Manager doesn't refresh automatically. + - If you don't configure this policy setting, Server Manager uses the refresh interval settings that are specified in the Server Manager console. > [!NOTE] diff --git a/windows/client-management/mdm/policy-csp-admx-smartcard.md b/windows/client-management/mdm/policy-csp-admx-smartcard.md index 53fd4aca87..61db310b5f 100644 --- a/windows/client-management/mdm/policy-csp-admx-smartcard.md +++ b/windows/client-management/mdm/policy-csp-admx-smartcard.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_Smartcard Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/10/2023 +ms.date: 05/11/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -45,9 +45,9 @@ In versions of Windows prior to Windows Vista, smart card certificates that are - If you enable this policy setting, certificates with the following attributes can also be used to log on with a smart card: - - Certificates with no EKU - - Certificates with an All Purpose EKU - - Certificates with a Client Authentication EKU +- Certificates with no EKU +- Certificates with an All Purpose EKU +- Certificates with a Client Authentication EKU. - If you disable or don't configure this policy setting, only certificates that contain the smart card logon object identifier can be used to log on with a smart card. @@ -347,6 +347,7 @@ This policy setting allows you to manage the certificate propagation that occurs This policy setting allows you to manage the clean up behavior of root certificates. - If you enable this policy setting then root certificate cleanup will occur according to the option selected. + - If you disable or don't configure this setting then root certificate clean up will occur on log off. @@ -470,7 +471,7 @@ This policy setting prevents plaintext PINs from being returned by Credential Ma - If you disable or don't configure this policy setting, plaintext PINs can be returned by Credential Manager. > [!NOTE] -> Enabling this policy setting could prevent certain smart cards from working on Windows. Please consult your smart card manufacturer to find out whether you will be affected by this policy setting. +> Enabling this policy setting could prevent certain smart cards from working on Windows. Please consult your smart card manufacturer to find out whether you'll be affected by this policy setting. @@ -597,7 +598,7 @@ During the certificate renewal period, a user can have multiple valid logon cert If there are two or more of the "same" certificate on a smart card and this policy is enabled then the certificate that's used for logon on Windows 2000, Windows XP, and Windows 2003 Server will be shown, otherwise the certificate with the expiration time furthest in the future will be shown. > [!NOTE] -> This setting will be applied after the following policy: "Allow time invalid certificates" +> This setting will be applied after the following policy: "Allow time invalid certificates". - If you enable or don't configure this policy setting, filtering will take place. @@ -780,7 +781,7 @@ This policy setting allows you to manage the displayed message when a smart card This policy setting lets you reverse the subject name from how it's stored in the certificate when displaying it during logon. -By default the user principal name (UPN) is displayed in addition to the common name to help users distinguish one certificate from another. For example, if the certificate subject was CN=User1, OU=Users, DN=example, DN=com and had an UPN of user1@example.com then "User1" will be displayed along with "user1@example.com." If the UPN isn't present then the entire subject name will be displayed. This setting controls the appearance of that subject name and might need to be adjusted per organization. +By default the user principal name (UPN) is displayed in addition to the common name to help users distinguish one certificate from another. For example, if the certificate subject was CN=User1, OU=Users, DN=example, DN=com and had an UPN of user1@example.com then "User1" will be displayed along with "user1@example.com". If the UPN isn't present then the entire subject name will be displayed. This setting controls the appearance of that subject name and might need to be adjusted per organization. If you enable this policy setting or don't configure this setting, then the subject name will be reversed. diff --git a/windows/client-management/mdm/policy-csp-admx-startmenu.md b/windows/client-management/mdm/policy-csp-admx-startmenu.md index 3d6e41a3f1..c72a1ae49c 100644 --- a/windows/client-management/mdm/policy-csp-admx-startmenu.md +++ b/windows/client-management/mdm/policy-csp-admx-startmenu.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_StartMenu Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/10/2023 +ms.date: 05/11/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -847,9 +847,9 @@ Enabling this setting adds a check box to the Run dialog box, giving users the o -This setting affects the notification area, also called the "system tray." +This setting affects the notification area, also called the "system tray". -The notification area is located in the task bar, generally at the bottom of the screen, and it includes the clock and current notifications. This setting determines whether the items are always expanded or always collapsed. By default, notifications are collapsed. The notification cleanup << icon can be referred to as the "notification chevron." +The notification area is located in the task bar, generally at the bottom of the screen, and it includes the clock and current notifications. This setting determines whether the items are always expanded or always collapsed. By default, notifications are collapsed. The notification cleanup << icon can be referred to as the "notification chevron". - If you enable this setting, the system notification area expands to show all of the notifications that use this area. @@ -977,9 +977,9 @@ When you hold the cursor over an item on the Start menu or in the notification a This policy setting allows you to prevent users from changing their Start screen layout. -- If you enable this setting, you will prevent a user from selecting an app, resizing a tile, pinning/unpinning a tile or a secondary tile, entering the customize mode and rearranging tiles within Start and Apps. +- If you enable this setting, you'll prevent a user from selecting an app, resizing a tile, pinning/unpinning a tile or a secondary tile, entering the customize mode and rearranging tiles within Start and Apps. -- If you disable or don't configure this setting, you will allow a user to select an app, resize a tile, pin/unpin a tile or a secondary tile, enter the customize mode and rearrange tiles within Start and Apps. +- If you disable or don't configure this setting, you'll allow a user to select an app, resize a tile, pin/unpin a tile or a secondary tile, enter the customize mode and rearrange tiles within Start and Apps. @@ -3947,6 +3947,7 @@ This policy setting shows or hides the "Run as different user" command on the St - If you enable this setting, the Run command is added to the Start menu. + - If you disable or don't configure this setting, the Run command isn't visible on the Start menu by default, but it can be added from the Taskbar and Start menu properties. If the Remove Run link from Start Menu policy is set, the Add the Run command to the Start menu policy has no effect. diff --git a/windows/client-management/mdm/policy-csp-admx-tabletpcinputpanel.md b/windows/client-management/mdm/policy-csp-admx-tabletpcinputpanel.md index 730f255949..89ec7e937f 100644 --- a/windows/client-management/mdm/policy-csp-admx-tabletpcinputpanel.md +++ b/windows/client-management/mdm/policy-csp-admx-tabletpcinputpanel.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_TabletPCInputPanel Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/10/2023 +ms.date: 05/11/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -559,17 +559,17 @@ Adjusts password security settings in Touch Keyboard and Handwriting panel (a.k. Touch Keyboard and Handwriting panel enables you to use handwriting or an on-screen keyboard to enter text, symbols, numbers, or keyboard shortcuts. -- If you enable this policy and choose "Low" from the drop-down box, password security is set to "Low." At this setting, all password security settings are turned off. Users won't be able to configure this setting in the Input Panel Options dialog box. +- If you enable this policy and choose "Low" from the drop-down box, password security is set to "Low". At this setting, all password security settings are turned off. Users won't be able to configure this setting in the Input Panel Options dialog box. -- If you enable this policy and choose "Medium-Low" from the drop-down box, password security is set to "Medium-Low." At this setting, when users enter passwords from Input Panel they use the on-screen keyboard by default, skin switching is allowed, and Input Panel displays the cursor and which keys are tapped. Users won't be able to configure this setting in the Input Panel Options dialog box. +- If you enable this policy and choose "Medium-Low" from the drop-down box, password security is set to "Medium-Low". At this setting, when users enter passwords from Input Panel they use the on-screen keyboard by default, skin switching is allowed, and Input Panel displays the cursor and which keys are tapped. Users won't be able to configure this setting in the Input Panel Options dialog box. -- If you enable this policy and choose "Medium" from the drop-down box, password security is set to "Medium." At this setting, when users enter passwords from Input Panel they use the on-screen keyboard by default, skin switching isn't allowed, and Input Panel displays the cursor and which keys are tapped. Users won't be able to configure this setting in the Input Panel Options dialog box. +- If you enable this policy and choose "Medium" from the drop-down box, password security is set to "Medium". At this setting, when users enter passwords from Input Panel they use the on-screen keyboard by default, skin switching isn't allowed, and Input Panel displays the cursor and which keys are tapped. Users won't be able to configure this setting in the Input Panel Options dialog box. -- If you enable this policy and choose to "Medium-High" from the drop-down box, password security is set to "Medium-High." At this setting, when users enter passwords from Input Panel they use the on-screen keyboard by default, skin switching is allowed, and Input Panel doesn't display the cursor or which keys are tapped. Users won't be able to configure this setting in the Input Panel Options dialog box. +- If you enable this policy and choose to "Medium-High" from the drop-down box, password security is set to "Medium-High". At this setting, when users enter passwords from Input Panel they use the on-screen keyboard by default, skin switching is allowed, and Input Panel doesn't display the cursor or which keys are tapped. Users won't be able to configure this setting in the Input Panel Options dialog box. -- If you enable this policy and choose "High" from the drop-down box, password security is set to "High." At this setting, when users enter passwords from Input Panel they use the on-screen keyboard by default, skin switching isn't allowed, and Input Panel doesn't display the cursor or which keys are tapped. Users won't be able to configure this setting in the Input Panel Options dialog box. +- If you enable this policy and choose "High" from the drop-down box, password security is set to "High". At this setting, when users enter passwords from Input Panel they use the on-screen keyboard by default, skin switching isn't allowed, and Input Panel doesn't display the cursor or which keys are tapped. Users won't be able to configure this setting in the Input Panel Options dialog box. -- If you disable this policy, password security is set to "Medium-High." At this setting, when users enter passwords from Input Panel they use the on-screen keyboard by default, skin switching is allowed, and Input Panel doesn't display the cursor or which keys are tapped. Users won't be able to configure this setting in the Input Panel Options dialog box. +- If you disable this policy, password security is set to "Medium-High". At this setting, when users enter passwords from Input Panel they use the on-screen keyboard by default, skin switching is allowed, and Input Panel doesn't display the cursor or which keys are tapped. Users won't be able to configure this setting in the Input Panel Options dialog box. - If you don't configure this policy, password security is set to "Medium-High" by default. At this setting, when users enter passwords from Input Panel they use the on-screen keyboard by default, skin switching is allowed, and Input Panel doesn't display the cursor or which keys are tapped. Users will be able to configure this setting on the Advanced tab in Input Panel Options in Windows 7 and Windows Vista. @@ -633,17 +633,17 @@ Adjusts password security settings in Touch Keyboard and Handwriting panel (a.k. Touch Keyboard and Handwriting panel enables you to use handwriting or an on-screen keyboard to enter text, symbols, numbers, or keyboard shortcuts. -- If you enable this policy and choose "Low" from the drop-down box, password security is set to "Low." At this setting, all password security settings are turned off. Users won't be able to configure this setting in the Input Panel Options dialog box. +- If you enable this policy and choose "Low" from the drop-down box, password security is set to "Low". At this setting, all password security settings are turned off. Users won't be able to configure this setting in the Input Panel Options dialog box. -- If you enable this policy and choose "Medium-Low" from the drop-down box, password security is set to "Medium-Low." At this setting, when users enter passwords from Input Panel they use the on-screen keyboard by default, skin switching is allowed, and Input Panel displays the cursor and which keys are tapped. Users won't be able to configure this setting in the Input Panel Options dialog box. +- If you enable this policy and choose "Medium-Low" from the drop-down box, password security is set to "Medium-Low". At this setting, when users enter passwords from Input Panel they use the on-screen keyboard by default, skin switching is allowed, and Input Panel displays the cursor and which keys are tapped. Users won't be able to configure this setting in the Input Panel Options dialog box. -- If you enable this policy and choose "Medium" from the drop-down box, password security is set to "Medium." At this setting, when users enter passwords from Input Panel they use the on-screen keyboard by default, skin switching isn't allowed, and Input Panel displays the cursor and which keys are tapped. Users won't be able to configure this setting in the Input Panel Options dialog box. +- If you enable this policy and choose "Medium" from the drop-down box, password security is set to "Medium". At this setting, when users enter passwords from Input Panel they use the on-screen keyboard by default, skin switching isn't allowed, and Input Panel displays the cursor and which keys are tapped. Users won't be able to configure this setting in the Input Panel Options dialog box. -- If you enable this policy and choose to "Medium-High" from the drop-down box, password security is set to "Medium-High." At this setting, when users enter passwords from Input Panel they use the on-screen keyboard by default, skin switching is allowed, and Input Panel doesn't display the cursor or which keys are tapped. Users won't be able to configure this setting in the Input Panel Options dialog box. +- If you enable this policy and choose to "Medium-High" from the drop-down box, password security is set to "Medium-High". At this setting, when users enter passwords from Input Panel they use the on-screen keyboard by default, skin switching is allowed, and Input Panel doesn't display the cursor or which keys are tapped. Users won't be able to configure this setting in the Input Panel Options dialog box. -- If you enable this policy and choose "High" from the drop-down box, password security is set to "High." At this setting, when users enter passwords from Input Panel they use the on-screen keyboard by default, skin switching isn't allowed, and Input Panel doesn't display the cursor or which keys are tapped. Users won't be able to configure this setting in the Input Panel Options dialog box. +- If you enable this policy and choose "High" from the drop-down box, password security is set to "High". At this setting, when users enter passwords from Input Panel they use the on-screen keyboard by default, skin switching isn't allowed, and Input Panel doesn't display the cursor or which keys are tapped. Users won't be able to configure this setting in the Input Panel Options dialog box. -- If you disable this policy, password security is set to "Medium-High." At this setting, when users enter passwords from Input Panel they use the on-screen keyboard by default, skin switching is allowed, and Input Panel doesn't display the cursor or which keys are tapped. Users won't be able to configure this setting in the Input Panel Options dialog box. +- If you disable this policy, password security is set to "Medium-High". At this setting, when users enter passwords from Input Panel they use the on-screen keyboard by default, skin switching is allowed, and Input Panel doesn't display the cursor or which keys are tapped. Users won't be able to configure this setting in the Input Panel Options dialog box. - If you don't configure this policy, password security is set to "Medium-High" by default. At this setting, when users enter passwords from Input Panel they use the on-screen keyboard by default, skin switching is allowed, and Input Panel doesn't display the cursor or which keys are tapped. Users will be able to configure this setting on the Advanced tab in Input Panel Options in Windows 7 and Windows Vista. diff --git a/windows/client-management/mdm/policy-csp-admx-tabletshell.md b/windows/client-management/mdm/policy-csp-admx-tabletshell.md index d54533ae26..065e07cce1 100644 --- a/windows/client-management/mdm/policy-csp-admx-tabletshell.md +++ b/windows/client-management/mdm/policy-csp-admx-tabletshell.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_TabletShell Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/10/2023 +ms.date: 05/11/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -287,7 +287,7 @@ Prevents printing to Journal Note Writer. - If you enable this policy, the Journal Note Writer printer driver won't allow printing to it. It will remain displayed in the list of available printers, but attempts to print to it will fail. -- If you disable this policy, you will be able to use this feature to print to a Journal Note. +- If you disable this policy, you'll be able to use this feature to print to a Journal Note. - If you don't configure this policy, users will be able to use this feature to print to a Journal Note. @@ -348,7 +348,7 @@ Prevents printing to Journal Note Writer. - If you enable this policy, the Journal Note Writer printer driver won't allow printing to it. It will remain displayed in the list of available printers, but attempts to print to it will fail. -- If you disable this policy, you will be able to use this feature to print to a Journal Note. +- If you disable this policy, you'll be able to use this feature to print to a Journal Note. - If you don't configure this policy, users will be able to use this feature to print to a Journal Note. @@ -1009,7 +1009,7 @@ Prevents the user from launching an application from a Tablet PC hardware button Prevents press and hold actions on hardware buttons, so that only one action is available per button. -- If you enable this policy, press and hold actions are unavailable, and the button configuration dialog will display the following text: "Some settings are controlled by Group Policy. If a setting is unavailable, contact your system administrator." +- If you enable this policy, press and hold actions are unavailable, and the button configuration dialog will display the following text: "Some settings are controlled by Group Policy. If a setting is unavailable, contact your system administrator". - If you disable this policy, press and hold actions for buttons will be available. @@ -1070,7 +1070,7 @@ Prevents press and hold actions on hardware buttons, so that only one action is Prevents press and hold actions on hardware buttons, so that only one action is available per button. -- If you enable this policy, press and hold actions are unavailable, and the button configuration dialog will display the following text: "Some settings are controlled by Group Policy. If a setting is unavailable, contact your system administrator." +- If you enable this policy, press and hold actions are unavailable, and the button configuration dialog will display the following text: "Some settings are controlled by Group Policy. If a setting is unavailable, contact your system administrator". - If you disable this policy, press and hold actions for buttons will be available. diff --git a/windows/client-management/mdm/policy-csp-admx-tcpip.md b/windows/client-management/mdm/policy-csp-admx-tcpip.md index e4a26b95e9..b532bdadd9 100644 --- a/windows/client-management/mdm/policy-csp-admx-tcpip.md +++ b/windows/client-management/mdm/policy-csp-admx-tcpip.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_tcpip Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/10/2023 +ms.date: 05/11/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -282,7 +282,7 @@ This policy setting allows you to configure IP-HTTPS, a tunneling technology tha - If you disable or don't configure this policy setting, the local host settings are used. -- If you enable this policy setting, you can specify an IP-HTTPS server URL. You will be able to configure IP-HTTPS with one of the following settings: +- If you enable this policy setting, you can specify an IP-HTTPS server URL. You'll be able to configure IP-HTTPS with one of the following settings: Policy Default State: The IP-HTTPS interface is used when there are no other connectivity options. @@ -707,7 +707,7 @@ This policy setting allows you to configure Teredo, an address assignment and au - If you enable this policy setting, you can configure Teredo with one of the following settings: -Default: The default state is "Client." +Default: The default state is "Client". Disabled: No Teredo interfaces are present on the host. diff --git a/windows/client-management/mdm/policy-csp-admx-terminalserver.md b/windows/client-management/mdm/policy-csp-admx-terminalserver.md index b62a8729ca..a372de4237 100644 --- a/windows/client-management/mdm/policy-csp-admx-terminalserver.md +++ b/windows/client-management/mdm/policy-csp-admx-terminalserver.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_TerminalServer Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/10/2023 +ms.date: 05/11/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -234,6 +234,7 @@ This policy setting allows you to specify whether users can run Remote Desktop P > [!NOTE] > You can define this policy setting in the Computer Configuration node or in the User Configuration node. + - If you configure this policy setting for the computer, all users on the computer are affected. @@ -297,6 +298,7 @@ This policy setting allows you to specify whether users can run Remote Desktop P > [!NOTE] > You can define this policy setting in the Computer Configuration node or in the User Configuration node. + - If you configure this policy setting for the computer, all users on the computer are affected. @@ -471,6 +473,7 @@ This policy setting allows you to specify whether users can run unsigned Remote This policy setting allows you to specify whether users can redirect the remote computer's audio and video output in a Remote Desktop Services session. + Users can specify where to play the remote computer's audio output by configuring the remote audio settings on the Local Resources tab in Remote Desktop Connection (RDC). Users can choose to play the remote audio on the remote computer or on the local computer. Users can also choose to not play the audio. Video playback can be configured by using the videoplayback setting in a Remote Desktop Protocol (.rdp) file. By default, video playback is enabled. By default, audio and video playback redirection isn't allowed when connecting to a computer running Windows Server 2008 R2, Windows Server 2008, or Windows Server 2003. Audio and video playback redirection is allowed by default when connecting to a computer running Windows 8, Windows Server 2012, Windows 7, Windows Vista, or Windows XP Professional. @@ -535,6 +538,7 @@ By default, audio and video playback redirection isn't allowed when connecting t This policy setting allows you to specify whether users can record audio to the remote computer in a Remote Desktop Services session. + Users can specify whether to record audio to the remote computer by configuring the remote audio settings on the Local Resources tab in Remote Desktop Connection (RDC). Users can record audio by using an audio input device on the local computer, such as a built-in microphone. By default, audio recording redirection isn't allowed when connecting to a computer running Windows Server 2008 R2. Audio recording redirection is allowed by default when connecting to a computer running at least Windows 7, or Windows Server 2008 R2. @@ -849,7 +853,7 @@ By default, Remote Desktop Services automatically designates the client default -This policy setting specifies whether the Remote Desktop Connection can use hardware acceleration if supported hardware is available. If you use this setting, the Remote Desktop Client will use only software decoding. For example, if you have a problem that you suspect may be related to hardware acceleration, use this setting to disable the acceleration; then, if the problem still occurs, you will know that there are additional issues to investigate. If you disable this setting or leave it not configured, the Remote Desktop client will use hardware accelerated decoding if supported hardware is available. +This policy setting specifies whether the Remote Desktop Connection can use hardware acceleration if supported hardware is available. If you use this setting, the Remote Desktop Client will use only software decoding. For example, if you have a problem that you suspect may be related to hardware acceleration, use this setting to disable the acceleration; then, if the problem still occurs, you'll know that there are additional issues to investigate. If you disable this setting or leave it not configured, the Remote Desktop client will use hardware accelerated decoding if supported hardware is available. @@ -1033,6 +1037,7 @@ By default, Remote Desktop Services doesn't allow redirection of supported Plug - If you disable this policy setting, users can redirect their supported Plug and Play devices to the remote computer. Users can use the More option on the Local Resources tab of Remote Desktop Connection to choose the supported Plug and Play devices to redirect to the remote computer. - If you enable this policy setting, users can't redirect their supported Plug and Play devices to the remote computer. + - If you don't configure this policy setting, users can redirect their supported Plug and Play devices to the remote computer only if it's running Windows Server 2012 R2 and earlier versions. > [!NOTE] @@ -1163,6 +1168,7 @@ This policy setting allows you to specify a list of Secure Hash Algorithm 1 (SHA Note: You can define this policy setting in the Computer Configuration node or in the User Configuration node. + - If you configure this policy setting for the computer, the list of certificate thumbprints trusted for a user is a combination of the list defined for the computer and the list defined for the user. This policy setting overrides the behavior of the "Allow .rdp files from valid publishers and user's default .rdp settings" policy setting. @@ -1230,6 +1236,7 @@ This policy setting allows you to specify a list of Secure Hash Algorithm 1 (SHA Note: You can define this policy setting in the Computer Configuration node or in the User Configuration node. + - If you configure this policy setting for the computer, the list of certificate thumbprints trusted for a user is a combination of the list defined for the computer and the list defined for the user. This policy setting overrides the behavior of the "Allow .rdp files from valid publishers and user's default .rdp settings" policy setting. @@ -1358,12 +1365,12 @@ You can use this policy setting to set a limit on the color depth of any connect Note: 1. Setting the color depth to 24 bits is only supported on Windows Server 2003 and Windows XP Professional. + 2. The value specified in this policy setting isn't applied to connections from client computers that are using at least Remote Desktop Protocol 8.0 (computers running at least Windows 8 or Windows Server 2012). The 32-bit color depth format is always used for these connections. 3. For connections from client computers that are using Remote Desktop Protocol 7.1 or earlier versions that are connecting to computers running at least Windows 8 or Windows Server 2012, the minimum of the following values is used as the color depth format: -a. Value specified by this policy setting -b. Maximum color depth supported by the client -c. Value requested by the client + +a. Value specified by this policy setting b. Maximum color depth supported by the client c. Value requested by the client. If the client doesn't support at least 16 bits, the connection is terminated. @@ -2816,7 +2823,7 @@ A license server attempts to provide the most appropriate RDS or TS CAL for a co By default, if the most appropriate RDS CAL isn't available for a connection, a Windows Server 2008 license server will issue a Windows Server 2008 TS CAL, if available, to the following: * A client connecting to a Windows Server 2003 terminal server -* A client connecting to a Windows 2000 terminal server +* A client connecting to a Windows 2000 terminal server. - If you enable this policy setting, the license server will only issue a temporary RDS CAL to the client if an appropriate RDS CAL for the RD Session Host server isn't available. If the client has already been issued a temporary RDS CAL and the temporary RDS CAL has expired, the client won't be able to connect to the RD Session Host server unless the RD Licensing grace period for the RD Session Host server hasn't expired. @@ -3065,9 +3072,11 @@ By default, when a new user signs in to a computer, the Start screen is shown an - If you enable this policy setting, administrators can interact with a user's Remote Desktop Services session based on the option selected. Select the desired level of control and permission from the options list: 1. No remote control allowed: Disallows an administrator to use remote control or view a remote user session. + 2. Full Control with user's permission: Allows the administrator to interact with the session, with the user's consent. 3. Full Control without user's permission: Allows the administrator to interact with the session, without the user's consent. + 4. View Session with user's permission: Allows the administrator to watch the session of a remote user with the user's consent. 5. View Session without user's permission: Allows the administrator to watch the session of a remote user without the user's consent. @@ -3130,9 +3139,11 @@ By default, when a new user signs in to a computer, the Start screen is shown an - If you enable this policy setting, administrators can interact with a user's Remote Desktop Services session based on the option selected. Select the desired level of control and permission from the options list: 1. No remote control allowed: Disallows an administrator to use remote control or view a remote user session. + 2. Full Control with user's permission: Allows the administrator to interact with the session, with the user's consent. 3. Full Control without user's permission: Allows the administrator to interact with the session, without the user's consent. + 4. View Session with user's permission: Allows the administrator to watch the session of a remote user with the user's consent. 5. View Session without user's permission: Allows the administrator to watch the session of a remote user without the user's consent. @@ -3580,7 +3591,7 @@ This policy setting allows you to specify which protocols can be used for Remote - If you enable this policy setting, you must specify if you would like RDP to use UDP. -You can select one of the following options: "Use both UDP and TCP", "Use only TCP" or "Use either UDP or TCP (default)" +You can select one of the following options: "Use both UDP and TCP", "Use only TCP" or "Use either UDP or TCP (default)". If you select "Use either UDP or TCP" and the UDP connection is successful, most of the RDP traffic will use UDP. @@ -3944,6 +3955,7 @@ This policy setting allows you to specify the visual quality for remote users wh - If you enable this policy setting and set quality to High, RemoteFX Adaptive Graphics uses an encoding mechanism that results in high quality images and consumes moderate network bandwidth. - If you enable this policy setting and set quality to Lossless, RemoteFX Adaptive Graphics uses lossless encoding. In this mode, the color integrity of the graphics data isn't impacted. However, this setting results in a significant increase in network bandwidth consumption. We recommend that you set this for very specific cases only. + - If you disable or don't configure this policy setting, RemoteFX Adaptive Graphics uses an encoding mechanism that results in medium quality images. @@ -4001,6 +4013,7 @@ This policy setting allows you to specify the visual quality for remote users wh This policy setting allows you to configure graphics encoding to use the RemoteFX Codec on the Remote Desktop Session Host server so that the sessions are compatible with non-Windows thin client devices designed for Windows Server 2008 R2 SP1. These clients only support the Windows Server 2008 R2 SP1 RemoteFX Codec. - If you enable this policy setting, users' sessions on this server will only use the Windows Server 2008 R2 SP1 RemoteFX Codec for encoding. This mode is compatible with thin client devices that only support the Windows Server 2008 R2 SP1 RemoteFX Codec. + - If you disable or don't configure this policy setting, non-Windows thin clients that only support the Windows Server 2008 R2 SP1 RemoteFX Codec won't be able to connect to this server. This policy setting applies only to clients that are using Remote Desktop Protocol (RDP) 7.1, and doesn't affect clients that are using other RDP versions. @@ -4061,11 +4074,11 @@ This policy setting allows the administrator to configure the RemoteFX experienc - If you enable this policy setting, the RemoteFX experience could be set to one of the following options: 1. Let the system choose the experience for the network condition -2. Optimize for server scalability +2. Optimize for server scalability. -3. Optimize for minimum bandwidth usage +3. Optimize for minimum bandwidth usage. -- If you disable or don't configure this policy setting, the RemoteFX experience will change dynamically based on the network condition." +- If you disable or don't configure this policy setting, the RemoteFX experience will change dynamically based on the network condition". @@ -4891,7 +4904,7 @@ To use this setting, in Program path and file name, type the fully qualified pat If the status is set to Enabled, Remote Desktop Services sessions automatically run the specified program and use the specified Working Directory (or the program default directory, if Working Directory isn't specified) as the working directory for the program. -If the status is set to Disabled or Not Configured, Remote Desktop Services sessions start with the full desktop, unless the server administrator or user specify otherwise. (See "Computer Configuration\Administrative Templates\System\Logon\Run these programs at user logon" setting.) +If the status is set to Disabled or Not Configured, Remote Desktop Services sessions start with the full desktop, unless the server administrator or user specify otherwise. (See "Computer Configuration\Administrative Templates\System\Logon\Run these programs at user logon" setting). > [!NOTE] > This setting appears in both Computer Configuration and User Configuration. If both settings are configured, the Computer Configuration setting overrides. @@ -4959,7 +4972,7 @@ To use this setting, in Program path and file name, type the fully qualified pat If the status is set to Enabled, Remote Desktop Services sessions automatically run the specified program and use the specified Working Directory (or the program default directory, if Working Directory isn't specified) as the working directory for the program. -If the status is set to Disabled or Not Configured, Remote Desktop Services sessions start with the full desktop, unless the server administrator or user specify otherwise. (See "Computer Configuration\Administrative Templates\System\Logon\Run these programs at user logon" setting.) +If the status is set to Disabled or Not Configured, Remote Desktop Services sessions start with the full desktop, unless the server administrator or user specify otherwise. (See "Computer Configuration\Administrative Templates\System\Logon\Run these programs at user logon" setting). > [!NOTE] > This setting appears in both Computer Configuration and User Configuration. If both settings are configured, the Computer Configuration setting overrides. @@ -5663,6 +5676,7 @@ To configure this policy setting, type the path to the network share in the form Note: 1. The roaming user profiles enabled by the policy setting apply only to Remote Desktop Services connections. A user might also have a Windows roaming user profile configured. The Remote Desktop Services roaming user profile always takes precedence in a Remote Desktop Services session. + 2. To configure a mandatory Remote Desktop Services roaming user profile for all users connecting remotely to the RD Session Host server, use this policy setting together with the "Use mandatory profiles on the RD Session Host server" policy setting located in Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\RD Session Host\Profiles. The path set in the "Set path for Remote Desktop Services Roaming User Profile" policy setting should contain the mandatory profile. diff --git a/windows/client-management/mdm/policy-csp-admx-touchinput.md b/windows/client-management/mdm/policy-csp-admx-touchinput.md index 9c2c38224e..a0905b6d96 100644 --- a/windows/client-management/mdm/policy-csp-admx-touchinput.md +++ b/windows/client-management/mdm/policy-csp-admx-touchinput.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_TouchInput Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/10/2023 +ms.date: 05/11/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -39,7 +39,8 @@ ms.topic: reference -Turn off Panning +Turn off Panning. + Turns off touch panning, which allows users pan inside windows by touch. On a compatible PC with a touch digitizer, by default users are able to scroll or pan inside a scrolling area by dragging up or down directly on the scrolling content. - If you enable this setting, the user won't be able to pan windows by touch. @@ -104,7 +105,8 @@ Turns off touch panning, which allows users pan inside windows by touch. On a co -Turn off Panning +Turn off Panning. + Turns off touch panning, which allows users pan inside windows by touch. On a compatible PC with a touch digitizer, by default users are able to scroll or pan inside a scrolling area by dragging up or down directly on the scrolling content. - If you enable this setting, the user won't be able to pan windows by touch. @@ -169,7 +171,7 @@ Turns off touch panning, which allows users pan inside windows by touch. On a co -Turn off Tablet PC touch input +Turn off Tablet PC touch input. Turns off touch input, which allows the user to interact with their computer using their finger. @@ -235,7 +237,7 @@ Turns off touch input, which allows the user to interact with their computer usi -Turn off Tablet PC touch input +Turn off Tablet PC touch input. Turns off touch input, which allows the user to interact with their computer using their finger. diff --git a/windows/client-management/mdm/policy-csp-admx-userexperiencevirtualization.md b/windows/client-management/mdm/policy-csp-admx-userexperiencevirtualization.md index f0a248a97d..93388ebc6f 100644 --- a/windows/client-management/mdm/policy-csp-admx-userexperiencevirtualization.md +++ b/windows/client-management/mdm/policy-csp-admx-userexperiencevirtualization.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_UserExperienceVirtualization Area in Poli author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/10/2023 +ms.date: 05/11/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -44,10 +44,13 @@ ms.topic: reference This policy setting configures the synchronization of user settings of Calculator. + By default, the user settings of Calculator synchronize between computers. Use the policy setting to prevent the user settings of Calculator from synchronization between computers. - If you enable this policy setting, the Calculator user settings continue to synchronize. + - If you disable this policy setting, Calculator user settings are excluded from the synchronization settings. + - If you don't configure this policy setting, any defined values will be deleted. @@ -108,10 +111,15 @@ By default, the user settings of Calculator synchronize between computers. Use t This policy setting configures the sync provider used by User Experience Virtualization (UE-V) to sync settings between users' computers. With Sync Method set to "SyncProvider," the UE-V Agent uses a built-in sync provider to keep user settings synchronized between the computer and the settings storage location. This is the default value. You can disable the sync provider on computers that never go offline and are always connected to the settings storage location. + When SyncMethod is set to "None," the UE-V Agent uses no sync provider. Settings are written directly to the settings storage location rather than being cached to sync later. + Set SyncMethod to "External" when an external synchronization engine is being deployed for settings sync. This could use OneDrive, Work Folders, SharePoint or any other engine that uses a local folder to synchronize data between users' computers. In this mode, UE-V writes settings data to the local folder specified in the settings storage path. These settings are then synchronized to other computers by an external synchronization engine. UE-V has no control over this synchronization. It only reads and writes the settings data when the normal UE-V triggers take place. + With notifications enabled, UE-V users receive a message when the settings sync is delayed. The notification delay policy setting defines the delay before a notification appears. + - If you disable this policy setting, the sync provider is used to synchronize settings between computers and the settings storage location. + - If you don't configure this policy setting, any defined values will be deleted. @@ -173,7 +181,9 @@ With notifications enabled, UE-V users receive a message when the settings sync This policy setting configures the synchronization of User Experience Virtualization (UE-V) rollback information for computers running in a non-persistent, pooled VDI environment. UE-V settings rollback data and checkpoints are normally stored only on the local computer. With this policy setting enabled, the rollback information is copied to the settings storage location when the user logs off or shuts down their VDI session. Enable this setting to register a VDI-specific settings location template and restore data on computers in pooled VDI environments that reset to a clean state on logout. With this policy enabled you can roll settings back to the state when UE-V was installed or to "last-known-good" configurations. Only enable this policy setting on computers running in a non-persistent VDI environment. The VDI Collection Name defines the name of the virtual desktop collection containing the virtual computers. - If you enable this policy setting, the UE-V rollback state is copied to the settings storage location on logout and restored on login. + - If you disable this policy setting, no UE-V rollback state is copied to the settings storage location. + - If you don't configure this policy, no UE-V rollback state is copied to the settings storage location. @@ -232,7 +242,9 @@ This policy setting configures the synchronization of User Experience Virtualiza This policy setting specifies the text of the Contact IT URL hyperlink in the Company Settings Center. - If you enable this policy setting, the Company Settings Center displays the specified text in the link to the Contact IT URL. + - If you disable this policy setting, the Company Settings Center doesn't display an IT Contact link. + - If you don't configure this policy setting, any defined values will be deleted. @@ -290,7 +302,9 @@ This policy setting specifies the text of the Contact IT URL hyperlink in the Co This policy setting specifies the URL for the Contact IT link in the Company Settings Center. - If you enable this policy setting, the Company Settings Center Contact IT text links to the specified URL. The link can be of any standard protocol such as http or mailto. + - If you disable this policy setting, the Company Settings Center doesn't display an IT Contact link. + - If you don't configure this policy setting, any defined values will be deleted. @@ -350,10 +364,13 @@ This policy setting specifies the URL for the Contact IT link in the Company Set This policy setting defines whether the User Experience Virtualization (UE-V) Agent synchronizes settings for Windows apps. + By default, the UE-V Agent synchronizes settings for Windows apps between the computer and the settings storage location. - If you enable this policy setting, the UE-V Agent won't synchronize settings for Windows apps. + - If you disable this policy setting, the UE-V Agent will synchronize settings for Windows apps. + - If you don't configure this policy setting, any defined values are deleted. > [!NOTE] @@ -417,10 +434,13 @@ By default, the UE-V Agent synchronizes settings for Windows apps between the co This policy setting configures the synchronization of Windows settings between computers. + Certain Windows settings will synchronize between computers by default. These settings include Windows themes, Windows desktop settings, Ease of Access settings, and network printers. Use this policy setting to specify which Windows settings synchronize between computers. You can also use these settings to enable synchronization of users' sign-in information for certain apps, networks, and certificates. - If you enable this policy setting, only the selected Windows settings synchronize. Unselected Windows settings are excluded from settings synchronization. + - If you disable this policy setting, all Windows Settings are excluded from the settings synchronization. + - If you don't configure this policy setting, any defined values will be deleted. @@ -535,10 +555,13 @@ This policy setting allows you to enable or disable User Experience Virtualizati This policy setting configures the synchronization of user settings for the Finance app. + By default, the user settings of Finance sync between computers. Use the policy setting to prevent the user settings of Finance from synchronizing between computers. - If you enable this policy setting, Finance user settings continue to sync. + - If you disable this policy setting, Finance user settings are excluded from synchronization. + - If you don't configure this policy setting, any defined values will be deleted. @@ -595,9 +618,13 @@ By default, the user settings of Finance sync between computers. Use the policy This policy setting enables a notification in the system tray that appears when the User Experience Virtualization (UE-V) Agent runs for the first time. + By default, a notification informs users that Company Settings Center, the user-facing name for the UE-V Agent, now helps to synchronize settings between their work computers. + With this setting enabled, the notification appears the first time that the UE-V Agent runs. + With this setting disabled, no notification appears. + If you don't configure this policy setting, any defined values are deleted. @@ -658,10 +685,13 @@ If you don't configure this policy setting, any defined values are deleted. This policy setting configures the synchronization of user settings for the Games app. + By default, the user settings of Games sync between computers. Use the policy setting to prevent the user settings of Games from synchronizing between computers. - If you enable this policy setting, Games user settings continue to sync. + - If you disable this policy setting, Games user settings are excluded from synchronization. + - If you don't configure this policy setting, any defined values will be deleted. @@ -722,10 +752,13 @@ By default, the user settings of Games sync between computers. Use the policy se This policy setting configures the synchronization of user settings of Internet Explorer 10. + By default, the user settings of Internet Explorer 10 synchronize between computers. Use the policy setting to prevent the user settings for Internet Explorer 10 from synchronization between computers. - If you enable this policy setting, the Internet Explorer 10 user settings continue to synchronize. + - If you disable this policy setting, Internet Explorer 10 user settings are excluded from the synchronization settings. + - If you don't configure this policy setting, any defined values will be deleted. @@ -786,10 +819,13 @@ By default, the user settings of Internet Explorer 10 synchronize between comput This policy setting configures the synchronization of user settings of Internet Explorer 11. + By default, the user settings of Internet Explorer 11 synchronize between computers. Use the policy setting to prevent the user settings for Internet Explorer 11 from synchronization between computers. - If you enable this policy setting, the Internet Explorer 11 user settings continue to synchronize. + - If you disable this policy setting, Internet Explorer 11 user settings are excluded from the synchronization settings. + - If you don't configure this policy setting, any defined values will be deleted. @@ -850,10 +886,13 @@ By default, the user settings of Internet Explorer 11 synchronize between comput This policy setting configures the synchronization of user settings for Internet Explorer 8. + By default, the user settings of Internet Explorer 8 synchronize between computers. Use the policy setting to prevent the user settings for Internet Explorer 8 from synchronization between computers. - If you enable this policy setting, the Internet Explorer 8 user settings continue to synchronize. + - If you disable this policy setting, Internet Explorer 8 user settings are excluded from the synchronization settings. + - If you don't configure this policy setting, any defined values will be deleted. @@ -914,10 +953,13 @@ By default, the user settings of Internet Explorer 8 synchronize between compute This policy setting configures the synchronization of user settings for Internet Explorer 9. + By default, the user settings of Internet Explorer 9 synchronize between computers. Use the policy setting to prevent the user settings for Internet Explorer 9 from synchronization between computers. - If you enable this policy setting, the Internet Explorer 9 user settings continue to synchronize. + - If you disable this policy setting, Internet Explorer 9 user settings are excluded from the synchronization settings. + - If you don't configure this policy setting, any defined values will be deleted. @@ -978,10 +1020,13 @@ By default, the user settings of Internet Explorer 9 synchronize between compute This policy setting configures the synchronization of user settings which are common between the versions of Internet Explorer. + By default, the user settings which are common between the versions of Internet Explorer synchronize between computers. Use the policy setting to prevent the user settings of Internet Explorer from synchronization between computers. - If you enable this policy setting, the user settings which are common between the versions of Internet Explorer continue to synchronize. + - If you disable this policy setting, the user settings which are common between the versions of Internet Explorer are excluded from settings synchronization. If any version of the Internet Explorer settings are enabled this policy setting shouldn't be disabled. + - If you don't configure this policy setting, any defined values will be deleted. @@ -1041,10 +1086,13 @@ By default, the user settings which are common between the versions of Internet This policy setting configures the synchronization of user settings for the Maps app. + By default, the user settings of Maps sync between computers. Use the policy setting to prevent the user settings of Maps from synchronizing between computers. - If you enable this policy setting, Maps user settings continue to sync. + - If you disable this policy setting, Maps user settings are excluded from synchronization. + - If you don't configure this policy setting, any defined values will be deleted. @@ -1107,6 +1155,7 @@ By default, the user settings of Maps sync between computers. Use the policy set This policy setting allows you to configure the UE-V Agent to write a warning event to the event log when a settings package file size reaches a defined threshold. By default the UE-V Agent doesn't report information about package file size. - If you enable this policy setting, specify the threshold file size in bytes. When the settings package file exceeds this threshold the UE-V Agent will write a warning event to the event log. + - If you disable or don't configure this policy setting, no event is written to the event log to report settings package size. @@ -1166,10 +1215,13 @@ This policy setting allows you to configure the UE-V Agent to write a warning ev This policy setting configures the synchronization of user settings for Microsoft Access 2010. + By default, the user settings of Microsoft Access 2010 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Access 2010 from synchronization between computers. - If you enable this policy setting, Microsoft Access 2010 user settings continue to synchronize. + - If you disable this policy setting, Microsoft Access 2010 user settings are excluded from the synchronization settings. + - If you don't configure this policy setting, any defined values will be deleted. @@ -1229,9 +1281,11 @@ By default, the user settings of Microsoft Access 2010 synchronize between compu This policy setting configures the synchronization of user settings which are common between the Microsoft Office Suite 2010 applications. + By default, the user settings which are common between the Microsoft Office Suite 2010 applications synchronize between computers. Use the policy setting to prevent the user settings which are common between the Microsoft Office Suite 2010 applications from synchronization between computers. - If you enable this policy setting, the user settings which are common between the Microsoft Office Suite 2010 applications continue to synchronize. + - If you disable this policy setting, the user settings which are common between the Microsoft Office Suite 2010 applications are excluded from the synchronization settings. If any of the Microsoft Office Suite 2010 applications are enabled, this policy setting shouldn't be disabled - If you don't configure this policy setting, any defined values will be deleted. @@ -1292,10 +1346,13 @@ By default, the user settings which are common between the Microsoft Office Suit This policy setting configures the synchronization of user settings for Microsoft Excel 2010. + By default, the user settings of Microsoft Excel 2010 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Excel 2010 from synchronization between computers. - If you enable this policy setting, Microsoft Excel 2010 user settings continue to synchronize. + - If you disable this policy setting, Microsoft Excel 2010 user settings are excluded from the synchronization settings. + - If you don't configure this policy setting, any defined values will be deleted. @@ -1355,10 +1412,13 @@ By default, the user settings of Microsoft Excel 2010 synchronize between comput This policy setting configures the synchronization of user settings for Microsoft InfoPath 2010. + By default, the user settings of Microsoft InfoPath 2010 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft InfoPath 2010 from synchronization between computers. - If you enable this policy setting, Microsoft InfoPath 2010 user settings continue to synchronize. + - If you disable this policy setting, Microsoft InfoPath 2010 user settings are excluded from the synchronization settings. + - If you don't configure this policy setting, any defined values will be deleted. @@ -1418,10 +1478,13 @@ By default, the user settings of Microsoft InfoPath 2010 synchronize between com This policy setting configures the synchronization of user settings for Microsoft Lync 2010. + By default, the user settings of Microsoft Lync 2010 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Lync 2010 from synchronization between computers. - If you enable this policy setting, Microsoft Lync 2010 user settings continue to synchronize. + - If you disable this policy setting, Microsoft Lync 2010 user settings are excluded from the synchronization settings. + - If you don't configure this policy setting, any defined values will be deleted. @@ -1482,10 +1545,13 @@ By default, the user settings of Microsoft Lync 2010 synchronize between compute This policy setting configures the synchronization of user settings for Microsoft OneNote 2010. + By default, the user settings of Microsoft OneNote 2010 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft OneNote 2010 from synchronization between computers. - If you enable this policy setting, Microsoft OneNote 2010 user settings continue to synchronize. + - If you disable this policy setting, Microsoft OneNote 2010 user settings are excluded from the synchronization settings. + - If you don't configure this policy setting, any defined values will be deleted. @@ -1545,10 +1611,13 @@ By default, the user settings of Microsoft OneNote 2010 synchronize between comp This policy setting configures the synchronization of user settings for Microsoft Outlook 2010. + By default, the user settings of Microsoft Outlook 2010 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Outlook 2010 from synchronization between computers. - If you enable this policy setting, Microsoft Outlook 2010 user settings continue to synchronize. + - If you disable this policy setting, Microsoft Outlook 2010 user settings are excluded from the synchronization settings. + - If you don't configure this policy setting, any defined values will be deleted. @@ -1608,10 +1677,13 @@ By default, the user settings of Microsoft Outlook 2010 synchronize between comp This policy setting configures the synchronization of user settings for Microsoft PowerPoint 2010. + By default, the user settings of Microsoft PowerPoint 2010 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft PowerPoint 2010 from synchronization between computers. - If you enable this policy setting, Microsoft PowerPoint 2010 user settings continue to synchronize. + - If you disable this policy setting, Microsoft PowerPoint 2010 user settings are excluded from the synchronization settings. + - If you don't configure this policy setting, any defined values will be deleted. @@ -1671,10 +1743,13 @@ By default, the user settings of Microsoft PowerPoint 2010 synchronize between c This policy setting configures the synchronization of user settings for Microsoft Project 2010. + By default, the user settings of Microsoft Project 2010 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Project 2010 from synchronization between computers. - If you enable this policy setting, Microsoft Project 2010 user settings continue to synchronize. + - If you disable this policy setting, Microsoft Project 2010 user settings are excluded from the synchronization settings. + - If you don't configure this policy setting, any defined values will be deleted. @@ -1734,10 +1809,13 @@ By default, the user settings of Microsoft Project 2010 synchronize between comp This policy setting configures the synchronization of user settings for Microsoft Publisher 2010. + By default, the user settings of Microsoft Publisher 2010 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Publisher 2010 from synchronization between computers. - If you enable this policy setting, Microsoft Publisher 2010 user settings continue to synchronize. + - If you disable this policy setting, Microsoft Publisher 2010 user settings are excluded from the synchronization settings. + - If you don't configure this policy setting, any defined values will be deleted. @@ -1797,10 +1875,13 @@ By default, the user settings of Microsoft Publisher 2010 synchronize between co This policy setting configures the synchronization of user settings for Microsoft SharePoint Designer 2010. + By default, the user settings of Microsoft SharePoint Designer 2010 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft SharePoint Designer 2010 from synchronization between computers. - If you enable this policy setting, Microsoft SharePoint Designer 2010 user settings continue to synchronize. + - If you disable this policy setting, Microsoft SharePoint Designer 2010 user settings are excluded from the synchronization settings. + - If you don't configure this policy setting, any defined values will be deleted. @@ -1860,10 +1941,13 @@ By default, the user settings of Microsoft SharePoint Designer 2010 synchronize This policy setting configures the synchronization of user settings for Microsoft SharePoint Workspace 2010. + By default, the user settings of Microsoft SharePoint Workspace 2010 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft SharePoint Workspace 2010 from synchronization between computers. - If you enable this policy setting, Microsoft SharePoint Workspace 2010 user settings continue to synchronize. + - If you disable this policy setting, Microsoft SharePoint Workspace 2010 user settings are excluded from the synchronization settings. + - If you don't configure this policy setting, any defined values will be deleted. @@ -1923,10 +2007,13 @@ By default, the user settings of Microsoft SharePoint Workspace 2010 synchronize This policy setting configures the synchronization of user settings for Microsoft Visio 2010. + By default, the user settings of Microsoft Visio 2010 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Visio 2010 from synchronization between computers. - If you enable this policy setting, Microsoft Visio 2010 user settings continue to synchronize. + - If you disable this policy setting, Microsoft Visio 2010 user settings are excluded from the synchronization settings. + - If you don't configure this policy setting, any defined values will be deleted. @@ -1986,10 +2073,13 @@ By default, the user settings of Microsoft Visio 2010 synchronize between comput This policy setting configures the synchronization of user settings for Microsoft Word 2010. + By default, the user settings of Microsoft Word 2010 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Word 2010 from synchronization between computers. - If you enable this policy setting, Microsoft Word 2010 user settings continue to synchronize. + - If you disable this policy setting, Microsoft Word 2010 user settings are excluded from the synchronization settings. + - If you don't configure this policy setting, any defined values will be deleted. @@ -2049,10 +2139,13 @@ By default, the user settings of Microsoft Word 2010 synchronize between compute This policy setting configures the synchronization of user settings for Microsoft Access 2013. + By default, the user settings of Microsoft Access 2013 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Access 2013 from synchronization between computers. - If you enable this policy setting, Microsoft Access 2013 user settings continue to synchronize. + - If you disable this policy setting, Microsoft Access 2013 user settings are excluded from the synchronization settings. + - If you don't configure this policy setting, any defined values will be deleted. @@ -2112,10 +2205,13 @@ By default, the user settings of Microsoft Access 2013 synchronize between compu This policy setting configures the backup of certain user settings for Microsoft Access 2013. + Microsoft Access 2013 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Access 2013 settings. - If you enable this policy setting, certain user settings of Microsoft Access 2013 will continue to be backed up. + - If you disable this policy setting, certain user settings of Microsoft Access 2013 won't be backed up. + - If you don't configure this policy setting, any defined values will be deleted. @@ -2175,10 +2271,13 @@ Microsoft Access 2013 has user settings that are backed up instead of synchroniz This policy setting configures the synchronization of user settings which are common between the Microsoft Office Suite 2013 applications. + By default, the user settings which are common between the Microsoft Office Suite 2013 applications synchronize between computers. Use the policy setting to prevent the user settings which are common between the Microsoft Office Suite 2013 applications from synchronization between computers. - If you enable this policy setting, the user settings which are common between the Microsoft Office Suite 2013 applications continue to synchronize. + - If you disable this policy setting, the user settings which are common between the Microsoft Office Suite 2013 applications are excluded from the synchronization settings. If any of the Microsoft Office Suite 2013 applications are enabled, this policy setting shouldn't be disabled. + - If you don't configure this policy setting, any defined values will be deleted. @@ -2238,10 +2337,13 @@ By default, the user settings which are common between the Microsoft Office Suit This policy setting configures the backup of certain user settings which are common between the Microsoft Office Suite 2013 applications. + Microsoft Office Suite 2013 has user settings which are common between applications and are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific common Microsoft Office Suite 2013 applications. - If you enable this policy setting, certain user settings which are common between the Microsoft Office Suite 2013 applications will continue to be backed up. + - If you disable this policy setting, certain user settings which are common between the Microsoft Office Suite 2013 applications won't be backed up. + - If you don't configure this policy setting, any defined values will be deleted. @@ -2301,10 +2403,13 @@ Microsoft Office Suite 2013 has user settings which are common between applicati This policy setting configures the synchronization of user settings for Microsoft Excel 2013. + By default, the user settings of Microsoft Excel 2013 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Excel 2013 from synchronization between computers. - If you enable this policy setting, Microsoft Excel 2013 user settings continue to synchronize. + - If you disable this policy setting, Microsoft Excel 2013 user settings are excluded from the synchronization settings. + - If you don't configure this policy setting, any defined values will be deleted. @@ -2364,10 +2469,13 @@ By default, the user settings of Microsoft Excel 2013 synchronize between comput This policy setting configures the backup of certain user settings for Microsoft Excel 2013. + Microsoft Excel 2013 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Excel 2013 settings. - If you enable this policy setting, certain user settings of Microsoft Excel 2013 will continue to be backed up. + - If you disable this policy setting, certain user settings of Microsoft Excel 2013 won't be backed up. + - If you don't configure this policy setting, any defined values will be deleted. @@ -2427,10 +2535,13 @@ Microsoft Excel 2013 has user settings that are backed up instead of synchronizi This policy setting configures the synchronization of user settings for Microsoft InfoPath 2013. + By default, the user settings of Microsoft InfoPath 2013 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft InfoPath 2013 from synchronization between computers. - If you enable this policy setting, Microsoft InfoPath 2013 user settings continue to synchronize. + - If you disable this policy setting, Microsoft InfoPath 2013 user settings are excluded from the synchronization settings. + - If you don't configure this policy setting, any defined values will be deleted. @@ -2490,10 +2601,13 @@ By default, the user settings of Microsoft InfoPath 2013 synchronize between com This policy setting configures the backup of certain user settings for Microsoft InfoPath 2013. + Microsoft InfoPath 2013 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft InfoPath 2013 settings. - If you enable this policy setting, certain user settings of Microsoft InfoPath 2013 will continue to be backed up. + - If you disable this policy setting, certain user settings of Microsoft InfoPath 2013 won't be backed up. + - If you don't configure this policy setting, any defined values will be deleted. @@ -2553,10 +2667,13 @@ Microsoft InfoPath 2013 has user settings that are backed up instead of synchron This policy setting configures the synchronization of user settings for Microsoft Lync 2013. + By default, the user settings of Microsoft Lync 2013 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Lync 2013 from synchronization between computers. - If you enable this policy setting, Microsoft Lync 2013 user settings continue to synchronize. + - If you disable this policy setting, Microsoft Lync 2013 user settings are excluded from the synchronization settings. + - If you don't configure this policy setting, any defined values will be deleted. @@ -2616,10 +2733,13 @@ By default, the user settings of Microsoft Lync 2013 synchronize between compute This policy setting configures the backup of certain user settings for Microsoft Lync 2013. + Microsoft Lync 2013 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Lync 2013 settings. - If you enable this policy setting, certain user settings of Microsoft Lync 2013 will continue to be backed up. + - If you disable this policy setting, certain user settings of Microsoft Lync 2013 won't be backed up. + - If you don't configure this policy setting, any defined values will be deleted. @@ -2679,10 +2799,13 @@ Microsoft Lync 2013 has user settings that are backed up instead of synchronizin This policy setting configures the synchronization of user settings for OneDrive for Business 2013. + By default, the user settings of OneDrive for Business 2013 synchronize between computers. Use the policy setting to prevent the user settings of OneDrive for Business 2013 from synchronization between computers. - If you enable this policy setting, OneDrive for Business 2013 user settings continue to synchronize. + - If you disable this policy setting, OneDrive for Business 2013 user settings are excluded from the synchronization settings. + - If you don't configure this policy setting, any defined values will be deleted. @@ -2742,10 +2865,13 @@ By default, the user settings of OneDrive for Business 2013 synchronize between This policy setting configures the synchronization of user settings for Microsoft OneNote 2013. + By default, the user settings of Microsoft OneNote 2013 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft OneNote 2013 from synchronization between computers. - If you enable this policy setting, Microsoft OneNote 2013 user settings continue to synchronize. + - If you disable this policy setting, Microsoft OneNote 2013 user settings are excluded from the synchronization settings. + - If you don't configure this policy setting, any defined values will be deleted. @@ -2805,10 +2931,13 @@ By default, the user settings of Microsoft OneNote 2013 synchronize between comp This policy setting configures the backup of certain user settings for Microsoft OneNote 2013. + Microsoft OneNote 2013 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft OneNote 2013 settings. - If you enable this policy setting, certain user settings of Microsoft OneNote 2013 will continue to be backed up. + - If you disable this policy setting, certain user settings of Microsoft OneNote 2013 won't be backed up. + - If you don't configure this policy setting, any defined values will be deleted. @@ -2868,10 +2997,13 @@ Microsoft OneNote 2013 has user settings that are backed up instead of synchroni This policy setting configures the synchronization of user settings for Microsoft Outlook 2013. + By default, the user settings of Microsoft Outlook 2013 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Outlook 2013 from synchronization between computers. - If you enable this policy setting, Microsoft Outlook 2013 user settings continue to synchronize. + - If you disable this policy setting, Microsoft Outlook 2013 user settings are excluded from the synchronization settings. + - If you don't configure this policy setting, any defined values will be deleted. @@ -2931,10 +3063,13 @@ By default, the user settings of Microsoft Outlook 2013 synchronize between comp This policy setting configures the backup of certain user settings for Microsoft Outlook 2013. + Microsoft Outlook 2013 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Outlook 2013 settings. - If you enable this policy setting, certain user settings of Microsoft Outlook 2013 will continue to be backed up. + - If you disable this policy setting, certain user settings of Microsoft Outlook 2013 won't be backed up. + - If you don't configure this policy setting, any defined values will be deleted. @@ -2994,10 +3129,13 @@ Microsoft Outlook 2013 has user settings that are backed up instead of synchroni This policy setting configures the synchronization of user settings for Microsoft PowerPoint 2013. + By default, the user settings of Microsoft PowerPoint 2013 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft PowerPoint 2013 from synchronization between computers. - If you enable this policy setting, Microsoft PowerPoint 2013 user settings continue to synchronize. + - If you disable this policy setting, Microsoft PowerPoint 2013 user settings are excluded from the synchronization settings. + - If you don't configure this policy setting, any defined values will be deleted. @@ -3057,10 +3195,13 @@ By default, the user settings of Microsoft PowerPoint 2013 synchronize between c This policy setting configures the backup of certain user settings for Microsoft PowerPoint 2013. + Microsoft PowerPoint 2013 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft PowerPoint 2013 settings. - If you enable this policy setting, certain user settings of Microsoft PowerPoint 2013 will continue to be backed up. + - If you disable this policy setting, certain user settings of Microsoft PowerPoint 2013 won't be backed up. + - If you don't configure this policy setting, any defined values will be deleted. @@ -3120,10 +3261,13 @@ Microsoft PowerPoint 2013 has user settings that are backed up instead of synchr This policy setting configures the synchronization of user settings for Microsoft Project 2013. + By default, the user settings of Microsoft Project 2013 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Project 2013 from synchronization between computers. - If you enable this policy setting, Microsoft Project 2013 user settings continue to synchronize. + - If you disable this policy setting, Microsoft Project 2013 user settings are excluded from the synchronization settings. + - If you don't configure this policy setting, any defined values will be deleted. @@ -3183,10 +3327,13 @@ By default, the user settings of Microsoft Project 2013 synchronize between comp This policy setting configures the backup of certain user settings for Microsoft Project 2013. + Microsoft Project 2013 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Project 2013 settings. - If you enable this policy setting, certain user settings of Microsoft Project 2013 will continue to be backed up. + - If you disable this policy setting, certain user settings of Microsoft Project 2013 won't be backed up. + - If you don't configure this policy setting, any defined values will be deleted. @@ -3246,10 +3393,13 @@ Microsoft Project 2013 has user settings that are backed up instead of synchroni This policy setting configures the synchronization of user settings for Microsoft Publisher 2013. + By default, the user settings of Microsoft Publisher 2013 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Publisher 2013 from synchronization between computers. - If you enable this policy setting, Microsoft Publisher 2013 user settings continue to synchronize. + - If you disable this policy setting, Microsoft Publisher 2013 user settings are excluded from the synchronization settings. + - If you don't configure this policy setting, any defined values will be deleted. @@ -3309,10 +3459,13 @@ By default, the user settings of Microsoft Publisher 2013 synchronize between co This policy setting configures the backup of certain user settings for Microsoft Publisher 2013. + Microsoft Publisher 2013 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Publisher 2013 settings. - If you enable this policy setting, certain user settings of Microsoft Publisher 2013 will continue to be backed up. + - If you disable this policy setting, certain user settings of Microsoft Publisher 2013 won't be backed up. + - If you don't configure this policy setting, any defined values will be deleted. @@ -3372,10 +3525,13 @@ Microsoft Publisher 2013 has user settings that are backed up instead of synchro This policy setting configures the synchronization of user settings for Microsoft SharePoint Designer 2013. + By default, the user settings of Microsoft SharePoint Designer 2013 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft SharePoint Designer 2013 from synchronization between computers. - If you enable this policy setting, Microsoft SharePoint Designer 2013 user settings continue to synchronize. + - If you disable this policy setting, Microsoft SharePoint Designer 2013 user settings are excluded from the synchronization settings. + - If you don't configure this policy setting, any defined values will be deleted. @@ -3435,10 +3591,13 @@ By default, the user settings of Microsoft SharePoint Designer 2013 synchronize This policy setting configures the backup of certain user settings for Microsoft SharePoint Designer 2013. + Microsoft SharePoint Designer 2013 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft SharePoint Designer 2013 settings. - If you enable this policy setting, certain user settings of Microsoft SharePoint Designer 2013 will continue to be backed up. + - If you disable this policy setting, certain user settings of Microsoft SharePoint Designer 2013 won't be backed up. + - If you don't configure this policy setting, any defined values will be deleted. @@ -3498,10 +3657,13 @@ Microsoft SharePoint Designer 2013 has user settings that are backed up instead This policy setting configures the synchronization of user settings for Microsoft Office 2013 Upload Center. + By default, the user settings of Microsoft Office 2013 Upload Center synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Office 2013 Upload Center from synchronization between computers. - If you enable this policy setting, Microsoft Office 2013 Upload Center user settings continue to synchronize. + - If you disable this policy setting, Microsoft Office 2013 Upload Center user settings are excluded from the synchronization settings. + - If you don't configure this policy setting, any defined values will be deleted. @@ -3561,10 +3723,13 @@ By default, the user settings of Microsoft Office 2013 Upload Center synchronize This policy setting configures the synchronization of user settings for Microsoft Visio 2013. + By default, the user settings of Microsoft Visio 2013 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Visio 2013 from synchronization between computers. - If you enable this policy setting, Microsoft Visio 2013 user settings continue to synchronize. + - If you disable this policy setting, Microsoft Visio 2013 user settings are excluded from the synchronization settings. + - If you don't configure this policy setting, any defined values will be deleted. @@ -3624,10 +3789,13 @@ By default, the user settings of Microsoft Visio 2013 synchronize between comput This policy setting configures the backup of certain user settings for Microsoft Visio 2013. + Microsoft Visio 2013 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Visio 2013 settings. - If you enable this policy setting, certain user settings of Microsoft Visio 2013 will continue to be backed up. + - If you disable this policy setting, certain user settings of Microsoft Visio 2013 won't be backed up. + - If you don't configure this policy setting, any defined values will be deleted. @@ -3687,10 +3855,13 @@ Microsoft Visio 2013 has user settings that are backed up instead of synchronizi This policy setting configures the synchronization of user settings for Microsoft Word 2013. + By default, the user settings of Microsoft Word 2013 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Word 2013 from synchronization between computers. - If you enable this policy setting, Microsoft Word 2013 user settings continue to synchronize. + - If you disable this policy setting, Microsoft Word 2013 user settings are excluded from the synchronization settings. + - If you don't configure this policy setting, any defined values will be deleted. @@ -3750,10 +3921,13 @@ By default, the user settings of Microsoft Word 2013 synchronize between compute This policy setting configures the backup of certain user settings for Microsoft Word 2013. + Microsoft Word 2013 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Word 2013 settings. - If you enable this policy setting, certain user settings of Microsoft Word 2013 will continue to be backed up. + - If you disable this policy setting, certain user settings of Microsoft Word 2013 won't be backed up. + - If you don't configure this policy setting, any defined values will be deleted. @@ -3813,10 +3987,13 @@ Microsoft Word 2013 has user settings that are backed up instead of synchronizin This policy setting configures the synchronization of user settings for Microsoft Access 2016. + By default, the user settings of Microsoft Access 2016 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Access 2016 from synchronization between computers. - If you enable this policy setting, Microsoft Access 2016 user settings continue to synchronize. + - If you disable this policy setting, Microsoft Access 2016 user settings are excluded from the synchronization settings. + - If you don't configure this policy setting, any defined values will be deleted. @@ -3876,10 +4053,13 @@ By default, the user settings of Microsoft Access 2016 synchronize between compu This policy setting configures the backup of certain user settings for Microsoft Access 2016. + Microsoft Access 2016 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Access 2016 settings. - If you enable this policy setting, certain user settings of Microsoft Access 2016 will continue to be backed up. + - If you disable this policy setting, certain user settings of Microsoft Access 2016 won't be backed up. + - If you don't configure this policy setting, any defined values will be deleted. @@ -3939,10 +4119,13 @@ Microsoft Access 2016 has user settings that are backed up instead of synchroniz This policy setting configures the synchronization of user settings which are common between the Microsoft Office Suite 2016 applications. + By default, the user settings which are common between the Microsoft Office Suite 2016 applications synchronize between computers. Use the policy setting to prevent the user settings which are common between the Microsoft Office Suite 2016 applications from synchronization between computers. - If you enable this policy setting, the user settings which are common between the Microsoft Office Suite 2016 applications continue to synchronize. + - If you disable this policy setting, the user settings which are common between the Microsoft Office Suite 2016 applications are excluded from the synchronization settings. If any of the Microsoft Office Suite 2016 applications are enabled, this policy setting shouldn't be disabled. + - If you don't configure this policy setting, any defined values will be deleted. @@ -4002,10 +4185,13 @@ By default, the user settings which are common between the Microsoft Office Suit This policy setting configures the backup of certain user settings which are common between the Microsoft Office Suite 2016 applications. + Microsoft Office Suite 2016 has user settings which are common between applications and are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific common Microsoft Office Suite 2016 applications. - If you enable this policy setting, certain user settings which are common between the Microsoft Office Suite 2016 applications will continue to be backed up. + - If you disable this policy setting, certain user settings which are common between the Microsoft Office Suite 2016 applications won't be backed up. + - If you don't configure this policy setting, any defined values will be deleted. @@ -4065,10 +4251,13 @@ Microsoft Office Suite 2016 has user settings which are common between applicati This policy setting configures the synchronization of user settings for Microsoft Excel 2016. + By default, the user settings of Microsoft Excel 2016 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Excel 2016 from synchronization between computers. - If you enable this policy setting, Microsoft Excel 2016 user settings continue to synchronize. + - If you disable this policy setting, Microsoft Excel 2016 user settings are excluded from the synchronization settings. + - If you don't configure this policy setting, any defined values will be deleted. @@ -4128,10 +4317,13 @@ By default, the user settings of Microsoft Excel 2016 synchronize between comput This policy setting configures the backup of certain user settings for Microsoft Excel 2016. + Microsoft Excel 2016 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Excel 2016 settings. - If you enable this policy setting, certain user settings of Microsoft Excel 2016 will continue to be backed up. + - If you disable this policy setting, certain user settings of Microsoft Excel 2016 won't be backed up. + - If you don't configure this policy setting, any defined values will be deleted. @@ -4191,10 +4383,13 @@ Microsoft Excel 2016 has user settings that are backed up instead of synchronizi This policy setting configures the synchronization of user settings for Microsoft Lync 2016. + By default, the user settings of Microsoft Lync 2016 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Lync 2016 from synchronization between computers. - If you enable this policy setting, Microsoft Lync 2016 user settings continue to synchronize. + - If you disable this policy setting, Microsoft Lync 2016 user settings are excluded from the synchronization settings. + - If you don't configure this policy setting, any defined values will be deleted. @@ -4254,10 +4449,13 @@ By default, the user settings of Microsoft Lync 2016 synchronize between compute This policy setting configures the backup of certain user settings for Microsoft Lync 2016. + Microsoft Lync 2016 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Lync 2016 settings. - If you enable this policy setting, certain user settings of Microsoft Lync 2016 will continue to be backed up. + - If you disable this policy setting, certain user settings of Microsoft Lync 2016 won't be backed up. + - If you don't configure this policy setting, any defined values will be deleted. @@ -4317,10 +4515,13 @@ Microsoft Lync 2016 has user settings that are backed up instead of synchronizin This policy setting configures the synchronization of user settings for OneDrive for Business 2016. + By default, the user settings of OneDrive for Business 2016 synchronize between computers. Use the policy setting to prevent the user settings of OneDrive for Business 2016 from synchronization between computers. - If you enable this policy setting, OneDrive for Business 2016 user settings continue to synchronize. + - If you disable this policy setting, OneDrive for Business 2016 user settings are excluded from the synchronization settings. + - If you don't configure this policy setting, any defined values will be deleted. @@ -4380,10 +4581,13 @@ By default, the user settings of OneDrive for Business 2016 synchronize between This policy setting configures the synchronization of user settings for Microsoft OneNote 2016. + By default, the user settings of Microsoft OneNote 2016 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft OneNote 2016 from synchronization between computers. - If you enable this policy setting, Microsoft OneNote 2016 user settings continue to synchronize. + - If you disable this policy setting, Microsoft OneNote 2016 user settings are excluded from the synchronization settings. + - If you don't configure this policy setting, any defined values will be deleted. @@ -4443,10 +4647,13 @@ By default, the user settings of Microsoft OneNote 2016 synchronize between comp This policy setting configures the backup of certain user settings for Microsoft OneNote 2016. + Microsoft OneNote 2016 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft OneNote 2016 settings. - If you enable this policy setting, certain user settings of Microsoft OneNote 2016 will continue to be backed up. + - If you disable this policy setting, certain user settings of Microsoft OneNote 2016 won't be backed up. + - If you don't configure this policy setting, any defined values will be deleted. @@ -4506,10 +4713,13 @@ Microsoft OneNote 2016 has user settings that are backed up instead of synchroni This policy setting configures the synchronization of user settings for Microsoft Outlook 2016. + By default, the user settings of Microsoft Outlook 2016 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Outlook 2016 from synchronization between computers. - If you enable this policy setting, Microsoft Outlook 2016 user settings continue to synchronize. + - If you disable this policy setting, Microsoft Outlook 2016 user settings are excluded from the synchronization settings. + - If you don't configure this policy setting, any defined values will be deleted. @@ -4569,10 +4779,13 @@ By default, the user settings of Microsoft Outlook 2016 synchronize between comp This policy setting configures the backup of certain user settings for Microsoft Outlook 2016. + Microsoft Outlook 2016 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Outlook 2016 settings. - If you enable this policy setting, certain user settings of Microsoft Outlook 2016 will continue to be backed up. + - If you disable this policy setting, certain user settings of Microsoft Outlook 2016 won't be backed up. + - If you don't configure this policy setting, any defined values will be deleted. @@ -4632,10 +4845,13 @@ Microsoft Outlook 2016 has user settings that are backed up instead of synchroni This policy setting configures the synchronization of user settings for Microsoft PowerPoint 2016. + By default, the user settings of Microsoft PowerPoint 2016 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft PowerPoint 2016 from synchronization between computers. - If you enable this policy setting, Microsoft PowerPoint 2016 user settings continue to synchronize. + - If you disable this policy setting, Microsoft PowerPoint 2016 user settings are excluded from the synchronization settings. + - If you don't configure this policy setting, any defined values will be deleted. @@ -4695,10 +4911,13 @@ By default, the user settings of Microsoft PowerPoint 2016 synchronize between c This policy setting configures the backup of certain user settings for Microsoft PowerPoint 2016. + Microsoft PowerPoint 2016 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft PowerPoint 2016 settings. - If you enable this policy setting, certain user settings of Microsoft PowerPoint 2016 will continue to be backed up. + - If you disable this policy setting, certain user settings of Microsoft PowerPoint 2016 won't be backed up. + - If you don't configure this policy setting, any defined values will be deleted. @@ -4758,10 +4977,13 @@ Microsoft PowerPoint 2016 has user settings that are backed up instead of synchr This policy setting configures the synchronization of user settings for Microsoft Project 2016. + By default, the user settings of Microsoft Project 2016 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Project 2016 from synchronization between computers. - If you enable this policy setting, Microsoft Project 2016 user settings continue to synchronize. + - If you disable this policy setting, Microsoft Project 2016 user settings are excluded from the synchronization settings. + - If you don't configure this policy setting, any defined values will be deleted. @@ -4821,10 +5043,13 @@ By default, the user settings of Microsoft Project 2016 synchronize between comp This policy setting configures the backup of certain user settings for Microsoft Project 2016. + Microsoft Project 2016 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Project 2016 settings. - If you enable this policy setting, certain user settings of Microsoft Project 2016 will continue to be backed up. + - If you disable this policy setting, certain user settings of Microsoft Project 2016 won't be backed up. + - If you don't configure this policy setting, any defined values will be deleted. @@ -4884,10 +5109,13 @@ Microsoft Project 2016 has user settings that are backed up instead of synchroni This policy setting configures the synchronization of user settings for Microsoft Publisher 2016. + By default, the user settings of Microsoft Publisher 2016 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Publisher 2016 from synchronization between computers. - If you enable this policy setting, Microsoft Publisher 2016 user settings continue to synchronize. + - If you disable this policy setting, Microsoft Publisher 2016 user settings are excluded from the synchronization settings. + - If you don't configure this policy setting, any defined values will be deleted. @@ -4947,10 +5175,13 @@ By default, the user settings of Microsoft Publisher 2016 synchronize between co This policy setting configures the backup of certain user settings for Microsoft Publisher 2016. + Microsoft Publisher 2016 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Publisher 2016 settings. - If you enable this policy setting, certain user settings of Microsoft Publisher 2016 will continue to be backed up. + - If you disable this policy setting, certain user settings of Microsoft Publisher 2016 won't be backed up. + - If you don't configure this policy setting, any defined values will be deleted. @@ -5010,10 +5241,13 @@ Microsoft Publisher 2016 has user settings that are backed up instead of synchro This policy setting configures the synchronization of user settings for Microsoft Office 2016 Upload Center. + By default, the user settings of Microsoft Office 2016 Upload Center synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Office 2016 Upload Center from synchronization between computers. - If you enable this policy setting, Microsoft Office 2016 Upload Center user settings continue to synchronize. + - If you disable this policy setting, Microsoft Office 2016 Upload Center user settings are excluded from the synchronization settings. + - If you don't configure this policy setting, any defined values will be deleted. @@ -5073,10 +5307,13 @@ By default, the user settings of Microsoft Office 2016 Upload Center synchronize This policy setting configures the synchronization of user settings for Microsoft Visio 2016. + By default, the user settings of Microsoft Visio 2016 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Visio 2016 from synchronization between computers. - If you enable this policy setting, Microsoft Visio 2016 user settings continue to synchronize. + - If you disable this policy setting, Microsoft Visio 2016 user settings are excluded from the synchronization settings. + - If you don't configure this policy setting, any defined values will be deleted. @@ -5136,10 +5373,13 @@ By default, the user settings of Microsoft Visio 2016 synchronize between comput This policy setting configures the backup of certain user settings for Microsoft Visio 2016. + Microsoft Visio 2016 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Visio 2016 settings. - If you enable this policy setting, certain user settings of Microsoft Visio 2016 will continue to be backed up. + - If you disable this policy setting, certain user settings of Microsoft Visio 2016 won't be backed up. + - If you don't configure this policy setting, any defined values will be deleted. @@ -5199,10 +5439,13 @@ Microsoft Visio 2016 has user settings that are backed up instead of synchronizi This policy setting configures the synchronization of user settings for Microsoft Word 2016. + By default, the user settings of Microsoft Word 2016 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Word 2016 from synchronization between computers. - If you enable this policy setting, Microsoft Word 2016 user settings continue to synchronize. + - If you disable this policy setting, Microsoft Word 2016 user settings are excluded from the synchronization settings. + - If you don't configure this policy setting, any defined values will be deleted. @@ -5262,10 +5505,13 @@ By default, the user settings of Microsoft Word 2016 synchronize between compute This policy setting configures the backup of certain user settings for Microsoft Word 2016. + Microsoft Word 2016 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Word 2016 settings. - If you enable this policy setting, certain user settings of Microsoft Word 2016 will continue to be backed up. + - If you disable this policy setting, certain user settings of Microsoft Word 2016 won't be backed up. + - If you don't configure this policy setting, any defined values will be deleted. @@ -5325,10 +5571,13 @@ Microsoft Word 2016 has user settings that are backed up instead of synchronizin This policy setting configures the synchronization of user settings for Microsoft Office 365 Access 2013. + Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Access 2013 will synchronize between a user's work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Access 2013 from synchronization between computers with UE-V. - If you enable this policy setting, Microsoft Office 365 Access 2013 user settings continue to sync with UE-V. + - If you disable this policy setting, Microsoft Office 365 Access 2013 user settings are excluded from synchronization with UE-V. + - If you don't configure this policy setting, any defined values will be deleted. @@ -5388,10 +5637,13 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t This policy setting configures the synchronization of user settings for Microsoft Office 365 Access 2016. + Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Access 2016 will synchronize between a user's work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Access 2016 from synchronization between computers with UE-V. - If you enable this policy setting, Microsoft Office 365 Access 2016 user settings continue to sync with UE-V. + - If you disable this policy setting, Microsoft Office 365 Access 2016 user settings are excluded from synchronization with UE-V. + - If you don't configure this policy setting, any defined values will be deleted. @@ -5451,10 +5703,13 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t This policy setting configures the synchronization of user settings which are common between the Microsoft Office Suite 2013 applications. + Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings which are common between the Microsoft Office Suite 2013 applications will synchronize between a user's work computers with UE-V by default. Use this policy setting to prevent the user settings which are common between the Microsoft Office Suite 2013 applications from synchronization between computers with UE-V. - If you enable this policy setting, user settings which are common between the Microsoft Office Suite 2013 applications continue to synchronize with UE-V. + - If you disable this policy setting, user settings which are common between the Microsoft Office Suite 2013 applications are excluded from synchronization with UE-V. + - If you don't configure this policy setting, any defined values will be deleted. @@ -5514,10 +5769,13 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t This policy setting configures the synchronization of user settings which are common between the Microsoft Office Suite 2016 applications. + Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings which are common between the Microsoft Office Suite 2016 applications will synchronize between a user's work computers with UE-V by default. Use this policy setting to prevent the user settings which are common between the Microsoft Office Suite 2016 applications from synchronization between computers with UE-V. - If you enable this policy setting, user settings which are common between the Microsoft Office Suite 2016 applications continue to synchronize with UE-V. + - If you disable this policy setting, user settings which are common between the Microsoft Office Suite 2016 applications are excluded from synchronization with UE-V. + - If you don't configure this policy setting, any defined values will be deleted. @@ -5577,10 +5835,13 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t This policy setting configures the synchronization of user settings for Microsoft Office 365 Excel 2013. + Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Excel 2013 will synchronize between a user's work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Excel 2013 from synchronization between computers with UE-V. - If you enable this policy setting, Microsoft Office 365 Excel 2013 user settings continue to sync with UE-V. + - If you disable this policy setting, Microsoft Office 365 Excel 2013 user settings are excluded from synchronization with UE-V. + - If you don't configure this policy setting, any defined values will be deleted. @@ -5640,10 +5901,13 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t This policy setting configures the synchronization of user settings for Microsoft Office 365 Excel 2016. + Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Excel 2016 will synchronize between a user's work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Excel 2016 from synchronization between computers with UE-V. - If you enable this policy setting, Microsoft Office 365 Excel 2016 user settings continue to sync with UE-V. + - If you disable this policy setting, Microsoft Office 365 Excel 2016 user settings are excluded from synchronization with UE-V. + - If you don't configure this policy setting, any defined values will be deleted. @@ -5703,10 +5967,13 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t This policy setting configures the synchronization of user settings for Microsoft Office 365 InfoPath 2013. + Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 InfoPath 2013 will synchronize between a user's work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 InfoPath 2013 from synchronization between computers with UE-V. - If you enable this policy setting, Microsoft Office 365 InfoPath 2013 user settings continue to sync with UE-V. + - If you disable this policy setting, Microsoft Office 365 InfoPath 2013 user settings are excluded from synchronization with UE-V. + - If you don't configure this policy setting, any defined values will be deleted. @@ -5766,10 +6033,13 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t This policy setting configures the synchronization of user settings for Microsoft Office 365 Lync 2013. + Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Lync 2013 will synchronize between a user's work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Lync 2013 from synchronization between computers with UE-V. - If you enable this policy setting, Microsoft Office 365 Lync 2013 user settings continue to sync with UE-V. + - If you disable this policy setting, Microsoft Office 365 Lync 2013 user settings are excluded from synchronization with UE-V. + - If you don't configure this policy setting, any defined values will be deleted. @@ -5829,10 +6099,13 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t This policy setting configures the synchronization of user settings for Microsoft Office 365 Lync 2016. + Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Lync 2016 will synchronize between a user's work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Lync 2016 from synchronization between computers with UE-V. - If you enable this policy setting, Microsoft Office 365 Lync 2016 user settings continue to sync with UE-V. + - If you disable this policy setting, Microsoft Office 365 Lync 2016 user settings are excluded from synchronization with UE-V. + - If you don't configure this policy setting, any defined values will be deleted. @@ -5892,10 +6165,13 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t This policy setting configures the synchronization of user settings for Microsoft Office 365 OneNote 2013. + Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 OneNote 2013 will synchronize between a user's work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 OneNote 2013 from synchronization between computers with UE-V. - If you enable this policy setting, Microsoft Office 365 OneNote 2013 user settings continue to sync with UE-V. + - If you disable this policy setting, Microsoft Office 365 OneNote 2013 user settings are excluded from synchronization with UE-V. + - If you don't configure this policy setting, any defined values will be deleted. @@ -5955,10 +6231,13 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t This policy setting configures the synchronization of user settings for Microsoft Office 365 OneNote 2016. + Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 OneNote 2016 will synchronize between a user's work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 OneNote 2016 from synchronization between computers with UE-V. - If you enable this policy setting, Microsoft Office 365 OneNote 2016 user settings continue to sync with UE-V. + - If you disable this policy setting, Microsoft Office 365 OneNote 2016 user settings are excluded from synchronization with UE-V. + - If you don't configure this policy setting, any defined values will be deleted. @@ -6018,10 +6297,13 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t This policy setting configures the synchronization of user settings for Microsoft Office 365 Outlook 2013. + Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Outlook 2013 will synchronize between a user's work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Outlook 2013 from synchronization between computers with UE-V. - If you enable this policy setting, Microsoft Office 365 Outlook 2013 user settings continue to sync with UE-V. + - If you disable this policy setting, Microsoft Office 365 Outlook 2013 user settings are excluded from synchronization with UE-V. + - If you don't configure this policy setting, any defined values will be deleted. @@ -6081,10 +6363,13 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t This policy setting configures the synchronization of user settings for Microsoft Office 365 Outlook 2016. + Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Outlook 2016 will synchronize between a user's work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Outlook 2016 from synchronization between computers with UE-V. - If you enable this policy setting, Microsoft Office 365 Outlook 2016 user settings continue to sync with UE-V. + - If you disable this policy setting, Microsoft Office 365 Outlook 2016 user settings are excluded from synchronization with UE-V. + - If you don't configure this policy setting, any defined values will be deleted. @@ -6144,10 +6429,13 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t This policy setting configures the synchronization of user settings for Microsoft Office 365 PowerPoint 2013. + Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 PowerPoint 2013 will synchronize between a user's work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 PowerPoint 2013 from synchronization between computers with UE-V. - If you enable this policy setting, Microsoft Office 365 PowerPoint 2013 user settings continue to sync with UE-V. + - If you disable this policy setting, Microsoft Office 365 PowerPoint 2013 user settings are excluded from synchronization with UE-V. + - If you don't configure this policy setting, any defined values will be deleted. @@ -6207,10 +6495,13 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t This policy setting configures the synchronization of user settings for Microsoft Office 365 PowerPoint 2016. + Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 PowerPoint 2016 will synchronize between a user's work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 PowerPoint 2016 from synchronization between computers with UE-V. - If you enable this policy setting, Microsoft Office 365 PowerPoint 2016 user settings continue to sync with UE-V. + - If you disable this policy setting, Microsoft Office 365 PowerPoint 2016 user settings are excluded from synchronization with UE-V. + - If you don't configure this policy setting, any defined values will be deleted. @@ -6270,10 +6561,13 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t This policy setting configures the synchronization of user settings for Microsoft Office 365 Project 2013. + Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Project 2013 will synchronize between a user's work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Project 2013 from synchronization between computers with UE-V. - If you enable this policy setting, Microsoft Office 365 Project 2013 user settings continue to sync with UE-V. + - If you disable this policy setting, Microsoft Office 365 Project 2013 user settings are excluded from synchronization with UE-V. + - If you don't configure this policy setting, any defined values will be deleted. @@ -6333,10 +6627,13 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t This policy setting configures the synchronization of user settings for Microsoft Office 365 Project 2016. + Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Project 2016 will synchronize between a user's work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Project 2016 from synchronization between computers with UE-V. - If you enable this policy setting, Microsoft Office 365 Project 2016 user settings continue to sync with UE-V. + - If you disable this policy setting, Microsoft Office 365 Project 2016 user settings are excluded from synchronization with UE-V. + - If you don't configure this policy setting, any defined values will be deleted. @@ -6396,10 +6693,13 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t This policy setting configures the synchronization of user settings for Microsoft Office 365 Publisher 2013. + Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Publisher 2013 will synchronize between a user's work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Publisher 2013 from synchronization between computers with UE-V. - If you enable this policy setting, Microsoft Office 365 Publisher 2013 user settings continue to sync with UE-V. + - If you disable this policy setting, Microsoft Office 365 Publisher 2013 user settings are excluded from synchronization with UE-V. + - If you don't configure this policy setting, any defined values will be deleted. @@ -6459,10 +6759,13 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t This policy setting configures the synchronization of user settings for Microsoft Office 365 Publisher 2016. + Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Publisher 2016 will synchronize between a user's work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Publisher 2016 from synchronization between computers with UE-V. - If you enable this policy setting, Microsoft Office 365 Publisher 2016 user settings continue to sync with UE-V. + - If you disable this policy setting, Microsoft Office 365 Publisher 2016 user settings are excluded from synchronization with UE-V. + - If you don't configure this policy setting, any defined values will be deleted. @@ -6522,10 +6825,13 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t This policy setting configures the synchronization of user settings for Microsoft Office 365 SharePoint Designer 2013. + Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 SharePoint Designer 2013 will synchronize between a user's work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 SharePoint Designer 2013 from synchronization between computers with UE-V. - If you enable this policy setting, Microsoft Office 365 SharePoint Designer 2013 user settings continue to sync with UE-V. + - If you disable this policy setting, Microsoft Office 365 SharePoint Designer 2013 user settings are excluded from synchronization with UE-V. + - If you don't configure this policy setting, any defined values will be deleted. @@ -6585,10 +6891,13 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t This policy setting configures the synchronization of user settings for Microsoft Office 365 Visio 2013. + Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Visio 2013 will synchronize between a user's work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Visio 2013 from synchronization between computers with UE-V. - If you enable this policy setting, Microsoft Office 365 Visio 2013 user settings continue to sync with UE-V. + - If you disable this policy setting, Microsoft Office 365 Visio 2013 user settings are excluded from synchronization with UE-V. + - If you don't configure this policy setting, any defined values will be deleted. @@ -6648,10 +6957,13 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t This policy setting configures the synchronization of user settings for Microsoft Office 365 Visio 2016. + Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Visio 2016 will synchronize between a user's work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Visio 2016 from synchronization between computers with UE-V. - If you enable this policy setting, Microsoft Office 365 Visio 2016 user settings continue to sync with UE-V. + - If you disable this policy setting, Microsoft Office 365 Visio 2016 user settings are excluded from synchronization with UE-V. + - If you don't configure this policy setting, any defined values will be deleted. @@ -6711,10 +7023,13 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t This policy setting configures the synchronization of user settings for Microsoft Office 365 Word 2013. + Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Word 2013 will synchronize between a user's work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Word 2013 from synchronization between computers with UE-V. - If you enable this policy setting, Microsoft Office 365 Word 2013 user settings continue to sync with UE-V. + - If you disable this policy setting, Microsoft Office 365 Word 2013 user settings are excluded from synchronization with UE-V. + - If you don't configure this policy setting, any defined values will be deleted. @@ -6774,10 +7089,13 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t This policy setting configures the synchronization of user settings for Microsoft Office 365 Word 2016. + Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Word 2016 will synchronize between a user's work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Word 2016 from synchronization between computers with UE-V. - If you enable this policy setting, Microsoft Office 365 Word 2016 user settings continue to sync with UE-V. + - If you disable this policy setting, Microsoft Office 365 Word 2016 user settings are excluded from synchronization with UE-V. + - If you don't configure this policy setting, any defined values will be deleted. @@ -6837,10 +7155,13 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t This policy setting configures the synchronization of user settings for the Music app. + By default, the user settings of Music sync between computers. Use the policy setting to prevent the user settings of Music from synchronizing between computers. - If you enable this policy setting, Music user settings continue to sync. + - If you disable this policy setting, Music user settings are excluded from the synchronizing settings. + - If you don't configure this policy setting, any defined values will be deleted. @@ -6901,10 +7222,13 @@ By default, the user settings of Music sync between computers. Use the policy se This policy setting configures the synchronization of user settings for the News app. + By default, the user settings of News sync between computers. Use the policy setting to prevent the user settings of News from synchronizing between computers. - If you enable this policy setting, News user settings continue to sync. + - If you disable this policy setting, News user settings are excluded from synchronization. + - If you don't configure this policy setting, any defined values will be deleted. @@ -6965,10 +7289,13 @@ By default, the user settings of News sync between computers. Use the policy set This policy setting configures the synchronization of user settings of Notepad. + By default, the user settings of Notepad synchronize between computers. Use the policy setting to prevent the user settings of Notepad from synchronization between computers. - If you enable this policy setting, the Notepad user settings continue to synchronize. + - If you disable this policy setting, Notepad user settings are excluded from the synchronization settings. + - If you don't configure this policy setting, any defined values will be deleted. @@ -7029,10 +7356,13 @@ By default, the user settings of Notepad synchronize between computers. Use the This policy setting configures the synchronization of user settings for the Reader app. + By default, the user settings of Reader sync between computers. Use the policy setting to prevent the user settings of Reader from synchronizing between computers. - If you enable this policy setting, Reader user settings continue to sync. + - If you disable this policy setting, Reader user settings are excluded from the synchronization. + - If you don't configure this policy setting, any defined values will be deleted. @@ -7093,9 +7423,11 @@ By default, the user settings of Reader sync between computers. Use the policy s This policy setting configures the number of milliseconds that the computer waits when retrieving user settings from the settings storage location. + You can use this setting to override the default value of 2000 milliseconds. - If you enable this policy setting, set the number of milliseconds that the system waits to retrieve settings. + - If you disable or don't configure this policy setting, the default value of 2000 milliseconds is used. @@ -7157,6 +7489,7 @@ You can use this setting to override the default value of 2000 milliseconds. This policy setting configures where the settings package files that contain user settings are stored. - If you enable this policy setting, the user settings are stored in the specified location. + - If you disable or don't configure this policy setting, the user settings are stored in the user's home directory if configured for your environment. @@ -7214,10 +7547,15 @@ This policy setting configures where the settings package files that contain use This policy setting configures where custom settings location templates are stored and if the catalog will be used to replace the default Microsoft templates installed with the UE-V Agent. - If you enable this policy setting, the UE-V Agent checks the specified location once each day and updates its synchronization behavior based on the templates in this location. Settings location templates added or updated since the last check are registered by the UE-V Agent. The UE-V Agent deregisters templates that were removed from this location. + If you specify a UNC path and leave the option to replace the default Microsoft templates unchecked, the UE-V Agent will use the default Microsoft templates installed by the UE-V Agent and custom templates in the settings template catalog. If there are custom templates in the settings template catalog which use the same ID as the default Microsoft templates, they will be ignored. + If you specify a UNC path and check the option to replace the default Microsoft templates, all of the default Microsoft templates installed by the UE-V Agent will be deleted from the computer and only the templates located in the settings template catalog will be used. + - If you disable this policy setting, the UE-V Agent won't use the custom settings location templates. + - If you disable this policy setting after it has been enabled, the UE-V Agent won't restore the default Microsoft templates. + - If you don't configure this policy setting, any defined values will be deleted. @@ -7277,10 +7615,13 @@ If you specify a UNC path and check the option to replace the default Microsoft This policy setting configures the synchronization of user settings for the Sports app. + By default, the user settings of Sports sync between computers. Use the policy setting to prevent the user settings of Sports from synchronizing between computers. - If you enable this policy setting, Sports user settings continue to sync. + - If you disable this policy setting, Sports user settings are excluded from synchronization. + - If you don't configure this policy setting, any defined values will be deleted. @@ -7400,9 +7741,13 @@ This policy setting allows you to enable or disable User Experience Virtualizati This policy setting defines whether the User Experience Virtualization (UE-V) Agent synchronizes settings over metered connections. + By default, the UE-V Agent doesn't synchronize settings over a metered connection. + With this setting enabled, the UE-V Agent synchronizes settings over a metered connection. + With this setting disabled, the UE-V Agent doesn't synchronize settings over a metered connection. + If you don't configure this policy setting, any defined values are deleted. @@ -7463,9 +7808,13 @@ If you don't configure this policy setting, any defined values are deleted. This policy setting defines whether the User Experience Virtualization (UE-V) Agent synchronizes settings over metered connections outside of the home provider network, for example when connected via a roaming connection. + By default, the UE-V Agent doesn't synchronize settings over a metered connection that's roaming. + With this setting enabled, the UE-V Agent synchronizes settings over a metered connection that's roaming. + With this setting disabled, the UE-V Agent won't synchronize settings over a metered connection that's roaming. + If you don't configure this policy setting, any defined values are deleted. @@ -7528,7 +7877,9 @@ If you don't configure this policy setting, any defined values are deleted. This policy setting allows you to configure the User Experience Virtualization (UE-V) sync provider to ping the settings storage path before attempting to sync settings. If the ping is successful then the sync provider attempts to synchronize the settings packages. If the ping is unsuccessful then the sync provider doesn't attempt the synchronization. - If you enable this policy setting, the sync provider pings the settings storage location before synchronizing settings packages. + - If you disable this policy setting, the sync provider doesn't ping the settings storage location before synchronizing settings packages. + - If you don't configure this policy, any defined values will be deleted. @@ -7585,9 +7936,13 @@ This policy setting allows you to configure the User Experience Virtualization ( This policy setting defines the default settings sync behavior of the User Experience Virtualization (UE-V) Agent for Windows apps that aren't explicitly listed in Windows App List. + By default, the UE-V Agent only synchronizes settings of those Windows apps included in the Windows App List. + With this setting enabled, the settings of all Windows apps not expressly disable in the Windows App List are synchronized. + With this setting disabled, only the settings of the Windows apps set to synchronize in the Windows App List are synchronized. + If you don't configure this policy setting, any defined values are deleted. @@ -7648,10 +8003,13 @@ If you don't configure this policy setting, any defined values are deleted. This policy setting configures the synchronization of user settings for the Travel app. + By default, the user settings of Travel sync between computers. Use the policy setting to prevent the user settings of Travel from synchronizing between computers. - If you enable this policy setting, Travel user settings continue to sync. + - If you disable this policy setting, Travel user settings are excluded from synchronization. + - If you don't configure this policy setting, any defined values will be deleted. @@ -7708,7 +8066,9 @@ By default, the user settings of Travel sync between computers. Use the policy s This policy setting enables the User Experience Virtualization (UE-V) tray icon. By default, an icon appears in the system tray that displays notifications for UE-V. This icon also provides a link to the UE-V Agent application, Company Settings Center. Users can open the Company Settings Center by right-clicking the icon and selecting Open or by double-clicking the icon. When this group policy setting is enabled, the UE-V tray icon is visible, the UE-V notifications display, and the Company Settings Center is accessible from the tray icon. + With this setting disabled, the tray icon doesn't appear in the system tray, UE-V never displays notifications, and the user can't access Company Settings Center from the system tray. The Company Settings Center remains accessible through the Control Panel and the Start menu or Start screen. + If you don't configure this policy setting, any defined values are deleted. @@ -7769,10 +8129,13 @@ If you don't configure this policy setting, any defined values are deleted. This policy setting configures the synchronization of user settings for the Video app. + By default, the user settings of Video sync between computers. Use the policy setting to prevent the user settings of Video from synchronizing between computers. - If you enable this policy setting, Video user settings continue to sync. + - If you disable this policy setting, Video user settings are excluded from synchronization. + - If you don't configure this policy setting, any defined values will be deleted. @@ -7833,10 +8196,13 @@ By default, the user settings of Video sync between computers. Use the policy se This policy setting configures the synchronization of user settings for the Weather app. + By default, the user settings of Weather sync between computers. Use the policy setting to prevent the user settings of Weather from synchronizing between computers. - If you enable this policy setting, Weather user settings continue to sync. + - If you disable this policy setting, Weather user settings are excluded from synchronization. + - If you don't configure this policy setting, any defined values will be deleted. @@ -7897,10 +8263,13 @@ By default, the user settings of Weather sync between computers. Use the policy This policy setting configures the synchronization of user settings of WordPad. + By default, the user settings of WordPad synchronize between computers. Use the policy setting to prevent the user settings of WordPad from synchronization between computers. - If you enable this policy setting, the WordPad user settings continue to synchronize. + - If you disable this policy setting, WordPad user settings are excluded from the synchronization settings. + - If you don't configure this policy setting, any defined values will be deleted. diff --git a/windows/client-management/mdm/policy-csp-admx-userprofiles.md b/windows/client-management/mdm/policy-csp-admx-userprofiles.md index d0294c3471..f3cd36cf4c 100644 --- a/windows/client-management/mdm/policy-csp-admx-userprofiles.md +++ b/windows/client-management/mdm/policy-csp-admx-userprofiles.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_UserProfiles Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/10/2023 +ms.date: 05/11/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -233,9 +233,13 @@ This policy setting sets the maximum size of each user profile and determines th - If you enable this policy setting, you can: - Set a maximum permitted user profile size. + - Determine whether the registry files are included in the calculation of the profile size. + - Determine whether users are notified when the profile exceeds the permitted maximum size. + - Specify a customized message notifying users of the oversized profile. + - Determine how often the customized message is displayed. > [!NOTE] @@ -365,7 +369,10 @@ This policy setting and related policy settings in this folder together define t - If you enable this policy setting, you can change how long Windows waits for a response from the server before considering the connection to be slow. -- If you disable or don't configure this policy setting, Windows considers the network connection to be slow if the server returns less than 500 kilobits of data per second or take 120 milliseconds to respond. Consider increasing this value for clients using DHCP Service-assigned addresses or for computers accessing profiles across dial-up connections. Important: If the "Do not detect slow network connections" policy setting is enabled, this policy setting is ignored. Also, if the "Delete cached copies of roaming profiles" policy setting is enabled, there is no local copy of the roaming profile to load when the system detects a slow connection. +- If you disable or don't configure this policy setting, Windows considers the network connection to be slow if the server returns less than 500 kilobits of data per second or take 120 milliseconds to respond. Consider increasing this value for clients using DHCP Service-assigned addresses or for computers accessing profiles across dial-up connections. + +> [!IMPORTANT] +> If the "Do not detect slow network connections" policy setting is enabled, this policy setting is ignored. Also, if the "Delete cached copies of roaming profiles" policy setting is enabled, there is no local copy of the roaming profile to load when the system detects a slow connection. diff --git a/windows/client-management/mdm/policy-csp-admx-w32time.md b/windows/client-management/mdm/policy-csp-admx-w32time.md index 8ba901e770..7688d55e7b 100644 --- a/windows/client-management/mdm/policy-csp-admx-w32time.md +++ b/windows/client-management/mdm/policy-csp-admx-w32time.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_W32Time Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/10/2023 +ms.date: 05/11/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -45,80 +45,104 @@ This policy setting allows you to specify Clock discipline and General values fo For more details on individual parameters, combinations of parameter values as well as definitions of flags, see< https://go.microsoft.com/fwlink/?linkid=847809>. -FrequencyCorrectRate +FrequencyCorrectRate. + This parameter controls the rate at which the W32time corrects the local clock's frequency. Lower values cause larger corrections; larger values cause smaller corrections. Default: 4 (scalar). -HoldPeriod +HoldPeriod. + This parameter indicates how many consistent time samples the client computer must receive in a series before subsequent time samples are evaluated as potential spikes. Default: 5 -LargePhaseOffset +LargePhaseOffset. + If a time sample differs from the client computer's local clock by more than LargePhaseOffset, the local clock is deemed to have drifted considerably, or in other words, spiked. Default: 50,000,000 100-nanosecond units (ns) or 5 seconds. -MaxAllowedPhaseOffset +MaxAllowedPhaseOffset. + If a response is received that has a time variation that's larger than this parameter value, W32time sets the client computer's local clock immediately to the time that's accepted as accurate from the Network Time Protocol (NTP) server. If the time variation is less than this value, the client computer's local clock is corrected gradually. Default: 300 seconds. -MaxNegPhaseCorrection +MaxNegPhaseCorrection. + If a time sample is received that indicates a time in the past (as compared to the client computer's local clock) that has a time difference that's greater than the MaxNegPhaseCorrection value, the time sample is discarded. Default: 172,800 seconds. -MaxPosPhaseCorrection +MaxPosPhaseCorrection. + If a time sample is received that indicates a time in the future (as compared to the client computer's local clock) that has a time difference greater than the MaxPosPhaseCorrection value, the time sample is discarded. Default: 172,800 seconds. -PhaseCorrectRate +PhaseCorrectRate. + This parameter controls how quickly W32time corrects the client computer's local clock difference to match time samples that are accepted as accurate from the NTP server. Lower values cause the clock to correct more quickly; larger values cause the clock to correct more slowly. Default: 7 (scalar). -PollAdjustFactor +PollAdjustFactor. + This parameter controls how quickly W32time changes polling intervals. When responses are considered to be accurate, the polling interval lengthens automatically. When responses are considered to be inaccurate, the polling interval shortens automatically. Default: 5 (scalar). -SpikeWatchPeriod +SpikeWatchPeriod. + This parameter specifies the amount of time that samples with time offset larger than LargePhaseOffset are received before these samples are accepted as accurate. SpikeWatchPeriod is used in conjunction with HoldPeriod to help eliminate sporadic, inaccurate time samples that are returned from a peer. Default: 900 seconds. -UpdateInterval +UpdateInterval. + This parameter specifies the amount of time that W32time waits between corrections when the clock is being corrected gradually. When it makes a gradual correction, the service adjusts the clock slightly, waits this amount of time, and then checks to see if another adjustment is needed, until the correction is finished. Default: 100 1/100th second units, or 1 second. General parameters: -AnnounceFlags -This parameter is a bitmask value that controls how time service availability is advertised through NetLogon. Default: 0x0a hexadecimal +AnnounceFlags. + +This parameter is a bitmask value that controls how time service availability is advertised through NetLogon. Default: 0x0a hexadecimal. + +EventLogFlags. -EventLogFlags This parameter controls special events that may be logged to the Event Viewer System log. Default: 0x02 hexadecimal bitmask. -LocalClockDispersion -This parameter indicates the maximum error in seconds that's reported by the NTP server to clients that are requesting a time sample. (Applies only when the NTP server is using the time of the local CMOS clock.) Default: 10 seconds. +LocalClockDispersion. -MaxPollInterval -This parameter controls the maximum polling interval, which defines the maximum amount of time between polls of a peer. Default: 10 in log base-2, or 1024 seconds. (Should not be set higher than 15.) +This parameter indicates the maximum error in seconds that's reported by the NTP server to clients that are requesting a time sample. (Applies only when the NTP server is using the time of the local CMOS clock). Default: 10 seconds. + +MaxPollInterval. + +This parameter controls the maximum polling interval, which defines the maximum amount of time between polls of a peer. Default: 10 in log base-2, or 1024 seconds. (Should not be set higher than 15). + +MinPollInterval. -MinPollInterval This parameter controls the minimum polling interval that defines the minimum amount of time between polls of a peer. Default: 6 in log base-2, or 64 seconds. -ClockHoldoverPeriod +ClockHoldoverPeriod. + This parameter indicates the maximum number of seconds a system clock can nominally hold its accuracy without synchronizing with a time source. If this period of time passes without W32time obtaining new samples from any of its input providers, W32time initiates a rediscovery of time sources. Default: 7800 seconds. -RequireSecureTimeSyncRequests +RequireSecureTimeSyncRequests. + This parameter controls whether or not the DC will respond to time sync requests that use older authentication protocols. If enabled (set to 1), the DC won't respond to requests using such protocols. Default: 0 Boolean. -UtilizeSslTimeData -This parameter controls whether W32time will use time data computed from SSL traffic on the machine as an additional input for correcting the local clock. Default: 1 (enabled) Boolean +UtilizeSslTimeData. + +This parameter controls whether W32time will use time data computed from SSL traffic on the machine as an additional input for correcting the local clock. Default: 1 (enabled) Boolean. + +ClockAdjustmentAuditLimit. -ClockAdjustmentAuditLimit This parameter specifies the smallest local clock adjustments that may be logged to the W32time service event log on the target machine. Default: 800 Parts per million (PPM). RODC parameters: -ChainEntryTimeout +ChainEntryTimeout. + This parameter specifies the maximum amount of time that an entry can remain in the chaining table before the entry is considered to be expired. Expired entries may be removed when the next request or response is processed. Default: 16 seconds. -ChainMaxEntries +ChainMaxEntries. + This parameter controls the maximum number of entries that are allowed in the chaining table. If the chaining table is full and no expired entries can be removed, any incoming requests are discarded. Default: 128 entries. -ChainMaxHostEntries +ChainMaxHostEntries. + This parameter controls the maximum number of entries that are allowed in the chaining table for a particular host. Default: 4 entries. -ChainDisable +ChainDisable. + This parameter controls whether or not the chaining mechanism is disabled. If chaining is disabled (set to 0), the RODC can synchronize with any domain controller, but hosts that don't have their passwords cached on the RODC won't be able to synchronize with the RODC. Default: 0 Boolean. -ChainLoggingRate +ChainLoggingRate. + This parameter controls the frequency at which an event that indicates the number of successful and unsuccessful chaining attempts is logged to the System log in Event Viewer. Default: 30 minutes. @@ -179,25 +203,32 @@ This policy setting specifies a set of parameters for controlling the Windows NT - If you disable or don't configure this policy setting, the Windows NTP Client uses the defaults of each of the following parameters. -NtpServer +NtpServer. + The Domain Name System (DNS) name or IP address of an NTP time source. This value is in the form of "dnsName,flags" where "flags" is a hexadecimal bitmask of the flags for that host. For more information, see the NTP Client Group Policy Settings Associated with Windows Time section of the Windows Time Service Group Policy Settings. The default value is "time.windows.com,0x09". -Type +Type. + This value controls the authentication that W32time uses. The default value is NT5DS. -CrossSiteSyncFlags +CrossSiteSyncFlags. + This value, expressed as a bitmask, controls how W32time chooses time sources outside its own site. The possible values are 0, 1, and 2. Setting this value to 0 (None) indicates that the time client shouldn't attempt to synchronize time outside its site. Setting this value to 1 (PdcOnly) indicates that only the computers that function as primary domain controller (PDC) emulator operations masters in other domains can be used as synchronization partners when the client has to synchronize time with a partner outside its own site. Setting a value of 2 (All) indicates that any synchronization partner can be used. This value is ignored if the NT5DS value isn't set. The default value is 2 decimal (0x02 hexadecimal). -ResolvePeerBackoffMinutes +ResolvePeerBackoffMinutes. + This value, expressed in minutes, controls how long W32time waits before it attempts to resolve a DNS name when a previous attempt failed. The default value is 15 minutes. -ResolvePeerBackoffMaxTimes +ResolvePeerBackoffMaxTimes. + This value controls how many times W32time attempts to resolve a DNS name before the discovery process is restarted. Each time DNS name resolution fails, the amount of time to wait before the next attempt will be twice the previous amount. The default value is seven attempts. -SpecialPollInterval +SpecialPollInterval. + This NTP client value, expressed in seconds, controls how often a manually configured time source is polled when the time source is configured to use a special polling interval. If the SpecialInterval flag is enabled on the NTPServer setting, the client uses the value that's set as the SpecialPollInterval, instead of a variable interval between MinPollInterval and MaxPollInterval values, to determine how frequently to poll the time source. SpecialPollInterval must be in the range of [MinPollInterval, MaxPollInterval], else the nearest value of the range is picked. Default: 1024 seconds. -EventLogFlags +EventLogFlags. + This value is a bitmask that controls events that may be logged to the System log in Event Viewer. Setting this value to 0x1 indicates that W32time will create an event whenever a time jump is detected. Setting this value to 0x2 indicates that W32time will create an event whenever a time source change is made. Because it's a bitmask value, setting 0x3 (the addition of 0x1 and 0x2) indicates that both time jumps and time source changes will be logged. diff --git a/windows/client-management/mdm/policy-csp-admx-wcm.md b/windows/client-management/mdm/policy-csp-admx-wcm.md index 16acc01304..864c2f00fc 100644 --- a/windows/client-management/mdm/policy-csp-admx-wcm.md +++ b/windows/client-management/mdm/policy-csp-admx-wcm.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_WCM Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/10/2023 +ms.date: 05/11/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -106,9 +106,11 @@ This policy setting determines whether Windows will soft-disconnect a computer f When soft disconnect is enabled: - - When Windows decides that the computer should no longer be connected to a network, it waits for traffic to settle on that network. The existing TCP session will continue uninterrupted. - - Windows then checks the traffic level on the network periodically. If the traffic level is above a certain threshold, no further action is taken. The computer stays connected to the network and continues to use it. For example, if the network connection is currently being used to download files from the Internet, the files will continue to be downloaded using that network connection. - - When the network traffic drops below this threshold, the computer will be disconnected from the network. Apps that keep a network connection active even when they're not actively using it (for example, email apps) might lose their connection. If this happens, these apps should re-establish their connection over a different network. +- When Windows decides that the computer should no longer be connected to a network, it waits for traffic to settle on that network. The existing TCP session will continue uninterrupted. + +- Windows then checks the traffic level on the network periodically. If the traffic level is above a certain threshold, no further action is taken. The computer stays connected to the network and continues to use it. For example, if the network connection is currently being used to download files from the Internet, the files will continue to be downloaded using that network connection. + +- When the network traffic drops below this threshold, the computer will be disconnected from the network. Apps that keep a network connection active even when they're not actively using it (for example, email apps) might lose their connection. If this happens, these apps should re-establish their connection over a different network. This policy setting depends on other group policy settings. For example, if 'Minimize the number of simultaneous connections to the Internet or a Windows Domain' is disabled, Windows won't disconnect from any networks. diff --git a/windows/client-management/mdm/policy-csp-admx-windowsconnectnow.md b/windows/client-management/mdm/policy-csp-admx-windowsconnectnow.md index a9b955dddf..894b258e47 100644 --- a/windows/client-management/mdm/policy-csp-admx-windowsconnectnow.md +++ b/windows/client-management/mdm/policy-csp-admx-windowsconnectnow.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_WindowsConnectNow Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/10/2023 +ms.date: 05/11/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -43,7 +43,7 @@ This policy setting prohibits access to Windows Connect Now (WCN) wizards. - If you enable this policy setting, the wizards are turned off and users have no access to any of the wizard tasks. All the configuration related tasks, including "Set up a wireless router or access point" and "Add a wireless device" are disabled. -- If you disable or don't configure this policy setting, users can access the wizard tasks, including "Set up a wireless router or access point" and "Add a wireless device." The default for this policy setting allows users to access all WCN wizards. +- If you disable or don't configure this policy setting, users can access the wizard tasks, including "Set up a wireless router or access point" and "Add a wireless device". The default for this policy setting allows users to access all WCN wizards. @@ -102,7 +102,7 @@ This policy setting prohibits access to Windows Connect Now (WCN) wizards. - If you enable this policy setting, the wizards are turned off and users have no access to any of the wizard tasks. All the configuration related tasks, including "Set up a wireless router or access point" and "Add a wireless device" are disabled. -- If you disable or don't configure this policy setting, users can access the wizard tasks, including "Set up a wireless router or access point" and "Add a wireless device." The default for this policy setting allows users to access all WCN wizards. +- If you disable or don't configure this policy setting, users can access the wizard tasks, including "Set up a wireless router or access point" and "Add a wireless device". The default for this policy setting allows users to access all WCN wizards. diff --git a/windows/client-management/mdm/policy-csp-admx-windowsexplorer.md b/windows/client-management/mdm/policy-csp-admx-windowsexplorer.md index effde9040f..4a8727e522 100644 --- a/windows/client-management/mdm/policy-csp-admx-windowsexplorer.md +++ b/windows/client-management/mdm/policy-csp-admx-windowsexplorer.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_WindowsExplorer Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/10/2023 +ms.date: 05/11/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -104,6 +104,7 @@ This policy setting allows you to prevent data loss when you change the target l This setting allows an administrator to revert specific Windows Shell behavior to classic Shell behavior. - If you enable this setting, users can't configure their system to open items by single-clicking (such as in Mouse in Control Panel). As a result, the user interface looks and operates like the interface for Windows NT 4.0, and users can't restore the new features. + Enabling this policy will also turn off the preview pane and set the folder options for File Explorer to Use classic folders view and disable the users ability to change these options. - If you disable or not configure this policy, the default File Explorer behavior is applied to the user. @@ -351,15 +352,19 @@ This disables access to user-defined properties, and properties stored in NTFS s This policy setting allows you to turn off Windows Libraries features that need indexed file metadata to function properly. - If you enable this policy, some Windows Libraries features will be turned off to better handle included folders that have been redirected to non-indexed network locations. + Setting this policy will: + * Disable all Arrangement views except for "By Folder" * Disable all Search filter suggestions other than "Date Modified" and "Size" * Disable view of file content snippets in Content mode when search results are returned * Disable ability to stack in the Context menu and Column headers -* Exclude Libraries from the scope of Start search +* Exclude Libraries from the scope of Start search. + This policy won't enable users to add unsupported locations to Libraries. - If you enable this policy, Windows Libraries features that rely on indexed file data will be disabled. + - If you disable or don't configure this policy, all default Windows Libraries features will be enabled. @@ -604,7 +609,7 @@ Some information is sent to Microsoft about files and programs run on PCs with t - If you enable this policy, SmartScreen will be turned on for all users. Its behavior can be controlled by the following options: - Warn and prevent bypass -- Warn +- Warn. - If you enable this policy with the "Warn and prevent bypass" option, SmartScreen's dialogs won't present the user with the option to disregard the warning and run the app. SmartScreen will continue to show the warning on subsequent attempts to run the app. @@ -737,6 +742,7 @@ For shell extensions to run on a per-user basis, there must be an entry at HKEY_ This policy setting allows you to specify whether the ribbon appears minimized or in full when new File Explorer windows are opened. - If you enable this policy setting, you can set how the ribbon appears the first time users open File Explorer and whenever they open new windows. + - If you disable or don't configure this policy setting, users can choose how the ribbon appears when they open new windows. @@ -2238,7 +2244,7 @@ The Recent Items menu contains shortcuts to the nonprogram files the user has mo - If you enable this policy setting, the system displays the number of shortcuts specified by the policy setting. -- If you disable or don't configure this policy setting, by default, the system displays shortcuts to the 10 most recently opened documents." +- If you disable or don't configure this policy setting, by default, the system displays shortcuts to the 10 most recently opened documents". @@ -3660,6 +3666,7 @@ This policy setting doesn't affect the Search items on the File Explorer context This policy setting allows you to have file names sorted literally (as in Windows 2000 and earlier) rather than in numerical order. - If you enable this policy setting, File Explorer will sort file names by each digit in a file name (for example, 111 < 22 < 3). + - If you disable or don't configure this policy setting, File Explorer will sort file names by increasing number value (for example, 3 < 22 < 111). @@ -3969,9 +3976,9 @@ The valid items you may display in the Places Bar are: 2) Shortcuts to remote folders -- (\\server\share) -3) FTP folders +3) FTP folders. -4) web folders +4) web folders. 5) Common Shell folders. diff --git a/windows/client-management/mdm/policy-csp-admx-windowsmediaplayer.md b/windows/client-management/mdm/policy-csp-admx-windowsmediaplayer.md index 6ec3963e29..87267407d6 100644 --- a/windows/client-management/mdm/policy-csp-admx-windowsmediaplayer.md +++ b/windows/client-management/mdm/policy-csp-admx-windowsmediaplayer.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_WindowsMediaPlayer Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/10/2023 +ms.date: 05/11/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -44,7 +44,9 @@ This policy setting allows you to specify the HTTP proxy settings for Windows Me - If you enable this policy setting, select one of the following proxy types: - Autodetect: the proxy settings are automatically detected. + - Custom: unique proxy settings are used. + - Use browser proxy settings: browser's proxy settings are used. If the Custom proxy type is selected, the rest of the options on the Setting tab must be specified because no default settings are used for the proxy. The options are ignored if Autodetect or Browser is selected. @@ -115,6 +117,7 @@ This policy setting allows you to specify the MMS proxy settings for Windows Med - If you enable this policy setting, select one of the following proxy types: - Autodetect: the proxy settings are automatically detected. + - Custom: unique proxy settings are used. If the Custom proxy type is selected, the rest of the options on the Setting tab must be specified; otherwise, the default settings are used. The options are ignored if Autodetect is selected. @@ -185,6 +188,7 @@ This policy setting allows you to specify the RTSP proxy settings for Windows Me - If you enable this policy setting, select one of the following proxy types: - Autodetect: the proxy settings are automatically detected. + - Custom: unique proxy settings are used. If the Custom proxy type is selected, the rest of the options on the Setting tab must be specified; otherwise, the default settings are used. The options are ignored if Autodetect is selected. @@ -739,6 +743,7 @@ This policy setting allows you to specify whether network buffering uses the def - If you enable this policy setting, select one of the following options to specify the number of seconds streaming media is buffered before it's played. - Custom: the number of seconds, up to 60, that streaming media is buffered. + - Default: default network buffering is used and the number of seconds that's specified is ignored. The "Use default buffering" and "Buffer" options on the Performance tab in the Player aren't available. diff --git a/windows/client-management/mdm/policy-csp-admx-winlogon.md b/windows/client-management/mdm/policy-csp-admx-winlogon.md index 6d8729d3a0..c53065c78d 100644 --- a/windows/client-management/mdm/policy-csp-admx-winlogon.md +++ b/windows/client-management/mdm/policy-csp-admx-winlogon.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_WinLogon Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/10/2023 +ms.date: 05/11/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -360,8 +360,11 @@ This policy setting controls whether or not software can simulate the Secure Att - If you enable this policy setting, you have one of four options: If you set this policy setting to "None," user mode software can't simulate the SAS. + If you set this policy setting to "Services," services can simulate the SAS. + If you set this policy setting to "Ease of Access applications," Ease of Access applications can simulate the SAS. + If you set this policy setting to "Services and Ease of Access applications," both services and Ease of Access applications can simulate the SAS. - If you disable or don't configure this setting, only Ease of Access applications running on the secure desktop can simulate the SAS. diff --git a/windows/client-management/mdm/policy-csp-admx-workfoldersclient.md b/windows/client-management/mdm/policy-csp-admx-workfoldersclient.md index 4b7838b695..c0b857187f 100644 --- a/windows/client-management/mdm/policy-csp-admx-workfoldersclient.md +++ b/windows/client-management/mdm/policy-csp-admx-workfoldersclient.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_WorkFoldersClient Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/10/2023 +ms.date: 05/11/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -156,6 +156,7 @@ This policy specifies whether Work Folders should use Token Broker for interacti This policy setting specifies the Work Folders server for affected users, as well as whether or not users are allowed to change settings when setting up Work Folders on a domain-joined computer. - If you enable this policy setting, affected users receive Work Folders settings when they sign in to a domain-joined PC. + - If this policy setting is disabled or not configured, no Work Folders settings are specified for the affected users, though users can manually set up Work Folders by using the Work Folders Control Panel item. The "Work Folders URL" can specify either the URL used by the organization for Work Folders discovery, or the specific URL of the file server that stores the affected users' data. @@ -168,7 +169,9 @@ The "Work Folders Local Path" specifies the local folder used on the client mach The "On-demand file access preference" option controls whether to enable on-demand file access. When enabled, the user controls which files in Work Folders are available offline on a given PC. The rest of the files in Work Folders are always visible and don't take up any space on the PC, but the user must be connected to the Internet to access them. - If you enable this policy setting, on-demand file access is enabled. + - If you disable this policy setting, on-demand file access is disabled, and enough storage space to store all the user's files is required on each of their PCs. + If you specify User choice or don't configure this policy setting, the user decides whether to enable on-demand file access. However, if the Force automatic setup policy setting is enabled, Work Folders is set up automatically with on-demand file access enabled. The "Force automatic setup" option specifies that Work Folders should be set up automatically without prompting users. This prevents users from choosing not to use Work Folders on the computer; it also prevents them from manually specifying the local folder in which Work Folders stores files. By default, Work Folders is stored in the "%USERPROFILE%\Work Folders" folder. If this option isn't specified, users must use the Work Folders Control Panel item on their computers to set up Work Folders. diff --git a/windows/client-management/mdm/policy-csp-applicationdefaults.md b/windows/client-management/mdm/policy-csp-applicationdefaults.md index 90a0ae5825..3b93d81859 100644 --- a/windows/client-management/mdm/policy-csp-applicationdefaults.md +++ b/windows/client-management/mdm/policy-csp-applicationdefaults.md @@ -4,7 +4,7 @@ description: Learn more about the ApplicationDefaults Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/10/2023 +ms.date: 05/11/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -40,7 +40,8 @@ ms.topic: reference This policy specifies the path to a file (e.g. either stored locally or on a network location) that contains file type and protocol default application associations. This file can be created using the DISM tool. For example: -Dism.exe /Online /Export-DefaultAppAssociations:C:\AppAssoc.txt + +Dism.exe /Online /Export-DefaultAppAssociations:C:\AppAssoc.txt. For more information, refer to the DISM documentation on TechNet. diff --git a/windows/client-management/mdm/policy-csp-applicationmanagement.md b/windows/client-management/mdm/policy-csp-applicationmanagement.md index a360d0d4bc..9286bcdf16 100644 --- a/windows/client-management/mdm/policy-csp-applicationmanagement.md +++ b/windows/client-management/mdm/policy-csp-applicationmanagement.md @@ -4,7 +4,7 @@ description: Learn more about the ApplicationManagement Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/10/2023 +ms.date: 05/11/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -310,6 +310,7 @@ Allows or denies development of Microsoft Store applications and installing them Windows Game Recording and Broadcasting. This setting enables or disables the Windows Game Recording and Broadcasting features. If you disable this setting, Windows Game Recording won't be allowed. + If the setting is enabled or not configured, then Recording and Broadcasting (streaming) will be allowed. diff --git a/windows/client-management/mdm/policy-csp-audit.md b/windows/client-management/mdm/policy-csp-audit.md index 07697f66e8..2cad1d5a95 100644 --- a/windows/client-management/mdm/policy-csp-audit.md +++ b/windows/client-management/mdm/policy-csp-audit.md @@ -4,7 +4,7 @@ description: Learn more about the Audit Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/10/2023 +ms.date: 05/11/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -99,7 +99,9 @@ Volume: High on domain controllers. This policy setting allows you to audit events generated by Kerberos authentication ticket-granting ticket (TGT) requests. + - If you configure this policy setting, an audit event is generated after a Kerberos authentication TGT request. Success audits record successful requests and Failure audits record unsuccessful requests. + - If you don't configure this policy setting, no audit event is generated after a Kerberos authentication TGT request. @@ -162,7 +164,9 @@ Volume: High on Kerberos Key Distribution Center servers. This policy setting allows you to audit events generated by Kerberos authentication ticket-granting ticket (TGT) requests submitted for user accounts. + - If you configure this policy setting, an audit event is generated after a Kerberos authentication TGT is requested for a user account. Success audits record successful requests and Failure audits record unsuccessful requests. + - If you don't configure this policy setting, no audit event is generated after a Kerberos authentication TGT is request for a user account. @@ -407,7 +411,9 @@ Volume: Low on a client computer. Medium on a domain controller or a network ser This policy setting allows you to audit events generated by Internet Key Exchange protocol (IKE) and Authenticated Internet Protocol (AuthIP) during Extended Mode negotiations. + - If you configure this policy setting, an audit event is generated during an IPsec Extended Mode negotiation. Success audits record successful attempts and Failure audits record unsuccessful attempts. + - If you don't configure this policy setting, no audit event is generated during an IPsec Extended Mode negotiation. @@ -470,7 +476,9 @@ Volume: High. This policy setting allows you to audit events generated by Internet Key Exchange protocol (IKE) and Authenticated Internet Protocol (AuthIP) during Main Mode negotiations. + - If you configure this policy setting, an audit event is generated during an IPsec Main Mode negotiation. Success audits record successful attempts and Failure audits record unsuccessful attempts. + - If you don't configure this policy setting, no audit event is generated during an IPsec Main Mode negotiation. @@ -532,9 +540,7 @@ Volume: High. -This policy setting allows you to audit events generated by Internet Key Exchange protocol (IKE) and Authenticated Internet Protocol (AuthIP) during Quick Mode negotiations. -- If you configure this policy setting, an audit event is generated during an IPsec Quick Mode negotiation. Success audits record successful attempts and Failure audits record unsuccessful attempts. -- If you don't configure this policy setting, no audit event is generated during an IPsec Quick Mode negotiation. +This policy setting allows you to audit events generated by Internet Key Exchange protocol (IKE) and Authenticated Internet Protocol (AuthIP) during Quick Mode negotiations. If you configure this policy setting, an audit event is generated during an IPsec Quick Mode negotiation. Success audits record successful attempts and Failure audits record unsuccessful attempts. If you don't configure this policy setting, no audit event is generated during an IPsec Quick Mode negotiation. @@ -596,7 +602,9 @@ Volume: High. This policy setting allows you to audit events generated by the closing of a logon session. These events occur on the computer that was accessed. For an interactive logoff the security audit event is generated on the computer that the user account logged-on to. + - If you configure this policy setting, an audit event is generated when a logon session is closed. Success audits record successful attempts to close sessions and Failure audits record unsuccessful attempts to close sessions. + - If you don't configure this policy setting, no audit event is generated when a logon session is closed. @@ -720,7 +728,9 @@ Volume: Low on a client computer. Medium on a domain controller or a network ser This policy setting allows you to audit events generated by RADIUS (IAS) and Network Access Protection (NAP) user access requests. These requests can be Grant, Deny, Discard, Quarantine, Lock, and Unlock. + - If you configure this policy setting, an audit event is generated for each IAS and NAP user access request. Success audits record successful user access requests and Failure audits record unsuccessful attempts. + - If you don't configure this policy settings, IAS and NAP user access requests aren't audited. @@ -966,7 +976,9 @@ Volume: Low on a client computer. Medium on a domain controller or a network ser This policy setting allows you to audit events generated by changes to application groups such as the following: Application group is created, changed, or deleted. Member is added or removed from an application group. + - If you configure this policy setting, an audit event is generated when an attempt to change an application group is made. Success audits record successful attempts and Failure audits record unsuccessful attempts. + - If you don't configure this policy setting, no audit event is generated when an application group changes. @@ -1029,7 +1041,9 @@ Volume: Low. This policy setting allows you to audit events generated by changes to computer accounts such as when a computer account is created, changed, or deleted. + - If you configure this policy setting, an audit event is generated when an attempt to change a computer account is made. Success audits record successful attempts and Failure audits record unsuccessful attempts. + - If you don't configure this policy setting, no audit event is generated when a computer account changes. @@ -1092,7 +1106,9 @@ Volume: Low. This policy setting allows you to audit events generated by changes to distribution groups such as the following: Distribution group is created, changed, or deleted. Member is added or removed from a distribution group. Distribution group type is changed. + - If you configure this policy setting, an audit event is generated when an attempt to change a distribution group is made. Success audits record successful attempts and Failure audits record unsuccessful attempts. + - If you don't configure this policy setting, no audit event is generated when a distribution group changes. > [!NOTE] @@ -1219,7 +1235,9 @@ Volume: Low. This policy setting allows you to audit events generated by changes to security groups such as the following: Security group is created, changed, or deleted. Member is added or removed from a security group. Group type is changed. + - If you configure this policy setting, an audit event is generated when an attempt to change a security group is made. Success audits record successful attempts and Failure audits record unsuccessful attempts. + - If you don't configure this policy setting, no audit event is generated when a security group changes. @@ -1282,7 +1300,9 @@ Volume: Low. This policy setting allows you to audit changes to user accounts. Events include the following: A user account is created, changed, deleted; renamed, disabled, enabled, locked out, or unlocked. A user account's password is set or changed. A security identifier (SID) is added to the SID History of a user account. The Directory Services Restore Mode password is configured. Permissions on administrative user accounts are changed. Credential Manager credentials are backed up or restored. + - If you configure this policy setting, an audit event is generated when an attempt to change a user account is made. Success audits record successful attempts and Failure audits record unsuccessful attempts. + - If you don't configure this policy setting, no audit event is generated when a user account changes. @@ -1345,7 +1365,9 @@ Volume: Low. This policy setting allows you to audit events generated when encryption or decryption requests are made to the Data Protection application interface (DPAPI). DPAPI is used to protect secret information such as stored password and key information. For more information about DPAPI, see [How to Use Data Protection](/dotnet/standard/security/how-to-use-data-protection). + - If you configure this policy setting, an audit event is generated when an encryption or decryption request is made to DPAPI. Success audits record successful requests and Failure audits record unsuccessful requests. + - If you don't configure this policy setting, no audit event is generated when an encryption or decryption request is made to DPAPI. @@ -1408,7 +1430,9 @@ Volume: Low. This policy setting allows you to audit when plug and play detects an external device. + - If you configure this policy setting, an audit event is generated whenever plug and play detects an external device. Only Success audits are recorded for this category. + - If you don't configure this policy setting, no audit event is generated when an external device is detected by plug and play. @@ -1471,7 +1495,9 @@ Volume: Low. This policy setting allows you to audit events generated when a process is created or starts. The name of the application or user that created the process is also audited. + - If you configure this policy setting, an audit event is generated when a process is created. Success audits record successful attempts and Failure audits record unsuccessful attempts. + - If you don't configure this policy setting, no audit event is generated when a process is created. @@ -1534,7 +1560,9 @@ Volume: Depends on how the computer is used. This policy setting allows you to audit events generated when a process ends. + - If you configure this policy setting, an audit event is generated when a process ends. Success audits record successful attempts and Failure audits record unsuccessful attempts. + - If you don't configure this policy setting, no audit event is generated when a process ends. @@ -1597,7 +1625,9 @@ Volume: Depends on how the computer is used. This policy setting allows you to audit inbound remote procedure call (RPC) connections. + - If you configure this policy setting, an audit event is generated when a remote RPC connection is attempted. Success audits record successful attempts and Failure audits record unsuccessful attempts. + - If you don't configure this policy setting, no audit event is generated when a remote RPC connection is attempted. @@ -1846,7 +1876,9 @@ This policy setting allows you to audit events generated by changes to objects i > [!NOTE] > Actions on some objects and properties don't cause audit events to be generated due to settings on the object class in the schema. + - If you configure this policy setting, an audit event is generated when an attempt to change an object in AD DS is made. Success audits record successful attempts, however unsuccessful attempts are NOT recorded. + - If you don't configure this policy setting, no audit event is generated when an attempt to change an object in AD DS object is made. @@ -1909,7 +1941,9 @@ Volume: High on domain controllers only. This policy setting allows you to audit replication between two Active Directory Domain Services (AD DS) domain controllers. + - If you configure this policy setting, an audit event is generated during AD DS replication. Success audits record successful replication and Failure audits record unsuccessful replication. + - If you don't configure this policy setting, no audit event is generated during AD DS replication. @@ -2155,6 +2189,7 @@ Volume: Medium or Low on computers running Active Directory Certificate Services This policy setting allows you to audit attempts to access files and folders on a shared folder. The Detailed File Share setting logs an event every time a file or folder is accessed, whereas the File Share setting only records one event for any connection established between a client and file share. Detailed File Share audit events include detailed information about the permissions or other criteria used to grant or deny access. + - If you configure this policy setting, an audit event is generated when an attempt is made to access a file or folder on a share. The administrator can specify whether to audit only successes, only failures, or both successes and failures. > [!NOTE] @@ -2222,7 +2257,9 @@ Volume: High on a file server or domain controller because of SYSVOL network acc This policy setting allows you to audit attempts to access a shared folder. + - If you configure this policy setting, an audit event is generated when an attempt is made to access a shared folder. + - If this policy setting is defined, the administrator can specify whether to audit only successes, only failures, or both successes and failures. > [!NOTE] @@ -2290,7 +2327,9 @@ Volume: High on a file server or domain controller because of SYSVOL network acc This policy setting allows you to audit user attempts to access file system objects. A security audit event is generated only for objects that have system access control lists (SACL) specified, and only if the type of access requested, such as Write, Read, or Modify and the account making the request match the settings in the SACL. For more information about enabling object access auditing, see< https://go.microsoft.com/fwlink/?LinkId=122083>. + - If you configure this policy setting, an audit event is generated each time an account accesses a file system object with a matching SACL. Success audits record successful attempts and Failure audits record unsuccessful attempts. + - If you don't configure this policy setting, no audit event is generated when an account accesses a file system object with a matching SACL. > [!NOTE] @@ -2356,7 +2395,9 @@ Volume: Depends on how the file system SACLs are configured. This policy setting allows you to audit connections that are allowed or blocked by the Windows Filtering Platform (WFP). The following events are included: The Windows Firewall Service blocks an application from accepting incoming connections on the network. The WFP allows a connection. The WFP blocks a connection. The WFP permits a bind to a local port. The WFP blocks a bind to a local port. The WFP allows a connection. The WFP blocks a connection. The WFP permits an application or service to listen on a port for incoming connections. The WFP blocks an application or service to listen on a port for incoming connections. + - If you configure this policy setting, an audit event is generated when connections are allowed or blocked by the WFP. Success audits record events generated when connections are allowed and Failure audits record events generated when connections are blocked. + - If you don't configure this policy setting, no audit event is generated when connected are allowed or blocked by the WFP. @@ -2480,7 +2521,9 @@ Volume: High. This policy setting allows you to audit events generated when a handle to an object is opened or closed. Only objects with a matching system access control list (SACL) generate security audit events. + - If you configure this policy setting, an audit event is generated when a handle is manipulated. Success audits record successful attempts and Failure audits record unsuccessful attempts. + - If you don't configure this policy setting, no audit event is generated when a handle is manipulated. > [!NOTE] @@ -2671,7 +2714,9 @@ Volume: Low. This policy setting allows you to audit attempts to access registry objects. A security audit event is generated only for objects that have system access control lists (SACLs) specified, and only if the type of access requested, such as Read, Write, or Modify, and the account making the request match the settings in the SACL. + - If you configure this policy setting, an audit event is generated each time an account accesses a registry object with a matching SACL. Success audits record successful attempts and Failure audits record unsuccessful attempts. + - If you don't configure this policy setting, no audit event is generated when an account accesses a registry object with a matching SACL. > [!NOTE] @@ -2737,7 +2782,9 @@ Volume: Depends on how registry SACLs are configured. This policy setting allows you to audit user attempts to access file system objects on a removable storage device. A security audit event is generated only for all objects for all types of access requested. + - If you configure this policy setting, an audit event is generated each time an account accesses a file system object on a removable storage. Success audits record successful attempts and Failure audits record unsuccessful attempts. + - If you don't configure this policy setting, no audit event is generated when an account accesses a file system object on a removable storage. @@ -2799,7 +2846,9 @@ This policy setting allows you to audit user attempts to access file system obje This policy setting allows you to audit events generated by attempts to access to Security Accounts Manager (SAM) objects. SAM objects include the following: SAM_ALIAS -- A local group. SAM_GROUP -- A group that isn't a local group. SAM_USER - A user account. SAM_DOMAIN - A domain. SAM_SERVER - A computer account. + - If you configure this policy setting, an audit event is generated when an attempt to access a kernel object is made. Success audits record successful attempts and Failure audits record unsuccessful attempts. + - If you don't configure this policy setting, no audit event is generated when an attempt to access a kernel object is made. > [!NOTE] @@ -2865,7 +2914,9 @@ Volume: High on domain controllers. For more information about reducing the numb This policy setting allows you to audit events generated by changes to the authentication policy such as the following: Creation of forest and domain trusts. Modification of forest and domain trusts. Removal of forest and domain trusts. Changes to Kerberos policy under Computer Configuration\Windows Settings\Security Settings\Account Policies\Kerberos Policy. Granting of any of the following user rights to a user or group: Access This Computer From the Network. Allow Logon Locally. Allow Logon Through Terminal Services. Logon as a Batch Job. Logon a Service. Namespace collision. For example, when a new trust has the same name as an existing namespace name. + - If you configure this policy setting, an audit event is generated when an attempt to change the authentication policy is made. Success audits record successful attempts and Failure audits record unsuccessful attempts. + - If you don't configure this policy setting, no audit event is generated when the authentication policy is changed. > [!NOTE] @@ -2931,7 +2982,9 @@ Volume: Low. This policy setting allows you to audit events generated by changes to the authorization policy such as the following: Assignment of user rights (privileges), such as SeCreateTokenPrivilege, that aren't audited through the "Authentication Policy Change" subcategory. Removal of user rights (privileges), such as SeCreateTokenPrivilege, that aren't audited through the "Authentication Policy Change" subcategory. Changes in the Encrypted File System (EFS) policy. Changes to the Resource attributes of an object. Changes to the Central Access Policy (CAP) applied to an object. + - If you configure this policy setting, an audit event is generated when an attempt to change the authorization policy is made. Success audits record successful attempts and Failure audits record unsuccessful attempts. + - If you don't configure this policy setting, no audit event is generated when the authorization policy changes. @@ -2994,7 +3047,9 @@ Volume: Low. This policy setting allows you to audit events generated by changes to the Windows Filtering Platform (WFP) such as the following: IPsec services status. Changes to IPsec policy settings. Changes to Windows Firewall policy settings. Changes to WFP providers and engine. + - If you configure this policy setting, an audit event is generated when a change to the WFP is attempted. Success audits record successful attempts and Failure audits record unsuccessful attempts. + - If you don't configure this policy setting, no audit event is generated when a change occurs to the WFP. @@ -3057,7 +3112,9 @@ Volume: Low. This policy setting allows you to audit events generated by changes in policy rules used by the Microsoft Protection Service (MPSSVC). This service is used by Windows Firewall. Events include the following: Reporting of active policies when Windows Firewall service starts. Changes to Windows Firewall rules. Changes to Windows Firewall exception list. Changes to Windows Firewall settings. Rules ignored or not applied by Windows Firewall Service. Changes to Windows Firewall Group Policy settings. + - If you configure this policy setting, an audit event is generated by attempts to change policy rules used by the MPSSVC. Success audits record successful attempts and Failure audits record unsuccessful attempts. + - If you don't configure this policy setting, no audit event is generated by changes in policy rules used by the MPSSVC. @@ -3246,7 +3303,9 @@ Volume: Low. This policy setting allows you to audit events generated by the use of non-sensitive privileges (user rights). The following privileges are non-sensitive: Access Credential Manager as a trusted caller. Access this computer from the network. Add workstations to domain. Adjust memory quotas for a process. Allow log on locally. Allow log on through Terminal Services. Bypass traverse checking. Change the system time. Create a pagefile. Create global objects. Create permanent shared objects. Create symbolic links. Deny access this computer from the network. Deny log on as a batch job. Deny log on as a service. Deny log on locally. Deny log on through Terminal Services. Force shutdown from a remote system. Increase a process working set. Increase scheduling priority. Lock pages in memory. Log on as a batch job. Log on as a service. Modify an object label. Perform volume maintenance tasks. Profile single process. Profile system performance. Remove computer from docking station. Shut down the system. Synchronize directory service data. + - If you configure this policy setting, an audit event is generated when a non-sensitive privilege is called. Success audits record successful calls and Failure audits record unsuccessful calls. + - If you don't configure this policy setting, no audit event is generated when a non-sensitive privilege is called. @@ -3369,7 +3428,9 @@ Not used. This policy setting allows you to audit events generated when sensitive privileges (user rights) are used such as the following: A privileged service is called. One of the following privileges are called: Act as part of the operating system. Back up files and directories. Create a token object. Debug programs. Enable computer and user accounts to be trusted for delegation. Generate security audits. Impersonate a client after authentication. Load and unload device drivers. Manage auditing and security log. Modify firmware environment values. Replace a process-level token. Restore files and directories. Take ownership of files or other objects. + - If you configure this policy setting, an audit event is generated when sensitive privilege requests are made. Success audits record successful requests and Failure audits record unsuccessful requests. + - If you don't configure this policy setting, no audit event is generated when sensitive privilege requests are made. @@ -3432,7 +3493,9 @@ Volume: High. This policy setting allows you to audit events generated by the IPsec filter driver such as the following: Startup and shutdown of the IPsec services. Network packets dropped due to integrity check failure. Network packets dropped due to replay check failure. Network packets dropped due to being in plaintext. Network packets received with incorrect Security Parameter Index (SPI). This may indicate that either the network card isn't working correctly or the driver needs to be updated. Inability to process IPsec filters. + - If you configure this policy setting, an audit event is generated on an IPsec filter driver operation. Success audits record successful attempts and Failure audits record unsuccessful attempts. + - If you don't configure this policy setting, no audit event is generated on an IPSec filter driver operation. @@ -3617,7 +3680,9 @@ Volume: Low. This policy setting allows you to audit events related to security system extensions or services such as the following: A security system extension, such as an authentication, notification, or security package is loaded and is registered with the Local Security Authority (LSA). It's used to authenticate logon attempts, submit logon requests, and any account or password changes. Examples of security system extensions are Kerberos and NTLM. A service is installed and registered with the Service Control Manager. The audit log contains information about the service name, binary, type, start type, and service account. + - If you configure this policy setting, an audit event is generated when an attempt is made to load a security system extension. Success audits record successful attempts and Failure audits record unsuccessful attempts. + - If you don't configure this policy setting, no audit event is generated when an attempt is made to load a security system extension. diff --git a/windows/client-management/mdm/policy-csp-autoplay.md b/windows/client-management/mdm/policy-csp-autoplay.md index 14d67c424b..b5b2859f9f 100644 --- a/windows/client-management/mdm/policy-csp-autoplay.md +++ b/windows/client-management/mdm/policy-csp-autoplay.md @@ -4,7 +4,7 @@ description: Learn more about the Autoplay Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/10/2023 +ms.date: 05/11/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -116,8 +116,7 @@ This creates a major security concern as code may be executed without user's kno - If you enable this policy setting, an Administrator can change the default Windows Vista or later behavior for autorun to: -a) Completely disable autorun commands, or -b) Revert back to pre-Windows Vista behavior of automatically executing the autorun command. +a) Completely disable autorun commands, or b) Revert back to pre-Windows Vista behavior of automatically executing the autorun command. - If you disable or not configure this policy setting, Windows Vista or later will prompt the user whether autorun command is to be run. diff --git a/windows/client-management/mdm/policy-csp-bits.md b/windows/client-management/mdm/policy-csp-bits.md index 49e554a641..f9002b94a5 100644 --- a/windows/client-management/mdm/policy-csp-bits.md +++ b/windows/client-management/mdm/policy-csp-bits.md @@ -4,7 +4,7 @@ description: Learn more about the BITS Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/10/2023 +ms.date: 05/11/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -37,7 +37,7 @@ ms.topic: reference -This policy setting limits the network bandwidth that Background Intelligent Transfer Service (BITS) uses for background transfers. (This policy setting doesn't affect foreground transfers.) +This policy setting limits the network bandwidth that Background Intelligent Transfer Service (BITS) uses for background transfers. (This policy setting doesn't affect foreground transfers). You can specify a limit to use during a specific time interval and at all other times. For example, limit the use of network bandwidth to 10 Kbps from 8:00 A. M. to 5:00 P. M., and use all available unused bandwidth the rest of the day's hours. @@ -103,7 +103,7 @@ Consider using this setting to prevent BITS transfers from competing for network -This policy setting limits the network bandwidth that Background Intelligent Transfer Service (BITS) uses for background transfers. (This policy setting doesn't affect foreground transfers.) +This policy setting limits the network bandwidth that Background Intelligent Transfer Service (BITS) uses for background transfers. (This policy setting doesn't affect foreground transfers). You can specify a limit to use during a specific time interval and at all other times. For example, limit the use of network bandwidth to 10 Kbps from 8:00 A. M. to 5:00 P. M., and use all available unused bandwidth the rest of the day's hours. @@ -169,7 +169,7 @@ Consider using this setting to prevent BITS transfers from competing for network -This policy setting limits the network bandwidth that Background Intelligent Transfer Service (BITS) uses for background transfers. (This policy setting doesn't affect foreground transfers.) +This policy setting limits the network bandwidth that Background Intelligent Transfer Service (BITS) uses for background transfers. (This policy setting doesn't affect foreground transfers). You can specify a limit to use during a specific time interval and at all other times. For example, limit the use of network bandwidth to 10 Kbps from 8:00 A. M. to 5:00 P. M., and use all available unused bandwidth the rest of the day's hours. @@ -241,20 +241,27 @@ If you enable this policy setting, you can define a default download policy for For example, you can specify that background jobs are by default to transfer only when on uncosted network connections, but foreground jobs should proceed only when not roaming. The values that can be assigned are: - - Always transfer - - Transfer unless roaming - - Transfer unless surcharge applies (when not roaming or overcap) - - Transfer unless nearing limit (when not roaming or nearing cap) - - Transfer only if unconstrained - - Custom--allows you to specify a bitmask, in which the bits describe cost states allowed or disallowed for this priority: (bits described here) +- Always transfer +- Transfer unless roaming +- Transfer unless surcharge applies (when not roaming or overcap) +- Transfer unless nearing limit (when not roaming or nearing cap) +- Transfer only if unconstrained +- Custom--allows you to specify a bitmask, in which the bits describe cost states allowed or disallowed for this priority: (bits described here) 0x1 - The cost is unknown or the connection is unlimited and is considered to be unrestricted of usage charges and capacity constraints. + 0x2 - The usage of this connection is unrestricted up to a certain data limit 0x4 - The usage of this connection is unrestricted up to a certain data limit and plan usage is less than 80 percent of the limit. + 0x8 - Usage of this connection is unrestricted up to a certain data limit and plan usage is between 80 percent and 100 percent of the limit. + 0x10 - Usage of this connection is unrestricted up to a certain data limit, which has been exceeded. Surcharge applied or unknown. + 0x20 - Usage of this connection is unrestricted up to a certain data limit, which has been exceeded. No surcharge applies, but speeds are likely reduced. + 0x40 - The connection is costed on a per-byte basis. + 0x80 - The connection is roaming. + 0x80000000 - Ignore congestion. @@ -327,20 +334,27 @@ If you enable this policy setting, you can define a default download policy for For example, you can specify that background jobs are by default to transfer only when on uncosted network connections, but foreground jobs should proceed only when not roaming. The values that can be assigned are: - - Always transfer - - Transfer unless roaming - - Transfer unless surcharge applies (when not roaming or overcap) - - Transfer unless nearing limit (when not roaming or nearing cap) - - Transfer only if unconstrained - - Custom--allows you to specify a bitmask, in which the bits describe cost states allowed or disallowed for this priority: (bits described here) +- Always transfer +- Transfer unless roaming +- Transfer unless surcharge applies (when not roaming or overcap) +- Transfer unless nearing limit (when not roaming or nearing cap) +- Transfer only if unconstrained +- Custom--allows you to specify a bitmask, in which the bits describe cost states allowed or disallowed for this priority: (bits described here) 0x1 - The cost is unknown or the connection is unlimited and is considered to be unrestricted of usage charges and capacity constraints. + 0x2 - The usage of this connection is unrestricted up to a certain data limit 0x4 - The usage of this connection is unrestricted up to a certain data limit and plan usage is less than 80 percent of the limit. + 0x8 - Usage of this connection is unrestricted up to a certain data limit and plan usage is between 80 percent and 100 percent of the limit. + 0x10 - Usage of this connection is unrestricted up to a certain data limit, which has been exceeded. Surcharge applied or unknown. + 0x20 - Usage of this connection is unrestricted up to a certain data limit, which has been exceeded. No surcharge applies, but speeds are likely reduced. + 0x40 - The connection is costed on a per-byte basis. + 0x80 - The connection is roaming. + 0x80000000 - Ignore congestion. @@ -413,6 +427,7 @@ This policy setting specifies the number of days a pending BITS job can remain i > Any property changes to the job or any successful download action will reset this timeout. Consider increasing the timeout value if computers tend to stay offline for a long period of time and still have pending jobs. + Consider decreasing this value if you are concerned about orphaned jobs occupying disk space. - If you enable this policy setting, you can configure the inactive job timeout to specified number of days. diff --git a/windows/client-management/mdm/policy-csp-browser.md b/windows/client-management/mdm/policy-csp-browser.md index ff06ee4287..8baca30d66 100644 --- a/windows/client-management/mdm/policy-csp-browser.md +++ b/windows/client-management/mdm/policy-csp-browser.md @@ -4,7 +4,7 @@ description: Learn more about the Browser Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/10/2023 +ms.date: 05/11/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -309,8 +309,11 @@ This policy setting lets you decide whether Microsoft Edge can automatically upd This setting lets you configure how to work with cookies. - If you enable this setting, you must also decide whether to: + Allow all cookies (default): Allows all cookies from all websites. + Block all cookies: Blocks all cookies from all websites. + Block only 3rd-party cookies: Blocks only cookies from 3rd-party websites. - If you disable or don't configure this setting, all cookies are allowed from all sites. @@ -1332,9 +1335,11 @@ If disabled, the browsing history stops saving and isn't visible in the History This policy setting lets you decide whether users can change their search engine. + - If you disable this setting, users can't add new search engines or change the default used in the address bar. -Important +Important. + This setting can only be used with domain-joined or MDM-enrolled devices. For more info, see the Microsoft browser extension policy (aka.ms/browserpolicy). - If you enable or don't configure this policy, users can add new search engines and change the default used in the address bar from within Microsoft Edge Settings. @@ -1485,14 +1490,15 @@ If enabled or not configured, sideloading of unverified extensions in Microsoft If disabled, sideloading of unverified extensions in Microsoft Edge isn't allowed. Extensions can be installed only through Microsoft store (including a store for business), enterprise storefront (such as Company Portal) or PowerShell (using Add-AppxPackage). When disabled, this policy doesn't prevent sideloading of extensions using Add-AppxPackage via PowerShell. To prevent this, in Group Policy Editor, enable Allows development of Windows Store apps and installing them from an integrated development environment (IDE), which is located at: -Computer Configuration > Administrative Templates > Windows Components > App Package Deployment +Computer Configuration > Administrative Templates > Windows Components > App Package Deployment. Supported versions: Microsoft Edge on Windows 10, version 1809 -Default setting: Disabled or not configured +Default setting: Disabled or not configured. + Related policies: - - Allows development of Windows Store apps and installing them from an integrated development environment (IDE) - - Allow all trusted apps to install +- Allows development of Windows Store apps and installing them from an integrated development environment (IDE) +- Allow all trusted apps to install @@ -1931,7 +1937,8 @@ To verify whether browsing data is cleared on exit (ClearBrowsingDataOnExit is s This policy setting lets you add up to 5 additional search engines, which can't be removed by your employees, but can be made a personal default engine. This setting doesn't set the default search engine. For that, you must use the "Set default search engine" setting. -Important +Important. + This setting can only be used with domain-joined or MDM-enrolled devices. For more info, see the Microsoft browser extension policy (aka.ms/browserpolicy). - If you enable this setting, you can add up to 5 additional search engines. For each additional engine, you must also add a link to your OpenSearch XML file, including at least the short name and https: URL of the search engine. For more info about creating the OpenSearch XML file, see the Understanding OpenSearch Standards (https://msdn.microsoft.com/library/dd163546.aspx) topic. Use this format to specify the link(s) you wish to add: `` `` @@ -2076,16 +2083,20 @@ When enabled, the home button is locked down preventing your users from making c If Enabled AND: - - Show home button & set to Start page is selected, clicking the home button loads the Start page. - - Show home button & set to New tab page is selected, clicking the home button loads a New tab page. - - Show home button & set a specific page is selected, clicking the home button loads the URL specified in the Set Home Button URL policy. - - Hide home button is selected, the home button is hidden in Microsoft Edge. +- Show home button & set to Start page is selected, clicking the home button loads the Start page. + +- Show home button & set to New tab page is selected, clicking the home button loads a New tab page. + +- Show home button & set a specific page is selected, clicking the home button loads the URL specified in the Set Home Button URL policy. + +- Hide home button is selected, the home button is hidden in Microsoft Edge. + +Default setting: Disabled or not configured. -Default setting: Disabled or not configured Related policies: - - Set Home Button URL - - Unlock Home Button. +- Set Home Button URL +- Unlock Home Button. @@ -2162,12 +2173,15 @@ You need to configure Microsoft Edge in assigned access for this policy to take If enabled and set to 0 (Default or not configured): - - If it's a single app, it runs InPrivate full screen for digital signage or interactive displays. - - If it's one of many apps, Microsoft Edge runs as normal. +- If it's a single app, it runs InPrivate full screen for digital signage or interactive displays. + +- If it's one of many apps, Microsoft Edge runs as normal. + If enabled and set to 1: - - If it's a single app, it runs a limited multi-tab version of InPrivate and is the only app available for public browsing. Users can't minimize, close, or open windows or customize Microsoft Edge, but can clear browsing data and downloads and restart by clicking "End session." You can configure Microsoft Edge to restart after a period of inactivity by using the "Configure kiosk reset after idle timeout" policy. - - If it's one of many apps, it runs in a limited multi-tab version of InPrivate for public browsing with other apps. Users can minimize, close, and open multiple InPrivate windows, but they can't customize Microsoft Edge. +- If it's a single app, it runs a limited multi-tab version of InPrivate and is the only app available for public browsing. Users can't minimize, close, or open windows or customize Microsoft Edge, but can clear browsing data and downloads and restart by clicking "End session". You can configure Microsoft Edge to restart after a period of inactivity by using the "Configure kiosk reset after idle timeout" policy. + +- If it's one of many apps, it runs in a limited multi-tab version of InPrivate for public browsing with other apps. Users can minimize, close, and open multiple InPrivate windows, but they can't customize Microsoft Edge. @@ -2304,10 +2318,13 @@ You can configure Microsoft Edge to lock down the Start page, preventing users f If enabled, you can choose one of the following options: - - Start page: the Start page loads ignoring the Configure Start Pages policy. - - New tab page: the New tab page loads ignoring the Configure Start Pages policy. - - Previous pages: all tabs the user had open when Microsoft Edge last closed loads ignoring the Configure Start Pages policy. - - A specific page or pages: the URL(s) specified with Configure Start Pages policy load(s). If selected, you must specify at least one URL in Configure Start Pages; otherwise, this policy is ignored. +- Start page: the Start page loads ignoring the Configure Start Pages policy. + +- New tab page: the New tab page loads ignoring the Configure Start Pages policy. + +- Previous pages: all tabs the user had open when Microsoft Edge last closed loads ignoring the Configure Start Pages policy. + +- A specific page or pages: the URL(s) specified with Configure Start Pages policy load(s). If selected, you must specify at least one URL in Configure Start Pages; otherwise, this policy is ignored. When enabled, and you want to make changes, you must first set the Disable Lockdown of Start Pages to not configured, make the changes to the Configure Open Microsoft Edge With policy, and then enable the Disable Lockdown of Start Pages policy. @@ -2467,11 +2484,12 @@ You can configure Microsoft Edge to disable the lockdown of Start pages allowing If disabled or not configured, the Start pages configured in the Configure Start Pages policy can't be changed and remain locked down. -Supported devices: Domain-joined or MDM-enrolled +Supported devices: Domain-joined or MDM-enrolled. + Related policy: - - Configure Start Pages - - Configure Open Microsoft Edge With. +- Configure Start Pages +- Configure Open Microsoft Edge With. @@ -2770,16 +2788,19 @@ If enabled, you must include URLs to the pages, separating multiple pages using If disabled or not configured, the webpages specified in App settings loads as the default Start pages. Version 1703 or later: + If you don't want to send traffic to Microsoft, enable this policy and use the `` value, which honors domain- and non-domain-joined devices, when it's the only configured URL. Version 1809: + If enabled, and you select either Start page, New Tab page, or previous page in the Configure Open Microsoft Edge With policy, Microsoft Edge ignores the Configure Start Pages policy. If not configured or you set the Configure Open Microsoft Edge With policy to a specific page or pages, Microsoft Edge uses the Configure Start Pages policy. -Supported devices: Domain-joined or MDM-enrolled +Supported devices: Domain-joined or MDM-enrolled. + Related policy: - - Configure Open Microsoft Edge With - - Disable Lockdown of Start Pages. +- Configure Open Microsoft Edge With +- Disable Lockdown of Start Pages. @@ -2840,7 +2861,8 @@ This policy setting lets you decide whether employees can add, import, sort, or - If you enable this setting, employees won't be able to add, import, or change anything in the Favorites list. Also as part of this, Save a Favorite, Import settings, and the context menu items (such as, Create a new folder) are all turned off. -Important +Important. + Don't enable both this setting and the Keep favorites in sync between Internet Explorer and Microsoft Edge setting. Enabling both settings stops employees from syncing their favorites between Internet Explorer and Microsoft Edge. - If you disable or don't configure this setting (default), employees can add, import and make changes to the Favorites list. @@ -3481,7 +3503,8 @@ This policy setting allows you to configure a default set of favorites, which wi - If you enable this setting, you can set favorite URL's and favorite folders to appear on top of users' favorites list (either in the Hub or Favorites Bar). The user favorites will appear after these provisioned favorites. -Important +Important. + Don't enable both this setting and the Keep favorites in sync between Internet Explorer and Microsoft Edge setting. Enabling both settings stops employees from syncing their favorites between Internet Explorer and Microsoft Edge. - If you disable or don't configure this setting, employees will see the favorites they set in the Hub and Favorites Bar. @@ -3507,7 +3530,7 @@ Don't enable both this setting and the Keep favorites in sync between Internet E |:--|:--| | Name | ConfiguredFavorites | | Friendly Name | Provision Favorites | -| Element Name | Specify the URL which points to the file that has all the data for provisioning favorites (in html format). You can export a set of favorites from Microsoft Edge and use that html file for provisioning user machines.

URL can be specified as

1. HTTP location: https://localhost:8080/URLs.html
2. Local network: \\network\shares\URLs.html

3. Local file: file:///c:\\Users\\``\\Documents\\URLs.html or C:\\Users\\``\\Documents\\URLs.html. | +| Element Name | Specify the URL which points to the file that has all the data for provisioning favorites (in html format). You can export a set of favorites from Microsoft Edge and use that html file for provisioning user machines.

URL can be specified as.

1. HTTP location: https://localhost:8080/URLs.html
2. Local network: \\network\shares\URLs.html.

3. Local file: file:///c:\\Users\\``\\Documents\\URLs.html or C:\\Users\\``\\Documents\\URLs.html. | | Location | Computer and User Configuration | | Path | Windows Components > Microsoft Edge | | Registry Key Name | Software\Policies\Microsoft\MicrosoftEdge\Favorites | @@ -3621,14 +3644,16 @@ This policy setting lets you decide whether your intranet sites should all open This policy setting lets you configure the default search engine for your employees. Your employees can change the default search engine at any time. -Important +Important. + This setting can only be used with domain-joined or MDM-enrolled devices. For more info, see the Microsoft browser extension policy (aka.ms/browserpolicy). - If you enable this setting, you can choose a default search engine for your employees. - If this setting is enabled, you must also add the default engine to the "Set default search engine" setting, by adding a link to your OpenSearch XML file, including at least the short name and https: URL of the search engine. For more info about creating the OpenSearch XML file, see the Understanding OpenSearch Standards (https://msdn.microsoft.com/library/dd163546.aspx) topic. Use this format to specify the link you wish to add: `` -Note +Note. + If you'd like your employees to use the default Microsoft Edge settings for each market, you can set the string to EDGEDEFAULT. If you'd like your employees to use Microsoft Bing as the default search engine, you can set the string to EDGEBING. Employees can change the default search engine at any time, unless you disable the "Allow search engine customization" setting, which restricts any changes. @@ -3696,7 +3721,8 @@ The home button can be configured to load a custom URL when your user clicks the If enabled, or configured, and the Configure Home Button policy is enabled, and the Show home button & set a specific page is selected, a custom URL loads when your user clicks the home button. -Default setting: Blank or not configured +Default setting: Blank or not configured. + Related policy: Configure Home Button. @@ -3760,7 +3786,8 @@ If enabled, you can set the default New Tab page URL. If disabled or not configured, the default Microsoft Edge new tab page is used. -Default setting: Disabled or not configured +Default setting: Disabled or not configured. + Related policy: Allow web content on New Tab page. @@ -3824,7 +3851,8 @@ If enabled, the notification appears on a new page. If you want users to continu If disabled or not configured, the default app behavior occurs and no additional page displays. -Default setting: Disabled or not configured +Default setting: Disabled or not configured. + Related policies: -Configure the Enterprise Mode Site List @@ -3981,7 +4009,8 @@ If enabled, the UI settings for the home button are enabled allowing your users If disabled or not configured, the UI settings for the home button are disabled preventing your users from making changes. -Default setting: Disabled or not configured +Default setting: Disabled or not configured. + Related policy: -Configure Home Button diff --git a/windows/client-management/mdm/policy-csp-cellular.md b/windows/client-management/mdm/policy-csp-cellular.md index 33692bd982..02503b881b 100644 --- a/windows/client-management/mdm/policy-csp-cellular.md +++ b/windows/client-management/mdm/policy-csp-cellular.md @@ -4,7 +4,7 @@ description: Learn more about the Cellular Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/10/2023 +ms.date: 05/11/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -324,6 +324,7 @@ If an app is open when this Group Policy object is applied on a device, employee This policy setting configures the visibility of the link to the per-application cellular access control page in the cellular setting UX. - If this policy setting is enabled, a drop-down list box presenting possible values will be active. Select "Hide" or "Show" to hide or show the link to the per-application cellular access control page. + - If this policy setting is disabled or isn't configured, the link to the per-application cellular access control page is showed by default. diff --git a/windows/client-management/mdm/policy-csp-credentialsdelegation.md b/windows/client-management/mdm/policy-csp-credentialsdelegation.md index 2f2df60c50..878f0f2aef 100644 --- a/windows/client-management/mdm/policy-csp-credentialsdelegation.md +++ b/windows/client-management/mdm/policy-csp-credentialsdelegation.md @@ -4,7 +4,7 @@ description: Learn more about the CredentialsDelegation Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/10/2023 +ms.date: 05/11/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -39,7 +39,7 @@ ms.topic: reference -Remote host allows delegation of non-exportable credentials +Remote host allows delegation of non-exportable credentials. When using credential delegation, devices provide an exportable version of credentials to the remote host. This exposes users to the risk of credential theft from attackers on the remote host. diff --git a/windows/client-management/mdm/policy-csp-defender.md b/windows/client-management/mdm/policy-csp-defender.md index 58c4d7d6cf..43cdc9a4ee 100644 --- a/windows/client-management/mdm/policy-csp-defender.md +++ b/windows/client-management/mdm/policy-csp-defender.md @@ -4,7 +4,7 @@ description: Learn more about the Defender Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/10/2023 +ms.date: 05/11/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -180,15 +180,15 @@ This policy setting allows you to join Microsoft MAPS. Microsoft MAPS is the onl You can choose to send basic or additional information about detected software. Additional information helps Microsoft create new security intelligence and help it to protect your computer. This information can include things like location of detected items on your computer if harmful software was removed. The information will be automatically collected and sent. In some instances, personal information might unintentionally be sent to Microsoft. However, Microsoft won't use this information to identify you or contact you. Possible options are: + (0x0) Disabled (default) -(0x1) Basic membership -(0x2) Advanced membership +(0x1) Basic membership (0x2) Advanced membership. Basic membership will send basic information to Microsoft about software that has been detected, including where the software came from, the actions that you apply or that are applied automatically, and whether the actions were successful. Advanced membership, in addition to basic information, will send more information to Microsoft about malicious software, spyware, and potentially unwanted software, including the location of the software, file names, how the software operates, and how it has impacted your computer. -- If you enable this setting, you will join Microsoft MAPS with the membership specified. +- If you enable this setting, you'll join Microsoft MAPS with the membership specified. - If you disable or don't configure this setting, you won't join Microsoft MAPS. @@ -830,6 +830,7 @@ Allows or disallows Windows Defender Script Scanning functionality. This policy setting allows you to configure whether or not to display AM UI to the users. + If you enable this setting AM UI won't be available to users. @@ -896,16 +897,20 @@ If you enable this setting AM UI won't be available to users. Exclude files and paths from Attack Surface Reduction (ASR) rules. Enabled: + Specify the folders or files and resources that should be excluded from ASR rules in the Options section. + Enter each rule on a new line as a name-value pair: - - Name column: Enter a folder path or a fully qualified resource name. For example, "C:\Windows" will exclude all files in that directory. "C:\Windows\App.exe" will exclude only that specific file in that specific folder - - Value column: Enter "0" for each item +- Name column: Enter a folder path or a fully qualified resource name. For example, "C:\Windows" will exclude all files in that directory. "C:\Windows\App.exe" will exclude only that specific file in that specific folder +- Value column: Enter "0" for each item. Disabled: + No exclusions will be applied to the ASR rules. Not configured: + Same as Disabled. You can configure ASR rules in the Configure Attack Surface Reduction rules GP setting. @@ -966,30 +971,33 @@ Set the state for each Attack Surface Reduction (ASR) rule. After enabling this setting, you can set each rule to the following in the Options section: - - Block: the rule will be applied - - Audit Mode: if the rule would normally cause an event, then it will be recorded (although the rule won't actually be applied) - - Off: the rule won't be applied - - Not Configured: the rule is enabled with default values - - Warn: the rule will be applied and the end-user will have the option to bypass the block +- Block: the rule will be applied +- Audit Mode: if the rule would normally cause an event, then it will be recorded (although the rule won't actually be applied) +- Off: the rule won't be applied +- Not Configured: the rule is enabled with default values +- Warn: the rule will be applied and the end-user will have the option to bypass the block. Unless the ASR rule is disabled, a subsample of audit events are collected for ASR rules with the value of not configured. Enabled: + Specify the state for each ASR rule under the Options section for this setting. + Enter each rule on a new line as a name-value pair: - - Name column: Enter a valid ASR rule ID - - Value column: Enter the status ID that relates to state you want to specify for the associated rule +- Name column: Enter a valid ASR rule ID +- Value column: Enter the status ID that relates to state you want to specify for the associated rule. The following status IDs are permitted under the value column: - - 1 (Block) - - 0 (Off) - - 2 (Audit) - - 5 (Not Configured) - - 6 (Warn) +- 1 (Block) +- 0 (Off) +- 2 (Audit) +- 5 (Not Configured) +- 6 (Warn) Example: + xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx 0 xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx @@ -998,9 +1006,11 @@ xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx 2 Disabled: + No ASR rules will be configured. Not configured: + Same as Disabled. You can exclude folders or files in the "Exclude files and paths from Attack Surface Reduction Rules" GP setting. @@ -1193,9 +1203,8 @@ For more information about specific values that are supported, see the Microsoft > This feature requires the "Join Microsoft MAPS" setting enabled in order to function. Possible options are: -(0x0) Default Microsoft Defender Antivirus blocking level -(0x1) Moderate Microsoft Defender Antivirus blocking level, delivers verdict only for high confidence detections -(0x2) High blocking level - aggressively block unknowns while optimizing client performance (greater chance of false positives) + +(0x0) Default Microsoft Defender Antivirus blocking level (0x1) Moderate Microsoft Defender Antivirus blocking level, delivers verdict only for high confidence detections (0x2) High blocking level - aggressively block unknowns while optimizing client performance (greater chance of false positives) (0x4) High+ blocking level - aggressively block unknowns and apply additional protection measures (may impact client performance) (0x6) Zero tolerance blocking level - block all unknown executables. @@ -1331,12 +1340,15 @@ These applications are allowed to modify or delete files in controlled folder ac Microsoft Defender Antivirus automatically determines which applications should be trusted. You can configure this setting to add additional applications. Enabled: + Specify additional allowed applications in the Options section.. Disabled: + No additional applications will be added to the trusted list. Not configured: + Same as Disabled. You can enable controlled folder access in the Configure controlled folder access GP setting. @@ -1400,15 +1412,19 @@ Specify additional folders that should be guarded by the Controlled folder acces Files in these folders can't be modified or deleted by untrusted applications. Default system folders are automatically protected. You can configure this setting to add additional folders. + The list of default system folders that are protected is shown in Windows Security. Enabled: + Specify additional folders that should be protected in the Options section. Disabled: + No additional folders will be protected. Not configured: + Same as Disabled. You can enable controlled folder access in the Configure controlled folder access GP setting. @@ -1660,55 +1676,69 @@ This policy setting allows you to configure catch-up scans for scheduled quick s Enable or disable controlled folder access for untrusted applications. You can choose to block, audit, or allow attempts by untrusted apps to: - - Modify or delete files in protected folders, such as the Documents folder - - Write to disk sectors +- Modify or delete files in protected folders, such as the Documents folder +- Write to disk sectors. You can also choose to only block or audit writes to disk sectors while still allowing the modification or deletion of files in protected folders. Microsoft Defender Antivirus automatically determines which applications can be trusted. You can add additional trusted applications in the Configure allowed applications GP setting. + Default system folders are automatically protected, but you can add folders in the Configure protected folders GP setting. Block: + The following will be blocked: - - Attempts by untrusted apps to modify or delete files in protected folders - - Attempts by untrusted apps to write to disk sectors +- Attempts by untrusted apps to modify or delete files in protected folders +- Attempts by untrusted apps to write to disk sectors. + The Windows event log will record these blocks under Applications and Services Logs > Microsoft > Windows > Windows Defender > Operational > ID 1123. Disabled: + The following won't be blocked and will be allowed to run: - - Attempts by untrusted apps to modify or delete files in protected folders - - Attempts by untrusted apps to write to disk sectors +- Attempts by untrusted apps to modify or delete files in protected folders +- Attempts by untrusted apps to write to disk sectors. + These attempts won't be recorded in the Windows event log. Audit Mode: + The following won't be blocked and will be allowed to run: - - Attempts by untrusted apps to modify or delete files in protected folders - - Attempts by untrusted apps to write to disk sectors +- Attempts by untrusted apps to modify or delete files in protected folders +- Attempts by untrusted apps to write to disk sectors. + The Windows event log will record these attempts under Applications and Services Logs > Microsoft > Windows > Windows Defender > Operational > ID 1124. Block disk modification only: + The following will be blocked: - - Attempts by untrusted apps to write to disk sectors +- Attempts by untrusted apps to write to disk sectors. + The Windows event log will record these attempts under Applications and Services Logs > Microsoft > Windows > Windows Defender > Operational > ID 1123. The following won't be blocked and will be allowed to run: - - Attempts by untrusted apps to modify or delete files in protected folders +- Attempts by untrusted apps to modify or delete files in protected folders. + These attempts won't be recorded in the Windows event log. Audit disk modification only: + The following won't be blocked and will be allowed to run: - - Attempts by untrusted apps to write to disk sectors - - Attempts by untrusted apps to modify or delete files in protected folders +- Attempts by untrusted apps to write to disk sectors +- Attempts by untrusted apps to modify or delete files in protected folders. + Only attempts to write to protected disk sectors will be recorded in the Windows event log (under Applications and Services Logs > Microsoft > Windows > Windows Defender > Operational > ID 1124). + Attempts to modify or delete files in protected folders won't be recorded. Not configured: + Same as Disabled. @@ -1842,15 +1872,18 @@ This policy setting allows you to enable or disable low CPU priority for schedul Enable or disable Microsoft Defender Exploit Guard network protection to prevent employees from using any application to access dangerous domains that may host phishing scams, exploit-hosting sites, and other malicious content on the Internet. Enabled: + Specify the mode in the Options section: -Block: Users and applications won't be able to access dangerous domains -Audit Mode: Users and applications can connect to dangerous domains, however if this feature would've blocked access if it were set to Block, then a record of the event will be in the event logs. Disabled: + Users and applications won't be blocked from connecting to dangerous domains. Not configured: + Same as Disabled. @@ -2088,15 +2121,19 @@ Allows an administrator to specify a list of files opened by processes to ignore Enable or disable detection for potentially unwanted applications. You can choose to block, audit, or allow when potentially unwanted software is being downloaded or attempts to install itself on your computer. Enabled: + Specify the mode in the Options section: -Block: Potentially unwanted software will be blocked. + -Audit Mode: Potentially unwanted software won't be blocked, however if this feature would've blocked access if it were set to Block, then a record of the event will be in the event logs. Disabled: + Potentially unwanted software won't be blocked. Not configured: + Same as Disabled. @@ -2165,9 +2202,10 @@ This policy setting allows you to configure monitoring for incoming and outgoing Note that this configuration is only honored for NTFS volumes. For any other file system type, full monitoring of file and program activity will be present on those volumes. The options for this setting are mutually exclusive: + 0 = Scan incoming and outgoing files (default) 1 = Scan incoming files only -2 = Scan outgoing files only +2 = Scan outgoing files only. Any other value, or if the value doesn't exist, resolves to the default (0). @@ -2238,8 +2276,9 @@ Any other value, or if the value doesn't exist, resolves to the default (0). This policy setting allows you to specify the scan type to use during a scheduled scan. Scan type options are: + 1 = Quick Scan (default) -2 = Full Scan +2 = Full Scan. - If you enable this setting, the scan type will be set to the specified value. @@ -2368,15 +2407,8 @@ This policy setting allows you to specify the time of day at which to perform a This policy setting allows you to specify the day of the week on which to perform a scheduled scan. The scan can also be configured to run every day or to never run at all. This setting can be configured with the following ordinal number values: -(0x0) Every Day -(0x1) Sunday -(0x2) Monday -(0x3) Tuesday -(0x4) Wednesday -(0x5) Thursday -(0x6) Friday -(0x7) Saturday -(0x8) Never (default) + +(0x0) Every Day (0x1) Sunday (0x2) Monday (0x3) Tuesday (0x4) Wednesday (0x5) Thursday (0x6) Friday (0x7) Saturday (0x8) Never (default) - If you enable this setting, a scheduled scan will run at the frequency specified. @@ -2564,7 +2596,7 @@ If you disable or don't configure this setting, security intelligence will be re -This policy setting allows you to define the order in which different security intelligence update sources should be contacted. The value of this setting should be entered as a pipe-separated string enumerating the security intelligence update sources in order. Possible values are: "InternalDefinitionUpdateServer", "MicrosoftUpdateServer", "MMPC", and "FileShares" +This policy setting allows you to define the order in which different security intelligence update sources should be contacted. The value of this setting should be entered as a pipe-separated string enumerating the security intelligence update sources in order. Possible values are: "InternalDefinitionUpdateServer", "MicrosoftUpdateServer", "MMPC", and "FileShares". For Example: `{ InternalDefinitionUpdateServer | MicrosoftUpdateServer | MMPC }` @@ -2744,10 +2776,8 @@ This policy setting allows you to specify an interval at which to check for secu This policy setting configures behavior of samples submission when opt-in for MAPS telemetry is set. Possible options are: -(0x0) Always prompt -(0x1) Send safe samples automatically -(0x2) Never send -(0x3) Send all samples automatically. + +(0x0) Always prompt (0x1) Send safe samples automatically (0x2) Never send (0x3) Send all samples automatically. @@ -2815,12 +2845,14 @@ Possible options are: This policy setting allows you to customize which automatic remediation action will be taken for each threat alert level. Threat alert levels should be added under the Options for this setting. Each entry must be listed as a name value pair. The name defines a threat alert level. The value contains the action ID for the remediation action that should be taken. Valid threat alert levels are: + 1 = Low 2 = Medium 4 = High -5 = Severe +5 = Severe. Valid remediation action values are: + 2 = Quarantine 3 = Remove 6 = Ignore. diff --git a/windows/client-management/mdm/policy-csp-deliveryoptimization.md b/windows/client-management/mdm/policy-csp-deliveryoptimization.md index 85af3b232c..d38b2f6b8f 100644 --- a/windows/client-management/mdm/policy-csp-deliveryoptimization.md +++ b/windows/client-management/mdm/policy-csp-deliveryoptimization.md @@ -4,7 +4,7 @@ description: Learn more about the DeliveryOptimization Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/10/2023 +ms.date: 05/11/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -1509,8 +1509,11 @@ The default value 0 (zero) means that Delivery Optimization dynamically adjusts Set this policy to restrict peer selection via selected option. Options available are: + 0 = NAT. + 1 = Subnet mask. + 2 = Local discovery (DNS-SD). The default value has changed from 0 (no restriction) to 1 (restrict to the subnet). diff --git a/windows/client-management/mdm/policy-csp-deviceinstallation.md b/windows/client-management/mdm/policy-csp-deviceinstallation.md index 1389673315..54c24ec458 100644 --- a/windows/client-management/mdm/policy-csp-deviceinstallation.md +++ b/windows/client-management/mdm/policy-csp-deviceinstallation.md @@ -4,7 +4,7 @@ description: Learn more about the DeviceInstallation Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/10/2023 +ms.date: 05/11/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -43,8 +43,9 @@ This policy setting allows you to specify a list of Plug and Play hardware IDs a When this policy setting is enabled together with the "Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria" policy setting, Windows is allowed to install or update any device whose Plug and Play hardware ID or compatible ID appears in the list you create, unless another policy setting at the same or higher layer in the hierarchy specifically prevents that installation, such as the following policy settings: - - Prevent installation of devices that match these device IDs - - Prevent installation of devices that match any of these device instance IDs +- Prevent installation of devices that match these device IDs +- Prevent installation of devices that match any of these device instance IDs. + If the "Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria" policy setting isn't enabled with this policy setting, then any other policy settings specifically preventing installation will take precedence. > [!NOTE] @@ -145,7 +146,8 @@ This policy setting allows you to specify a list of Plug and Play device instanc When this policy setting is enabled together with the "Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria" policy setting, Windows is allowed to install or update any device whose Plug and Play device instance ID appears in the list you create, unless another policy setting at the same or higher layer in the hierarchy specifically prevents that installation, such as the following policy settings: - - Prevent installation of devices that match any of these device instance IDs +- Prevent installation of devices that match any of these device instance IDs. + If the "Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria" policy setting isn't enabled with this policy setting, then any other policy settings specifically preventing installation will take precedence. > [!NOTE] @@ -248,9 +250,10 @@ This policy setting allows you to specify a list of device setup class globally When this policy setting is enabled together with the "Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria" policy setting, Windows is allowed to install or update driver packages whose device setup class GUIDs appear in the list you create, unless another policy setting at the same or higher layer in the hierarchy specifically prevents that installation, such as the following policy settings: - - Prevent installation of devices for these device classes - - Prevent installation of devices that match these device IDs - - Prevent installation of devices that match any of these device instance IDs +- Prevent installation of devices for these device classes +- Prevent installation of devices that match these device IDs +- Prevent installation of devices that match any of these device instance IDs. + If the "Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria" policy setting isn't enabled with this policy setting, then any other policy settings specifically preventing installation will take precedence. > [!NOTE] @@ -357,31 +360,31 @@ To verify that the policy is applied, check C:\windows\INF\setupapi.dev.log and This policy setting will change the evaluation order in which Allow and Prevent policy settings are applied when more than one install policy setting is applicable for a given device. Enable this policy setting to ensure that overlapping device match criteria is applied based on an established hierarchy where more specific match criteria supersedes less specific match criteria. The hierarchical order of evaluation for policy settings that specify device match criteria is as follows: -Device instance IDs > Device IDs > Device setup class > Removable devices +Device instance IDs > Device IDs > Device setup class > Removable devices. -Device instance IDs +Device instance IDs. 1. Prevent installation of devices using drivers that match these device instance IDs -2. Allow installation of devices using drivers that match these device instance IDs +2. Allow installation of devices using drivers that match these device instance IDs. -Device IDs +Device IDs. 3. Prevent installation of devices using drivers that match these device IDs -4. Allow installation of devices using drivers that match these device IDs +4. Allow installation of devices using drivers that match these device IDs. -Device setup class +Device setup class. 5. Prevent installation of devices using drivers that match these device setup classes -6. Allow installation of devices using drivers that match these device setup classes +6. Allow installation of devices using drivers that match these device setup classes. -Removable devices +Removable devices. -7. Prevent installation of removable devices +7. Prevent installation of removable devices. > [!NOTE] > This policy setting provides more granular control than the "Prevent installation of devices not described by other policy settings" policy setting. If these conflicting policy settings are enabled at the same time, the "Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria" policy setting will be enabled and the other policy setting will be ignored. -If you disable or don't configure this policy setting, the default evaluation is used. By default, all "Prevent installation..." policy settings have precedence over any other policy setting that allows Windows to install a device. +If you disable or don't configure this policy setting, the default evaluation is used. By default, all "Prevent installation..". policy settings have precedence over any other policy setting that allows Windows to install a device. diff --git a/windows/client-management/mdm/policy-csp-education.md b/windows/client-management/mdm/policy-csp-education.md index e8c6feb635..9481c59de0 100644 --- a/windows/client-management/mdm/policy-csp-education.md +++ b/windows/client-management/mdm/policy-csp-education.md @@ -4,7 +4,7 @@ description: Learn more about the Education Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/10/2023 +ms.date: 05/11/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -38,6 +38,7 @@ ms.topic: reference This policy setting allows you to control whether graphing functionality is available in the Windows Calculator app. + - If you disable this policy setting, graphing functionality won't be accessible in the Windows Calculator app. - If you enable or don't configure this policy setting, users will be able to access graphing functionality. @@ -144,6 +145,7 @@ The policy value is expected to be the name (network host name) of an installed This policy setting allows you to control whether EDU-specific theme packs are available in Settings > Personalization. + - If you disable or don't configure this policy setting, EDU-specific theme packs won't be included. - If you enable this policy setting, users will be able to personalize their devices with EDU-specific themes. @@ -246,7 +248,7 @@ This policy setting allows tenant to control whether to declare this OS as an ed Prevents users from using familiar methods to add local and network printers. -- If this policy setting is enabled, it removes the Add Printer option from the Start menu. (To find the Add Printer option, click Start, click Printers, and then click Add Printer.) This setting also removes Add Printer from the Printers folder in Control Panel. +- If this policy setting is enabled, it removes the Add Printer option from the Start menu. (To find the Add Printer option, click Start, click Printers, and then click Add Printer). This setting also removes Add Printer from the Printers folder in Control Panel. Also, users can't add printers by dragging a printer icon into the Printers folder. If they try, a message appears explaining that the setting prevents the action. diff --git a/windows/client-management/mdm/policy-csp-experience.md b/windows/client-management/mdm/policy-csp-experience.md index f96eb7a075..98e5bc674b 100644 --- a/windows/client-management/mdm/policy-csp-experience.md +++ b/windows/client-management/mdm/policy-csp-experience.md @@ -4,7 +4,7 @@ description: Learn more about the Experience Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/10/2023 +ms.date: 05/11/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -42,7 +42,9 @@ ms.topic: reference This policy setting determines whether history of Clipboard contents can be stored in memory. - If you enable this policy setting, history of Clipboard contents are allowed to be stored. + - If you disable this policy setting, history of Clipboard contents aren't allowed to be stored. + Policy change takes effect immediately. @@ -168,6 +170,7 @@ This policy is deprecated. This policy setting specifies whether Cortana is allowed on the device. - If you enable or don't configure this setting, Cortana will be allowed on the device. + - If you disable this setting, Cortana will be turned off. When Cortana is off, users will still be able to use search to find things on the device. @@ -603,6 +606,7 @@ Allow SIM error dialog prompts when no SIM is inserted. Specifies whether Spotlight collection is allowed as a Personalization->Background Setting. - If you enable this policy setting, Spotlight collection will show as an option in the user's Personalization Settings, and the user will be able to get daily images from Microsoft displayed on their desktop. + - If you disable this policy setting, Spotlight collection won't show as an option in Personalization Settings, and the user won't have the choice of getting Microsoft daily images shown on their desktop. @@ -714,6 +718,7 @@ Allows or disallows all Windows sync settings on the device. For information abo This policy allows you to prevent Windows from using diagnostic data to provide customized experiences to the user. - If you enable this policy setting, Windows won't use diagnostic data from this device to customize content shown on the lock screen, Windows tips, Microsoft consumer features, or other related features. If these features are enabled, users will still see recommendations, tips and offers, but they may be less relevant. + - If you disable or don't configure this policy setting, Microsoft will use diagnostic data to provide personalized recommendations, tips, and offers to tailor Windows for the user's needs and make it work better for them. Diagnostic data can include browser, app and feature usage, depending on the Diagnostic and usage data setting value. > [!NOTE] @@ -1016,6 +1021,7 @@ Prior to Windows 10, version 1803, this policy had User scope. This policy allow Specifies whether to turn off all Windows spotlight features at once. - If you enable this policy setting, Windows spotlight on lock screen, Windows Tips, Microsoft consumer features and other related features will be turned off. You should enable this policy setting if your goal is to minimize network traffic from target devices. + - If you disable or don't configure this policy setting, Windows spotlight features are allowed and may be controlled individually using their corresponding policy settings. Most restricted value is 0. @@ -1082,6 +1088,7 @@ Specifies whether to turn off all Windows spotlight features at once. This policy allows administrators to prevent Windows spotlight notifications from being displayed in the Action Center. - If you enable this policy, Windows spotlight notifications will no longer be displayed in the Action Center. + - If you disable or don't configure this policy, Microsoft may display notifications in the Action Center that will suggest apps or features to help users be more productive on Windows. Most restricted value is 0. @@ -1212,6 +1219,7 @@ This policy allows IT admins to turn off Suggestions in Settings app. These sugg This policy setting lets you turn off the Windows spotlight Windows welcome experience feature. The Windows welcome experience feature introduces onboard users to Windows; for example, launching Microsoft Edge with a webpage that highlights new features. - If you enable this policy, the Windows welcome experience will no longer be displayed when there are updates and changes to Windows and its apps. + - If you disable or don't configure this policy, the Windows welcome experience will be launched to inform onboard users about what's new, changed, and suggested. Most restricted value is 0. diff --git a/windows/client-management/mdm/policy-csp-internetexplorer.md b/windows/client-management/mdm/policy-csp-internetexplorer.md index 34a00c32b7..048fcaf893 100644 --- a/windows/client-management/mdm/policy-csp-internetexplorer.md +++ b/windows/client-management/mdm/policy-csp-internetexplorer.md @@ -4,7 +4,7 @@ description: Learn more about the InternetExplorer Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/10/2023 +ms.date: 05/11/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -1500,7 +1500,7 @@ For more information, see This policy setting allows you to manage a list of sites that you want to associate with a particular security zone. These zone numbers have associated security settings that apply to all of the sites in the zone. -Internet Explorer has 4 security zones, numbered 1-4, and these are used by this policy setting to associate sites to zones. They are: (1) Intranet zone, (2) Trusted Sites zone, (3) Internet zone, and (4) Restricted Sites zone. Security settings can be set for each of these zones through other policy settings, and their default settings are: Trusted Sites zone (Low template), Intranet zone (Medium-Low template), Internet zone (Medium template), and Restricted Sites zone (High template). (The Local Machine zone and its locked down equivalent have special security settings that protect your local computer.) +Internet Explorer has 4 security zones, numbered 1-4, and these are used by this policy setting to associate sites to zones. They are: (1) Intranet zone, (2) Trusted Sites zone, (3) Internet zone, and (4) Restricted Sites zone. Security settings can be set for each of these zones through other policy settings, and their default settings are: Trusted Sites zone (Low template), Intranet zone (Medium-Low template), Internet zone (Medium template), and Restricted Sites zone (High template). (The Local Machine zone and its locked down equivalent have special security settings that protect your local computer). - If you enable this policy setting, you can enter a list of sites and their related zone numbers. The association of a site with a zone will ensure that the security settings for the specified zone are applied to the site. For each entry that you add to the list, enter the following information: @@ -2066,22 +2066,26 @@ Enables you to configure up to three versions of Microsoft Edge to open a redire If both the Windows Update for the next version of Microsoft Edge* and Microsoft Edge Stable channel are installed, the following behaviors occur: - - If you disable or don't configure this policy, Microsoft Edge Stable channel is used. This is the default behavior. - - If you enable this policy, you can configure redirected sites to open in up to three of the following channels where: +- If you disable or don't configure this policy, Microsoft Edge Stable channel is used. This is the default behavior. + +- If you enable this policy, you can configure redirected sites to open in up to three of the following channels where: + 1 = Microsoft Edge Stable 2 = Microsoft Edge Beta version 77 or later 3 = Microsoft Edge Dev version 77 or later -4 = Microsoft Edge Canary version 77 or later +4 = Microsoft Edge Canary version 77 or later. If the Windows Update for the next version of Microsoft Edge* or Microsoft Edge Stable channel aren't installed, the following behaviors occur: - - If you disable or don't configure this policy, Microsoft Edge version 45 or earlier is automatically used. This is the default behavior. - - If you enable this policy, you can configure redirected sites to open in up to three of the following channels where: +- If you disable or don't configure this policy, Microsoft Edge version 45 or earlier is automatically used. This is the default behavior. + +- If you enable this policy, you can configure redirected sites to open in up to three of the following channels where: + 0 = Microsoft Edge version 45 or earlier 1 = Microsoft Edge Stable 2 = Microsoft Edge Beta version 77 or later 3 = Microsoft Edge Dev version 77 or later -4 = Microsoft Edge Canary version 77 or later +4 = Microsoft Edge Canary version 77 or later. - For more information about the Windows update for the next version of Microsoft Edge including how to disable it, see< https://go.microsoft.com/fwlink/?linkid=2102115>. This update applies only to Windows 10 version 1709 and higher. @@ -3117,8 +3121,9 @@ This policy setting prevents Internet Explorer from running the First Run wizard - If you enable this policy setting, you must make one of the following choices: - - Skip the First Run wizard, and go directly to the user's home page. - - Skip the First Run wizard, and go directly to the "Welcome to Internet Explorer" webpage. +- Skip the First Run wizard, and go directly to the user's home page. + +- Skip the First Run wizard, and go directly to the "Welcome to Internet Explorer" webpage. Starting with Windows 8, the "Welcome to Internet Explorer" webpage isn't available. The user's home page will display regardless of which option is chosen. @@ -3568,10 +3573,13 @@ This policy lets you restrict launching of Internet Explorer as a standalone bro If you enable this policy, it: - - Prevents Internet Explorer 11 from launching as a standalone browser. - - Restricts Internet Explorer's usage to Microsoft Edge's native 'Internet Explorer mode'. - - Redirects all attempts at launching Internet Explorer 11 to Microsoft Edge Stable Channel browser. - - Overrides any other policies that redirect to Internet Explorer 11. +- Prevents Internet Explorer 11 from launching as a standalone browser. + +- Restricts Internet Explorer's usage to Microsoft Edge's native 'Internet Explorer mode'. + +- Redirects all attempts at launching Internet Explorer 11 to Microsoft Edge Stable Channel browser. + +- Overrides any other policies that redirect to Internet Explorer 11. If you disable, or don't configure this policy, all sites are opened using the current active browser settings. @@ -4170,7 +4178,7 @@ When Enhanced Protected Mode is enabled, and a user encounters a website that at Prevents users from adding or removing sites from security zones. A security zone is a group of Web sites with the same security level. -- If you enable this policy, the site management settings for security zones are disabled. (To see the site management settings for security zones, in the Internet Options dialog box, click the Security tab, and then click the Sites button.) +- If you enable this policy, the site management settings for security zones are disabled. (To see the site management settings for security zones, in the Internet Options dialog box, click the Security tab, and then click the Sites button). - If you disable this policy or don't configure it, users can add Web sites to or remove sites from the Trusted Sites and Restricted Sites zones, and alter settings for the Local Intranet zone. @@ -4374,9 +4382,9 @@ This policy setting allows you to manage a list of domains on which Internet Exp - If you enable this policy setting, you can enter a custom list of domains for which outdated ActiveX controls won't be blocked in Internet Explorer. Each domain entry must be formatted like one of the following: 1. "domain.name. TLD". For example, if you want to include *.contoso.com/*, use "contoso.com" -2. "hostname". For example, if you want to include https://example, use "example" +2. "hostname". For example, if you want to include https://example, use "example". -3. "file:///path/filename.htm". For example, use "file:///C:/Users/contoso/Desktop/index.htm" +3. "file:///path/filename.htm". For example, use "file:///C:/Users/contoso/Desktop/index.htm". - If you disable or don't configure this policy setting, the list is deleted and Internet Explorer continues to block specific outdated ActiveX controls on all domains in the Internet Zone. @@ -4505,6 +4513,7 @@ For more information, see This setting allows Internet Explorer mode to use the global window list that enables sharing state with other applications. + The setting will take effect only when Internet Explorer 11 is disabled as a standalone browser. - If you enable this policy, Internet Explorer mode will use the global window list. @@ -7878,8 +7887,8 @@ We strongly recommend keeping this policy in sync with the 'Send all intranet si Related policies: - - Send all intranet sites to Internet Explorer ('SendIntranetToInternetExplorer') - - Send all sites not included in the Enterprise Mode Site List to Microsoft Edge ('RestrictIE') +- Send all intranet sites to Internet Explorer ('SendIntranetToInternetExplorer') +- Send all sites not included in the Enterprise Mode Site List to Microsoft Edge ('RestrictIE') For more info about how to use this policy together with other related policies to create the optimal configuration for your organization, see< https://go.microsoft.com/fwlink/?linkid=2094210>. diff --git a/windows/client-management/mdm/policy-csp-kerberos.md b/windows/client-management/mdm/policy-csp-kerberos.md index 2b2d6da783..3368906aa4 100644 --- a/windows/client-management/mdm/policy-csp-kerberos.md +++ b/windows/client-management/mdm/policy-csp-kerberos.md @@ -4,7 +4,7 @@ description: Learn more about the Kerberos Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/10/2023 +ms.date: 05/11/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -226,7 +226,7 @@ This policy setting controls whether a device will request claims and compound a This policy setting controls hash or checksum algorithms used by the Kerberos client when performing certificate authentication. -- If you enable this policy, you will be able to configure one of four states for each algorithm: +- If you enable this policy, you'll be able to configure one of four states for each algorithm: - "Default" sets the algorithm to the recommended state. diff --git a/windows/client-management/mdm/policy-csp-lanmanworkstation.md b/windows/client-management/mdm/policy-csp-lanmanworkstation.md index e76faff2df..45c8c19788 100644 --- a/windows/client-management/mdm/policy-csp-lanmanworkstation.md +++ b/windows/client-management/mdm/policy-csp-lanmanworkstation.md @@ -4,7 +4,7 @@ description: Learn more about the LanmanWorkstation Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/10/2023 +ms.date: 05/11/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -43,7 +43,7 @@ This policy setting determines if the SMB client will allow insecure guest logon - If you disable this policy setting, the SMB client will reject insecure guest logons. -Insecure guest logons are used by file servers to allow unauthenticated access to shared folders. While uncommon in an enterprise environment, insecure guest logons are frequently used by consumer Network Attached Storage (NAS) appliances acting as file servers. Windows file servers require authentication and don't use insecure guest logons by default. Since insecure guest logons are unauthenticated, important security features such as SMB Signing and SMB Encryption are disabled. As a result, clients that allow insecure guest logons are vulnerable to a variety of man-in-the-middle attacks that can result in data loss, data corruption, and exposure to malware. Additionally, any data written to a file server using an insecure guest logon is potentially accessible to anyone on the network. Microsoft recommends disabling insecure guest logons and configuring file servers to require authenticated access." +Insecure guest logons are used by file servers to allow unauthenticated access to shared folders. While uncommon in an enterprise environment, insecure guest logons are frequently used by consumer Network Attached Storage (NAS) appliances acting as file servers. Windows file servers require authentication and don't use insecure guest logons by default. Since insecure guest logons are unauthenticated, important security features such as SMB Signing and SMB Encryption are disabled. As a result, clients that allow insecure guest logons are vulnerable to a variety of man-in-the-middle attacks that can result in data loss, data corruption, and exposure to malware. Additionally, any data written to a file server using an insecure guest logon is potentially accessible to anyone on the network. Microsoft recommends disabling insecure guest logons and configuring file servers to require authenticated access". diff --git a/windows/client-management/mdm/policy-csp-licensing.md b/windows/client-management/mdm/policy-csp-licensing.md index 48bbbb7152..430bd00cd2 100644 --- a/windows/client-management/mdm/policy-csp-licensing.md +++ b/windows/client-management/mdm/policy-csp-licensing.md @@ -4,7 +4,7 @@ description: Learn more about the Licensing Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/10/2023 +ms.date: 05/11/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -38,11 +38,12 @@ ms.topic: reference This policy setting controls whether OS Reactivation is blocked on a device. + Policy Options: - - Not Configured (default -- Windows registration and reactivation is allowed) - - Disabled (Windows registration and reactivation isn't allowed) - - Enabled (Windows registration is allowed) +- Not Configured (default -- Windows registration and reactivation is allowed) +- Disabled (Windows registration and reactivation isn't allowed) +- Enabled (Windows registration is allowed) @@ -106,12 +107,14 @@ Policy Options: This policy setting lets you opt-out of sending KMS client activation data to Microsoft automatically. Enabling this setting prevents this computer from sending data to Microsoft regarding its activation state. + If you disable or don't configure this policy setting, KMS client activation data will be sent to Microsoft services when this device activates. + Policy Options: - - Not Configured (default -- data will be automatically sent to Microsoft) - - Disabled (data will be automatically sent to Microsoft) - - Enabled (data won't be sent to Microsoft) +- Not Configured (default -- data will be automatically sent to Microsoft) +- Disabled (data will be automatically sent to Microsoft) +- Enabled (data won't be sent to Microsoft) diff --git a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md index 8af0dde209..3a0caa4237 100644 --- a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md +++ b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md @@ -4,7 +4,7 @@ description: Learn more about the LocalPoliciesSecurityOptions Area in Policy CS author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/10/2023 +ms.date: 05/11/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -335,7 +335,7 @@ Accounts: Rename administrator account This security setting determines whether -Accounts: Rename guest account This security setting determines whether a different account name is associated with the security identifier (SID) for the account "Guest." Renaming the well-known Guest account makes it slightly more difficult for unauthorized persons to guess this user name and password combination. Default: Guest. +Accounts: Rename guest account This security setting determines whether a different account name is associated with the security identifier (SID) for the account "Guest". Renaming the well-known Guest account makes it slightly more difficult for unauthorized persons to guess this user name and password combination. Default: Guest. @@ -497,6 +497,7 @@ Devices: Allow undock without having to log on This security setting determines Devices: Prevent users from installing printer drivers when connecting to shared printers For a computer to print to a shared printer, the driver for that shared printer must be installed on the local computer. This security setting determines who is allowed to install a printer driver as part of connecting to a shared printer. - If this setting is enabled, only Administrators can install a printer driver as part of connecting to a shared printer. + - If this setting is disabled, any user can install a printer driver as part of connecting to a shared printer. Default on servers: Enabled. Default on workstations: Disabled Notes This setting doesn't affect the ability to add a local printer. This setting doesn't affect Administrators. @@ -1054,6 +1055,7 @@ Interactive logon: Smart card removal behavior This security setting determines Microsoft network client: Digitally sign communications (always) This security setting determines whether packet signing is required by the SMB client component. The server message block (SMB) protocol provides the basis for Microsoft file and print sharing and many other networking operations, such as remote Windows administration. To prevent man-in-the-middle attacks that modify SMB packets in transit, the SMB protocol supports the digital signing of SMB packets. This policy setting determines whether SMB packet signing must be negotiated before further communication with an SMB server is permitted. - If this setting is enabled, the Microsoft network client won't communicate with a Microsoft network server unless that server agrees to perform SMB packet signing. + - If this policy is disabled, SMB packet signing is negotiated between the client and server. Default: Disabled. > [!IMPORTANT] @@ -1121,6 +1123,7 @@ Microsoft network client: Digitally sign communications (always) This security s Microsoft network client: Digitally sign communications (if server agrees) This security setting determines whether the SMB client attempts to negotiate SMB packet signing. The server message block (SMB) protocol provides the basis for Microsoft file and print sharing and many other networking operations, such as remote Windows administration. To prevent man-in-the-middle attacks that modify SMB packets in transit, the SMB protocol supports the digital signing of SMB packets. This policy setting determines whether the SMB client component attempts to negotiate SMB packet signing when it connects to an SMB server. - If this setting is enabled, the Microsoft network client will ask the server to perform SMB packet signing upon session setup. If packet signing has been enabled on the server, packet signing will be negotiated. + - If this policy is disabled, the SMB client will never negotiate SMB packet signing. Default: Enabled. > [!NOTE] @@ -1243,6 +1246,7 @@ Microsoft network client: Send unencrypted password to connect to third-party SM Microsoft network server: Digitally sign communications (always) This security setting determines whether packet signing is required by the SMB server component. The server message block (SMB) protocol provides the basis for Microsoft file and print sharing and many other networking operations, such as remote Windows administration. To prevent man-in-the-middle attacks that modify SMB packets in transit, the SMB protocol supports the digital signing of SMB packets. This policy setting determines whether SMB packet signing must be negotiated before further communication with an SMB client is permitted. - If this setting is enabled, the Microsoft network server won't communicate with a Microsoft network client unless that client agrees to perform SMB packet signing. + - If this setting is disabled, SMB packet signing is negotiated between the client and server. Default: Disabled for member servers. Enabled for domain controllers. > [!NOTE] @@ -1310,6 +1314,7 @@ Microsoft network server: Digitally sign communications (always) This security s Microsoft network server: Digitally sign communications (if client agrees) This security setting determines whether the SMB server will negotiate SMB packet signing with clients that request it. The server message block (SMB) protocol provides the basis for Microsoft file and print sharing and many other networking operations, such as remote Windows administration. To prevent man-in-the-middle attacks that modify SMB packets in transit, the SMB protocol supports the digital signing of SMB packets. This policy setting determines whether the SMB server will negotiate SMB packet signing when an SMB client requests it. - If this setting is enabled, the Microsoft network server will negotiate SMB packet signing as requested by the client. That is, if packet signing has been enabled on the client, packet signing will be negotiated. + - If this policy is disabled, the SMB client will never negotiate SMB packet signing. Default: Enabled on domain controllers only. > [!IMPORTANT] @@ -1372,7 +1377,9 @@ Microsoft network server: Digitally sign communications (if client agrees) This Network access: Allow anonymous SID/name translation This policy setting determines whether an anonymous user can request security identifier (SID) attributes for another user. + - If this policy is enabled, an anonymous user can request the SID attribute for another user. An anonymous user with knowledge of an administrator's SID could contact a computer that has this policy enabled and use the SID to get the administrator's name. This setting affects both the SID-to-name translation as well as the name-to-SID translation. + - If this policy setting is disabled, an anonymous user can't request the SID attribute for another user. Default on workstations and member servers: Disabled. Default on domain controllers running Windows Server 2008 or later: Disabled. Default on domain controllers running Windows Server 2003 R2 or earlier: Enabled. @@ -1659,6 +1666,7 @@ Network access: Restrict clients allowed to make remote calls to SAM This policy Network security: Allow Local System to use computer identity for NTLM This policy setting allows Local System services that use Negotiate to use the computer identity when reverting to NTLM authentication. - If you enable this policy setting, services running as Local System that use Negotiate will use the computer identity. This might cause some authentication requests between Windows operating systems to fail and log an error. + - If you disable this policy setting, services running as Local System that use Negotiate when reverting to NTLM authentication will authenticate anonymously. By default, this policy is enabled on Windows 7 and above. By default, this policy is disabled on Windows Vista. This policy is supported on at least Windows Vista or Windows Server 2008. > [!NOTE] @@ -2091,7 +2099,9 @@ Network security: Minimum session security for NTLM SSP based (including secure Network security: Restrict NTLM: Add remote server exceptions for NTLM authentication This policy setting allows you to create an exception list of remote servers to which clients are allowed to use NTLM authentication if the "Network Security: Restrict NTLM: Outgoing NTLM traffic to remote servers" policy setting is configured. + - If you configure this policy setting, you can define a list of remote servers to which clients are allowed to use NTLM authentication. + - If you don't configure this policy setting, no exceptions will be applied. The naming format for servers on this exception list is the fully qualified domain name (FQDN) or NetBIOS server name used by the application, listed one per line. To ensure exceptions the name used by all applications needs to be in the list, and to ensure an exception is accurate, the server name should be listed in both naming formats . A single asterisk (*) can be used anywhere in the string as a wildcard character. diff --git a/windows/client-management/mdm/policy-csp-localusersandgroups.md b/windows/client-management/mdm/policy-csp-localusersandgroups.md index cc236267c3..de3dcc67d2 100644 --- a/windows/client-management/mdm/policy-csp-localusersandgroups.md +++ b/windows/client-management/mdm/policy-csp-localusersandgroups.md @@ -4,7 +4,7 @@ description: Learn more about the LocalUsersAndGroups Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/10/2023 +ms.date: 05/11/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -42,7 +42,6 @@ Possible settings: 1. Update Group Membership: Update a group and add and/or remove members though the 'U' action. When using Update, existing group members that aren't specified in the policy remain untouched. - 2. Replace Group Membership: Restrict a group by replacing group membership through the 'R' action. When using Replace, existing group membership is replaced by the list of members specified in the add member section. This option works in the same way as a Restricted Group and any group diff --git a/windows/client-management/mdm/policy-csp-mixedreality.md b/windows/client-management/mdm/policy-csp-mixedreality.md index a3113f2aed..6bf3263e8a 100644 --- a/windows/client-management/mdm/policy-csp-mixedreality.md +++ b/windows/client-management/mdm/policy-csp-mixedreality.md @@ -4,7 +4,7 @@ description: Learn more about the MixedReality Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/10/2023 +ms.date: 05/11/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -400,25 +400,32 @@ This policy setting specifies a set of parameters for controlling the Windows NT - If you disable or don't configure this policy setting, the Windows NTP Client uses the defaults of each of the following parameters. -NtpServer +NtpServer. + The Domain Name System (DNS) name or IP address of an NTP time source. This value is in the form of "dnsName,flags" where "flags" is a hexadecimal bitmask of the flags for that host. For more information, see the NTP Client Group Policy Settings Associated with Windows Time section of the Windows Time Service Group Policy Settings. The default value is "time.windows.com,0x09". -Type +Type. + This value controls the authentication that W32time uses. The default value is NT5DS. -CrossSiteSyncFlags +CrossSiteSyncFlags. + This value, expressed as a bitmask, controls how W32time chooses time sources outside its own site. The possible values are 0, 1, and 2. Setting this value to 0 (None) indicates that the time client shouldn't attempt to synchronize time outside its site. Setting this value to 1 (PdcOnly) indicates that only the computers that function as primary domain controller (PDC) emulator operations masters in other domains can be used as synchronization partners when the client has to synchronize time with a partner outside its own site. Setting a value of 2 (All) indicates that any synchronization partner can be used. This value is ignored if the NT5DS value isn't set. The default value is 2 decimal (0x02 hexadecimal). -ResolvePeerBackoffMinutes +ResolvePeerBackoffMinutes. + This value, expressed in minutes, controls how long W32time waits before it attempts to resolve a DNS name when a previous attempt failed. The default value is 15 minutes. -ResolvePeerBackoffMaxTimes +ResolvePeerBackoffMaxTimes. + This value controls how many times W32time attempts to resolve a DNS name before the discovery process is restarted. Each time DNS name resolution fails, the amount of time to wait before the next attempt will be twice the previous amount. The default value is seven attempts. -SpecialPollInterval +SpecialPollInterval. + This NTP client value, expressed in seconds, controls how often a manually configured time source is polled when the time source is configured to use a special polling interval. If the SpecialInterval flag is enabled on the NTPServer setting, the client uses the value that's set as the SpecialPollInterval, instead of a variable interval between MinPollInterval and MaxPollInterval values, to determine how frequently to poll the time source. SpecialPollInterval must be in the range of [MinPollInterval, MaxPollInterval], else the nearest value of the range is picked. Default: 1024 seconds. -EventLogFlags +EventLogFlags. + This value is a bitmask that controls events that may be logged to the System log in Event Viewer. Setting this value to 0x1 indicates that W32time will create an event whenever a time jump is detected. Setting this value to 0x2 indicates that W32time will create an event whenever a time source change is made. Because it's a bitmask value, setting 0x3 (the addition of 0x1 and 0x2) indicates that both time jumps and time source changes will be logged. diff --git a/windows/client-management/mdm/policy-csp-networkisolation.md b/windows/client-management/mdm/policy-csp-networkisolation.md index 2d2008a5b7..372eef8d37 100644 --- a/windows/client-management/mdm/policy-csp-networkisolation.md +++ b/windows/client-management/mdm/policy-csp-networkisolation.md @@ -4,7 +4,7 @@ description: Learn more about the NetworkIsolation Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/10/2023 +ms.date: 05/11/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -45,7 +45,7 @@ Contains a list of Enterprise resource domains hosted in the cloud. Connections If a proxy is paired with a cloud resource, traffic to the cloud resource will be routed through the enterprise network via the denoted proxy server (on Port 80). A proxy server used for this purpose must also be configured using the Intranet proxy servers for apps policy. -Example: [cloudresource]|[cloudresource]|[cloudresource],[proxy]|[cloudresource]|[cloudresource],[proxy]| +Example: [cloudresource]|[cloudresource]|[cloudresource],[proxy]|[cloudresource]|[cloudresource],[proxy]|. For more information see: diff --git a/windows/client-management/mdm/policy-csp-newsandinterests.md b/windows/client-management/mdm/policy-csp-newsandinterests.md index 6a7e6d6ca2..d6ebc245a3 100644 --- a/windows/client-management/mdm/policy-csp-newsandinterests.md +++ b/windows/client-management/mdm/policy-csp-newsandinterests.md @@ -4,7 +4,7 @@ description: Learn more about the NewsAndInterests Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/10/2023 +ms.date: 05/11/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -38,7 +38,9 @@ ms.topic: reference This policy specifies whether the widgets feature is allowed on the device. + Widgets will be turned on by default unless you change this in your settings. + If you turned this feature on before, it will stay on automatically unless you turn it off. diff --git a/windows/client-management/mdm/policy-csp-notifications.md b/windows/client-management/mdm/policy-csp-notifications.md index 9baca25d58..65ea9ad54a 100644 --- a/windows/client-management/mdm/policy-csp-notifications.md +++ b/windows/client-management/mdm/policy-csp-notifications.md @@ -4,7 +4,7 @@ description: Learn more about the Notifications Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/10/2023 +ms.date: 05/11/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -262,6 +262,7 @@ No reboots or service restarts are required for this policy setting to take effe This policy setting turns on multiple expanded toast notifications in action center. - If you enable this policy setting, the first three notifications of each application will be expanded by default in action center. + - If you disable or don't configure this policy setting, only the first notification of each application will be expanded by default in action center. Windows 10 only. This will be immediately deprecated for Windows 11. No reboots or service restarts are required for this policy setting to take effect. diff --git a/windows/client-management/mdm/policy-csp-power.md b/windows/client-management/mdm/policy-csp-power.md index 496798b187..1df08d3e35 100644 --- a/windows/client-management/mdm/policy-csp-power.md +++ b/windows/client-management/mdm/policy-csp-power.md @@ -4,7 +4,7 @@ description: Learn more about the Power Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/10/2023 +ms.date: 05/11/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -689,7 +689,7 @@ Possible actions include: -Take no action -Sleep -Hibernate --Shut down +-Shut down. - If you enable this policy setting, you must select the desired action. @@ -765,7 +765,7 @@ Possible actions include: -Take no action -Sleep -Hibernate --Shut down +-Shut down. - If you enable this policy setting, you must select the desired action. @@ -841,7 +841,7 @@ Possible actions include: -Take no action -Sleep -Hibernate --Shut down +-Shut down. - If you enable this policy setting, you must select the desired action. @@ -917,7 +917,7 @@ Possible actions include: -Take no action -Sleep -Hibernate --Shut down +-Shut down. - If you enable this policy setting, you must select the desired action. @@ -993,7 +993,7 @@ Possible actions include: -Take no action -Sleep -Hibernate --Shut down +-Shut down. - If you enable this policy setting, you must select the desired action. @@ -1069,7 +1069,7 @@ Possible actions include: -Take no action -Sleep -Hibernate --Shut down +-Shut down. - If you enable this policy setting, you must select the desired action. diff --git a/windows/client-management/mdm/policy-csp-printers.md b/windows/client-management/mdm/policy-csp-printers.md index a21ad776d3..0236d23909 100644 --- a/windows/client-management/mdm/policy-csp-printers.md +++ b/windows/client-management/mdm/policy-csp-printers.md @@ -4,7 +4,7 @@ description: Learn more about the Printers Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/10/2023 +ms.date: 05/11/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -380,9 +380,9 @@ You can enable this setting to configure the Redirection Guard policy being appl - If you enable this setting you may select the following options: -- Enabled: Redirection Guard will prevent any file redirections from being followed +- Enabled: Redirection Guard will prevent any file redirections from being followed. -- Disabled: Redirection Guard won't be enabled and file redirections may be used within the spooler process +- Disabled: Redirection Guard won't be enabled and file redirections may be used within the spooler process. - Audit: Redirection Guard will log events as though it were enabled but won't actually prevent file redirections from being used within the spooler. @@ -499,14 +499,14 @@ By default, RPC over TCP is used and authentication is always enabled. For RPC o Protocol to use for outgoing RPC connections: - - "RPC over TCP": Use RPC over TCP for outgoing RPC connections to a remote print spooler - - "RPC over named pipes": Use RPC over named pipes for outgoing RPC connections to a remote print spooler +- "RPC over TCP": Use RPC over TCP for outgoing RPC connections to a remote print spooler +- "RPC over named pipes": Use RPC over named pipes for outgoing RPC connections to a remote print spooler. Use authentication for outgoing RPC over named pipes connections: - - "Default": By default domain joined computers enable RPC authentication for RPC over named pipes while non domain joined computers disable RPC authentication for RPC over named pipes - - "Authentication enabled": RPC authentication will be used for outgoing RPC over named pipes connections - - "Authentication disabled": RPC authentication won't be used for outgoing RPC over named pipes connections +- "Default": By default domain joined computers enable RPC authentication for RPC over named pipes while non domain joined computers disable RPC authentication for RPC over named pipes +- "Authentication enabled": RPC authentication will be used for outgoing RPC over named pipes connections +- "Authentication disabled": RPC authentication won't be used for outgoing RPC over named pipes connections. If you disable or don't configure this policy setting, the above defaults will be used. @@ -568,14 +568,14 @@ By default, RPC over TCP is enabled and Negotiate is used for the authentication Protocols to allow for incoming RPC connections: - - "RPC over named pipes": Incoming RPC connections are only allowed over named pipes - - "RPC over TCP": Incoming RPC connections are only allowed over TCP (the default option) - - "RPC over named pipes and TCP": Incoming RPC connections will be allowed over TCP and named pipes +- "RPC over named pipes": Incoming RPC connections are only allowed over named pipes +- "RPC over TCP": Incoming RPC connections are only allowed over TCP (the default option) +- "RPC over named pipes and TCP": Incoming RPC connections will be allowed over TCP and named pipes. Authentication protocol to use for incoming RPC connections: - - "Negotiate": Use the Negotiate authentication protocol (the default option) - - "Kerberos": Use the Kerberos authentication protocol +- "Negotiate": Use the Negotiate authentication protocol (the default option) +- "Kerberos": Use the Kerberos authentication protocol. If you disable or don't configure this policy setting, the above defaults will be used. @@ -637,7 +637,7 @@ By default dynamic TCP ports are used. RPC over TCP port: - - The port to use for RPC over TCP. A value of 0 is the default and indicates that dynamic TCP ports will be used +- The port to use for RPC over TCP. A value of 0 is the default and indicates that dynamic TCP ports will be used. If you disable or don't configure this policy setting, dynamic TCP ports are used. @@ -880,21 +880,29 @@ This policy setting controls the client Point and Print behavior, including the - If you enable this policy setting: -Windows XP and later clients will only download print driver components from a list of explicitly named servers. If a compatible print driver is available on the client, a printer connection will be made. If a compatible print driver isn't available on the client, no connection will be made. + -You can configure Windows Vista clients so that security warnings and elevated command prompts don't appear when users Point and Print, or when printer connection drivers need to be updated. - If you don't configure this policy setting: -Windows Vista client computers can point and print to any server. + -Windows Vista computers will show a warning and an elevated command prompt when users create a printer connection to any server using Point and Print. + -Windows Vista computers will show a warning and an elevated command prompt when an existing printer connection driver needs to be updated. + -Windows Server 2003 and Windows XP client computers can create a printer connection to any server in their forest using Point and Print. - If you disable this policy setting: -Windows Vista client computers can create a printer connection to any server using Point and Print. + -Windows Vista computers won't show a warning or an elevated command prompt when users create a printer connection to any server using Point and Print. + -Windows Vista computers won't show a warning or an elevated command prompt when an existing printer connection driver needs to be updated. + -Windows Server 2003 and Windows XP client computers can create a printer connection to any server using Point and Print. + -The "Users can only point and print to computers in their forest" setting applies only to Windows Server 2003 and Windows XP SP1 (and later service packs). @@ -955,21 +963,29 @@ This policy setting controls the client Point and Print behavior, including the - If you enable this policy setting: -Windows XP and later clients will only download print driver components from a list of explicitly named servers. If a compatible print driver is available on the client, a printer connection will be made. If a compatible print driver isn't available on the client, no connection will be made. + -You can configure Windows Vista clients so that security warnings and elevated command prompts don't appear when users Point and Print, or when printer connection drivers need to be updated. - If you don't configure this policy setting: -Windows Vista client computers can point and print to any server. + -Windows Vista computers will show a warning and an elevated command prompt when users create a printer connection to any server using Point and Print. + -Windows Vista computers will show a warning and an elevated command prompt when an existing printer connection driver needs to be updated. + -Windows Server 2003 and Windows XP client computers can create a printer connection to any server in their forest using Point and Print. - If you disable this policy setting: -Windows Vista client computers can create a printer connection to any server using Point and Print. + -Windows Vista computers won't show a warning or an elevated command prompt when users create a printer connection to any server using Point and Print. + -Windows Vista computers won't show a warning or an elevated command prompt when an existing printer connection driver needs to be updated. + -Windows Server 2003 and Windows XP client computers can create a printer connection to any server using Point and Print. + -The "Users can only point and print to computers in their forest" setting applies only to Windows Server 2003 and Windows XP SP1 (and later service packs). diff --git a/windows/client-management/mdm/policy-csp-privacy.md b/windows/client-management/mdm/policy-csp-privacy.md index be4b3f472d..28175d1f22 100644 --- a/windows/client-management/mdm/policy-csp-privacy.md +++ b/windows/client-management/mdm/policy-csp-privacy.md @@ -4,7 +4,7 @@ description: Learn more about the Privacy Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/10/2023 +ms.date: 05/11/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -92,7 +92,9 @@ Allows or disallows the automatic acceptance of the pairing and privacy user con This policy setting determines whether Clipboard contents can be synchronized across devices. - If you enable this policy setting, Clipboard contents are allowed to be synchronized across devices logged in under the same Microsoft account or Azure AD account. + - If you disable this policy setting, Clipboard contents can't be shared to other devices. + Policy change takes effect immediately. @@ -375,7 +377,9 @@ In some managed environments, the privacy settings may be set by other policies. This policy setting determines whether ActivityFeed is enabled. - If you enable this policy setting, all activity types (as applicable) are allowed to be published and ActivityFeed shall roam these activities across device graph of the user. + - If you disable this policy setting, activities can't be published and ActivityFeed shall disable cloud sync. + Policy change takes effect immediately. @@ -6569,7 +6573,9 @@ If an app is open when this Group Policy object is applied on a device, employee This policy setting determines whether User Activities can be published. - If you enable this policy setting, activities of type User Activity are allowed to be published. + - If you disable this policy setting, activities of type User Activity aren't allowed to be published. + Policy change takes effect immediately. @@ -6638,8 +6644,11 @@ For more information, see [Windows activity history and your privacy](https://su This policy setting determines whether published User Activities can be uploaded. - If you enable this policy setting, activities of type User Activity are allowed to be uploaded. + - If you disable this policy setting, activities of type User Activity aren't allowed to be uploaded. + Deletion of activities of type User Activity are independent of this setting. + Policy change takes effect immediately. diff --git a/windows/client-management/mdm/policy-csp-remoteassistance.md b/windows/client-management/mdm/policy-csp-remoteassistance.md index 91aca6c11a..e241740d64 100644 --- a/windows/client-management/mdm/policy-csp-remoteassistance.md +++ b/windows/client-management/mdm/policy-csp-remoteassistance.md @@ -4,7 +4,7 @@ description: Learn more about the RemoteAssistance Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/10/2023 +ms.date: 05/11/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -173,7 +173,7 @@ This policy setting allows you to turn on or turn off Solicited (Ask for) Remote - If you don't configure this policy setting, users can turn on or turn off Solicited (Ask for) Remote Assistance themselves in System Properties in Control Panel. Users can also configure Remote Assistance settings. -- If you enable this policy setting, you have two ways to allow helpers to provide Remote Assistance: "Allow helpers to only view the computer" or "Allow helpers to remotely control the computer." +- If you enable this policy setting, you have two ways to allow helpers to provide Remote Assistance: "Allow helpers to only view the computer" or "Allow helpers to remotely control the computer". The "Maximum ticket time" policy setting sets a limit on the amount of time that a Remote Assistance invitation created by using email or file transfer can remain open. @@ -242,35 +242,37 @@ This policy setting allows you to turn on or turn off Offer (Unsolicited) Remote - If you don't configure this policy setting, users on this computer can't get help from their corporate technical support staff using Offer (Unsolicited) Remote Assistance. -- If you enable this policy setting, you have two ways to allow helpers to provide Remote Assistance: "Allow helpers to only view the computer" or "Allow helpers to remotely control the computer." When you configure this policy setting, you also specify the list of users or user groups that are allowed to offer remote assistance. +- If you enable this policy setting, you have two ways to allow helpers to provide Remote Assistance: "Allow helpers to only view the computer" or "Allow helpers to remotely control the computer". When you configure this policy setting, you also specify the list of users or user groups that are allowed to offer remote assistance. -To configure the list of helpers, click "Show." In the window that opens, you can enter the names of the helpers. Add each user or group one by one. When you enter the name of the helper user or user groups, use the following format: +To configure the list of helpers, click "Show". In the window that opens, you can enter the names of the helpers. Add each user or group one by one. When you enter the name of the helper user or user groups, use the following format: -``\\`` or +``\\`` or. ``\\`` - If you enable this policy setting, you should also enable firewall exceptions to allow Remote Assistance communications. The firewall exceptions required for Offer (Unsolicited) Remote Assistance depend on the version of Windows you are running. -Windows Vista and later +Windows Vista and later. Enable the Remote Assistance exception for the domain profile. The exception must contain: + Port 135:TCP %WINDIR%\System32\msra.exe -%WINDIR%\System32\raserver.exe +%WINDIR%\System32\raserver.exe. Windows XP with Service Pack 2 (SP2) and Windows XP Professional x64 Edition with Service Pack 1 (SP1) Port 135:TCP %WINDIR%\PCHealth\HelpCtr\Binaries\Helpsvc.exe %WINDIR%\PCHealth\HelpCtr\Binaries\Helpctr.exe -%WINDIR%\System32\Sessmgr.exe +%WINDIR%\System32\Sessmgr.exe. For computers running Windows Server 2003 with Service Pack 1 (SP1) Port 135:TCP %WINDIR%\PCHealth\HelpCtr\Binaries\Helpsvc.exe -%WINDIR%\PCHealth\HelpCtr\Binaries\Helpctr.exe +%WINDIR%\PCHealth\HelpCtr\Binaries\Helpctr.exe. + Allow Remote Desktop Exception. diff --git a/windows/client-management/mdm/policy-csp-remotedesktopservices.md b/windows/client-management/mdm/policy-csp-remotedesktopservices.md index a8fd231e77..44e7a1f931 100644 --- a/windows/client-management/mdm/policy-csp-remotedesktopservices.md +++ b/windows/client-management/mdm/policy-csp-remotedesktopservices.md @@ -4,7 +4,7 @@ description: Learn more about the RemoteDesktopServices Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/10/2023 +ms.date: 05/11/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -116,9 +116,9 @@ Specifies whether to require the use of a specific encryption level to secure co - If you disable or don't configure this setting, the encryption level to be used for remote connections to RD Session Host servers isn't enforced through Group Policy. -Important +Important. -FIPS compliance can be configured through the System cryptography. Use FIPS compliant algorithms for encryption, hashing, and signing settings in Group Policy (under Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options.) The FIPS compliant setting encrypts and decrypts data sent from the client to the server and from the server to the client, with the Federal Information Processing Standard (FIPS) 140 encryption algorithms, by using Microsoft cryptographic modules. Use this encryption level when communications between clients and RD Session Host servers requires the highest level of encryption. +FIPS compliance can be configured through the System cryptography. Use FIPS compliant algorithms for encryption, hashing, and signing settings in Group Policy (under Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options). The FIPS compliant setting encrypts and decrypts data sent from the client to the server and from the server to the client, with the Federal Information Processing Standard (FIPS) 140 encryption algorithms, by using Microsoft cryptographic modules. Use this encryption level when communications between clients and RD Session Host servers requires the highest level of encryption. diff --git a/windows/client-management/mdm/policy-csp-search.md b/windows/client-management/mdm/policy-csp-search.md index 20898c239f..550fbeae03 100644 --- a/windows/client-management/mdm/policy-csp-search.md +++ b/windows/client-management/mdm/policy-csp-search.md @@ -4,7 +4,7 @@ description: Learn more about the Search Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/10/2023 +ms.date: 05/11/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -228,7 +228,9 @@ This policy controls whether the user can configure search to *Find My Files* mo This policy setting allows encrypted items to be indexed. - If you enable this policy setting, indexing will attempt to decrypt and index the content (access restrictions will still apply). + - If you disable this policy setting, the search service components (including non-Microsoft components) are expected not to index encrypted items or encrypted stores. This policy setting isn't configured by default. + - If you don't configure this policy setting, the local setting, configured through Control Panel, will be used. By default, the Control Panel setting is set to not index encrypted content. When this setting is enabled or disabled, the index is rebuilt completely. @@ -483,7 +485,9 @@ This policy has been deprecated. This policy setting allows words that contain diacritic characters to be treated as separate words. - If you enable this policy setting, words that only differ in diacritics are treated as different words. + - If you disable this policy setting, words with diacritics and words without diacritics are treated as identical words. This policy setting isn't configured by default. + - If you don't configure this policy setting, the local setting, configured through Control Panel, will be used. > [!NOTE] @@ -596,6 +600,7 @@ Allow Windows indexer. Value type is integer. This policy setting determines when Windows uses automatic language detection results, and when it relies on indexing history. - If you enable this policy setting, Windows will always use automatic language detection to index (as it did in Windows 7). Using automatic language detection can increase memory usage. We recommend enabling this policy setting only on PCs where documents are stored in many languages. + - If you disable or don't configure this policy setting, Windows will use automatic language detection only when it can determine the language of a document with high confidence. diff --git a/windows/client-management/mdm/policy-csp-settings.md b/windows/client-management/mdm/policy-csp-settings.md index c4560c25f4..8ed5d9c722 100644 --- a/windows/client-management/mdm/policy-csp-settings.md +++ b/windows/client-management/mdm/policy-csp-settings.md @@ -4,7 +4,7 @@ description: Learn more about the Settings Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/10/2023 +ms.date: 05/11/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -730,11 +730,11 @@ This policy has two modes: it can either specify a list of settings pages to sho Example: to specify that only the About and Bluetooth pages should be shown (their respective URIs are ms-settings:about and ms-settings:bluetooth) and all other pages hidden: -showonly:about;bluetooth +showonly:about;bluetooth. Example: to specify that only the Bluetooth page (which has URI ms-settings:bluetooth) should be hidden: -hide:bluetooth +hide:bluetooth. The availability of per-user support is documented here: diff --git a/windows/client-management/mdm/policy-csp-smartscreen.md b/windows/client-management/mdm/policy-csp-smartscreen.md index 7cb8b3629e..65fcee902c 100644 --- a/windows/client-management/mdm/policy-csp-smartscreen.md +++ b/windows/client-management/mdm/policy-csp-smartscreen.md @@ -4,7 +4,7 @@ description: Learn more about the SmartScreen Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/10/2023 +ms.date: 05/11/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -41,13 +41,13 @@ App Install Control is a feature of Windows Defender SmartScreen that helps prot - If you enable this setting, you must choose from the following behaviors: -- Turn off app recommendations +- Turn off app recommendations. -- Show me app recommendations +- Show me app recommendations. -- Warn me before installing apps from outside the Store +- Warn me before installing apps from outside the Store. -- Allow apps from Store only +- Allow apps from Store only. - If you disable or don't configure this setting, users will be able to install apps from anywhere, including files downloaded from the Internet. @@ -123,7 +123,7 @@ Some information is sent to Microsoft about files and programs run on PCs with t - If you enable this policy, SmartScreen will be turned on for all users. Its behavior can be controlled by the following options: - Warn and prevent bypass -- Warn +- Warn. - If you enable this policy with the "Warn and prevent bypass" option, SmartScreen's dialogs won't present the user with the option to disregard the warning and run the app. SmartScreen will continue to show the warning on subsequent attempts to run the app. @@ -201,7 +201,7 @@ Some information is sent to Microsoft about files and programs run on PCs with t - If you enable this policy, SmartScreen will be turned on for all users. Its behavior can be controlled by the following options: - Warn and prevent bypass -- Warn +- Warn. - If you enable this policy with the "Warn and prevent bypass" option, SmartScreen's dialogs won't present the user with the option to disregard the warning and run the app. SmartScreen will continue to show the warning on subsequent attempts to run the app. diff --git a/windows/client-management/mdm/policy-csp-start.md b/windows/client-management/mdm/policy-csp-start.md index 4b2f62cf0c..a4e21ea68d 100644 --- a/windows/client-management/mdm/policy-csp-start.md +++ b/windows/client-management/mdm/policy-csp-start.md @@ -4,7 +4,7 @@ description: Learn more about the Start Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/10/2023 +ms.date: 05/11/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -1998,6 +1998,7 @@ To validate this policy, do the following steps: This policy setting allows you to control pinning programs to the Taskbar. - If you enable this policy setting, users can't change the programs currently pinned to the Taskbar. If any programs are already pinned to the Taskbar, these programs continue to show in the Taskbar. However, users can't unpin these programs already pinned to the Taskbar, and they can't pin new programs to the Taskbar. + - If you disable or don't configure this policy setting, users can change the programs currently pinned to the Taskbar. @@ -2203,6 +2204,7 @@ Note configuring this policy to "Show" or "Hide" on supported versions of Window Specifies the Start layout for users. This setting lets you specify the Start layout for users and prevents them from changing its configuration. The Start layout you specify must be stored in an XML file that was generated by the Export-StartLayout PowerShell cmdlet. + To use this setting, you must first manually configure a device's Start layout to the desired look and feel. Once you are done, run the Export-StartLayout PowerShell cmdlet on that same device. The cmdlet will generate an XML file representing the layout you configured. Once the XML file is generated and moved to the desired file path, type the fully qualified path and name of the XML file. You can type a local path, such as C:\StartLayouts\myLayout.xml or a UNC path, such as \\Server\Share\Layout.xml. If the specified file isn't available when the user logs on, the layout won't be changed. Users can't customize their Start screen while this setting is enabled. diff --git a/windows/client-management/mdm/policy-csp-storage.md b/windows/client-management/mdm/policy-csp-storage.md index da0068fd9c..18fc7fc7db 100644 --- a/windows/client-management/mdm/policy-csp-storage.md +++ b/windows/client-management/mdm/policy-csp-storage.md @@ -4,7 +4,7 @@ description: Learn more about the Storage Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/10/2023 +ms.date: 05/11/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -42,12 +42,15 @@ ms.topic: reference Allows downloading new updates to ML Model parameters for predicting storage disk failure. Enabled: + Updates would be downloaded for the Disk Failure Prediction Failure Model. Disabled: + Updates wouldn't be downloaded for the Disk Failure Prediction Failure Model. Not configured: + Same as Enabled. @@ -114,12 +117,15 @@ Same as Enabled. Storage Sense can automatically clean some of the user's files to free up disk space. By default, Storage Sense is automatically turned on when the machine runs into low disk space and is set to run whenever the machine runs into storage pressure. This cadence can be changed in Storage settings or set with the "Configure Storage Sense cadence" group policy. Enabled: + Storage Sense is turned on for the machine, with the default cadence as 'during low free disk space'. Users can't disable Storage Sense, but they can adjust the cadence (unless you also configure the "Configure Storage Sense cadence" group policy). Disabled: + Storage Sense is turned off the machine. Users can't enable Storage Sense. Not Configured: + By default, Storage Sense is turned off until the user runs into low disk space or the user enables it manually. Users can configure this setting in Storage settings. @@ -188,12 +194,15 @@ When Storage Sense runs, it can delete the user's temporary files that aren't in If the group policy "Allow Storage Sense" is disabled, then this policy doesn't have any effect. Enabled: + Storage Sense will delete the user's temporary files that aren't in use. Users can't disable this setting in Storage settings. Disabled: + Storage Sense won't delete the user's temporary files. Users can't enable this setting in Storage settings. Not Configured: + By default, Storage Sense will delete the user's temporary files. Users can configure this setting in Storage settings. @@ -262,10 +271,13 @@ When Storage Sense runs, it can dehydrate cloud-backed content that hasn't been If the group policy "Allow Storage Sense" is disabled, then this policy doesn't have any effect. Enabled: + You must provide the minimum number of days a cloud-backed file can remain unopened before Storage Sense dehydrates it from the sync root. Supported values are: 0 - 365. + If you set this value to zero, Storage Sense won't dehydrate any cloud-backed content. The default value is 0, or never dehydrating cloud-backed content. Disabled or Not Configured: + By default, Storage Sense won't dehydrate any cloud-backed content. Users can configure this setting in Storage settings. @@ -325,10 +337,13 @@ When Storage Sense runs, it can delete files in the user's Downloads folder if t If the group policy "Allow Storage Sense" is disabled, then this policy doesn't have any effect. Enabled: + You must provide the minimum number of days a file can remain unopened before Storage Sense deletes it from Downloads folder. Supported values are: 0 - 365. + If you set this value to zero, Storage Sense won't delete files in the user's Downloads folder. The default is 0, or never deleting files in the Downloads folder. Disabled or Not Configured: + By default, Storage Sense won't delete files in the user's Downloads folder. Users can configure this setting in Storage settings. @@ -388,9 +403,11 @@ Storage Sense can automatically clean some of the user's files to free up disk s If the group policy "Allow Storage Sense" is disabled, then this policy doesn't have any effect. Enabled: + You must provide the desired Storage Sense cadence. Supported options are: daily, weekly, monthly, and during low free disk space. The default is 0 (during low free disk space). Disabled or Not Configured: + By default, the Storage Sense cadence is set to "during low free disk space". Users can configure this setting in Storage settings. @@ -457,10 +474,13 @@ When Storage Sense runs, it can delete files in the user's Recycle Bin if they'v If the group policy "Allow Storage Sense" is disabled, then this policy doesn't have any effect. Enabled: + You must provide the minimum age threshold (in days) of a file in the Recycle Bin before Storage Sense will delete it. Supported values are: 0 - 365. + If you set this value to zero, Storage Sense won't delete files in the user's Recycle Bin. The default is 30 days. Disabled or Not Configured: + By default, Storage Sense will delete files in the user's Recycle Bin that have been there for over 30 days. Users can configure this setting in Storage settings. @@ -581,7 +601,7 @@ This policy setting denies write access to removable disks. - If you disable or don't configure this policy setting, write access is allowed to this removable storage class. > [!NOTE] -> To require that users write data to BitLocker-protected storage, enable the policy setting "Deny write access to drives not protected by BitLocker," which is located in "Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Removable Data Drives." +> To require that users write data to BitLocker-protected storage, enable the policy setting "Deny write access to drives not protected by BitLocker," which is located in "Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Removable Data Drives". diff --git a/windows/client-management/mdm/policy-csp-system.md b/windows/client-management/mdm/policy-csp-system.md index fe0d8004e6..3675d15cfb 100644 --- a/windows/client-management/mdm/policy-csp-system.md +++ b/windows/client-management/mdm/policy-csp-system.md @@ -4,7 +4,7 @@ description: Learn more about the System Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/10/2023 +ms.date: 05/11/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -112,13 +112,16 @@ This policy is only supported up to Windows 10, Version 1703. Please use 'Manage AllowCommercialDataPipeline configures an Azure Active Directory joined device so that Microsoft is the processor of the Windows diagnostic data collected from the device, subject to the Product Terms at< https://go.microsoft.com/fwlink/?linkid=2185086>. + To enable this behavior: 1. Enable this policy setting -2. Join an Azure Active Directory account to the device +2. Join an Azure Active Directory account to the device. + +Windows diagnostic data is collected when the Allow Telemetry policy setting is set to value 1 - Required or above. Configuring this setting doesn't change the Windows diagnostic data collection level set for the device. -Windows diagnostic data is collected when the Allow Telemetry policy setting is set to value 1 - Required or above. Configuring this setting doesn't change the Windows diagnostic data collection level set for the device If you disable or don't configure this setting, Microsoft will be the controller of the Windows diagnostic data collected from the device and processed in accordance with Microsoft's privacy statement at unless you have enabled policies like 'Allow Update Compliance Processing' or 'Allow Desktop Analytics Processing". + See the documentation at for information on this and other policies that will result in Microsoft being the processor of Windows diagnostic data. @@ -187,15 +190,17 @@ See the documentation at for i This policy setting, in combination with the Allow Telemetry and Configure the Commercial ID, enables organizations to configure the device so that Microsoft is the processor for Windows diagnostic data collected from the device, subject to the Product Terms at< https://go.microsoft.com/fwlink/?linkid=2185086>. + To enable this behavior: 1. Enable this policy setting -2. Join an Azure Active Directory account to the device +2. Join an Azure Active Directory account to the device. 3. Set Allow Telemetry to value 1 - Required, or higher -4. Set the Configure the Commercial ID setting for your Desktop Analytics workspace +4. Set the Configure the Commercial ID setting for your Desktop Analytics workspace. When these policies are configured, Windows diagnostic data collected from the device will be subject to Microsoft processor commitments. + This setting has no effect on devices unless they're properly enrolled in Desktop Analytics. If you disable this policy setting, devices won't appear in Desktop Analytics. @@ -675,12 +680,15 @@ Controls whether the user is allowed to use the storage card for device storage. By configuring this policy setting you can adjust what diagnostic data is collected from Windows. This policy setting also restricts the user from increasing the amount of diagnostic data collection via the Settings app. The diagnostic data collected under this policy impacts the operating system and apps that are considered part of Windows and doesn't apply to any additional apps installed by your organization. - Diagnostic data off (not recommended). Using this value, no diagnostic data is sent from the device. This value is only supported on Enterprise, Education, and Server editions. + - Send required diagnostic data. This is the minimum diagnostic data necessary to keep Windows secure, up to date, and performing as expected. Using this value disables the "Optional diagnostic data" control in the Settings app. + - Send optional diagnostic data. Additional diagnostic data is collected that helps us to detect, diagnose and fix issues, as well as make product improvements. Required diagnostic data will always be included when you choose to send optional diagnostic data. Optional diagnostic data can also include diagnostic log files and crash dumps. Use the "Limit Dump Collection" and the "Limit Diagnostic Log Collection" policies for more granular control of what optional diagnostic data is sent. If you disable or don't configure this policy setting, the device will send required diagnostic data and the end user can choose whether to send optional diagnostic data from the Settings app. Note: + The "Configure diagnostic data opt-in settings user interface" group policy can be used to prevent end users from changing their data collection settings. @@ -745,15 +753,17 @@ The "Configure diagnostic data opt-in settings user interface" group policy can This policy setting, in combination with the Allow Telemetry and Configure the Commercial ID, enables organizations to configure the device so that Microsoft is the processor of the Windows diagnostic data collected from the device, subject to the Product Terms at< https://go.microsoft.com/fwlink/?linkid=2185086>. + To enable this behavior: 1. Enable this policy setting -2. Join an Azure Active Directory account to the device +2. Join an Azure Active Directory account to the device. 3. Set Allow Telemetry to value 1 - Required, or higher -4. Set the Configure the Commercial ID setting for your Update Compliance workspace +4. Set the Configure the Commercial ID setting for your Update Compliance workspace. When these policies are configured, Windows diagnostic data collected from the device will be subject to Microsoft processor commitments. + If you disable or don't configure this policy setting, devices won't appear in Update Compliance. @@ -868,14 +878,16 @@ Specifies whether to allow the user to factory reset the device by using control This policy setting configures an Azure Active Directory joined device so that Microsoft is the processor of the Windows diagnostic data collected from the device, subject to the Product Terms at< https://go.microsoft.com/fwlink/?linkid=2185086>. + To enable this behavior: 1. Enable this policy setting -2. Join an Azure Active Directory account to the device +2. Join an Azure Active Directory account to the device. -3. Set Allow Telemetry to value 1 - Required, or higher +3. Set Allow Telemetry to value 1 - Required, or higher. When these policies are configured, Windows diagnostic data collected from the device will be subject to Microsoft processor commitments. + If you disable or don't configure this policy setting, devices enrolled to the Windows Update for Business deployment service won't be able to take advantage of some deployment service features. @@ -942,12 +954,15 @@ If you disable or don't configure this policy setting, devices enrolled to the W This policy setting allows you to specify which boot-start drivers are initialized based on a classification determined by an Early Launch Antimalware boot-start driver. The Early Launch Antimalware boot-start driver can return the following classifications for each boot-start driver: - - Good: The driver has been signed and hasn't been tampered with. - - Bad: The driver has been identified as malware. It's recommended that you don't allow known bad drivers to be initialized. - - Bad, but required for boot: The driver has been identified as malware, but the computer can't successfully boot without loading this driver. - - Unknown: This driver hasn't been attested to by your malware detection application and hasn't been classified by the Early Launch Antimalware boot-start driver. +- Good: The driver has been signed and hasn't been tampered with. -- If you enable this policy setting you will be able to choose which boot-start drivers to initialize the next time the computer is started. +- Bad: The driver has been identified as malware. It's recommended that you don't allow known bad drivers to be initialized. + +- Bad, but required for boot: The driver has been identified as malware, but the computer can't successfully boot without loading this driver. + +- Unknown: This driver hasn't been attested to by your malware detection application and hasn't been classified by the Early Launch Antimalware boot-start driver. + +- If you enable this policy setting you'll be able to choose which boot-start drivers to initialize the next time the computer is started. - If you disable or don't configure this policy setting, the boot start drivers determined to be Good, Unknown or Bad but Boot Critical are initialized and the initialization of drivers determined to be Bad is skipped. @@ -1009,6 +1024,7 @@ If your malware detection application doesn't include an Early Launch Antimalwar This policy sets the upload endpoint for this device's diagnostic data as part of the Desktop Analytics program. If your organization is participating in the program and has been instructed to configure a custom upload endpoint, then use this setting to define that endpoint. + The value for this setting will be provided by Microsoft as part of the onboarding process for the program. @@ -1135,6 +1151,7 @@ If you set this policy setting to "Disable diagnostic data opt-in settings", dia If you don't configure this policy setting, or you set it to "Enable diagnostic data opt-in settings", end users can change the device diagnostic settings in the Settings app. Note: + To set a limit on the amount of diagnostic data that's sent to Microsoft by your organization, use the "Allow Diagnostic Data" policy setting. @@ -1454,9 +1471,13 @@ This policy setting lets you prevent apps and features from working with files o - If you enable this policy setting: * Users can't access OneDrive from the OneDrive app and file picker. + * Windows Store apps can't access OneDrive using the WinRT API. + * OneDrive doesn't appear in the navigation pane in File Explorer. + * OneDrive files aren't kept in sync with the cloud. + * Users can't automatically upload photos and videos from the camera roll folder. - If you disable or don't configure this policy setting, apps and features can work with OneDrive file storage. @@ -1972,10 +1993,10 @@ This policy setting, in combination with the "Allow Diagnostic Data" policy sett To enable the behavior described above, complete the following steps: 1. Enable this policy setting -2. Set the "Allow Diagnostic Data" policy to "Send optional diagnostic data" +2. Set the "Allow Diagnostic Data" policy to "Send optional diagnostic data". 3. Enable the "Limit Dump Collection" policy -4. Enable the "Limit Diagnostic Log Collection" policy +4. Enable the "Limit Diagnostic Log Collection" policy. When these policies are configured, Microsoft will collect only required diagnostic data and the events required by Desktop Analytics, which can be viewed at< https://go.microsoft.com/fwlink/?linkid=2116020>. diff --git a/windows/client-management/mdm/policy-csp-tenantrestrictions.md b/windows/client-management/mdm/policy-csp-tenantrestrictions.md index 0015fd1d3c..423c7eb410 100644 --- a/windows/client-management/mdm/policy-csp-tenantrestrictions.md +++ b/windows/client-management/mdm/policy-csp-tenantrestrictions.md @@ -4,7 +4,7 @@ description: Learn more about the TenantRestrictions Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/10/2023 +ms.date: 05/11/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -49,6 +49,7 @@ When you enable this setting, compliant applications will be prevented from acce Before enabling firewall protection, ensure that a Windows Defender Application Control (WDAC) policy that correctly tags applications has been applied to the target devices. Enabling firewall protection without a corresponding WDAC policy will prevent all applications from reaching Microsoft endpoints. This firewall setting isn't supported on all versions of Windows - see the following link for more information. + For details about setting up WDAC with tenant restrictions, see diff --git a/windows/client-management/mdm/policy-csp-textinput.md b/windows/client-management/mdm/policy-csp-textinput.md index 8cf24f2de2..7e5bd5f9ea 100644 --- a/windows/client-management/mdm/policy-csp-textinput.md +++ b/windows/client-management/mdm/policy-csp-textinput.md @@ -4,7 +4,7 @@ description: Learn more about the TextInput Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/10/2023 +ms.date: 05/11/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -658,11 +658,11 @@ Allows the user to turn on or off the automatic downloading of newer versions of -This policy setting controls the version of Microsoft IME. +This policy setting controls the version of Microsoft IME. -- If you don't configure this policy setting, user can control IME version to use. The new Microsoft IME is on by default. +- If you don't configure this policy setting, user can control IME version to use. The new Microsoft IME is on by default. -- If you enable this, user isn't allowed to control IME version to use. The previous version of Microsoft IME is always selected. +- If you enable this, user isn't allowed to control IME version to use. The previous version of Microsoft IME is always selected. - If you disable this, user isn't allowed to control IME version to use. The new Microsoft IME is always selected. @@ -733,11 +733,11 @@ This Policy setting applies only to Microsoft Japanese IME. -This policy setting controls the version of Microsoft IME. +This policy setting controls the version of Microsoft IME. -- If you don't configure this policy setting, user can control IME version to use. The new Microsoft IME is on by default. +- If you don't configure this policy setting, user can control IME version to use. The new Microsoft IME is on by default. -- If you enable this, user isn't allowed to control IME version to use. The previous version of Microsoft IME is always selected. +- If you enable this, user isn't allowed to control IME version to use. The previous version of Microsoft IME is always selected. - If you disable this, user isn't allowed to control IME version to use. The new Microsoft IME is always selected. @@ -799,11 +799,11 @@ This Policy setting applies only to Microsoft Korean IME. -This policy setting controls the version of Microsoft IME. +This policy setting controls the version of Microsoft IME. -- If you don't configure this policy setting, user can control IME version to use. The new Microsoft IME is on by default. +- If you don't configure this policy setting, user can control IME version to use. The new Microsoft IME is on by default. -- If you enable this, user isn't allowed to control IME version to use. The previous version of Microsoft IME is always selected. +- If you enable this, user isn't allowed to control IME version to use. The previous version of Microsoft IME is always selected. - If you disable this, user isn't allowed to control IME version to use. The new Microsoft IME is always selected. @@ -874,11 +874,11 @@ This Policy setting applies only to Microsoft Simplified Chinese IME. -This policy setting controls the version of Microsoft IME. +This policy setting controls the version of Microsoft IME. -- If you don't configure this policy setting, user can control IME version to use. The new Microsoft IME is on by default. +- If you don't configure this policy setting, user can control IME version to use. The new Microsoft IME is on by default. -- If you enable this, user isn't allowed to control IME version to use. The previous version of Microsoft IME is always selected. +- If you enable this, user isn't allowed to control IME version to use. The previous version of Microsoft IME is always selected. - If you disable this, user isn't allowed to control IME version to use. The new Microsoft IME is always selected. diff --git a/windows/client-management/mdm/policy-csp-troubleshooting.md b/windows/client-management/mdm/policy-csp-troubleshooting.md index 5d793747db..a2c178b25b 100644 --- a/windows/client-management/mdm/policy-csp-troubleshooting.md +++ b/windows/client-management/mdm/policy-csp-troubleshooting.md @@ -4,7 +4,7 @@ description: Learn more about the Troubleshooting Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/10/2023 +ms.date: 05/11/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -42,23 +42,31 @@ This policy setting configures how troubleshooting for known problems can be app Not configuring this policy setting will allow the user to configure how troubleshooting is applied. Enabling this policy allows you to configure how troubleshooting is applied on the user's device. You can select from one of the following values: + 0 = Don't allow users, system features, or Microsoft to apply troubleshooting. + 1 = Only automatically apply troubleshooting for critical problems by system features and Microsoft. + 2 = Automatically apply troubleshooting for critical problems by system features and Microsoft. Notify users when troubleshooting for other problems is available and allow users to choose to apply or ignore. + 3 = Automatically apply troubleshooting for critical and other problems by system features and Microsoft. Notify users when troubleshooting has solved a problem. + 4 = Automatically apply troubleshooting for critical and other problems by system features and Microsoft. Don't notify users when troubleshooting has solved a problem. + 5 = Allow the user to choose their own troubleshooting settings. After setting this policy, you can use the following instructions to check devices in your domain for available troubleshooting from Microsoft: 1. Create a bat script with the following contents: -rem The following batch script triggers Recommended Troubleshooting -schtasks /run /TN "\Microsoft\Windows\Diagnosis\RecommendedTroubleshootingScanner" + +rem The following batch script triggers Recommended Troubleshooting schtasks /run /TN "\Microsoft\Windows\Diagnosis\RecommendedTroubleshootingScanner". 2. To create a new immediate task, navigate to the Group Policy Management Editor > Computer Configuration > Preferences and select Control Panel Settings. + 3. Under Control Panel settings, right-click on Scheduled Tasks and select New. Select Immediate Task (At least Windows 7). 4. Provide name and description as appropriate, then under Security Options set the user account to System and select the Run with highest privileges checkbox. + 5. In the Actions tab, create a new action, select Start a Program as its type, then enter the file created in step 1. 6. Configure the task to deploy to your domain. diff --git a/windows/client-management/mdm/policy-csp-update.md b/windows/client-management/mdm/policy-csp-update.md index 022286e154..7bf033e87e 100644 --- a/windows/client-management/mdm/policy-csp-update.md +++ b/windows/client-management/mdm/policy-csp-update.md @@ -4,7 +4,7 @@ description: Learn more about the Update Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/10/2023 +ms.date: 05/11/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -363,7 +363,7 @@ The maintenance wakeup policy specifies if Automatic Maintenance should make a w Enable this policy to specify when to receive Feature Updates. -Defer Updates | This enables devices to defer taking the next Feature Update available for their current product (or a new product if specified in the Select the target Feature Update version policy). You can defer a Feature Update for up to 14 days for all pre-release channels and up to 365 days for the General Availability Channel. To learn more about the current releases, please see aka.ms/WindowsTargetVersioninfo +Defer Updates | This enables devices to defer taking the next Feature Update available for their current product (or a new product if specified in the Select the target Feature Update version policy). You can defer a Feature Update for up to 14 days for all pre-release channels and up to 365 days for the General Availability Channel. To learn more about the current releases, please see aka.ms/WindowsTargetVersioninfo. Pause Updates | To prevent Feature Updates from being offered to the device, you can temporarily pause Feature Updates. This pause will remain in effect for 35 days from the specified start date or until the field is cleared. Note, Quality Updates will still be offered even if Feature Updates are paused. @@ -433,7 +433,7 @@ Pause Updates | To prevent Feature Updates from being offered to the device, you Enable this policy to specify when to receive Feature Updates. -Defer Updates | This enables devices to defer taking the next Feature Update available for their current product (or a new product if specified in the Select the target Feature Update version policy). You can defer a Feature Update for up to 14 days for all pre-release channels and up to 365 days for the General Availability Channel. To learn more about the current releases, please see aka.ms/WindowsTargetVersioninfo +Defer Updates | This enables devices to defer taking the next Feature Update available for their current product (or a new product if specified in the Select the target Feature Update version policy). You can defer a Feature Update for up to 14 days for all pre-release channels and up to 365 days for the General Availability Channel. To learn more about the current releases, please see aka.ms/WindowsTargetVersioninfo. Pause Updates | To prevent Feature Updates from being offered to the device, you can temporarily pause Feature Updates. This pause will remain in effect for 35 days from the specified start date or until the field is cleared. Note, Quality Updates will still be offered even if Feature Updates are paused. @@ -679,22 +679,25 @@ If you disable or don't configure this policy, Windows Update will include updat Enable this policy to manage which updates you receive prior to the update being released to the world. -Dev Channel +Dev Channel. + Ideal for highly technical users. Insiders in the Dev Channel will receive builds from our active development branch that's earliest in a development cycle. These builds aren't matched to a specific Windows 10 release. -Beta Channel +Beta Channel. + Ideal for feature explorers who want to see upcoming Windows 10 features. Your feedback will be especially important here as it will help our engineers ensure key issues are fixed before a major release. Release Preview Channel (default) Insiders in the Release Preview Channel will have access to the upcoming release of Windows 10 prior to it being released to the world. These builds are supported by Microsoft. The Release Preview Channel is where we recommend companies preview and validate upcoming Windows 10 releases before broad deployment within their organization. -Release Preview Channel, Quality Updates Only +Release Preview Channel, Quality Updates Only. + Ideal for those who want to validate the features and fixes coming soon to their current version. Note, released feature updates will continue to be offered in accordance with configured policies when this option is selected. > [!NOTE] > Preview Build enrollment requires a telemetry level setting of 2 or higher and your domain registered on insider.windows.com. For additional information on Preview Builds, see: -If you disable or don't configure this policy, Windows Update won't offer you any pre-release updates and you will receive such content once released to the world. Disabling this policy will cause any devices currently on a pre-release build to opt out and stay on the latest Feature Update once released. +If you disable or don't configure this policy, Windows Update won't offer you any pre-release updates and you'll receive such content once released to the world. Disabling this policy will cause any devices currently on a pre-release build to opt out and stay on the latest Feature Update once released. @@ -760,7 +763,7 @@ If you disable or don't configure this policy, Windows Update won't offer you an Enable this policy to specify when to receive Feature Updates. -Defer Updates | This enables devices to defer taking the next Feature Update available for their current product (or a new product if specified in the Select the target Feature Update version policy). You can defer a Feature Update for up to 14 days for all pre-release channels and up to 365 days for the General Availability Channel. To learn more about the current releases, please see aka.ms/WindowsTargetVersioninfo +Defer Updates | This enables devices to defer taking the next Feature Update available for their current product (or a new product if specified in the Select the target Feature Update version policy). You can defer a Feature Update for up to 14 days for all pre-release channels and up to 365 days for the General Availability Channel. To learn more about the current releases, please see aka.ms/WindowsTargetVersioninfo. Pause Updates | To prevent Feature Updates from being offered to the device, you can temporarily pause Feature Updates. This pause will remain in effect for 35 days from the specified start date or until the field is cleared. Note, Quality Updates will still be offered even if Feature Updates are paused. @@ -1008,13 +1011,13 @@ Specifies the date and time when the IT admin wants to start pausing the Quality Enter the product and version as listed on the Windows Update target version page: -aka.ms/WindowsTargetVersioninfo +aka.ms/WindowsTargetVersioninfo. The device will request that Windows Update product and version in subsequent scans. Entering a target product and clicking OK or Apply means I accept the Microsoft Software License Terms for it found at aka.ms/WindowsTargetVersioninfo. If an organization is licensing the software, I am authorized to bind the organization. -If you enter an invalid value, you will remain on your current version until you correct the values to a supported product and version. +If you enter an invalid value, you'll remain on your current version until you correct the values to a supported product and version. @@ -1076,13 +1079,13 @@ Supported value type is a string containing a Windows product. For example, "Win Enter the product and version as listed on the Windows Update target version page: -aka.ms/WindowsTargetVersioninfo +aka.ms/WindowsTargetVersioninfo. The device will request that Windows Update product and version in subsequent scans. Entering a target product and clicking OK or Apply means I accept the Microsoft Software License Terms for it found at aka.ms/WindowsTargetVersioninfo. If an organization is licensing the software, I am authorized to bind the organization. -If you enter an invalid value, you will remain on your current version until you correct the values to a supported product and version. +If you enter an invalid value, you'll remain on your current version until you correct the values to a supported product and version. @@ -1892,6 +1895,7 @@ Note that the PC must restart for certain updates to take effect. If any of the following two policies are enabled, this policy has no effect: 1. No auto-restart with logged-on users for scheduled automatic updates installations. + 2. Always automatically restart at scheduled time. Note that the default max active hours range is 18 hours from the active hours start time unless otherwise configured via the Specify active hours range for auto-restarts policy. @@ -2018,6 +2022,7 @@ Note that the PC must restart for certain updates to take effect. If any of the following two policies are enabled, this policy has no effect: 1. No auto-restart with logged-on users for scheduled automatic updates installations. + 2. Always automatically restart at scheduled time. Note that the default max active hours range is 18 hours from the active hours start time unless otherwise configured via the Specify active hours range for auto-restarts policy. @@ -2086,7 +2091,7 @@ This setting lets you specify whether automatic updates are enabled on this comp When Windows finds updates that apply to this computer, users will be notified that updates are ready to be downloaded. After going to Windows Update, users can download and install any available updates. -3 = (Default setting) Download the updates automatically and notify when they're ready to be installed +3 = (Default setting) Download the updates automatically and notify when they're ready to be installed. Windows finds updates that apply to the computer and downloads them in the background (the user isn't notified or interrupted during this process). When the downloads are complete, users will be notified that they're ready to install. After going to Windows Update, users can install them. @@ -2252,7 +2257,7 @@ This setting lets you specify whether automatic updates are enabled on this comp When Windows finds updates that apply to this computer, users will be notified that updates are ready to be downloaded. After going to Windows Update, users can download and install any available updates. -3 = (Default setting) Download the updates automatically and notify when they're ready to be installed +3 = (Default setting) Download the updates automatically and notify when they're ready to be installed. Windows finds updates that apply to the computer and downloads them in the background (the user isn't notified or interrupted during this process). When the downloads are complete, users will be notified that they're ready to install. After going to Windows Update, users can install them. @@ -2745,7 +2750,7 @@ Enable enterprises/IT admin to configure feature update uninstall period. 0 (default) - Use the default Windows Update notifications 1 - Turn off all notifications, excluding restart warnings -2 - Turn off all notifications, including restart warnings +2 - Turn off all notifications, including restart warnings. This policy allows you to define what Windows Update notifications users see. This policy doesn't control how and when updates are downloaded and installed. @@ -2827,7 +2832,7 @@ This setting lets you specify whether automatic updates are enabled on this comp When Windows finds updates that apply to this computer, users will be notified that updates are ready to be downloaded. After going to Windows Update, users can download and install any available updates. -3 = (Default setting) Download the updates automatically and notify when they're ready to be installed +3 = (Default setting) Download the updates automatically and notify when they're ready to be installed. Windows finds updates that apply to the computer and downloads them in the background (the user isn't notified or interrupted during this process). When the downloads are complete, users will be notified that they're ready to install. After going to Windows Update, users can install them. @@ -2931,7 +2936,7 @@ This setting lets you specify whether automatic updates are enabled on this comp When Windows finds updates that apply to this computer, users will be notified that updates are ready to be downloaded. After going to Windows Update, users can download and install any available updates. -3 = (Default setting) Download the updates automatically and notify when they're ready to be installed +3 = (Default setting) Download the updates automatically and notify when they're ready to be installed. Windows finds updates that apply to the computer and downloads them in the background (the user isn't notified or interrupted during this process). When the downloads are complete, users will be notified that they're ready to install. After going to Windows Update, users can install them. @@ -3029,7 +3034,7 @@ This setting lets you specify whether automatic updates are enabled on this comp When Windows finds updates that apply to this computer, users will be notified that updates are ready to be downloaded. After going to Windows Update, users can download and install any available updates. -3 = (Default setting) Download the updates automatically and notify when they're ready to be installed +3 = (Default setting) Download the updates automatically and notify when they're ready to be installed. Windows finds updates that apply to the computer and downloads them in the background (the user isn't notified or interrupted during this process). When the downloads are complete, users will be notified that they're ready to install. After going to Windows Update, users can install them. @@ -3136,7 +3141,7 @@ This setting lets you specify whether automatic updates are enabled on this comp When Windows finds updates that apply to this computer, users will be notified that updates are ready to be downloaded. After going to Windows Update, users can download and install any available updates. -3 = (Default setting) Download the updates automatically and notify when they're ready to be installed +3 = (Default setting) Download the updates automatically and notify when they're ready to be installed. Windows finds updates that apply to the computer and downloads them in the background (the user isn't notified or interrupted during this process). When the downloads are complete, users will be notified that they're ready to install. After going to Windows Update, users can install them. @@ -3243,7 +3248,7 @@ This setting lets you specify whether automatic updates are enabled on this comp When Windows finds updates that apply to this computer, users will be notified that updates are ready to be downloaded. After going to Windows Update, users can download and install any available updates. -3 = (Default setting) Download the updates automatically and notify when they're ready to be installed +3 = (Default setting) Download the updates automatically and notify when they're ready to be installed. Windows finds updates that apply to the computer and downloads them in the background (the user isn't notified or interrupted during this process). When the downloads are complete, users will be notified that they're ready to install. After going to Windows Update, users can install them. @@ -3350,7 +3355,7 @@ This setting lets you specify whether automatic updates are enabled on this comp When Windows finds updates that apply to this computer, users will be notified that updates are ready to be downloaded. After going to Windows Update, users can download and install any available updates. -3 = (Default setting) Download the updates automatically and notify when they're ready to be installed +3 = (Default setting) Download the updates automatically and notify when they're ready to be installed. Windows finds updates that apply to the computer and downloads them in the background (the user isn't notified or interrupted during this process). When the downloads are complete, users will be notified that they're ready to install. After going to Windows Update, users can install them. @@ -3457,7 +3462,7 @@ This setting lets you specify whether automatic updates are enabled on this comp When Windows finds updates that apply to this computer, users will be notified that updates are ready to be downloaded. After going to Windows Update, users can download and install any available updates. -3 = (Default setting) Download the updates automatically and notify when they're ready to be installed +3 = (Default setting) Download the updates automatically and notify when they're ready to be installed. Windows finds updates that apply to the computer and downloads them in the background (the user isn't notified or interrupted during this process). When the downloads are complete, users will be notified that they're ready to install. After going to Windows Update, users can install them. @@ -3743,7 +3748,7 @@ These settings are designed for education devices that remain in carts overnight 0 (default) - Use the default Windows Update notifications 1 - Turn off all notifications, excluding restart warnings -2 - Turn off all notifications, including restart warnings +2 - Turn off all notifications, including restart warnings. This policy allows you to define what Windows Update notifications users see. This policy doesn't control how and when updates are downloaded and installed. @@ -3824,6 +3829,7 @@ If you disable or don't configure this policy, the PC will restart according to Enabling either of the following two policies will override the above policy: 1. No auto-restart with logged-on users for scheduled automatic updates installations. + 2. Always automatically restart at scheduled time. @@ -3888,6 +3894,7 @@ If you disable or don't configure this policy, the PC will restart according to Enabling either of the following two policies will override the above policy: 1. No auto-restart with logged-on users for scheduled automatic updates installations. + 2. Always automatically restart at scheduled time. @@ -4307,7 +4314,7 @@ If you disable or don't configure this policy, the PC will restart following the Enabling any of the following policies will override the above policy: 1. No auto-restart with logged-on users for scheduled automatic updates installations -2. Always automatically restart at scheduled time +2. Always automatically restart at scheduled time. 3. Specify deadline before auto-restart for update installation. @@ -4377,7 +4384,7 @@ If you disable or don't configure this policy, the PC will restart following the Enabling any of the following policies will override the above policy: 1. No auto-restart with logged-on users for scheduled automatic updates installations -2. Always automatically restart at scheduled time +2. Always automatically restart at scheduled time. 3. Specify deadline before auto-restart for update installation. @@ -4447,7 +4454,7 @@ If you disable or don't configure this policy, the PC will restart following the Enabling any of the following policies will override the above policy: 1. No auto-restart with logged-on users for scheduled automatic updates installations -2. Always automatically restart at scheduled time +2. Always automatically restart at scheduled time. 3. Specify deadline before auto-restart for update installation. @@ -4517,7 +4524,7 @@ If you disable or don't configure this policy, the PC will restart following the Enabling any of the following policies will override the above policy: 1. No auto-restart with logged-on users for scheduled automatic updates installations -2. Always automatically restart at scheduled time +2. Always automatically restart at scheduled time. 3. Specify deadline before auto-restart for update installation. @@ -4587,7 +4594,7 @@ If you disable or don't configure this policy, the PC will restart following the Enabling any of the following policies will override the above policy: 1. No auto-restart with logged-on users for scheduled automatic updates installations -2. Always automatically restart at scheduled time +2. Always automatically restart at scheduled time. 3. Specify deadline before auto-restart for update installation. @@ -4657,7 +4664,7 @@ If you disable or don't configure this policy, the PC will restart following the Enabling any of the following policies will override the above policy: 1. No auto-restart with logged-on users for scheduled automatic updates installations -2. Always automatically restart at scheduled time +2. Always automatically restart at scheduled time. 3. Specify deadline before auto-restart for update installation. diff --git a/windows/client-management/mdm/policy-csp-userrights.md b/windows/client-management/mdm/policy-csp-userrights.md index 72571499bb..a4df2c7458 100644 --- a/windows/client-management/mdm/policy-csp-userrights.md +++ b/windows/client-management/mdm/policy-csp-userrights.md @@ -4,7 +4,7 @@ description: Learn more about the UserRights Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/10/2023 +ms.date: 05/11/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -172,7 +172,10 @@ This user right is used by Credential Manager during Backup/Restore. No accounts -This user right determines which users and groups are allowed to connect to the computer over the network. Remote Desktop Services aren't affected by this user right. Note: Remote Desktop Services was called Terminal Services in previous versions of Windows Server. +This user right determines which users and groups are allowed to connect to the computer over the network. Remote Desktop Services aren't affected by this user right. + +> [!NOTE] +> Remote Desktop Services was called Terminal Services in previous versions of Windows Server. @@ -1656,7 +1659,10 @@ This user right determines which users and groups can run maintenance tasks on a -This user right determines who can modify firmware environment values. Firmware environment variables are settings stored in the nonvolatile RAM of non-x86-based computers. The effect of the setting depends on the processor. On x86-based computers, the only firmware environment value that can be modified by assigning this user right is the Last Known Good Configuration setting, which should only be modified by the system. On Itanium-based computers, boot information is stored in nonvolatile RAM. Users must be assigned this user right to run bootcfg.exe and to change the Default Operating System setting on Startup and Recovery in System Properties. On all computers, this user right is required to install or upgrade Windows. Note: This security setting doesn't affect who can modify the system environment variables and user environment variables that are displayed on the Advanced tab of System Properties. +This user right determines who can modify firmware environment values. Firmware environment variables are settings stored in the nonvolatile RAM of non-x86-based computers. The effect of the setting depends on the processor. On x86-based computers, the only firmware environment value that can be modified by assigning this user right is the Last Known Good Configuration setting, which should only be modified by the system. On Itanium-based computers, boot information is stored in nonvolatile RAM. Users must be assigned this user right to run bootcfg.exe and to change the Default Operating System setting on Startup and Recovery in System Properties. On all computers, this user right is required to install or upgrade Windows. + +> [!NOTE] +> This security setting doesn't affect who can modify the system environment variables and user environment variables that are displayed on the Advanced tab of System Properties. diff --git a/windows/client-management/mdm/policy-csp-wifi.md b/windows/client-management/mdm/policy-csp-wifi.md index 6b9c3280f6..91b3d31ed2 100644 --- a/windows/client-management/mdm/policy-csp-wifi.md +++ b/windows/client-management/mdm/policy-csp-wifi.md @@ -4,7 +4,7 @@ description: Learn more about the Wifi Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/10/2023 +ms.date: 05/11/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -116,7 +116,7 @@ ICS lets administrators configure their system as an Internet gateway for a smal - If you enable this setting, ICS can't be enabled or configured by administrators, and the ICS service can't run on the computer. The Advanced tab in the Properties dialog box for a LAN or remote access connection is removed. The Internet Connection Sharing page is removed from the New Connection Wizard. The Network Setup Wizard is disabled. -- If you disable this setting or don't configure it and have two or more connections, administrators can enable ICS. The Advanced tab in the properties dialog box for a LAN or remote access connection is available. In addition, the user is presented with the option to enable Internet Connection Sharing in the Network Setup Wizard and Make New Connection Wizard. (The Network Setup Wizard is available only in Windows XP Professional.) +- If you disable this setting or don't configure it and have two or more connections, administrators can enable ICS. The Advanced tab in the properties dialog box for a LAN or remote access connection is available. In addition, the user is presented with the option to enable Internet Connection Sharing in the Network Setup Wizard and Make New Connection Wizard. (The Network Setup Wizard is available only in Windows XP Professional). By default, ICS is disabled when you create a remote access connection, but administrators can use the Advanced tab to enable it. When running the New Connection Wizard or Network Setup Wizard, administrators can choose to enable ICS. diff --git a/windows/client-management/mdm/policy-csp-windowsconnectionmanager.md b/windows/client-management/mdm/policy-csp-windowsconnectionmanager.md index bd34cc6487..0c20a2e6ea 100644 --- a/windows/client-management/mdm/policy-csp-windowsconnectionmanager.md +++ b/windows/client-management/mdm/policy-csp-windowsconnectionmanager.md @@ -4,7 +4,7 @@ description: Learn more about the WindowsConnectionManager Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/10/2023 +ms.date: 05/11/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -45,10 +45,12 @@ This policy setting prevents computers from connecting to both a domain based ne Automatic connection attempts - When the computer is already connected to a domain based network, all automatic connection attempts to non-domain networks are blocked. + - When the computer is already connected to a non-domain based network, automatic connection attempts to domain based networks are blocked. Manual connection attempts - When the computer is already connected to either a non-domain based network or a domain based network over media other than Ethernet, and a user attempts to create a manual connection to an additional network in violation of this policy setting, the existing network connection is disconnected and the manual connection is allowed. + - When the computer is already connected to either a non-domain based network or a domain based network over Ethernet, and a user attempts to create a manual connection to an additional network in violation of this policy setting, the existing Ethernet connection is maintained and the manual connection attempt is blocked. - If this policy setting isn't configured or is disabled, computers are allowed to connect simultaneously to both domain and non-domain networks. diff --git a/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md b/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md index 68793b34a9..9f244c43bf 100644 --- a/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md +++ b/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md @@ -4,7 +4,7 @@ description: Learn more about the WindowsDefenderSecurityCenter Area in Policy C author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/10/2023 +ms.date: 05/11/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -40,12 +40,15 @@ ms.topic: reference Specify the company name that will be displayed in Windows Security and associated notifications. This setting must be enabled for any contact information to appear. Enabled: + Enter the company name in the Options section. Disabled: + Company information won't be shown at all in either Windows Security or any notifications that it creates. Not configured: + Same as Disabled. @@ -102,12 +105,15 @@ Same as Disabled. Hide the Account protection area in Windows Security. Enabled: + The Account protection area will be hidden. Disabled: + The Account protection area will be shown. Not configured: + Same as Disabled. @@ -174,12 +180,15 @@ Same as Disabled. Hide the App and browser protection area in Windows Security. Enabled: + The App and browser protection area will be hidden. Disabled: + The App and browser protection area will be shown. Not configured: + Same as Disabled. @@ -246,12 +255,15 @@ Same as Disabled. Disable the Clear TPM button in Windows Security. Enabled: + The Clear TPM button will be unavailable for use. Disabled: + The Clear TPM button will be available for use. Not configured: + Same as Disabled. @@ -318,12 +330,15 @@ Same as Disabled. Hide the Device security area in Windows Security. Enabled: + The Device security area will be hidden. Disabled: + The Device security area will be shown. Not configured: + Same as Disabled. @@ -392,12 +407,15 @@ Only show critical notifications from Windows Security. If the Suppress all notifications GP setting has been enabled, this setting will have no effect. Enabled: + Local users will only see critical notifications from Windows Security. They won't see other types of notifications, such as regular PC or device health information. Disabled: + Local users will see all types of notifications from Windows Security. Not configured: + Same as Disabled. @@ -464,12 +482,15 @@ Same as Disabled. Hide the Family options area in Windows Security. Enabled: + The Family options area will be hidden. Disabled: + The Family options area will be shown. Not configured: + Same as Disabled. @@ -536,12 +557,15 @@ Same as Disabled. Hide the Device performance and health area in Windows Security. Enabled: + The Device performance and health area will be hidden. Disabled: + The Device performance and health area will be shown. Not configured: + Same as Disabled. @@ -608,12 +632,15 @@ Same as Disabled. Hide the Firewall and network protection area in Windows Security. Enabled: + The Firewall and network protection area will be hidden. Disabled: + The Firewall and network protection area will be shown. Not configured: + Same as Disabled. @@ -680,12 +707,15 @@ Same as Disabled. Hide notifications from Windows Security. Enabled: + Local users won't see notifications from Windows Security. Disabled: + Local users can see notifications from Windows Security. Not configured: + Same as Disabled. @@ -752,12 +782,15 @@ Same as Disabled. Hide the recommendation to update TPM Firmware when a vulnerable firmware is detected. Enabled: + Users won't be shown a recommendation to update their TPM Firmware. Disabled: + Users will see a recommendation to update their TPM Firmware if Windows Security detects the system contains a TPM with vulnerable firmware. Not configured: + Same as Disabled. @@ -824,12 +857,15 @@ Same as Disabled. Hide the Virus and threat protection area in Windows Security. Enabled: + The Virus and threat protection area will be hidden. Disabled: + The Virus and threat protection area will be shown. Not configured: + Same as Disabled. @@ -896,12 +932,15 @@ Same as Disabled. Prevent users from making changes to the Exploit protection settings area in Windows Security. Enabled: + Local users can't make changes in the Exploit protection settings area. Disabled: + Local users are allowed to make changes in the Exploit protection settings area. Not configured: + Same as Disabled. @@ -970,12 +1009,15 @@ Specify the email address or email ID that will be displayed in Windows Security Users can click on the contact information to create an email that will be sent to the specified address. The default email application will be used. Enabled: + Enter the email address or email ID in the Options section. Disabled: + A contact email address or email ID won't be shown in either Windows Security or any notifications it creates. Not configured: + Same as Disabled. @@ -1032,19 +1074,23 @@ Same as Disabled. Display specified contact information to local users in Windows Security notifications. Enabled: + Your company contact information will be displayed in notifications that come from Windows Security. After setting this to Enabled, you must configure the Specify contact company name GP setting and at least one of the following GP settings: -Specify contact phone number or Skype ID -Specify contact email number or email ID --Specify contact website +-Specify contact website. + Please note that in some cases we will be limiting the contact options that are displayed based on the notification space available. Disabled: + No contact information will be shown on notifications. Not configured: + Same as Disabled. @@ -1108,21 +1154,24 @@ Same as Disabled. -Display specified contact information to local users in a contact card flyout menu in Windows Security +Display specified contact information to local users in a contact card flyout menu in Windows Security. Enabled: + Your company contact information will be displayed in a flyout menu in Windows Security. After setting this to Enabled, you must configure the Specify contact company name GP setting and at least one of the following GP settings: -Specify contact phone number or Skype ID -Specify contact email number or email ID --Specify contact website +-Specify contact website. Disabled: + No contact information will be shown in Windows Security. Not configured: + Same as Disabled. @@ -1189,12 +1238,15 @@ Same as Disabled. Hide the Ransomware data recovery area in Windows Security. Enabled: + The Ransomware data recovery area will be hidden. Disabled: + The Ransomware data recovery area will be shown. Not configured: + Same as Disabled. @@ -1261,12 +1313,15 @@ Same as Disabled. Hide the Secure boot area in Windows Security. Enabled: + The Secure boot area will be hidden. Disabled: + The Secure boot area will be shown. Not configured: + Same as Disabled. @@ -1333,12 +1388,15 @@ Same as Disabled. Hide the Security processor (TPM) troubleshooting area in Windows Security. Enabled: + The Security processor (TPM) troubleshooting area will be hidden. Disabled: + The Security processor (TPM) troubleshooting area will be shown. Not configured: + Same as Disabled. @@ -1407,12 +1465,15 @@ This policy setting hides the Windows Security notification area control. The user needs to either sign out and sign in or reboot the computer for this setting to take effect. Enabled: + Windows Security notification area control will be hidden. Disabled: + Windows Security notification area control will be shown. Not configured: + Same as Disabled. @@ -1481,12 +1542,15 @@ Specify the phone number or Skype ID that will be displayed in Windows Security Users can click on the contact information to automatically call the supplied number. Skype will be used to initiate the call. Enabled: + Enter the phone number or Skype ID in the Options section. Disabled: + A contact phone number or Skype ID won't be shown in either Windows Security or any notifications it creates. Not configured: + Same as Disabled. @@ -1545,12 +1609,15 @@ Specify the URL that will be displayed in Windows Security and associated notifi Users can click on the contact information to visit the specified website. The default web browser will be used. Enabled: + Enter the URL in the Options section. Disabled: + A contact website URL won't be shown in either Windows Security or any notifications it creates. Not configured: + Same as Disabled. diff --git a/windows/client-management/mdm/policy-csp-windowslogon.md b/windows/client-management/mdm/policy-csp-windowslogon.md index beb275034b..544703e41a 100644 --- a/windows/client-management/mdm/policy-csp-windowslogon.md +++ b/windows/client-management/mdm/policy-csp-windowslogon.md @@ -4,7 +4,7 @@ description: Learn more about the WindowsLogon Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/10/2023 +ms.date: 05/11/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -45,7 +45,7 @@ This policy setting controls whether a device will automatically sign in and loc This only occurs if the last interactive user didn't sign out before the restart or shutdown. -If the device is joined to Active Directory or Azure Active Directory, this policy only applies to Windows Update restarts. Otherwise, this will apply to both Windows Update restarts and user-initiated restarts and shutdowns. +If the device is joined to Active Directory or Azure Active Directory, this policy only applies to Windows Update restarts. Otherwise, this will apply to both Windows Update restarts and user-initiated restarts and shutdowns. - If you don't configure this policy setting, it's enabled by default. When the policy is enabled, the user is automatically signed in and the session is automatically locked with all lock screen apps configured for that user after the device boots. @@ -111,10 +111,11 @@ This policy setting controls the configuration under which an automatic restart - If you enable this policy setting, you can choose one of the following two options: 1. "Enabled if BitLocker is on and not suspended" specifies that automatic sign on and lock will only occur if BitLocker is active and not suspended during the reboot or shutdown. Personal data can be accessed on the device's hard drive at this time if BitLocker isn't on or suspended during an update. BitLocker suspension temporarily removes protection for system components and data but may be needed in certain circumstances to successfully update boot-critical components. + BitLocker is suspended during updates if: - - The device doesn't have TPM 2.0 and PCR7, or - - The device doesn't use a TPM-only protector +- The device doesn't have TPM 2.0 and PCR7, or +- The device doesn't use a TPM-only protector. 2. "Always Enabled" specifies that automatic sign on will happen even if BitLocker is off or suspended during reboot or shutdown. When BitLocker isn't enabled, personal data is accessible on the hard drive. Automatic restart and sign on should only be run under this condition if you are confident that the configured device is in a secure physical location. diff --git a/windows/client-management/mdm/policy-csp-windowspowershell.md b/windows/client-management/mdm/policy-csp-windowspowershell.md index 43baed45d4..b885c37d1a 100644 --- a/windows/client-management/mdm/policy-csp-windowspowershell.md +++ b/windows/client-management/mdm/policy-csp-windowspowershell.md @@ -4,7 +4,7 @@ description: Learn more about the WindowsPowerShell Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/10/2023 +ms.date: 05/11/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -45,13 +45,11 @@ ms.topic: reference This policy setting enables logging of all PowerShell script input to the Microsoft-Windows-PowerShell/Operational event log. -- If you enable this policy setting, -Windows PowerShell will log the processing of commands, script blocks, functions, and scripts - whether invoked interactively, or through automation. +- If you enable this policy setting, Windows PowerShell will log the processing of commands, script blocks, functions, and scripts - whether invoked interactively, or through automation. - If you disable this policy setting, logging of PowerShell script input is disabled. -If you enable the Script Block Invocation Logging, PowerShell additionally logs events when invocation of a command, script block, function, or script -starts or stops. Enabling Invocation Logging generates a high volume of event logs. +If you enable the Script Block Invocation Logging, PowerShell additionally logs events when invocation of a command, script block, function, or script starts or stops. Enabling Invocation Logging generates a high volume of event logs. > [!NOTE] > This policy setting exists under both Computer Configuration and User Configuration in the Group Policy Editor. The Computer Configuration policy setting takes precedence over the User Configuration policy setting. diff --git a/windows/client-management/mdm/vpnv2-csp.md b/windows/client-management/mdm/vpnv2-csp.md index 0992815e7c..a3256eec79 100644 --- a/windows/client-management/mdm/vpnv2-csp.md +++ b/windows/client-management/mdm/vpnv2-csp.md @@ -4,7 +4,7 @@ description: Learn more about the VPNv2 CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/10/2023 +ms.date: 05/11/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -870,8 +870,9 @@ Returns the type of App/Id. This value can be either of the following: PackageFa -False: Don't Bypass for Local traffic -True: ByPass VPN Interface for Local Traffic +False: Don't Bypass for Local traffic. + +True: ByPass VPN Interface for Local Traffic. Optional. When this setting is True, requests to local resources that are available on the same Wi-Fi network as the VPN client can bypass the VPN. For example, if enterprise policy for VPN requires force tunnel for VPN, but enterprise intends to allow the remote user to connect locally to media center in their home, then this option should be set to True. The user can bypass VPN for local subnet traffic. When this is set to False, the setting is disabled and no subnet exceptions are allowed. @@ -1216,9 +1217,13 @@ Comma Separated list of Issuer Hashes for the VPN Client to look for the correct If turned on a device tunnel profile does four things. + First, it automatically becomes an always on profile. + Second, it doesn't require the presence or logging in of any user to the machine in order for it to connect. + Third, no other Device Tunnel profile maybe be present on the same machine. + A device tunnel profile must be deleted before another device tunnel profile can be added, removed, or connected. @@ -3101,7 +3106,7 @@ Type of routing policy. -Required for native profiles. Public or routable IP address or DNS name for the VPN gateway. It can point to the external IP of a gateway or a virtual IP for a server farm. Examples, 208.147.66.130 or vpn.contoso.com. The name can be a server name plus a friendly name separated with a semi-colon. For example, server2.example.com;server2FriendlyName. When you get the value, the return will include both the server name and the friendly name; if no friendly name had been supplied it will default to the server name. You can make a list of server by making a list of server names (with optional friendly names) seperated by commas. For example, server1.example.com,server2.example.com. +Required for native profiles. Public or routable IP address or DNS name for the VPN gateway. It can point to the external IP of a gateway or a virtual IP for a server farm. Examples, 208.147.66.130 or vpn.contoso.com The name can be a server name plus a friendly name separated with a semi-colon. For example, server2.example.com;server2FriendlyName. When you get the value, the return will include both the server name and the friendly name; if no friendly name had been supplied it will default to the server name. You can make a list of server by making a list of server names (with optional friendly names) seperated by commas. For example, server1.example.com,server2.example.com. @@ -4163,6 +4168,7 @@ Specifies a rule in Security Descriptor Definition Language (SDDL) format to che Outbound - The traffic filter allows traffic to reach destinations matching this rule. This is the default. + Inbound - The traffic filter allows traffic coming from external locations matching this rule. @@ -5148,8 +5154,9 @@ Returns the type of App/Id. This value can be either of the following: PackageFa -False: Don't Bypass for Local traffic -True: ByPass VPN Interface for Local Traffic +False: Don't Bypass for Local traffic. + +True: ByPass VPN Interface for Local Traffic. Optional. When this setting is True, requests to local resources that are available on the same Wi-Fi network as the VPN client can bypass the VPN. For example, if enterprise policy for VPN requires force tunnel for VPN, but enterprise intends to allow the remote user to connect locally to media center in their home, then this option should be set to True. The user can bypass VPN for local subnet traffic. When this is set to False, the setting is disabled and no subnet exceptions are allowed. @@ -7326,7 +7333,7 @@ Type of routing policy. -Required for native profiles. Public or routable IP address or DNS name for the VPN gateway. It can point to the external IP of a gateway or a virtual IP for a server farm. Examples, 208.147.66.130 or vpn.contoso.com. The name can be a server name plus a friendly name separated with a semi-colon. For example, server2.example.com;server2FriendlyName. When you get the value, the return will include both the server name and the friendly name; if no friendly name had been supplied it will default to the server name. You can make a list of server by making a list of server names (with optional friendly names) seperated by commas. For example, server1.example.com,server2.example.com. +Required for native profiles. Public or routable IP address or DNS name for the VPN gateway. It can point to the external IP of a gateway or a virtual IP for a server farm. Examples, 208.147.66.130 or vpn.contoso.com The name can be a server name plus a friendly name separated with a semi-colon. For example, server2.example.com;server2FriendlyName. When you get the value, the return will include both the server name and the friendly name; if no friendly name had been supplied it will default to the server name. You can make a list of server by making a list of server names (with optional friendly names) seperated by commas. For example, server1.example.com,server2.example.com. @@ -7907,6 +7914,7 @@ Boolean value (true or false) for caching credentials. Applicable only to AppContainer profiles. False: Don't show profile in Settings UI. + True: Show profile in Settings UI. Optional. This node is only relevant for AppContainer profiles (i.e. using the VpnManagementAgent::AddProfileFromXmlAsync method). @@ -8432,6 +8440,7 @@ Specifies a rule in Security Descriptor Definition Language (SDDL) format to che Outbound - The traffic filter allows traffic to reach destinations matching this rule. This is the default. + Inbound - The traffic filter allows traffic coming from external locations matching this rule. diff --git a/windows/client-management/mdm/wifi-csp.md b/windows/client-management/mdm/wifi-csp.md index 84e529b875..c2f8aa8687 100644 --- a/windows/client-management/mdm/wifi-csp.md +++ b/windows/client-management/mdm/wifi-csp.md @@ -4,7 +4,7 @@ description: Learn more about the WiFi CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/10/2023 +ms.date: 05/11/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -383,6 +383,7 @@ Optional node. If the policy is active selecting one of the values from the foll XML describing the network configuration and follows Windows WLAN_profile schema. + Link to schema: @@ -741,6 +742,7 @@ Optional node. If the policy is active selecting one of the values from the foll XML describing the network configuration and follows Windows WLAN_profile schema. + Link to schema: diff --git a/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md b/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md index 5dcfb1a7ce..54a396d94f 100644 --- a/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md +++ b/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md @@ -4,7 +4,7 @@ description: Learn more about the WindowsDefenderApplicationGuard CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/10/2023 +ms.date: 05/11/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -291,6 +291,7 @@ Interior Node for Settings. This policy setting allows you to determine whether applications inside Microsoft Defender Application Guard can access the device's camera and microphone when these settings are enabled on the user's device. - If you enable this policy setting, applications inside Microsoft Defender Application Guard will be able to access the camera and microphone on the user's device. + - If you disable or don't configure this policy setting, applications inside Microsoft Defender Application Guard will be unable to access the camera and microphone on the user's device. @@ -611,6 +612,7 @@ This policy setting allows you to decide whether websites can load non-enterpris This policy setting allows certain device level Root Certificates to be shared with the Microsoft Defender Application Guard container. - If you enable this setting, certificates with a thumbprint matching the ones specified will be transferred into the container. Multiple certificates can be specified by using a comma to separate the thumbprints for each certificate you want to transfer. Here's an example: b4e72779a8a362c860c36a6461f31e3aa7e58c14,1b1d49f06d2a697a544a1059bd59a7b058cda924. + - If you disable or don't configure this setting, certificates aren't shared with the Microsoft Defender Application Guard container. From 934bc148aadfb559e09ae7709b8b59d9a48e0906 Mon Sep 17 00:00:00 2001 From: Vinay Pamnani <37223378+vinaypamnani-msft@users.noreply.github.com> Date: Thu, 11 May 2023 13:38:06 -0400 Subject: [PATCH 121/258] Minor updates --- .../mdm/Language-pack-management-csp.md | 4 ++-- .../client-management/mdm/devicestatus-csp.md | 10 +++++----- .../mdm/policy-csp-admx-diskdiagnostic.md | 4 ++-- .../client-management/mdm/policy-csp-update.md | 18 +++++++++--------- 4 files changed, 18 insertions(+), 18 deletions(-) diff --git a/windows/client-management/mdm/Language-pack-management-csp.md b/windows/client-management/mdm/Language-pack-management-csp.md index d8723cac5f..70081db8ca 100644 --- a/windows/client-management/mdm/Language-pack-management-csp.md +++ b/windows/client-management/mdm/Language-pack-management-csp.md @@ -4,7 +4,7 @@ description: Learn more about the LanguagePackManagement CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/10/2023 +ms.date: 05/11/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -138,7 +138,7 @@ Language tag of the language to be installed or being installed. -Copies the language to the international settings (i.e., locale, input layout, speech recognizer, preferred UI language) of the device immediately after installation if the value is true. Default value is false. +Copies the language to the international settings (that is, locale, input layout, speech recognizer, preferred UI language) of the device immediately after installation if the value is true. Default value is false. diff --git a/windows/client-management/mdm/devicestatus-csp.md b/windows/client-management/mdm/devicestatus-csp.md index 937d574363..9878cc510b 100644 --- a/windows/client-management/mdm/devicestatus-csp.md +++ b/windows/client-management/mdm/devicestatus-csp.md @@ -4,7 +4,7 @@ description: Learn more about the DeviceStatus CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/10/2023 +ms.date: 05/11/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -132,7 +132,7 @@ Node for the antispyware query. -Integer that specifies the status of the antispyware signature. Valid values: 0 - The security software reports that it isn't the most recent version. 1 - The security software reports that it's the most recent version. 2 - Not applicable. This is returned for devices like the phone that don't have an antivirus (where the API doesn't exist.) If more than one antispyware provider is active, this node returns: 1 - If every active antispyware provider has a valid signature status. 0 - If any of the active antispyware providers has an invalid signature status. +Integer that specifies the status of the antispyware signature. Valid values: 0 - The security software reports that it isn't the most recent version. 1 - The security software reports that it's the most recent version. 2 - Not applicable. This is returned for devices like the phone that don't have an antivirus (where the API doesn't exist). If more than one antispyware provider is active, this node returns: 1 - If every active antispyware provider has a valid signature status. 0 - If any of the active antispyware providers has an invalid signature status. @@ -252,7 +252,7 @@ Node for the antivirus query. -Integer that specifies the status of the antivirus signature. Valid values: 0 - The security software reports that it isn't the most recent version. 1 (default) - The security software reports that it's the most recent version. 2 - Not applicable. This is returned for devices like the phone that don't have an antivirus (where the API doesn't exist.) If more than one antivirus provider is active, this node returns: 1 - If every active antivirus provider has a valid signature status. 0 - If any of the active antivirus providers has an invalid signature status. +Integer that specifies the status of the antivirus signature. Valid values: 0 - The security software reports that it isn't the most recent version. 1 (default) - The security software reports that it's the most recent version. 2 - Not applicable. This is returned for devices like the phone that don't have an antivirus (where the API doesn't exist). If more than one antivirus provider is active, this node returns: 1 - If every active antivirus provider has a valid signature status. 0 - If any of the active antivirus providers has an invalid signature status. @@ -293,7 +293,7 @@ This node also returns 0 when no antivirus provider is active. -Integer that specifies the status of the antivirus. Valid values: 0 - Antivirus is on and monitoring, 1 - Antivirus is disabled, 2 - Antivirus isn't monitoring the device/PC or some options have been turned off, 3 (default) - Antivirus is temporarily not completely monitoring the device/PC, 4 - Antivirus not applicable for this device. This is returned for devices like the phone that don't have an antivirus (where the API doesn't exist.) +Integer that specifies the status of the antivirus. Valid values: 0 - Antivirus is on and monitoring, 1 - Antivirus is disabled, 2 - Antivirus isn't monitoring the device/PC or some options have been turned off, 3 (default) - Antivirus is temporarily not completely monitoring the device/PC, 4 - Antivirus not applicable for this device. This is returned for devices like the phone that don't have an antivirus (where the API doesn't exist). @@ -1353,7 +1353,7 @@ Node for the firewall query. -Integer that specifies the status of the firewall. Valid values: 0 - Firewall is on and monitoring, 1 - Firewall has been disabled, 2 - Firewall isn't monitoring all networks or some rules have been turned off, 3 (default) - Firewall is temporarily not monitoring all networks, 4 - Not applicable. This is returned for devices like the phone that don't have an antivirus (where the API doesn't exist.) +Integer that specifies the status of the firewall. Valid values: 0 - Firewall is on and monitoring, 1 - Firewall has been disabled, 2 - Firewall isn't monitoring all networks or some rules have been turned off, 3 (default) - Firewall is temporarily not monitoring all networks, 4 - Not applicable. This is returned for devices like the phone that don't have an antivirus (where the API doesn't exist). diff --git a/windows/client-management/mdm/policy-csp-admx-diskdiagnostic.md b/windows/client-management/mdm/policy-csp-admx-diskdiagnostic.md index b9739f1a11..8f7131923e 100644 --- a/windows/client-management/mdm/policy-csp-admx-diskdiagnostic.md +++ b/windows/client-management/mdm/policy-csp-admx-diskdiagnostic.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_DiskDiagnostic Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/10/2023 +ms.date: 05/11/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -106,7 +106,7 @@ This policy setting only takes effect if the Disk Diagnostic scenario policy set This policy setting determines the execution level for S. M. A. R. T.-based disk diagnostics. -Self-Monitoring And Reporting Technology (S. M. A. R. T.) is a standard mechanism for storage devices to report faults to Windows. A disk that reports a S. M. A. R. T. fault may need to be repaired or replaced. The Diagnostic Policy Service (DPS) detects and logs S. M. A. R. T. faults to the event log when they occur. +Self-Monitoring And Reporting Technology (S. M. A. R. T). is a standard mechanism for storage devices to report faults to Windows. A disk that reports a S. M. A. R. T. fault may need to be repaired or replaced. The Diagnostic Policy Service (DPS) detects and logs S. M. A. R. T. faults to the event log when they occur. - If you enable this policy setting, the DPS also warns users of S. M. A. R. T. faults and guides them through backup and recovery to minimize potential data loss. diff --git a/windows/client-management/mdm/policy-csp-update.md b/windows/client-management/mdm/policy-csp-update.md index 7bf033e87e..c98ee3f492 100644 --- a/windows/client-management/mdm/policy-csp-update.md +++ b/windows/client-management/mdm/policy-csp-update.md @@ -2099,7 +2099,7 @@ Windows finds updates that apply to the computer and downloads them in the backg When "Automatic" is selected as the scheduled install time, Windows will automatically check, download, and install updates. The device will reboot as per Windows default settings unless configured by group policy. (Applies to Windows 10, version 1809 and higher) -Specify the schedule using the options in the Group Policy Setting. For version 1709 and above, there is an additional choice of limiting updating to a weekly, bi-weekly, or monthly occurrence. If no schedule is specified, the default schedule for all installations will be every day at 3:00 AM. If any updates require a restart to complete the installation, Windows will restart the computer automatically. (If a user is signed in to the computer when Windows is ready to restart, the user will be notified and given the option to delay the restart.) +Specify the schedule using the options in the Group Policy Setting. For version 1709 and above, there is an additional choice of limiting updating to a weekly, bi-weekly, or monthly occurrence. If no schedule is specified, the default schedule for all installations will be every day at 3:00 AM. If any updates require a restart to complete the installation, Windows will restart the computer automatically. (If a user is signed in to the computer when Windows is ready to restart, the user will be notified and given the option to delay the restart). On %WINDOWS_CLIENT_VERSION_6_2% and later, you can set updates to install during automatic maintenance instead of a specific schedule. Automatic maintenance will install updates when the computer isn't in use and avoid doing so when the computer is running on battery power. If automatic maintenance is unable to install updates for 2 days, Windows Update will install updates right away. Users will then be notified about an upcoming restart, and that restart will only take place if there is no potential for accidental data loss. @@ -2265,7 +2265,7 @@ Windows finds updates that apply to the computer and downloads them in the backg When "Automatic" is selected as the scheduled install time, Windows will automatically check, download, and install updates. The device will reboot as per Windows default settings unless configured by group policy. (Applies to Windows 10, version 1809 and higher) -Specify the schedule using the options in the Group Policy Setting. For version 1709 and above, there is an additional choice of limiting updating to a weekly, bi-weekly, or monthly occurrence. If no schedule is specified, the default schedule for all installations will be every day at 3:00 AM. If any updates require a restart to complete the installation, Windows will restart the computer automatically. (If a user is signed in to the computer when Windows is ready to restart, the user will be notified and given the option to delay the restart.) +Specify the schedule using the options in the Group Policy Setting. For version 1709 and above, there is an additional choice of limiting updating to a weekly, bi-weekly, or monthly occurrence. If no schedule is specified, the default schedule for all installations will be every day at 3:00 AM. If any updates require a restart to complete the installation, Windows will restart the computer automatically. (If a user is signed in to the computer when Windows is ready to restart, the user will be notified and given the option to delay the restart). On %WINDOWS_CLIENT_VERSION_6_2% and later, you can set updates to install during automatic maintenance instead of a specific schedule. Automatic maintenance will install updates when the computer isn't in use and avoid doing so when the computer is running on battery power. If automatic maintenance is unable to install updates for 2 days, Windows Update will install updates right away. Users will then be notified about an upcoming restart, and that restart will only take place if there is no potential for accidental data loss. @@ -2840,7 +2840,7 @@ Windows finds updates that apply to the computer and downloads them in the backg When "Automatic" is selected as the scheduled install time, Windows will automatically check, download, and install updates. The device will reboot as per Windows default settings unless configured by group policy. (Applies to Windows 10, version 1809 and higher) -Specify the schedule using the options in the Group Policy Setting. For version 1709 and above, there is an additional choice of limiting updating to a weekly, bi-weekly, or monthly occurrence. If no schedule is specified, the default schedule for all installations will be every day at 3:00 AM. If any updates require a restart to complete the installation, Windows will restart the computer automatically. (If a user is signed in to the computer when Windows is ready to restart, the user will be notified and given the option to delay the restart.) +Specify the schedule using the options in the Group Policy Setting. For version 1709 and above, there is an additional choice of limiting updating to a weekly, bi-weekly, or monthly occurrence. If no schedule is specified, the default schedule for all installations will be every day at 3:00 AM. If any updates require a restart to complete the installation, Windows will restart the computer automatically. (If a user is signed in to the computer when Windows is ready to restart, the user will be notified and given the option to delay the restart). On %WINDOWS_CLIENT_VERSION_6_2% and later, you can set updates to install during automatic maintenance instead of a specific schedule. Automatic maintenance will install updates when the computer isn't in use and avoid doing so when the computer is running on battery power. If automatic maintenance is unable to install updates for 2 days, Windows Update will install updates right away. Users will then be notified about an upcoming restart, and that restart will only take place if there is no potential for accidental data loss. @@ -2944,7 +2944,7 @@ Windows finds updates that apply to the computer and downloads them in the backg When "Automatic" is selected as the scheduled install time, Windows will automatically check, download, and install updates. The device will reboot as per Windows default settings unless configured by group policy. (Applies to Windows 10, version 1809 and higher) -Specify the schedule using the options in the Group Policy Setting. For version 1709 and above, there is an additional choice of limiting updating to a weekly, bi-weekly, or monthly occurrence. If no schedule is specified, the default schedule for all installations will be every day at 3:00 AM. If any updates require a restart to complete the installation, Windows will restart the computer automatically. (If a user is signed in to the computer when Windows is ready to restart, the user will be notified and given the option to delay the restart.) +Specify the schedule using the options in the Group Policy Setting. For version 1709 and above, there is an additional choice of limiting updating to a weekly, bi-weekly, or monthly occurrence. If no schedule is specified, the default schedule for all installations will be every day at 3:00 AM. If any updates require a restart to complete the installation, Windows will restart the computer automatically. (If a user is signed in to the computer when Windows is ready to restart, the user will be notified and given the option to delay the restart). On %WINDOWS_CLIENT_VERSION_6_2% and later, you can set updates to install during automatic maintenance instead of a specific schedule. Automatic maintenance will install updates when the computer isn't in use and avoid doing so when the computer is running on battery power. If automatic maintenance is unable to install updates for 2 days, Windows Update will install updates right away. Users will then be notified about an upcoming restart, and that restart will only take place if there is no potential for accidental data loss. @@ -3042,7 +3042,7 @@ Windows finds updates that apply to the computer and downloads them in the backg When "Automatic" is selected as the scheduled install time, Windows will automatically check, download, and install updates. The device will reboot as per Windows default settings unless configured by group policy. (Applies to Windows 10, version 1809 and higher) -Specify the schedule using the options in the Group Policy Setting. For version 1709 and above, there is an additional choice of limiting updating to a weekly, bi-weekly, or monthly occurrence. If no schedule is specified, the default schedule for all installations will be every day at 3:00 AM. If any updates require a restart to complete the installation, Windows will restart the computer automatically. (If a user is signed in to the computer when Windows is ready to restart, the user will be notified and given the option to delay the restart.) +Specify the schedule using the options in the Group Policy Setting. For version 1709 and above, there is an additional choice of limiting updating to a weekly, bi-weekly, or monthly occurrence. If no schedule is specified, the default schedule for all installations will be every day at 3:00 AM. If any updates require a restart to complete the installation, Windows will restart the computer automatically. (If a user is signed in to the computer when Windows is ready to restart, the user will be notified and given the option to delay the restart). On %WINDOWS_CLIENT_VERSION_6_2% and later, you can set updates to install during automatic maintenance instead of a specific schedule. Automatic maintenance will install updates when the computer isn't in use and avoid doing so when the computer is running on battery power. If automatic maintenance is unable to install updates for 2 days, Windows Update will install updates right away. Users will then be notified about an upcoming restart, and that restart will only take place if there is no potential for accidental data loss. @@ -3149,7 +3149,7 @@ Windows finds updates that apply to the computer and downloads them in the backg When "Automatic" is selected as the scheduled install time, Windows will automatically check, download, and install updates. The device will reboot as per Windows default settings unless configured by group policy. (Applies to Windows 10, version 1809 and higher) -Specify the schedule using the options in the Group Policy Setting. For version 1709 and above, there is an additional choice of limiting updating to a weekly, bi-weekly, or monthly occurrence. If no schedule is specified, the default schedule for all installations will be every day at 3:00 AM. If any updates require a restart to complete the installation, Windows will restart the computer automatically. (If a user is signed in to the computer when Windows is ready to restart, the user will be notified and given the option to delay the restart.) +Specify the schedule using the options in the Group Policy Setting. For version 1709 and above, there is an additional choice of limiting updating to a weekly, bi-weekly, or monthly occurrence. If no schedule is specified, the default schedule for all installations will be every day at 3:00 AM. If any updates require a restart to complete the installation, Windows will restart the computer automatically. (If a user is signed in to the computer when Windows is ready to restart, the user will be notified and given the option to delay the restart). On %WINDOWS_CLIENT_VERSION_6_2% and later, you can set updates to install during automatic maintenance instead of a specific schedule. Automatic maintenance will install updates when the computer isn't in use and avoid doing so when the computer is running on battery power. If automatic maintenance is unable to install updates for 2 days, Windows Update will install updates right away. Users will then be notified about an upcoming restart, and that restart will only take place if there is no potential for accidental data loss. @@ -3256,7 +3256,7 @@ Windows finds updates that apply to the computer and downloads them in the backg When "Automatic" is selected as the scheduled install time, Windows will automatically check, download, and install updates. The device will reboot as per Windows default settings unless configured by group policy. (Applies to Windows 10, version 1809 and higher) -Specify the schedule using the options in the Group Policy Setting. For version 1709 and above, there is an additional choice of limiting updating to a weekly, bi-weekly, or monthly occurrence. If no schedule is specified, the default schedule for all installations will be every day at 3:00 AM. If any updates require a restart to complete the installation, Windows will restart the computer automatically. (If a user is signed in to the computer when Windows is ready to restart, the user will be notified and given the option to delay the restart.) +Specify the schedule using the options in the Group Policy Setting. For version 1709 and above, there is an additional choice of limiting updating to a weekly, bi-weekly, or monthly occurrence. If no schedule is specified, the default schedule for all installations will be every day at 3:00 AM. If any updates require a restart to complete the installation, Windows will restart the computer automatically. (If a user is signed in to the computer when Windows is ready to restart, the user will be notified and given the option to delay the restart). On %WINDOWS_CLIENT_VERSION_6_2% and later, you can set updates to install during automatic maintenance instead of a specific schedule. Automatic maintenance will install updates when the computer isn't in use and avoid doing so when the computer is running on battery power. If automatic maintenance is unable to install updates for 2 days, Windows Update will install updates right away. Users will then be notified about an upcoming restart, and that restart will only take place if there is no potential for accidental data loss. @@ -3363,7 +3363,7 @@ Windows finds updates that apply to the computer and downloads them in the backg When "Automatic" is selected as the scheduled install time, Windows will automatically check, download, and install updates. The device will reboot as per Windows default settings unless configured by group policy. (Applies to Windows 10, version 1809 and higher) -Specify the schedule using the options in the Group Policy Setting. For version 1709 and above, there is an additional choice of limiting updating to a weekly, bi-weekly, or monthly occurrence. If no schedule is specified, the default schedule for all installations will be every day at 3:00 AM. If any updates require a restart to complete the installation, Windows will restart the computer automatically. (If a user is signed in to the computer when Windows is ready to restart, the user will be notified and given the option to delay the restart.) +Specify the schedule using the options in the Group Policy Setting. For version 1709 and above, there is an additional choice of limiting updating to a weekly, bi-weekly, or monthly occurrence. If no schedule is specified, the default schedule for all installations will be every day at 3:00 AM. If any updates require a restart to complete the installation, Windows will restart the computer automatically. (If a user is signed in to the computer when Windows is ready to restart, the user will be notified and given the option to delay the restart). On %WINDOWS_CLIENT_VERSION_6_2% and later, you can set updates to install during automatic maintenance instead of a specific schedule. Automatic maintenance will install updates when the computer isn't in use and avoid doing so when the computer is running on battery power. If automatic maintenance is unable to install updates for 2 days, Windows Update will install updates right away. Users will then be notified about an upcoming restart, and that restart will only take place if there is no potential for accidental data loss. @@ -3470,7 +3470,7 @@ Windows finds updates that apply to the computer and downloads them in the backg When "Automatic" is selected as the scheduled install time, Windows will automatically check, download, and install updates. The device will reboot as per Windows default settings unless configured by group policy. (Applies to Windows 10, version 1809 and higher) -Specify the schedule using the options in the Group Policy Setting. For version 1709 and above, there is an additional choice of limiting updating to a weekly, bi-weekly, or monthly occurrence. If no schedule is specified, the default schedule for all installations will be every day at 3:00 AM. If any updates require a restart to complete the installation, Windows will restart the computer automatically. (If a user is signed in to the computer when Windows is ready to restart, the user will be notified and given the option to delay the restart.) +Specify the schedule using the options in the Group Policy Setting. For version 1709 and above, there is an additional choice of limiting updating to a weekly, bi-weekly, or monthly occurrence. If no schedule is specified, the default schedule for all installations will be every day at 3:00 AM. If any updates require a restart to complete the installation, Windows will restart the computer automatically. (If a user is signed in to the computer when Windows is ready to restart, the user will be notified and given the option to delay the restart). On %WINDOWS_CLIENT_VERSION_6_2% and later, you can set updates to install during automatic maintenance instead of a specific schedule. Automatic maintenance will install updates when the computer isn't in use and avoid doing so when the computer is running on battery power. If automatic maintenance is unable to install updates for 2 days, Windows Update will install updates right away. Users will then be notified about an upcoming restart, and that restart will only take place if there is no potential for accidental data loss. From 4e442c064c2a27a01458f1df2a90b0883f6141cb Mon Sep 17 00:00:00 2001 From: msarcletti <56821677+msarcletti@users.noreply.github.com> Date: Fri, 12 May 2023 12:49:18 +0200 Subject: [PATCH 122/258] Update-ProfileList-in-vpnv2-csp.md ProfileList - added some description, usage information and an example on how to use it. --- windows/client-management/mdm/vpnv2-csp.md | 41 +++++++++++++++++++--- 1 file changed, 36 insertions(+), 5 deletions(-) diff --git a/windows/client-management/mdm/vpnv2-csp.md b/windows/client-management/mdm/vpnv2-csp.md index 84b7a6c4ec..191bbe2977 100644 --- a/windows/client-management/mdm/vpnv2-csp.md +++ b/windows/client-management/mdm/vpnv2-csp.md @@ -2785,6 +2785,9 @@ Required for native profiles. Type of tunneling protocol used. | Automatic | Automatic. | | SSTP | SSTP. | | ProtocolList | ProtocolList. | + +> [!NOTE] +> Using ProtocolList requires additional configuration of the NativeProfile/ProtocolList parameter. @@ -2887,11 +2890,13 @@ True: Plumb traffic selectors as routes onto VPN interface, False: Do not plumb -List of inbox VPN protocols in priority order. +List of inbox VPN protocols in priority order. Up to 4 VPN protocols are supported. +> [!NOTE] +> A separate entry is needed for every VPN protocol. Please see the examples section for the format. @@ -2930,6 +2935,8 @@ List of inbox VPN protocols in priority order. +> [!NOTE] +> A separate entry is needed for every VPN protocol. Please see the examples section for the format. @@ -2969,6 +2976,8 @@ Inbox VPN protocols type. +> [!NOTE] +> A separate entry is needed for every VPN protocol. Please see the examples section for the format. @@ -3014,11 +3023,13 @@ Inbox VPN protocols type. -Default 168, max 500000. +Default 168, max 500000, min 0 +RetryTimeInHours specifies the length of time Windows will try to use the last succesful protocol first when making a new connection. +Setting this to 0 disables remembering the last successful protocol. @@ -7010,6 +7021,9 @@ Required for native profiles. Type of tunneling protocol used. | Automatic | Automatic. | | SSTP | SSTP. | | ProtocolList | ProtocolList. | + +> [!NOTE] +> Using ProtocolList requires additional configuration of the NativeProfile/ProtocolList parameter. @@ -7112,11 +7126,13 @@ True: Plumb traffic selectors as routes onto VPN interface, False: Do not plumb -List of inbox VPN protocols in priority order. +List of inbox VPN protocols in priority order. Up to 4 VPN protocols are supported. +> [!NOTE] +> A separate entry is needed for every VPN protocol. Please see the examples section for the format. @@ -7155,6 +7171,8 @@ List of inbox VPN protocols in priority order. +> [!NOTE] +> A separate entry is needed for every VPN protocol. Please see the examples section for the format. @@ -7194,6 +7212,8 @@ Inbox VPN protocols type. +> [!NOTE] +> A separate entry is needed for every VPN protocol. Please see the examples section for the format. @@ -7239,11 +7259,13 @@ Inbox VPN protocols type. -Default 168, max 500000. +Default 168, max 500000, min 0 +RetryTimeInHours specifies the length of time Windows will try to use the last succesful protocol first when making a new connection. +Setting this to 0 disables remembering the last successful protocol. @@ -8994,7 +9016,16 @@ Profile example VPN_Demo VPNServer.contoso.com - Automatic + ProtocolList + + + Ikev2 + + + Sstp + + 1 + Eap From 4e7db7531178f316600a584902cafa4af18fd2ab Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Fri, 12 May 2023 09:28:50 -0700 Subject: [PATCH 123/258] deadline-7890445 --- windows/deployment/update/wufb-compliancedeadlines.md | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/windows/deployment/update/wufb-compliancedeadlines.md b/windows/deployment/update/wufb-compliancedeadlines.md index 2c627d3a6e..3549b7bdb6 100644 --- a/windows/deployment/update/wufb-compliancedeadlines.md +++ b/windows/deployment/update/wufb-compliancedeadlines.md @@ -8,13 +8,13 @@ ms.author: mstewart manager: aaroncz ms.topic: article ms.technology: itpro-updates -ms.date: 12/31/2017 +ms.date: 05/12/2023 --- # Enforcing compliance deadlines for updates **Applies to** -- Windows 10 +- Windows 10 - Windows 11 Deploying feature or quality updates for many organizations is only part of the equation for managing their device ecosystem. The ability to enforce update compliance is the next important part. Windows Update for Business provides controls to manage deadlines for when devices should migrate to newer versions. @@ -43,3 +43,6 @@ When **Specify deadlines for automatic updates and restarts** is set (Windows 10 For feature updates, the deadline and grace period start their countdown from the time of a pending restart after the installation is complete. As soon as installation is complete and the device reaches pending restart, the device will try to update outside of active hours. Once the *effective deadline* is reached, the device will try to restart during active hours. (The effective deadline is whichever is the later of the restart pending date plus the specified deadline or the restart pending date plus the grace period.) For quality updates, the deadline countdown starts from the time the update is *offered* (not downloaded or installed). The grace period countdown starts from the time of the pending restart. The device will try to download and install the update at a time based on your other download and installation policies (the default is to automatically download and install in in the background). When the pending restart time is reached, the device will notify the user and try to update outside of active hours. Once the effective deadline is reached, the device will try to restart during active hours. + +> [!NOTE] +> When **Specify deadlines for automatic updates and restarts** is used, download, installation, and reboot settings stemming from the [Configure Automatic Updates](waas-restart.md#schedule-update-installation) are ignored. From b3baaececd2e7cf63d156878f465ec6760bc349e Mon Sep 17 00:00:00 2001 From: Narkis Engler <41025789+narkissit@users.noreply.github.com> Date: Fri, 12 May 2023 17:12:42 -0700 Subject: [PATCH 124/258] Update waas-delivery-optimization-faq.yml DO Metadata for MUv6 content is being moved from emdl hostname to download.windowsupdate.com --- windows/deployment/do/waas-delivery-optimization-faq.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/deployment/do/waas-delivery-optimization-faq.yml b/windows/deployment/do/waas-delivery-optimization-faq.yml index 1a0f413fd5..4cccd98fa6 100644 --- a/windows/deployment/do/waas-delivery-optimization-faq.yml +++ b/windows/deployment/do/waas-delivery-optimization-faq.yml @@ -81,6 +81,7 @@ sections: Delivery Optimization metadata: - `http://emdl.ws.microsoft.com` + - `http://download.windowsupdate.com` - `http://*.dl.delivery.mp.microsoft.com` Windows Update and Microsoft Store backend services and Windows Update and Microsoft Store payloads From 3be4de44585cccce7fd39eff1dc35e78ad27c5b8 Mon Sep 17 00:00:00 2001 From: Narkis Engler <41025789+narkissit@users.noreply.github.com> Date: Fri, 12 May 2023 17:15:18 -0700 Subject: [PATCH 125/258] Update delivery-optimization-workflow.md DO Metadata for MUv6 content is being moved from emdl hostname to download.windowsupdate.com --- windows/deployment/do/delivery-optimization-workflow.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/do/delivery-optimization-workflow.md b/windows/deployment/do/delivery-optimization-workflow.md index 2c4b6f9158..b994ac956f 100644 --- a/windows/deployment/do/delivery-optimization-workflow.md +++ b/windows/deployment/do/delivery-optimization-workflow.md @@ -39,4 +39,4 @@ This workflow allows Delivery Optimization to securely and efficiently deliver r | cp\*.prod.do.dsp.mp.microsoft.com
| 443 | Content Policy | Provides content specific policies and as content metadata URLs. | **Profile**: The device type (for example, PC or Xbox)
**ContentId**: The content identifier
**doClientVersion**: The version of the DoSvc client
**countryCode**: The country the client is connected from
**altCatalogID**: If ContentID isn't available, use the download URL instead
**eID**: Client grouping ID
**CacheHost**: Cache host ID | | disc\*.prod.do.dsp.mp.microsoft.com | 443 | Discovery | Directs clients to a particular instance of the peer matching service (Array), ensuing that clients are collocated by factors, such as content, groupID and external IP. | **Profile**: The device type (for example, PC or Xbox)
**ContentID**: The content identifier
**doClientVersion**: The version of the DoSvc client
**partitionID**: Client partitioning hint
**altCatalogID**: If ContentID isn't available, use the download URL instead
**eID**: Client grouping ID | | array\*.prod.do.dsp.mp.microsoft.com | 443 | Arrays | Provides the client with list of peers that have the same content and belong to the same peer group. | **Profile**: The device type (for example, PC or Xbox)
**ContentID**: The content identifier
**doClientVersion**: The version of the DoSvc client
**altCatalogID**: If ContentID isn't available, use the download URL instead
**PeerID**: Identity of the device running DO client
**ReportedIp**: The internal / private IP Address
**IsBackground**: Is the download interactive or background
**Uploaded**: Total bytes uploaded to peers
**Downloaded**: Total bytes downloaded from peers
**DownloadedCdn**: Total bytes downloaded from CDN
**Left**: Bytes left to download
**Peers Wanted**: Total number of peers wanted
**Group ID**: Group the device belongs to (set via DownloadMode 2 + Group ID GP / MDM policies)
**Scope**: The Download mode
**UploadedBPS**: The upload speed in bytes per second
**DownloadBPS**: The download speed in Bytes per second
**eID**: Client grouping ID | -| dl.delivery.mp.microsoft.com
emdl.ws.microsoft.com | 80 | Delivery Optimization metadata file hosting | CDN hostnames for Delivery Optimization content metadata files | Metadata download can come from different hostnames, but it's required for peer to peer. | +| dl.delivery.mp.microsoft.com
emdl.ws.microsoft.com
download.windowsupdate.com | 80 | Delivery Optimization metadata file hosting | CDN hostnames for Delivery Optimization content metadata files | Metadata download can come from different hostnames, but it's required for peer to peer. | From c0f80764fd622b7d35a7a8e2a3a299454909ee1d Mon Sep 17 00:00:00 2001 From: Vinay Pamnani <37223378+vinaypamnani-msft@users.noreply.github.com> Date: Mon, 15 May 2023 12:11:18 -0400 Subject: [PATCH 126/258] Update IcmpTypesAndCodes --- windows/client-management/mdm/firewall-csp.md | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/windows/client-management/mdm/firewall-csp.md b/windows/client-management/mdm/firewall-csp.md index d9396625f8..1d0a7e90b3 100644 --- a/windows/client-management/mdm/firewall-csp.md +++ b/windows/client-management/mdm/firewall-csp.md @@ -4,7 +4,7 @@ description: Learn more about the Firewall CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/11/2023 +ms.date: 05/15/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -1947,12 +1947,19 @@ If not specified - a new rule is disabled by default. - + +String value. Multiple ICMP type+code pairs can be included in the string by separating each value with a ",". If more than one ICMP type+code pair is specified, the strings must be separated by a comma. + +To specify all ICMP types and codes, use the "\*" character. For specific ICMP types and codes, use the ":" to separate the type and code. + +The following are valid examples: 3:4 or 1:*. The "\*" character can be used to represent any code. The "\*" character can't be used to specify any type, examples such as "*:4" or "*:*" are invalid. + +When setting this field in a firewall rule, the protocol field must also be set, to either 1 (ICMP) or 58 (IPv6-ICMP). -Comma separated list of ICMP types and codes applicable to the firewall rule. To specify all ICMP types and codes, use the "\*" character. For specific ICMP types and codes, use the ":" character to separate the type and code, for example, 3:4, 1:\*. The "\*" character can be used to represent any code. The "\*" character cannot be used to specify any type; examples such as "\*:4" or "\*:\*" are invalid. If not specified, the default is All. +If not specified, the default is All. From 0720904ead89fda29063129c2786745c4ef8203f Mon Sep 17 00:00:00 2001 From: Vinay Pamnani <37223378+vinaypamnani-msft@users.noreply.github.com> Date: Mon, 15 May 2023 12:29:58 -0400 Subject: [PATCH 127/258] Minor changes --- windows/client-management/mdm/firewall-csp.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/firewall-csp.md b/windows/client-management/mdm/firewall-csp.md index 1d0a7e90b3..d58c913a7e 100644 --- a/windows/client-management/mdm/firewall-csp.md +++ b/windows/client-management/mdm/firewall-csp.md @@ -1952,7 +1952,7 @@ String value. Multiple ICMP type+code pairs can be included in the string by sep To specify all ICMP types and codes, use the "\*" character. For specific ICMP types and codes, use the ":" to separate the type and code. -The following are valid examples: 3:4 or 1:*. The "\*" character can be used to represent any code. The "\*" character can't be used to specify any type, examples such as "*:4" or "*:*" are invalid. +The following are valid examples: 3:4 or 1:\*. The "\*" character can be used to represent any code. The "\*" character can't be used to specify any type, examples such as "\*:4" or "\*:\*" are invalid. When setting this field in a firewall rule, the protocol field must also be set, to either 1 (ICMP) or 58 (IPv6-ICMP). From 58b9af4295930cd2b4828ebd4765a08491432d2c Mon Sep 17 00:00:00 2001 From: tiaraquan Date: Mon, 15 May 2023 11:08:38 -0700 Subject: [PATCH 128/258] Updates to Tenant management --- .../windows-autopatch-maintain-environment.md | 45 ++++++++++++++++--- .../windows-autopatch-whats-new-2023.md | 6 ++- 2 files changed, 43 insertions(+), 8 deletions(-) diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-maintain-environment.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-maintain-environment.md index 8ac2a90c62..bd1d000e00 100644 --- a/windows/deployment/windows-autopatch/operate/windows-autopatch-maintain-environment.md +++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-maintain-environment.md @@ -1,7 +1,7 @@ --- title: Maintain the Windows Autopatch environment description: This article details how to maintain the Windows Autopatch environment -ms.date: 07/11/2022 +ms.date: 05/15/2023 ms.prod: windows-client ms.technology: itpro-updates ms.topic: how-to @@ -9,7 +9,10 @@ ms.localizationpriority: medium author: tiaraquan ms.author: tiaraquan manager: dougeby -ms.reviewer: hathind +ms.reviewer: smithcharles +ms.collection: + - highpri + - tier1 --- # Maintain the Windows Autopatch environment @@ -26,18 +29,20 @@ After you've completed enrollment in Windows Autopatch, some management settings | Setting | Description | | ----- | ----- | -| Deployment rings for Windows 10 or later | For any deployment rings for Windows 10 or later policies you've created, exclude the **Modern Workplace Devices - All** Azure AD group from each policy. For more information, see [Create and assign deployment rings](/mem/intune/protect/windows-10-update-rings#create-and-assign-update-rings).

Windows Autopatch will also have created some update ring policies. all of which The policies will have "**Modern Workplace**" in the name. For example:

  • Modern Workplace Update Policy [Broad]-[Windows Autopatch]
  • Modern Workplace Update Policy [Fast]-[Windows Autopatch]
  • Modern Workplace Update Policy [First]-[Windows Autopatch]
  • Modern Workplace Update Policy [Test]-[Windows Autopatch]

When you update your own policies, ensure that you don't exclude the **Modern Workplace Devices - All** Azure AD group from the policies that Windows Autopatch created.

**To resolve the Not ready result:**

After enrolling into Autopatch, make sure that any update ring policies you have **exclude** the **Modern Workplace Devices - All** Azure Active Directory (AD) group.For more information, see [Manage Windows 10 software updates in Intune](/mem/intune/protect/windows-update-for-business-configure).

**To resolve the Advisory result:**

  1. Make sure that any update ring policies you have **exclude** the **Modern Workplace Devices - All** Azure Active Directory (AD) group.
  2. If you have assigned Azure AD user groups to these policies, make sure that any update ring policies you have also **exclude** the **Modern Workplace - All** Azure AD group that you add your Windows Autopatch users to (or an equivalent group).

For more information, see [Manage Windows 10 software updates in Intune](/mem/intune/protect/windows-update-for-business-configure).

| +| Deployment rings for Windows 10 or later | For any deployment rings for Windows 10 or later policies you've created, exclude the **Modern Workplace Devices - All** Azure AD group from each policy. For more information, see [Create and assign deployment rings](/mem/intune/protect/windows-10-update-rings#create-and-assign-update-rings).

Windows Autopatch creates some update ring policies. These policies have "**Modern Workplace**" in the name. For example:

  • Modern Workplace Update Policy [Broad]-[Windows Autopatch]
  • Modern Workplace Update Policy [Fast]-[Windows Autopatch]
  • Modern Workplace Update Policy [First]-[Windows Autopatch]
  • Modern Workplace Update Policy [Test]-[Windows Autopatch]

When you update your own policies, ensure that you don't exclude the **Modern Workplace Devices - All** Azure AD group from the policies that Windows Autopatch created.

**To resolve the Not ready result:**

After enrolling into Autopatch, make sure that any update ring policies you have **exclude** the **Modern Workplace Devices - All** Azure Active Directory (AD) group. For more information, see [Manage Windows 10 software updates in Intune](/mem/intune/protect/windows-update-for-business-configure).

**To resolve the Advisory result:**

  1. Make sure that any update ring policies you have **exclude** the **Modern Workplace Devices - All** Azure Active Directory (AD) group.
  2. If you have assigned Azure AD user groups to these policies, make sure that any update ring policies you have also **exclude** the **Modern Workplace - All** Azure AD group that you add your Windows Autopatch users to (or an equivalent group).

For more information, see [Manage Windows 10 software updates in Intune](/mem/intune/protect/windows-update-for-business-configure).

| ## Windows Autopatch configurations Windows Autopatch deploys, manages and maintains all configurations related to the operation of the service, as described in [Changes made at tenant enrollment](../references/windows-autopatch-changes-to-tenant.md). Don't make any changes to any of the Windows Autopatch configurations. -## Windows Autopatch tenant actions +## Windows Autopatch tenant management -The **Tenant management** blade can be found by navigating to Tenant administration > Windows Autopatch > **Tenant management**. +### Windows Autopatch tenant actions + +The Tenant management blade presents IT admins with any actions that are required to maintain Windows Autopatch service health. The **Tenant management** blade can be found by navigating to **Tenant administration** > **Windows Autopatch** > **Tenant management**. > [!IMPORTANT] -> Starting October 12, 2022, Windows Autopatch will manage your tenant with our [enterprise applications](../references/windows-autopatch-changes-to-tenant.md#windows-autopatch-enterprise-applications). If your tenant is still using the [Windows Autopatch service accounts](../overview/windows-autopatch-privacy.md#service-accounts), your Global admin must go to the Tenant management blade to approve the configuration change. +> If you have any critical actions in your tenant, you must take action as soon as possible as the Windows Autopatch service might not be able to manage your tenant. When a critical action is active on your tenant, Windows Autopatch will consider your tenant as **[inactive](#inactive-status)**. The type of banner that appears depends on the severity of the action. Currently, only critical actions are listed. @@ -45,4 +50,30 @@ The type of banner that appears depends on the severity of the action. Currently | Severity | Description | | ----- | ----- | -| Critical | You must take action as soon as possible. If no action is taken, the Windows Autopatch service may be affected. | +| Critical | You must take action as soon as possible to avoid disruption to the Windows Autopatch service.

If no action is taken, Windows Autopatch might not be able to manage devices in your tenant, and the Windows Autopatch service may be marked as **inactive**.

To restore service health and return to an active status, all critical pending actions must be resolved.

| + +### Critical actions + +| Action type | Severity | Description | +| ----- | ----- | ----- | +| Maintain tenant access | Critical | Required licenses have expired. The licenses include: